Don't require tag before ciphertext in AESGCM mode

author: Dr. Stephen Henson <steve@openssl.org> 2012-10-16 22:47:00 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2012-10-16 22:47:00 +0000
commit: add13802cf06e7b18ddb5889d755a8380b6fdce4 (patch)
tree: 73b3153e29f52fa5bfeb6e11f591d523ea42a50c
parent: b6c1d4b7f0e1ef546c28e1f8138957618a08c4e7 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index d1357f7e38..4066a00523 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -956,8 +956,6 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
 	if (!gctx->iv_set)
 		return -1;
-	if (!ctx->encrypt && gctx->taglen < 0)
-		return -1;
 	if (in)
 		{
 		if (out == NULL)
@@ -999,6 +997,8 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 		{
 		if (!ctx->encrypt)
 			{
+			if (gctx->taglen < 0)
+				return -1;
 			if (CRYPTO_gcm128_finish(&gctx->gcm,
 					ctx->buf, gctx->taglen) != 0)
 				return -1;
author	Dr. Stephen Henson <steve@openssl.org>	2012-10-16 22:47:00 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2012-10-16 22:47:00 +0000
commit	add13802cf06e7b18ddb5889d755a8380b6fdce4 (patch)
tree	73b3153e29f52fa5bfeb6e11f591d523ea42a50c
parent	b6c1d4b7f0e1ef546c28e1f8138957618a08c4e7 (diff)