From 51a7066e2092b062a502e29166adfcc297803058 Mon Sep 17 00:00:00 2001 From: Samuel Lee Date: Wed, 19 Jul 2023 11:04:12 -0700 Subject: [PATCH] Fix documentation around AAD and return values in EVP_Cipher* Fixes #21485 Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/21494) --- doc/man3/EVP_EncryptInit.pod | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index 7883f2818a6..3d1a6b5615c 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -1244,10 +1244,11 @@ EVP_DecryptFinal_ex() returns 0 if the decrypt failed or 1 for success. EVP_CipherInit_ex2() and EVP_CipherUpdate() return 1 for success and 0 for failure. EVP_CipherFinal_ex() returns 0 for a decryption failure or 1 for success. -EVP_Cipher() returns the amount of encrypted / decrypted bytes, or -1 -on failure if the flag B is set for the -cipher. EVP_Cipher() returns 1 on success or 0 on failure, if the flag +EVP_Cipher() returns 1 on success or 0 on failure, if the flag B is not set for the cipher. +EVP_Cipher() returns the number of bytes written to I for encryption / decryption, or +the number of bytes authenticated in a call specifying AAD for an AEAD cipher, if the flag +B is set for the cipher. EVP_CIPHER_CTX_reset() returns 1 for success and 0 for failure. @@ -1318,7 +1319,8 @@ depending on the mode specified. To specify additional authenticated data (AAD), a call to EVP_CipherUpdate(), EVP_EncryptUpdate() or EVP_DecryptUpdate() should be made with the output -parameter I set to B. +parameter I set to B. In this case, on success, the parameter +I is set to the number of bytes authenticated. When decrypting, the return value of EVP_DecryptFinal() or EVP_CipherFinal() indicates whether the operation was successful. If it does not indicate success, -- 2.47.2