Doc: clarify AAD out1 semantics in EVP_EncryptInit

author William Faber <wmf1426@rit.edu>

Sun, 22 Mar 2026 21:29:27 +0000 (17:29 -0400)

committer Tomas Mraz <tomas@openssl.foundation>

Fri, 27 Mar 2026 16:40:12 +0000 (17:40 +0100)
author William Faber <wmf1426@rit.edu>
Sun, 22 Mar 2026 21:29:27 +0000 (17:29 -0400)
committer Tomas Mraz <tomas@openssl.foundation>
Fri, 27 Mar 2026 16:40:12 +0000 (17:40 +0100)
diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod

index a0de124015b92086e033c8496bde357ca8613015..0e4ccadb6f941d561a5b9a3a65f847f96ae96a49 100644 (file)
--- a/doc/man3/EVP_EncryptInit.pod
+++ b/doc/man3/EVP_EncryptInit.pod
@@ -1496,7 +1496,12 @@ depending on the mode specified.
  To specify additional authenticated data (AAD), a call to EVP_CipherUpdate(),
  EVP_EncryptUpdate() or EVP_DecryptUpdate() should be made with the output
  parameter I<out> set to NULL. In this case, on success, the parameter
-I<outl> is set to the number of bytes authenticated.
+I<outl> is set to the number of AAD bytes processed in that call
+(that is, the value of I<inl>), and does not include any plaintext
+or ciphertext bytes processed by other calls.
+
+If no AAD is used, this call can be omitted. See the mode-specific notes
+below for any exceptions.
  
  When decrypting, the return value of EVP_DecryptFinal() or EVP_CipherFinal()
  indicates whether the operation was successful. If it does not indicate success,
author	William Faber <wmf1426@rit.edu>
	Sun, 22 Mar 2026 21:29:27 +0000 (17:29 -0400)
committer	Tomas Mraz <tomas@openssl.foundation>
	Fri, 27 Mar 2026 16:40:12 +0000 (17:40 +0100)