[openssl-users] EVP_aes_256_gcm -- receiving of tag

'Chris Hall' chris.hall.list at highwayman.com
Thu Jan 22 11:18:17 UTC 2015

Dr. Stephen Henson wrote (on Wed 21-Jan-2015 at 14:53 +0000):
> On Tue, Jan 20, 2015, 'Chris Hall' wrote:
> > I find that the EVP_aes_256_gcm for decrypt requires the Tag to be
> > set before the first call of EVP_DecryptUpdate(), and
> > EVP_DecryptFinal_ex() with then return 0 if the Tag is found to
> > be incorrect.

> Unless you're using an old version of OpenSSL you should be able to
> specify the tag after any EVP_DecryptUpdate calls but it still has to
> be before EVP_DecryptFinal().
> This was addressed by commit 96f7fafa24313106b121782f1dcf7928dd0838ed


It's very kind of EVP_DecryptFinal() to check the Tag, but I could do
with a way of getting hold of the Tag generated.  In particular, I want
to append signed copy of the Tag to the message, so the receiver may not
even know what the Tag is.

I suppose I could send the Tag between the encrypted message and the
trailing signature, but I don't particularly want to reveal the Tag.
Also, this is messing with the message format to fit the library !



More information about the openssl-users mailing list