[openssl] master update

Dr. Paul Dale pauli at openssl.org
Fri May 14 12:24:19 UTC 2021 

The branch master has been updated
       via  bbf5ccfd8729120e067de709c43be0a4cdfb423b (commit)
      from  f04bb0bce490de847ed0482b8ec9eabedd173852 (commit)


- Log -----------------------------------------------------------------
commit bbf5ccfd8729120e067de709c43be0a4cdfb423b
Author: Pauli <pauli at openssl.org>
Date:   Wed May 12 12:26:24 2021 +1000

    mac: improve MAC documentation (Poly 1305 key reuse, nomenclature)
    
    Fixes #12441
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15237)

-----------------------------------------------------------------------

Summary of changes:
 doc/man3/EVP_MAC.pod          | 4 +++-
 doc/man7/EVP_MAC-Poly1305.pod | 7 +++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/doc/man3/EVP_MAC.pod b/doc/man3/EVP_MAC.pod
index f4386f9daf..d053375dcf 100644
--- a/doc/man3/EVP_MAC.pod
+++ b/doc/man3/EVP_MAC.pod
@@ -259,7 +259,7 @@ must be set first, see parameter names "algorithm" below.
 
 =item "iv" (B<OSSL_MAC_PARAM_IV>) <octet string>
 
-Some MAC implementations require an IV, this parameter sets the IV.
+Some MAC implementations (GMAC) require an IV, this parameter sets the IV.
 
 =item "custom" (B<OSSL_MAC_PARAM_CUSTOM>) <octet string>
 
@@ -342,6 +342,8 @@ The MAC life-cycle is described in L<life_cycle-mac(7)>.  In the future,
 the transitions described there will be enforced.  When this is done, it will
 not be considered a breaking change to the API.
 
+The usage of the parameter names "custom", "iv" and "salt" correspond to
+the names used in the standard where the algorithm was defined.
 
 =head1 RETURN VALUES
 
diff --git a/doc/man7/EVP_MAC-Poly1305.pod b/doc/man7/EVP_MAC-Poly1305.pod
index 59f9444214..a942226cd8 100644
--- a/doc/man7/EVP_MAC-Poly1305.pod
+++ b/doc/man7/EVP_MAC-Poly1305.pod
@@ -49,6 +49,13 @@ Gets the MAC size.
 The "size" parameter can also be retrieved with with EVP_MAC_CTX_get_mac_size().
 The length of the "size" parameter should not exceed that of an B<unsigned int>.
 
+=head1 NOTES
+
+The OpenSSL implementation of the Poly 1305 MAC corresponds to RFC 7539.
+
+It is critical to never reuse the key.  The security implication noted in
+RFC 8439 applies equally to the OpenSSL implementation.
+
 =head1 SEE ALSO
 
 L<EVP_MAC_CTX_get_params(3)>, L<EVP_MAC_CTX_set_params(3)>,

More information about the openssl-commits mailing list