Allow specifying the tag after AAD in CCM mode

Peter Magnusson blaufish.public.email at gmail.com
Tue Feb 19 16:32:35 UTC 2019


I've commented on the PR, mostly about not understanding the commit
message RFC-references and indentation error.

Overall the PR looks good to me, but I'd like someone who is more
familiar with implementation have a look at it.

Best Regards
Eine Kleine Blau Fisch

On Tue, Feb 19, 2019 at 2:10 PM Tobias Nießen <tniessen at tnie.de> wrote:
>
> Hello everyone,
>
> in GCM and OCB mode, it is possible to set the authentication tag after
> supplying AAD, but the CCM implementation does not allow that. This
> isn't a problem for most applications, but in Node.js, we expose similar
> APIs to interact with AEAD ciphers and these differences between cipher
> modes within OpenSSL propagate to our users. Unless there is a reason
> for the current behavior, I would prefer to change it.
>
> I opened a PR about this five months ago
> (https://github.com/openssl/openssl/pull/7243). It has received zero
> attention and I am hoping the mailing list is a good way to change that.
>
> Kind regards,
> Tobias
>


More information about the openssl-users mailing list