Relax CCM tag check.

In CCM mode don't require a tag before initialising decrypt: this allows
the tag length to be set without requiring the tag.

Reviewed-by: Rich Salz <rsalz@openssl.org>

diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index 895e8ee4a738c23b50eba9a14494719adb808364..f8365a2d973691221ae181a530424d3a22492d7e 100644 (file)
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -1866,7 +1866,7 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
     case EVP_CTRL_AEAD_SET_TAG:
         if ((arg & 1) || arg < 4 || arg > 16)
             return 0;
-        if ((c->encrypt && ptr) || (!c->encrypt && !ptr))
+        if (c->encrypt && ptr)
             return 0;
         if (ptr) {
             cctx->tag_set = 1;