[openssl-dev] GCM tag in manual and examples
Lukasz Kostyra
l.kostyra at samsung.com
Tue Aug 22 10:01:56 UTC 2017
Hello,
I've been trying recently to work with OpenSSL and use it to encrypt and
decrypt data with AES cipher in GCM mode. While reading the documentation, I
noticed an inconsistency between example code and manual.
My concern is the function used to set GCM tag when decrypting some data. In
current version of the manual[1] it is written that EVP_CIPHER_CTX_ctrl
function with EVP_CTRL_GCM_SET_TAG argument can be legally used only before
any data is processed by OpenSSL - "Sets the expected tag to taglen bytes
from tag. This call is only legal when decrypting data and must be made
before any data is processed (e.g. before any EVP_DecryptUpdate() call).
However, looking at an example code on wiki[2] it appears that user can set
a tag after calls to EVP_DecryptUpdate. The tag must be set only before
calling EVP_DecryptFinal, which according how to GCM mode works should be a
correct behavior. Running an example code confirms, that user doesn't have
to set the tag before any processing calls, only before EVP_DecryptFinal.
This inconsistency was checked in 1.0.2, but appearently it appears on 1.1.0
and on master documentation as well (with EVP_CTRL macro being different, as
it also involves OCB mode now). Is it just a case of missing correction in
documentation? Or maybe the documentation is correct, but there is a bug in
OpenSSL?
Best Regards,
Lukasz Kostyra
------------------
[1] - https://www.openssl.org/docs/man1.0.2/crypto/EVP_CIPHER_CTX_ctrl.html
[2] -
https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decrypti
on#Authenticated_Decryption_using_GCM_mode
More information about the openssl-dev
mailing list