public/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Clarify EVP_CipherUpdate() authenticated bytes behavior

Browse source 
Fixes #8310: Document that the number of authenticated bytes returned by EVP_CipherUpdate() varies with the cipher used. Mention that stream ciphers like ChaCha20 can handle 1 byte at a time, while OCB mode requires processing data one block at a time. Ensure it's clear that passing unpadded data in one call is safe.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24961)

(cherry picked from commit d15077d336)
This commit is contained in:
erbsland-dev 2024-07-22 10:26:17 +02:00 committed by Tomas Mraz
parent 8048a8a8a0
commit 16b1f55ac6
1 changed files with 9 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
doc/man3/EVP_EncryptInit.pod
View file

@ -1390,6 +1390,15 @@ indicates whether the operation was successful. If it does not indicate success,
the authentication operation has failed and any output data B<MUST NOT> be used
as it is corrupted.
Please note that the number of authenticated bytes returned by
EVP_CipherUpdate() depends on the cipher used. Stream ciphers, such as ChaCha20
or ciphers in GCM mode, can handle 1 byte at a time, resulting in an effective
"block" size of 1. Conversely, ciphers in OCB mode must process data one block
at a time, and the block size is returned.
Regardless of the returned size, it is safe to pass unpadded data to an
EVP_CipherUpdate() call in a single operation.
=head2 GCM and OCB Modes
The following I<ctrl>s are supported in GCM and OCB modes.