Commit 0d8454ed32 for openssl.org

commit 0d8454ed32ff7ed5b9b5f5a9e32eb7fa1a753cea
Author: William Faber <wmf1426@rit.edu>
Date:   Sun Mar 22 17:29:27 2026 -0400

    Doc: clarify AAD out1 semantics in EVP_EncryptInit

    Fixes #29761

    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
    MergeDate: Fri Mar 27 16:40:23 2026
    (Merged from https://github.com/openssl/openssl/pull/30533)

diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod
index a0de124015..0e4ccadb6f 100644
--- a/doc/man3/EVP_EncryptInit.pod
+++ b/doc/man3/EVP_EncryptInit.pod
@@ -1496,7 +1496,12 @@ depending on the mode specified.
 To specify additional authenticated data (AAD), a call to EVP_CipherUpdate(),
 EVP_EncryptUpdate() or EVP_DecryptUpdate() should be made with the output
 parameter I<out> set to NULL. In this case, on success, the parameter
-I<outl> is set to the number of bytes authenticated.
+I<outl> is set to the number of AAD bytes processed in that call
+(that is, the value of I<inl>), and does not include any plaintext
+or ciphertext bytes processed by other calls.
+
+If no AAD is used, this call can be omitted. See the mode-specific notes
+below for any exceptions.

 When decrypting, the return value of EVP_DecryptFinal() or EVP_CipherFinal()
 indicates whether the operation was successful. If it does not indicate success,