I find that the EVP_aes_256_gcm for decrypt requires the Tag to be set before the first call of EVP_DecryptUpdate(), and EVP_DecryptFinal_ex() with then return 0 if the Tag is found to be incorrect.
I was hoping to be able to get the Tag, by EVP_CTRL_GET_TAG, but the documentation say that only works for encryption. Is there a way of reaching into (or below) the EVP stuff, to (a) prevent EVP_DecryptFinal_ex() from requiring and checking the Tag, and (b) getting the Tag after EVP_DecryptFinal_ex() -- same like after EVP_EncryptFinal_ex() ? I ask because I have an application which encrypts an arbitrary amount of data and starts sending it before all of it has been encrypted. What I have found so far seems to require me to receive all the cipher-text, and only when the Tag (finally) arrives, can I start to decrypt :-( Thanks, Chris _______________________________________________ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
