On Tue, Aug 22, 2017, Lukasz Kostyra wrote: > Hello, > > I've been trying recently to work with OpenSSL and use it to encrypt and > decrypt data with AES cipher in GCM mode. While reading the documentation, I > noticed an inconsistency between example code and manual. > > My concern is the function used to set GCM tag when decrypting some data. In > current version of the manual[1] it is written that EVP_CIPHER_CTX_ctrl > function with EVP_CTRL_GCM_SET_TAG argument can be legally used only before > any data is processed by OpenSSL - "Sets the expected tag to taglen bytes > from tag. This call is only legal when decrypting data and must be made > before any data is processed (e.g. before any EVP_DecryptUpdate() call). > > However, looking at an example code on wiki[2] it appears that user can set > a tag after calls to EVP_DecryptUpdate. The tag must be set only before > calling EVP_DecryptFinal, which according how to GCM mode works should be a > correct behavior. Running an example code confirms, that user doesn't have > to set the tag before any processing calls, only before EVP_DecryptFinal. > > This inconsistency was checked in 1.0.2, but appearently it appears on 1.1.0 > and on master documentation as well (with EVP_CTRL macro being different, as > it also involves OCB mode now). Is it just a case of missing correction in > documentation? Or maybe the documentation is correct, but there is a bug in > OpenSSL? >
It's a bug in the documentation. The code used to require the tag first but that was fixed but the documentation wasn't. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
