diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2017-08-23 13:07:23 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2017-08-23 23:54:51 +0100 |
commit | 5e95c1efe6e23f5dd5cd88b8fbb851a999a2c098 (patch) | |
tree | cbc9ef3f7bec0394e8b571c8e756b60243d01aa1 | |
parent | a130950df92abf7dd787b000403da02af8f41c2d (diff) |
Correct GCM docs.
Fix GCM documentation: the tag does not have to be supplied before
decrypting any data any more.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4231)
-rw-r--r-- | doc/man3/EVP_EncryptInit.pod | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index 66e1ffb688..0aaba05707 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -442,9 +442,8 @@ either be 16 or the value previously set via EVP_CTRL_OCB_SET_TAGLEN. EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag); Sets the expected tag to B<taglen> bytes from B<tag>. This call is only legal -when decrypting data and must be made B<before> any data is processed (e.g. -before any EVP_DecryptUpdate() call). For OCB mode the taglen must -either be 16 or the value previously set via EVP_CTRL_AEAD_SET_TAG. +when decrypting data. For OCB mode the taglen must either be 16 or the value +previously set via EVP_CTRL_AEAD_SET_TAG. In OCB mode calling this with B<tag> set to NULL sets the tag length. The tag length can only be set before specifying an IV. If not called a default tag |