-
-
Notifications
You must be signed in to change notification settings - Fork 9.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Document which cipher modes do not support streaming #23028
Conversation
doc/man7/EVP_CIPHER-AES.pod
Outdated
@@ -63,6 +63,12 @@ FIPS provider: | |||
This implementation supports the parameters described in | |||
L<EVP_EncryptInit(3)/PARAMETERS>. | |||
|
|||
=head1 NOTES | |||
|
|||
The XTS, SIV and WRAP mode implementations do not support streaming. That |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is not true for XTS. It has a stream update, but it only likes full blocks.. The last update can be a partial block (Which it can then use CTS).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It probably should have supported buffering.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you please suggest how to formulate it better then? I've basically copied what we were saying in EVP_aes_128_xts() manpage.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Something like...
The OpenSSL AES-SIV and AES-WRAP implementations do not support streaming. That means to obtain correct results there can be only one [EVP_EncryptUpdate(3)](http://man.he.net/man3/EVP_EncryptUpdate) or [EVP_DecryptUpdate(3)](http://man.he.net/man3/EVP_DecryptUpdate) call after the initialization of the context.
The OpenSSL AES-XTS implementation allows streaming to be performed, but each EVP_EncryptUpdate/EVP_DecryptUpdate requires each input to be a multiple of the blocksize. Only the final EVP_EncryptUpdate/EVP_DecryptUpdate can optionally have an input that its not a multiple of the blocksize. (If it is not a multiple then CipherText Stealing is used).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you, I'll update it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
This pull request is ready to merge |
Merged to the master, 3.2 (both commits) and 3.1, 3.0 (only the second commit) branches. Thank you for the reviews. |
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from #23028)
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from #23028)
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from openssl#23028)
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from openssl#23028)
The first commit is applicable only to master and 3.2. The second one to all 3.x branches.
Checklist