diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2017-08-26 10:07:58 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2017-08-26 10:07:58 +0900 |
commit | d05a1a9120b6870e19b20d7a6c367482ac96e1cc (patch) | |
tree | a0634b37822d6033bfffdfcac21878bf8897e906 /ext/openssl/ossl_cipher.c | |
parent | 3ed3fc5dde962615fcf42d0cfa4feba6cb8af9d5 (diff) | |
parent | 230467d23c2b70f2f8f1af1e5b28243e0e119cf6 (diff) | |
download | ruby-openssl-d05a1a9120b6870e19b20d7a6c367482ac96e1cc.tar.gz |
Merge branch 'maint'
This also restores 'if defined?(OpenSSL)-end' wrapping the test code.
They have been removed erroneously by commit 4eb4b3297a92 ("Remove
support for OpenSSL 0.9.8 and 1.0.0", 2016-11-30).
* maint:
test/test_ssl: explicitly accept TLS 1.1 in corresponding test
ssl: remove useless call to rb_thread_wait_fd()
test/test_pair, test/test_ssl: fix for TLS 1.3
test/test_ssl_session: rearrange tests
test/test_ssl: move test_multibyte_read_write to test_pair
test/test_ssl: remove test_invalid_shutdown_by_gc
test/utils: do not use DSA certificates in SSL tests
test/utils: add OpenSSL::TestUtils.openssl? and .libressl?
test/utils: improve error handling in start_server
test/utils: let server_loop close socket
test/utils: do not set ecdh_curves in start_server
test/utils: have start_server yield only the port number
test/utils: add SSLTestCase#tls12_supported?
test/utils: remove OpenSSL::TestUtils.silent
test: fix formatting
Rakefile: let sync:to_ruby know about test/openssl/fixtures
cipher: update the documentation for Cipher#auth_tag=
Backport "Merge branch 'topic/test-memory-leak'" to maint
ssl: do not call session_remove_cb during GC
Diffstat (limited to 'ext/openssl/ossl_cipher.c')
-rw-r--r-- | ext/openssl/ossl_cipher.c | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/ext/openssl/ossl_cipher.c b/ext/openssl/ossl_cipher.c index 21fcb1b6..bfa76c1a 100644 --- a/ext/openssl/ossl_cipher.c +++ b/ext/openssl/ossl_cipher.c @@ -620,13 +620,11 @@ ossl_cipher_get_auth_tag(int argc, VALUE *argv, VALUE self) * call-seq: * cipher.auth_tag = string -> string * - * Sets the authentication tag to verify the contents of the - * ciphertext. The tag must be set after calling Cipher#decrypt, - * Cipher#key= and Cipher#iv=, but before assigning the associated - * authenticated data using Cipher#auth_data= and of course, before - * decrypting any of the ciphertext. After all decryption is - * performed, the tag is verified automatically in the call to - * Cipher#final. + * Sets the authentication tag to verify the integrity of the ciphertext. + * This can be called only when the cipher supports AE. The tag must be set + * after calling Cipher#decrypt, Cipher#key= and Cipher#iv=, but before + * calling Cipher#final. After all decryption is performed, the tag is + * verified automatically in the call to Cipher#final. * * For OCB mode, the tag length must be supplied with #auth_tag_len= * beforehand. |