SM4: Document that the XTS mode does not support streaming

Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/23028) (cherry picked from commit e2f9c2dd373c0859b87ecda6bf88b01a8bc6200e)
author: Tomas Mraz <tomas@openssl.org> 2023-12-13 10:03:07 +0100
committer: Tomas Mraz <tomas@openssl.org> 2023-12-22 13:43:13 +0100
commit: 141a7389c7612c7cf33c540ed65eee5f3e0284d0 (patch)
tree: b38ff687b72ef8e7fbdb17044af3bc0978c3e820 /doc
parent: 25d6aecd0061eda532b2172b4fa8cb2afbe8d9e6 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/doc/man7/EVP_CIPHER-SM4.pod b/doc/man7/EVP_CIPHER-SM4.pod
index b0c292757e..a446fafb6d 100644
--- a/doc/man7/EVP_CIPHER-SM4.pod
+++ b/doc/man7/EVP_CIPHER-SM4.pod
@@ -37,6 +37,15 @@ The following algorithms are available in the default provider:
 This implementation supports the parameters described in
 L<EVP_EncryptInit(3)/PARAMETERS>.
 
+=head1 NOTES
+
+The SM4-XTS implementation allows streaming to be performed, but each
+L<EVP_EncryptUpdate(3)> or L<EVP_DecryptUpdate(3)> call requires each input
+to be a multiple of the blocksize. Only the final EVP_EncryptUpdate() or
+EVP_DecryptUpdate() call can optionally have an input that is not a multiple
+of the blocksize but is larger than one block. In that case ciphertext
+stealing (CTS) is used to fill the block.
+
 =head1 SEE ALSO
 
 L<provider-cipher(7)>, L<OSSL_PROVIDER-default(7)>
author	Tomas Mraz <tomas@openssl.org>	2023-12-13 10:03:07 +0100
committer	Tomas Mraz <tomas@openssl.org>	2023-12-22 13:43:13 +0100
commit	141a7389c7612c7cf33c540ed65eee5f3e0284d0 (patch)
tree	b38ff687b72ef8e7fbdb17044af3bc0978c3e820 /doc
parent	25d6aecd0061eda532b2172b4fa8cb2afbe8d9e6 (diff)