1berry/nodejs
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

doc: relax requirements for setAAD in CCM mode

Browse Source 
This was fixed in OpenSSL 1.1.1c (openssl/openssl@b48e3be947). The
authentication tag can now be specified after setAAD was called,
matching the behavior of the other supported AEAD modes (GCM, OCB).

Refs: https://github.com/openssl/openssl/pull/7243

PR-URL: https://github.com/nodejs/node/pull/28624
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Rich Trott <rtrott@gmail.com>
This commit is contained in:
Tobias Nießen 2019-07-10 16:35:06 +02:00 committed by Rich Trott
parent d38b075dd4
commit 9e340357df
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/api/crypto.md
View File

@ -2837,7 +2837,7 @@ mode must adhere to certain restrictions when using the cipher API:
bytes (`7 ≤ N ≤ 13`). bytes (`7 ≤ N ≤ 13`).
- The length of the plaintext is limited to `2 ** (8 * (15 - N))` bytes. - The length of the plaintext is limited to `2 ** (8 * (15 - N))` bytes.
- When decrypting, the authentication tag must be set via `setAuthTag()` before - When decrypting, the authentication tag must be set via `setAuthTag()` before
specifying additional authenticated data or calling `update()`. calling `update()`.
Otherwise, decryption will fail and `final()` will throw an error in Otherwise, decryption will fail and `final()` will throw an error in
compliance with section 2.6 of [RFC 3610][]. compliance with section 2.6 of [RFC 3610][].
- Using stream methods such as `write(data)`, `end(data)` or `pipe()` in CCM - Using stream methods such as `write(data)`, `end(data)` or `pipe()` in CCM