Don't require tag before ciphertext in AESGCM mode
authorDr. Stephen Henson <steve@openssl.org>
Tue, 16 Oct 2012 22:46:08 +0000 (22:46 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 16 Oct 2012 22:46:08 +0000 (22:46 +0000)
crypto/evp/e_aes.c

index 46ffd99..783ef2f 100644 (file)
@@ -1343,8 +1343,6 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
        if (!gctx->iv_set)
                return -1;
-       if (!ctx->encrypt && gctx->taglen < 0)
-               return -1;
        if (in)
                {
                if (out == NULL)
@@ -1386,6 +1384,8 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                {
                if (!ctx->encrypt)
                        {
+                       if (gctx->taglen < 0)
+                               return -1;
                        if (CRYPTO_gcm128_finish(&gctx->gcm,
                                        ctx->buf, gctx->taglen) != 0)
                                return -1;