From 5f79da4812d2bafd92a964a63875cda8f76a8045 Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Wed, 28 Sep 2016 21:49:57 +0900 Subject: cipher: update the documentation for Cipher#auth_tag= The authentication tag can be set after starting the decryption, if only it is before Cipher#final is called. Fixes: https://github.com/ruby/openssl/issues/74 --- ext/openssl/ossl_cipher.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) (limited to 'ext') diff --git a/ext/openssl/ossl_cipher.c b/ext/openssl/ossl_cipher.c index c2f0927a..36e42ede 100644 --- a/ext/openssl/ossl_cipher.c +++ b/ext/openssl/ossl_cipher.c @@ -631,13 +631,11 @@ ossl_cipher_get_auth_tag(int argc, VALUE *argv, VALUE self) * call-seq: * cipher.auth_tag = string -> string * - * Sets the authentication tag to verify the contents of the - * ciphertext. The tag must be set after calling Cipher#decrypt, - * Cipher#key= and Cipher#iv=, but before assigning the associated - * authenticated data using Cipher#auth_data= and of course, before - * decrypting any of the ciphertext. After all decryption is - * performed, the tag is verified automatically in the call to - * Cipher#final. + * Sets the authentication tag to verify the integrity of the ciphertext. + * This can be called only when the cipher supports AE. The tag must be set + * after calling Cipher#decrypt, Cipher#key= and Cipher#iv=, but before + * calling Cipher#final. After all decryption is performed, the tag is + * verified automatically in the call to Cipher#final. * * For OCB mode, the tag length must be supplied with #auth_tag_len= * beforehand. -- cgit v1.2.3