Skip to content
Commit b48e3be9 authored by Tobias Nießen's avatar Tobias Nießen Committed by Matt Caswell
Browse files

Allow specifying the tag after AAD in CCM mode



This change allows to pass the authentication tag after specifying
the AAD in CCM mode. This is already true for the other two supported
AEAD modes (GCM and OCB) and it seems appropriate to match the
behavior.

GCM and OCB also support to set the tag at any point before the call
to `EVP_*Final`, but this won't work for CCM due to a restriction
imposed by section 2.6 of RFC3610: The tag must be set before
actually decrypting data.

This commit also adds a test case for setting the tag after supplying
plaintext length and AAD.

Reviewed-by: default avatarPaul Dale <paul.dale@oracle.com>
Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7243)

(cherry picked from commit 67c81ec3)
parent 8f506274
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment