Clarify Tag Length Setting in OCB Mode

Fixes #8331: Updated the description for setting the tag length in OCB mode to remove the misleading “when encrypting” and “during encryption” phrasing. This change emphasizes that setting a custom tag length requires a call with NULL, applicable to both encryption and decryption contexts.

Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25424)

diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod
index 734d71b56c663f8b7155edb99f5f9b5051989005..53ce50b19f80cac0dbad3df53dd316408adbf76a 100644 (file)
--- a/doc/man3/EVP_EncryptInit.pod
+++ b/doc/man3/EVP_EncryptInit.pod
@@ -1435,10 +1435,9 @@ For GCM, this call is only valid when decrypting data.
 For OCB, this call is valid when decrypting data to set the expected tag,
 and when encrypting to set the desired tag length.
 
-In OCB mode, calling this when encrypting with C<tag> set to C<NULL> sets the
-tag length. The tag length can only be set before specifying an IV. If this is
-not called prior to setting the IV during encryption, then a default tag length
-is used.
+In OCB mode, calling this with C<tag> set to C<NULL> sets the tag length.
+The tag length can only be set before specifying an IV. If this is not called
+prior to setting the IV, then a default tag length is used.
 
 For OCB AES, the default tag length is 16 (i.e. 128 bits).  It is also the
 maximum tag length for OCB.