From: Matt Caswell Date: Tue, 23 Nov 2021 12:24:39 +0000 (+0000) Subject: Clarify and correct the EVP_CTRL_AEAD_SET_TAG docs X-Git-Tag: OpenSSL_1_1_1m~17 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fd0fd729bb6c75e266b881580d69d679af044cad;p=thirdparty%2Fopenssl.git Clarify and correct the EVP_CTRL_AEAD_SET_TAG docs The restriction about setting a tag length prior to setting the IV only applies to OCB mode. We clarify when in the process EVP_CTRL_AEAD_SET_TAG can be called. Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17111) (cherry picked from commit 3607b8ad8ee1980a079e985333a196e0c79f8f00) --- diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index 0d8a780bb79..ffd1aab2b3a 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -380,18 +380,20 @@ B. =item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag) -Sets the expected tag to C bytes from C. -The tag length can only be set before specifying an IV. +When decrypting, this call sets the expected tag to C bytes from C. C must be between 1 and 16 inclusive. +The tag must be set prior to any call to EVP_DecryptFinal() or +EVP_DecryptFinal_ex(). For GCM, this call is only valid when decrypting data. For OCB, this call is valid when decrypting data to set the expected tag, -and before encryption to set the desired tag length. +and when encrypting to set the desired tag length. -In OCB mode, calling this before encryption with C set to C sets the -tag length. If this is not called prior to encryption, a default tag length is -used. +In OCB mode, calling this when encrypting with C set to C sets the +tag length. The tag length can only be set before specifying an IV. If this is +not called prior to setting the IV during encryption, then a default tag length +is used. For OCB AES, the default tag length is 16 (i.e. 128 bits). It is also the maximum tag length for OCB.