doc: Fix documentation of EVP_EncryptUpdate(). #12435
Conversation
The documentation was off by one for the length this function could return.
|
Do you think it's useful to have the documentation say it's different for wrap ciphers? |
Yeah, unless we can come up with some plausible case for other ciphers where it would happen as well? Because otherwise we are basically making most existing uses of EVP_EncryptUpdate non-conforming to the documentation. Which is kind-of API break. Inevitable for wrap ciphers, yes, but not for the others. |
|
I guess the other exception is the stream ciphers.
Maybe it's also useful to document if you pass it a multiple of
the block size, you get exactly that amount back.
|
Is this true for the wrap ciphers?? The |
|
I think Kurt meant regular block cipher modes. So I believe we should document all the possible cases if we really want to make the documentation truly helpful and the API contract reasonable. It would be pretty bad if we required for all EVP_EncryptUpdate() calls to reserve inlen rounded up to blocksize + blocksize. Even if the underlying cipher mode is stream one and the extra blocksize is needed only for the wrap modes. |
|
I've added statements for most ciphers, wrapping and stream ciphers. Ideally, we should document the behaviour for each cipher mode individually. |
|
LGTM |
The documentation was off by one for the length this function could return. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from #12435)
|
Merged to 1.1.1 and master. Thanks for the feedback and suggestions. |
The documentation was off by one for the length this function could return.
The wrap functions could exceed the limit by one.