[openssl-dev] [openssl.org #4521] openssl GCM ordering
Brian Smith
brian at briansmith.org
Tue Apr 26 02:20:11 UTC 2016
Praveen Kariyanahalli via RT <rt at openssl.org> wrote:
> Is there is a reason why openssl has restriction of auth before encrypt
> order ? I dont believe there is an algo restriction, was wondering why
> openssl has this.
>
It *is* inherent in the algorithm. The authentication tag for the AAD is
computed first, then the authentication tag for the encrypted data is
computed.
> The reason I bring this up, is that when I broadcast/multicast traffic need
> not encrypt the payload multiple times, but need to auth the header
> differently and openssl is refusing to cooperate :)
With AEADs, in general, you can't separate the authentication from the
encryption like that.
Cheers,
Brian
--
https://briansmith.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160425/2d0c62d4/attachment.html>
More information about the openssl-dev
mailing list