diff options
| author | Shane Lontis <shane.lontis@oracle.com> | 2021-08-12 18:22:50 +1000 |
|---|---|---|
| committer | Pauli <pauli@openssl.org> | 2021-08-18 08:38:40 +1000 |
| commit | 7f5a9399d27564a7136eed2df693755a3bec2cfc (patch) | |
| tree | a1f6928128e8d2efe166f68d8c84bfbb2fa38ebd /doc | |
| parent | 42281f26174dcc6ef4847894f17627f305bdfa2b (diff) | |
Add support for camellia cbc cts mode
Fixes #16276
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16286)
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/man3/EVP_EncryptInit.pod | 20 | ||||
| -rw-r--r-- | doc/man7/EVP_CIPHER-CAMELLIA.pod | 2 | ||||
| -rw-r--r-- | doc/man7/migration_guide.pod | 18 |
3 files changed, 30 insertions, 10 deletions
diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index a03c31ea35..cb36629684 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -738,7 +738,8 @@ that has the flag B<EVP_CIPH_FLAG_CUSTOM_ASN1> set. =item "cts_mode" (B<OSSL_CIPHER_PARAM_CTS_MODE>) <UTF8 string> Gets or sets the cipher text stealing mode. For all modes the output size is the -same as the input size. +same as the input size. The input length must be greater than or equal to the +block size. (The block size for AES and CAMELLIA is 16 bytes). Valid values for the mode are: @@ -747,25 +748,28 @@ Valid values for the mode are: =item "CS1" The NIST variant of cipher text stealing. -For message lengths that are multiples of the block size it is equivalent to -using a "AES-CBC" cipher otherwise the second last cipher text block is a -partial block. +For input lengths that are multiples of the block size it is equivalent to +using a "AES-XXX-CBC" or "CAMELLIA-XXX-CBC" cipher otherwise the second last +cipher text block is a partial block. =item "CS2" -For message lengths that are multiples of the block size it is equivalent to -using a "AES-CBC" cipher, otherwise it is the same as "CS3". +For input lengths that are multiples of the block size it is equivalent to +using a "AES-XXX-CBC" or "CAMELLIA-XXX-CBC" cipher, otherwise it is the same as +"CS3" mode. =item "CS3" The Kerberos5 variant of cipher text stealing which always swaps the last cipher text block with the previous block (which may be a partial or full block -depending on the input length). +depending on the input length). If the input length is exactly one full block +then this is equivalent to using a "AES-XXX-CBC" or "CAMELLIA-XXX-CBC" cipher. =back The default is "CS1". -This is only supported for "AES-128-CBC-CTS", "AES-192-CBC-CTS" and "AES-256-CBC-CTS". +This is only supported for "AES-128-CBC-CTS", "AES-192-CBC-CTS", "AES-256-CBC-CTS", +"CAMELLIA-128-CBC-CTS", "CAMELLIA-192-CBC-CTS" and "CAMELLIA-256-CBC-CTS". =item "tls1multi_interleave" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE>) <unsigned integer> diff --git a/doc/man7/EVP_CIPHER-CAMELLIA.pod b/doc/man7/EVP_CIPHER-CAMELLIA.pod index 7b129c6407..bba8001d00 100644 --- a/doc/man7/EVP_CIPHER-CAMELLIA.pod +++ b/doc/man7/EVP_CIPHER-CAMELLIA.pod @@ -16,6 +16,8 @@ The following algorithms are available in the default provider: =item "CAMELLIA-128-CBC", "CAMELLIA-192-CBC" and "CAMELLIA-256-CBC" +=item "CAMELLIA-128-CBC-CTS", "CAMELLIA-192-CBC-CTS" and "CAMELLIA-256-CBC-CTS" + =item "CAMELLIA-128-CFB", "CAMELLIA-192-CFB", "CAMELLIA-256-CFB", "CAMELLIA-128-CFB1", "CAMELLIA-192-CFB1", "CAMELLIA-256-CFB1", "CAMELLIA-128-CFB8", "CAMELLIA-192-CFB8" and "CAMELLIA-256-CFB8" diff --git a/doc/man7/migration_guide.pod b/doc/man7/migration_guide.pod index 8cc017dfa6..7e0bbf465d 100644 --- a/doc/man7/migration_guide.pod +++ b/doc/man7/migration_guide.pod @@ -219,9 +219,10 @@ unwrapping. The algorithms are: "AES-128-WRAP-INV", "AES-192-WRAP-INV", =item * -AES CTS cipher added to EVP layer. +CTS ciphers added to EVP layer. -The algorithms are "AES-128-CBC-CTS", "AES-192-CBC-CTS" and "AES-256-CBC-CTS". +The algorithms are "AES-128-CBC-CTS", "AES-192-CBC-CTS", "AES-256-CBC-CTS", +"CAMELLIA-128-CBC-CTS", "CAMELLIA-192-CBC-CTS" and "CAMELLIA-256-CBC-CTS". CS1, CS2 and CS3 variants are supported. =back @@ -1220,6 +1221,19 @@ tools, such as compiler memory and leak sanitizers or Valgrind. =item * +CRYPTO_cts128_encrypt_block(), CRYPTO_cts128_encrypt(), +CRYPTO_cts128_decrypt_block(), CRYPTO_cts128_decrypt(), +CRYPTO_nistcts128_encrypt_block(), CRYPTO_nistcts128_encrypt(), +CRYPTO_nistcts128_decrypt_block(), CRYPTO_nistcts128_decrypt() + +Use the higher level functions EVP_CipherInit_ex2(), EVP_CipherUpdate() and +EVP_CipherFinal_ex() instead. +See the "cts_mode" parameter in +L<EVP_EncryptInit(3)/Gettable and Settable EVP_CIPHER_CTX parameters>. +See L<EVP_EncryptInit(3)/EXAMPLES> for a AES-256-CBC-CTS example. + +=item * + d2i_DHparams(), d2i_DHxparams(), d2i_DSAparams(), d2i_DSAPrivateKey(), d2i_DSAPrivateKey_bio(), d2i_DSAPrivateKey_fp(), d2i_DSA_PUBKEY(), d2i_DSA_PUBKEY_bio(), d2i_DSA_PUBKEY_fp(), d2i_DSAPublicKey(), |