Allow specifying the tag after AAD in CCM mode

Peter Magnusson at
Tue Feb 19 16:32:35 UTC 2019

I've commented on the PR, mostly about not understanding the commit
message RFC-references and indentation error.

Overall the PR looks good to me, but I'd like someone who is more
familiar with implementation have a look at it.

Best Regards
Eine Kleine Blau Fisch

On Tue, Feb 19, 2019 at 2:10 PM Tobias Nießen <tniessen at> wrote:
> Hello everyone,
> in GCM and OCB mode, it is possible to set the authentication tag after
> supplying AAD, but the CCM implementation does not allow that. This
> isn't a problem for most applications, but in Node.js, we expose similar
> APIs to interact with AEAD ciphers and these differences between cipher
> modes within OpenSSL propagate to our users. Unless there is a reason
> for the current behavior, I would prefer to change it.
> I opened a PR about this five months ago
> ( It has received zero
> attention and I am hoping the mailing list is a good way to change that.
> Kind regards,
> Tobias

More information about the openssl-users mailing list