Fixes #12441
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15237)
=item "iv" (B<OSSL_MAC_PARAM_IV>) <octet string>
-Some MAC implementations require an IV, this parameter sets the IV.
+Some MAC implementations (GMAC) require an IV, this parameter sets the IV.
=item "custom" (B<OSSL_MAC_PARAM_CUSTOM>) <octet string>
the transitions described there will be enforced. When this is done, it will
not be considered a breaking change to the API.
+The usage of the parameter names "custom", "iv" and "salt" correspond to
+the names used in the standard where the algorithm was defined.
=head1 RETURN VALUES
The "size" parameter can also be retrieved with with EVP_MAC_CTX_get_mac_size().
The length of the "size" parameter should not exceed that of an B<unsigned int>.
+=head1 NOTES
+
+The OpenSSL implementation of the Poly 1305 MAC corresponds to RFC 7539.
+
+It is critical to never reuse the key. The security implication noted in
+RFC 8439 applies equally to the OpenSSL implementation.
+
=head1 SEE ALSO
L<EVP_MAC_CTX_get_params(3)>, L<EVP_MAC_CTX_set_params(3)>,