GCM tag in manual and examples

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

GCM tag in manual and examples

Lukasz Kostyra
Hello,

I've been trying recently to work with OpenSSL and use it to encrypt and
decrypt data with AES cipher in GCM mode. While reading the documentation, I
noticed an inconsistency between example code and manual.

My concern is the function used to set GCM tag when decrypting some data. In
current version of the manual[1] it is written that EVP_CIPHER_CTX_ctrl
function with EVP_CTRL_GCM_SET_TAG argument can be legally used only before
any data is processed by OpenSSL - "Sets the expected tag to taglen bytes
from tag. This call is only legal when decrypting data and must be made
before any data is processed (e.g. before any EVP_DecryptUpdate() call).

However, looking at an example code on wiki[2] it appears that user can set
a tag after calls to EVP_DecryptUpdate. The tag must be set only before
calling EVP_DecryptFinal, which according how to GCM mode works should be a
correct behavior. Running an example code confirms, that user doesn't have
to set the tag before any processing calls, only before EVP_DecryptFinal.

This inconsistency was checked in 1.0.2, but appearently it appears on 1.1.0
and on master documentation as well (with EVP_CTRL macro being different, as
it also involves OCB mode now). Is it just a case of missing correction in
documentation? Or maybe the documentation is correct, but there is a bug in
OpenSSL?

Best Regards,
Lukasz Kostyra

------------------

[1] - https://www.openssl.org/docs/man1.0.2/crypto/EVP_CIPHER_CTX_ctrl.html 
[2] -
https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decrypti
on#Authenticated_Decryption_using_GCM_mode


--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: GCM tag in manual and examples

Dr. Stephen Henson
On Tue, Aug 22, 2017, Lukasz Kostyra wrote:

> Hello,
>
> I've been trying recently to work with OpenSSL and use it to encrypt and
> decrypt data with AES cipher in GCM mode. While reading the documentation, I
> noticed an inconsistency between example code and manual.
>
> My concern is the function used to set GCM tag when decrypting some data. In
> current version of the manual[1] it is written that EVP_CIPHER_CTX_ctrl
> function with EVP_CTRL_GCM_SET_TAG argument can be legally used only before
> any data is processed by OpenSSL - "Sets the expected tag to taglen bytes
> from tag. This call is only legal when decrypting data and must be made
> before any data is processed (e.g. before any EVP_DecryptUpdate() call).
>
> However, looking at an example code on wiki[2] it appears that user can set
> a tag after calls to EVP_DecryptUpdate. The tag must be set only before
> calling EVP_DecryptFinal, which according how to GCM mode works should be a
> correct behavior. Running an example code confirms, that user doesn't have
> to set the tag before any processing calls, only before EVP_DecryptFinal.
>
> This inconsistency was checked in 1.0.2, but appearently it appears on 1.1.0
> and on master documentation as well (with EVP_CTRL macro being different, as
> it also involves OCB mode now). Is it just a case of missing correction in
> documentation? Or maybe the documentation is correct, but there is a bug in
> OpenSSL?
>

It's a bug in the documentation. The code used to require the tag first but
that was fixed but the documentation wasn't.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev