crypto/cipher, crypto/rc4: make overlap rules wording consistent

Closes #21279

Change-Id: I84d6b168a684fa9f3c046028d0c9f00292d7c110
Reviewed-on: https://go-review.googlesource.com/61132
Reviewed-by: Adam Langley <agl@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>

src/crypto/cipher/cipher.go

@@ -17,18 +17,18 @@ type Block interface {
 	BlockSize() int
 
 	// Encrypt encrypts the first block in src into dst.
-	// Dst and src may point at the same memory.
+	// Dst and src must overlap entirely or not at all.
 	Encrypt(dst, src []byte)
 
 	// Decrypt decrypts the first block in src into dst.
-	// Dst and src may point at the same memory.
+	// Dst and src must overlap entirely or not at all.
 	Decrypt(dst, src []byte)
 }
 
 // A Stream represents a stream cipher.
 type Stream interface {
 	// XORKeyStream XORs each byte in the given slice with a byte from the
-	// cipher's key stream. Dst and src may point to the same memory.
+	// cipher's key stream. Dst and src must overlap entirely or not at all.
 	//
 	// If len(dst) < len(src), XORKeyStream should panic. It is acceptable
 	// to pass a dst bigger than src, and in that case, XORKeyStream will
@@ -47,8 +47,8 @@ type BlockMode interface {
 	BlockSize() int
 
 	// CryptBlocks encrypts or decrypts a number of blocks. The length of
-	// src must be a multiple of the block size. Dst and src may point to
-	// the same memory.
+	// src must be a multiple of the block size. Dst and src must overlap
+	// entirely or not at all.
 	//
 	// If len(dst) < len(src), CryptBlocks should panic. It is acceptable
 	// to pass a dst bigger than src, and in that case, CryptBlocks will

src/crypto/cipher/gcm.go

@@ -26,7 +26,7 @@ type AEAD interface {
 	// slice. The nonce must be NonceSize() bytes long and unique for all
 	// time, for a given key.
 	//
-	// The plaintext and dst may alias exactly or not at all. To reuse
+	// The plaintext and dst must overlap exactly or not at all. To reuse
 	// plaintext's storage for the encrypted output, use plaintext[:0] as dst.
 	Seal(dst, nonce, plaintext, additionalData []byte) []byte
 
@@ -36,7 +36,7 @@ type AEAD interface {
 	// bytes long and both it and the additional data must match the
 	// value passed to Seal.
 	//
-	// The ciphertext and dst may alias exactly or not at all. To reuse
+	// The ciphertext and dst must overlap exactly or not at all. To reuse
 	// ciphertext's storage for the decrypted output, use ciphertext[:0] as dst.
 	//
 	// Even if the function fails, the contents of dst, up to its capacity,

src/crypto/rc4/rc4.go

@@ -52,8 +52,7 @@ func (c *Cipher) Reset() {
 }
 
 // xorKeyStreamGeneric sets dst to the result of XORing src with the
-// key stream. Dst and src may be the same slice but otherwise should
-// not overlap.
+// key stream. Dst and src must overlap entirely or not at all.
 //
 // This is the pure Go version. rc4_{amd64,386,arm}* contain assembly
 // implementations. This is here for tests and to prevent bitrot.

src/crypto/rc4/rc4_asm.go

@@ -9,7 +9,7 @@ package rc4
 func xorKeyStream(dst, src *byte, n int, state *[256]uint32, i, j *uint8)
 
 // XORKeyStream sets dst to the result of XORing src with the key stream.
-// Dst and src may be the same slice but otherwise should not overlap.
+// Dst and src must overlap entirely or not at all.
 func (c *Cipher) XORKeyStream(dst, src []byte) {
 	if len(src) == 0 {
 		return

src/crypto/rc4/rc4_ref.go

@@ -7,7 +7,7 @@
 package rc4
 
 // XORKeyStream sets dst to the result of XORing src with the key stream.
-// Dst and src may be the same slice but otherwise should not overlap.
+// Dst and src must overlap entirely or not at all.
 func (c *Cipher) XORKeyStream(dst, src []byte) {
 	c.xorKeyStreamGeneric(dst, src)
 }