mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-07-28 00:21:48 +03:00
Merge pull request #4585 from mpg/cipher-aead-delayed
Clarify multi-part AEAD calling sequence in Cipher module
This commit is contained in:
15
docs/3.0-migration-guide.d/cipher-delayed-output.md
Normal file
15
docs/3.0-migration-guide.d/cipher-delayed-output.md
Normal file
@ -0,0 +1,15 @@
|
||||
Calling `mbedtls_cipher_finish()` is mandatory for all multi-part operations
|
||||
----------------------------------------------------------------------------
|
||||
|
||||
This only affects people who use the cipher module to perform AEAD operations
|
||||
using the multi-part API.
|
||||
|
||||
Previously, the documentation didn't state explicitly if it was OK to call
|
||||
`mbedtls_cipher_check_tag()` or `mbedtls_cipher_write_tag()` directly after
|
||||
the last call to `mbedtls_cipher_update()` - that is, without calling
|
||||
`mbedtls_cipher_finish()` in-between. If you code was missing that call,
|
||||
please add it and be prepared to get as much as 15 bytes of output.
|
||||
|
||||
Currently the output is always 0 bytes, but it may be more when alternative
|
||||
implementations of the underlying primitives are in use, or with future
|
||||
versions of the library.
|
Reference in New Issue
Block a user