Skip to content
Browse files

doc: relax requirements for setAAD in CCM mode

This was fixed in OpenSSL 1.1.1c (openssl/openssl@b48e3be). The
authentication tag can now be specified after setAAD was called,
matching the behavior of the other supported AEAD modes (GCM, OCB).

Refs: openssl/openssl#7243

PR-URL: #28624
Reviewed-By: Colin Ihrig <>
Reviewed-By: Luigi Pinca <>
Reviewed-By: Ruben Bridgewater <>
Reviewed-By: Rich Trott <>
  • Loading branch information...
tniessen authored and targos committed Jul 10, 2019
1 parent bf2d5a7 commit f7a13e5034f1269901ef9ddfe3fa1a8d27c2cae7
Showing with 1 addition and 1 deletion.
  1. +1 −1 doc/api/
@@ -2837,7 +2837,7 @@ mode must adhere to certain restrictions when using the cipher API:
bytes (`7 ≤ N ≤ 13`).
- The length of the plaintext is limited to `2 ** (8 * (15 - N))` bytes.
- When decrypting, the authentication tag must be set via `setAuthTag()` before
specifying additional authenticated data or calling `update()`.
calling `update()`.
Otherwise, decryption will fail and `final()` will throw an error in
compliance with section 2.6 of [RFC 3610][].
- Using stream methods such as `write(data)`, `end(data)` or `pipe()` in CCM

0 comments on commit f7a13e5

Please sign in to comment.
You can’t perform that action at this time.