Is is allowed to use the same buffer for input and output when using the AES primitives? I found a very short comment from several years ago in a polarssl forum, but was not able to find any documentation in the API reference stating that this is allowed. If this is supported in the software implementation is it guaranteed to be supported in hardware accelerated implementations provided by other silicon vendors?
Thank you for your question and for your interest in Mbed TLS!
In place cipher is allowed in Mbed TLS, unless specified otherwise.
As you can see from this issue, we are missing tests for in-place operations, but it should be supported.
as for hardware accelerated implementations, we cannot guarantee that in place operations will work. It is very much dependent on the implementation, and on the hardware limitations.
It doesn’t make sense for a hardware acceleration driver to store a temporary buffer for the output, as it obsoletes the acceleration.
Mbed TLS team member