[openssl-users] EVP_aes_256_gcm -- receiving of tag
chris.hall.list at highwayman.com
Thu Jan 22 11:18:17 UTC 2015
Dr. Stephen Henson wrote (on Wed 21-Jan-2015 at 14:53 +0000):
> On Tue, Jan 20, 2015, 'Chris Hall' wrote:
> > I find that the EVP_aes_256_gcm for decrypt requires the Tag to be
> > set before the first call of EVP_DecryptUpdate(), and
> > EVP_DecryptFinal_ex() with then return 0 if the Tag is found to
> > be incorrect.
> Unless you're using an old version of OpenSSL you should be able to
> specify the tag after any EVP_DecryptUpdate calls but it still has to
> be before EVP_DecryptFinal().
> This was addressed by commit 96f7fafa24313106b121782f1dcf7928dd0838ed
It's very kind of EVP_DecryptFinal() to check the Tag, but I could do
with a way of getting hold of the Tag generated. In particular, I want
to append signed copy of the Tag to the message, so the receiver may not
even know what the Tag is.
I suppose I could send the Tag between the encrypted message and the
trailing signature, but I don't particularly want to reveal the Tag.
Also, this is messing with the message format to fit the library !
More information about the openssl-users