*
* @param[in] key Key value.
* @param[in] icv (Non-standard) IV, 4 bytes. NULL = use default_aiv.
- * @param[out] out Ciphertext. Minimal buffer length = (inlen + 15) bytes.
+ * @param[out] out Ciphertext. Minimal buffer length =
+ * (inlen rounded up to 8 + 8) bytes, i.e.
+ * ((inlen + 7) / 8) * 8 + 8.
* Input and output buffers can overlap if block function
* supports that.
* @param[in] in Plaintext as n 64-bit blocks, n >= 2.
For most ciphers and modes, the amount of data written can be anything
from zero bytes to (inl + cipher_block_size - 1) bytes.
For wrap cipher modes, the amount of data written can be anything
-from zero bytes to (inl + cipher_block_size) bytes.
+from zero bytes to (inl rounded up to cipher_block_size + cipher_block_size)
+bytes.
For stream ciphers, the amount of data written can be anything from zero
bytes to inl bytes.
Thus, the buffer pointed to by I<out> must contain sufficient room for the
means to obtain correct results there can be only one L<EVP_EncryptUpdate(3)>
or L<EVP_DecryptUpdate(3)> call after the initialization of the context.
+When wrapping with AES-WRAP-PAD ciphers, the output buffer must be at least
+I<inl> rounded up to the cipher block size (8 bytes) plus the block size.
+That is, the minimum output buffer size is C<((inl + 7) / 8) * 8 + 8> bytes.
+
The AES-XTS implementations allow streaming to be performed, but each
L<EVP_EncryptUpdate(3)> or L<EVP_DecryptUpdate(3)> call requires each input
to be a multiple of the blocksize. Only the final EVP_EncryptUpdate() or
projects / thirdparty / openssl.git / commitdiff
