From 9cca7be11d62298b2af0722f94345012c86eaed4 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 9 Jun 2015 23:17:06 +0100 Subject: [PATCH] Relax CCM tag check. In CCM mode don't require a tag before initialising decrypt: this allows the tag length to be set without requiring the tag. Reviewed-by: Rich Salz --- crypto/evp/e_aes.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 895e8ee4a7..f8365a2d97 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -1866,7 +1866,7 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) case EVP_CTRL_AEAD_SET_TAG: if ((arg & 1) || arg < 4 || arg > 16) return 0; - if ((c->encrypt && ptr) || (!c->encrypt && !ptr)) + if (c->encrypt && ptr) return 0; if (ptr) { cctx->tag_set = 1; -- 2.25.1