Hello, I've been trying recently to work with OpenSSL and use it to encrypt and decrypt data with AES cipher in GCM mode. While reading the documentation, I noticed an inconsistency between example code and manual.
My concern is the function used to set GCM tag when decrypting some data. In current version of the manual[1] it is written that EVP_CIPHER_CTX_ctrl function with EVP_CTRL_GCM_SET_TAG argument can be legally used only before any data is processed by OpenSSL - "Sets the expected tag to taglen bytes from tag. This call is only legal when decrypting data and must be made before any data is processed (e.g. before any EVP_DecryptUpdate() call). However, looking at an example code on wiki[2] it appears that user can set a tag after calls to EVP_DecryptUpdate. The tag must be set only before calling EVP_DecryptFinal, which according how to GCM mode works should be a correct behavior. Running an example code confirms, that user doesn't have to set the tag before any processing calls, only before EVP_DecryptFinal. This inconsistency was checked in 1.0.2, but appearently it appears on 1.1.0 and on master documentation as well (with EVP_CTRL macro being different, as it also involves OCB mode now). Is it just a case of missing correction in documentation? Or maybe the documentation is correct, but there is a bug in OpenSSL? Best Regards, Lukasz Kostyra ------------------ [1] - https://www.openssl.org/docs/man1.0.2/crypto/EVP_CIPHER_CTX_ctrl.html [2] - https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decrypti on#Authenticated_Decryption_using_GCM_mode -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev