Don't require tag before ciphertext in AESGCM mode

author Dr. Stephen Henson <steve@openssl.org>

Tue, 16 Oct 2012 22:47:00 +0000 (22:47 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Tue, 16 Oct 2012 22:47:00 +0000 (22:47 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Tue, 16 Oct 2012 22:47:00 +0000 (22:47 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Tue, 16 Oct 2012 22:47:00 +0000 (22:47 +0000)
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c

index d1357f7e38d1a1f69fc4a5e0b773282bad94024a..4066a005239977ba4f0dfe4012f4b24e0b7cb173 100644 (file)
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -956,8 +956,6 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  
         if (!gctx->iv_set)
                 return -1;
-       if (!ctx->encrypt && gctx->taglen < 0)
-               return -1;
         if (in)
                 {
                 if (out == NULL)
@@ -999,6 +997,8 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                 {
                 if (!ctx->encrypt)
                         {
+                       if (gctx->taglen < 0)
+                               return -1;
                         if (CRYPTO_gcm128_finish(&gctx->gcm,
                                         ctx->buf, gctx->taglen) != 0)
                                 return -1;
author	Dr. Stephen Henson <steve@openssl.org>
	Tue, 16 Oct 2012 22:47:00 +0000 (22:47 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Tue, 16 Oct 2012 22:47:00 +0000 (22:47 +0000)