openpgp: Delay creating the AEAD context until it is needed.

  - We don't always actually need it, so it is nice to defer creating
    it until we do.

1 files changed, 11 insertions, 9 deletions

diff --git a/openpgp/src/crypto/aead.rs b/openpgp/src/crypto/aead.rs
index e602c3a1..f9d5149a 100644
--- a/openpgp/src/crypto/aead.rs
+++ b/openpgp/src/crypto/aead.rs
@@ -346,15 +346,6 @@ impl<'a, S: Schedule> Decryptor<'a, S> {
         let final_digest_size = self.digest_size;
 
         for _ in 0..n_chunks {
-            let mut aead = self.schedule.next_chunk(self.chunk_index, |iv, ad| {
-                self.aead.context(self.sym_algo, &self.key, iv,
-                                  CipherOp::Decrypt)
-                    .map(|mut aead| {
-                        aead.update(ad);
-                        aead
-                    })
-            })?;
-
             // Do a little dance to avoid exclusively locking
             // `self.source`.
             let to_read = chunk_digest_size + final_digest_size;
@@ -394,6 +385,17 @@ impl<'a, S: Schedule> Decryptor<'a, S> {
                 // A chunk has to include at least one byte and a tag.
                 return Err(Error::ManipulatedMessage.into());
             } else {
+                let mut aead = self.schedule.next_chunk(
+                    self.chunk_index,
+                    |iv, ad| {
+                        self.aead.context(self.sym_algo, &self.key, iv,
+                                          CipherOp::Decrypt)
+                            .map(|mut aead| {
+                                aead.update(ad);
+                                aead
+                            })
+                    })?;
+
                 // Decrypt the chunk and check the tag.
                 let to_decrypt = chunk.len() - self.digest_size;