Hi Wolfgang, At first sight, It looks to me as if there was a change in OpenSSL leading to the problem. The error is triggered by OpenSSL’s EVP_CIPHER_CTX_ctrl(). The docu states [1]
EVP_CIPHER_CTX_ctrl(): This is a legacy method…. … in versions starting with 3.0. When time permits, i will check out the details, - how the new parameter setting mechanism effect the code (we have 4 occurrences of this call) - whether replacing it solves the issue, - how to make it work with different versions of OpenSSL (pre 3.0.0) The strange part is that the aead encrypt/decrypt sequence is in the regression test, where it continues to work. … So, maybe this is (also) related with the handling of binary strings in Tcl. -g PS: Is your code for Passkeys and WebAuthn with NaviServer already available on GithHub, as you mentioned in January? [1] https://docs.openssl.org/3.5/man3/EVP_EncryptInit/#description > On 05.05.2025, at 12:25, Wolfgang Winkler via naviserver-devel > <naviserver-devel@lists.sourceforge.net> wrote: > > Dear all, > > when I follow the example of: > > https://naviserver.sourceforge.io/n/naviserver/files/ns_crypto.html#1 > > % set d [ns_crypto::aead::encrypt string -cipher aes-128-gcm -iv 123456789 \ > -key secret -encoding binary \ > "hello world"] > % ns_crypto::aead::decrypt string -cipher aes-128-gcm -iv 123456789 \ > -key secret -tag [dict get $d tag] \ > -encoding binary [dict get $d bytes] > > I get the error: "could not set tag value" > > I've tried it with naviserver 4.99.23 and 5.0 with OpenSSL 3.4.1. > > We'd like to use it, because it is so much faster than any other way of > symmetric encryption for tcl or naviserver I'm aware of. > > Regards, > > Wolfgang Winkler > > -- > Wolfgang Winkler > Geschäftsführung > wolfgang.wink...@digital-concepts.com > <mailto:wolfgang.wink...@digital-concepts.com> > mobil +43.699.19971172 > > dc:büro > digital concepts Novak Winkler OG > Software & Design > Landstraße 68, 5. Stock, 4020 Linz > www.digital-concepts.com <http://www.digital-concepts.com/> > tel +43.732.997117.72 > tel +43.699.1997117.2 > > Firmenbuchnummer: 192003h > Firmenbuchgericht: Landesgericht Linz > > > > _______________________________________________ > naviserver-devel mailing list > naviserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/naviserver-devel
_______________________________________________ naviserver-devel mailing list naviserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/naviserver-devel
