From: Benjamin Kaduk Date: Tue, 9 Jan 2018 21:26:37 +0000 (-0600) Subject: enc(1): document that AEAD is not and will not be supported X-Git-Tag: OpenSSL_1_1_1-pre1~175 X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=272cc20b32915633402358e10ddc01fe43b8aebe enc(1): document that AEAD is not and will not be supported Note the reasons, including streaming output issues and key/iv/nonce management issues. Recommend the use of cms(1) instead. Fixes #471. Reviewed-by: Rich Salz Reviewed-by: Andy Polyakov Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/5048) --- diff --git a/doc/man1/enc.pod b/doc/man1/enc.pod index 2ec4d169b1..2a4497b5bd 100644 --- a/doc/man1/enc.pod +++ b/doc/man1/enc.pod @@ -243,8 +243,22 @@ list of ciphers, supported by your version of OpenSSL, including ones provided by configured engines. The B program does not support authenticated encryption modes -like CCM and GCM. The utility does not store or retrieve the -authentication tag. +like CCM and GCM, and will not support such modes in the future. +The B interface by necessity must begin streaming output (e.g., +to standard output when B<-out> is not used before the authentication +tag could be validated, leading to the usage of B in pipelines +that begin processing untrusted data and are not capable of rolling +back upon authentication failure. The AEAD modes currently in common +use also suffer from catastrophic failure of confidentiality and/or +integrity upon reuse of key/iv/nonce, and since B places the +entire burden of key/iv/nonce management upon the user, the risk of +exposing AEAD modes is too great to allow. These key/iv/nonce +management issues also affect other modes currently exposed in B, +but the failure modes are less extreme in these cases, and the +functionality cannot be removed with a stable release branch. +For bulk encryption of data, whether using authenticated encryption +modes or other modes, L is recommended, as it provides a +standard data format and performs the needed key/iv/nonce management. base64 Base 64