Regarding the use of EVP_aes_256_cbc_hmac_sha256, EVP_rc4_hmac_md5 and AES_encrypt

Guido Vranken guidovranken at
Wed Apr 17 18:36:46 UTC 2019

First question:

How should AAD data be supplied to ciphers like
EVP_aes_256_cbc_hmac_sha256() and EVP_rc4_hmac_md5()?

If I understand correctly, these are AEAD ciphers (the
EVP_CIPH_FLAG_AEAD_CIPHER flag is set), so it should be possible to provide
AAD data?

The following seems to work for AEAD ciphers generally but crashes with the
ciphers I just mentioned:

EVP_EncryptUpdate(ctx, NULL, &len, aad, aad_len))

I call this after key and IV setting and before ciphertext input, in fact
exactly like described here for GCM AEAD ciphers:

Am I doing something wrong?

Second question:

The comments around AES_decrypt() and AES_encrypt() in
crypto/aes/aes_core.c state: "in and out can overlap".
Does this only apply to the pure C version of AES, or to any or all
assembly implementations as well?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list