From: Samuel Lee Date: Wed, 19 Jul 2023 18:04:12 +0000 (-0700) Subject: Fix documentation around AAD and return values in EVP_Cipher* X-Git-Tag: openssl-3.2.0-alpha1~384 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=51a7066e2092b062a502e29166adfcc297803058;p=thirdparty%2Fopenssl.git Fix documentation around AAD and return values in EVP_Cipher* Fixes #21485 Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/21494) --- diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index 7883f2818a6..3d1a6b5615c 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -1244,10 +1244,11 @@ EVP_DecryptFinal_ex() returns 0 if the decrypt failed or 1 for success. EVP_CipherInit_ex2() and EVP_CipherUpdate() return 1 for success and 0 for failure. EVP_CipherFinal_ex() returns 0 for a decryption failure or 1 for success. -EVP_Cipher() returns the amount of encrypted / decrypted bytes, or -1 -on failure if the flag B is set for the -cipher. EVP_Cipher() returns 1 on success or 0 on failure, if the flag +EVP_Cipher() returns 1 on success or 0 on failure, if the flag B is not set for the cipher. +EVP_Cipher() returns the number of bytes written to I for encryption / decryption, or +the number of bytes authenticated in a call specifying AAD for an AEAD cipher, if the flag +B is set for the cipher. EVP_CIPHER_CTX_reset() returns 1 for success and 0 for failure. @@ -1318,7 +1319,8 @@ depending on the mode specified. To specify additional authenticated data (AAD), a call to EVP_CipherUpdate(), EVP_EncryptUpdate() or EVP_DecryptUpdate() should be made with the output -parameter I set to B. +parameter I set to B. In this case, on success, the parameter +I is set to the number of bytes authenticated. When decrypting, the return value of EVP_DecryptFinal() or EVP_CipherFinal() indicates whether the operation was successful. If it does not indicate success,