[openssl-dev] evp cipher/digest - add alternative to init-update-final interface
Patrick Steuer
psteuer at mail.de
Thu Jan 18 16:34:05 UTC 2018
On 01/18/2018 02:37 AM, Peter Waltenberg wrote:
> Or just add another EVP_CIPHER_CTX_ctrl() option (EVP_CTRL_CIPHER_ONE_SHOT
> or similar.) and handle it the way CCM does now and finish the operation
> on the first data update.
>
> That doesn't require a new API and would probably simplify some existing
> code.
Ctrls for 1-shot aead paket processing like in tls 1.2 would be the
easiest solution for tls 1.3 pakets and i agree it could also be
extended to the general case.
Though aead is in some sense more than a cipher mode of operation.
Providing a dedicated api would have some advantages but i see that
maybe i reopen a discussion:
"We are also evaluating the following new features. -New AEAD API [...]"
https://www.openssl.org/policies/roadmap.html#forthcoming
Was this already evaluated? If yes, what was the result ?
More information about the openssl-dev
mailing list