diff options
Diffstat (limited to 'docs/hazmat')
| -rw-r--r-- | docs/hazmat/bindings/interfaces.rst | 4 | ||||
| -rw-r--r-- | docs/hazmat/bindings/openssl.rst | 2 | ||||
| -rw-r--r-- | docs/hazmat/primitives/symmetric-encryption.rst | 11 |
3 files changed, 11 insertions, 6 deletions
diff --git a/docs/hazmat/bindings/interfaces.rst b/docs/hazmat/bindings/interfaces.rst index c55d86dc..711c82c2 100644 --- a/docs/hazmat/bindings/interfaces.rst +++ b/docs/hazmat/bindings/interfaces.rst @@ -69,6 +69,8 @@ A specific ``backend`` may provide one or more of these interfaces. :returns: :class:`~cryptography.hazmat.primitives.interfaces.CipherContext` + :raises ValueError: When tag is not None in an AEAD mode + .. method:: create_symmetric_decryption_ctx(cipher, mode) @@ -86,6 +88,8 @@ A specific ``backend`` may provide one or more of these interfaces. :returns: :class:`~cryptography.hazmat.primitives.interfaces.CipherContext` + :raises ValueError: When tag is None in an AEAD mode + .. class:: HashBackend diff --git a/docs/hazmat/bindings/openssl.rst b/docs/hazmat/bindings/openssl.rst index 194eeb92..d6bfa672 100644 --- a/docs/hazmat/bindings/openssl.rst +++ b/docs/hazmat/bindings/openssl.rst @@ -21,5 +21,5 @@ These are `CFFI`_ bindings to the `OpenSSL`_ C library. and access constants. -.. _`CFFI`: http://cffi.readthedocs.org/ +.. _`CFFI`: https://cffi.readthedocs.org/ .. _`OpenSSL`: https://www.openssl.org/ diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index 8d8d558b..2f390175 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -329,9 +329,10 @@ Modes .. danger:: - When using this mode you MUST not use the decrypted data until every - byte has been decrypted. GCM provides NO guarantees of ciphertext - integrity until decryption is complete. + When using this mode you MUST not use the decrypted data until + :meth:`~cryptography.hazmat.primitives.interfaces.CipherContext.finalize` + has been called. GCM provides NO guarantees of ciphertext integrity + until decryption is complete. GCM (Galois Counter Mode) is a mode of operation for block ciphers. An AEAD (authenticated encryption with additional data) mode is a type of @@ -349,8 +350,8 @@ Modes Do not reuse an ``initialization_vector`` with a given ``key``. - :param bytes tag: The tag bytes to verify during decryption. Must be provided - for decryption, but is ignored when encrypting. + :param bytes tag: The tag bytes to verify during decryption. When encrypting + this must be None. .. doctest:: |