Allow specifying the tag after AAD in CCM mode
Tobias Nießen
tniessen at tnie.de
Tue Feb 19 13:04:57 UTC 2019
Hello everyone,
in GCM and OCB mode, it is possible to set the authentication tag after
supplying AAD, but the CCM implementation does not allow that. This
isn't a problem for most applications, but in Node.js, we expose similar
APIs to interact with AEAD ciphers and these differences between cipher
modes within OpenSSL propagate to our users. Unless there is a reason
for the current behavior, I would prefer to change it.
I opened a PR about this five months ago
(https://github.com/openssl/openssl/pull/7243). It has received zero
attention and I am hoping the mailing list is a good way to change that.
Kind regards,
Tobias
More information about the openssl-users
mailing list