From: William Faber <wmf1426@rit.edu>
Date: Sun, 22 Mar 2026 21:29:27 +0000 (-0400)
Subject: Doc: clarify AAD out1 semantics in EVP_EncryptInit
X-Git-Tag: openssl-4.0.0~93
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ea42bd7e54e285e1741e53eb131da1ffe6d018cc;p=thirdparty%2Fopenssl.git

Doc: clarify AAD out1 semantics in EVP_EncryptInit

Fixes #29761

Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Fri Mar 27 16:40:23 2026
(Merged from https://github.com/openssl/openssl/pull/30533)

(cherry picked from commit 0d8454ed32ff7ed5b9b5f5a9e32eb7fa1a753cea)
---

diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod
index cdd7366ad39..208424a7578 100644
--- a/doc/man3/EVP_EncryptInit.pod
+++ b/doc/man3/EVP_EncryptInit.pod
@@ -1495,7 +1495,12 @@ depending on the mode specified.
 To specify additional authenticated data (AAD), a call to EVP_CipherUpdate(),
 EVP_EncryptUpdate() or EVP_DecryptUpdate() should be made with the output
 parameter I<out> set to NULL. In this case, on success, the parameter
-I<outl> is set to the number of bytes authenticated.
+I<outl> is set to the number of AAD bytes processed in that call
+(that is, the value of I<inl>), and does not include any plaintext
+or ciphertext bytes processed by other calls.
+
+If no AAD is used, this call can be omitted. See the mode-specific notes
+below for any exceptions.
 
 When decrypting, the return value of EVP_DecryptFinal() or EVP_CipherFinal()
 indicates whether the operation was successful. If it does not indicate success,