Praveen Kariyanahalli via RT <r...@openssl.org> wrote: > Is there is a reason why openssl has restriction of auth before encrypt > order ? I dont believe there is an algo restriction, was wondering why > openssl has this. >
It *is* inherent in the algorithm. The authentication tag for the AAD is computed first, then the authentication tag for the encrypted data is computed. > The reason I bring this up, is that when I broadcast/multicast traffic need > not encrypt the payload multiple times, but need to auth the header > differently and openssl is refusing to cooperate :) With AEADs, in general, you can't separate the authentication from the encryption like that. Cheers, Brian -- https://briansmith.org/
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
