Allow specifying the tag after AAD in CCM mode (2)

In addition to 67c81ec3 which introduced this behavior in CCM mode docs but only implemented it for AES-CCM. Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10331)
author: Patrick Steuer <patrick.steuer@de.ibm.com> 2019-11-02 00:02:47 +0100
committer: Patrick Steuer <patrick.steuer@de.ibm.com> 2019-11-20 10:40:55 +0100
commit: f7382fbbd846dd3bdea6b8c03b6af22faf0ab94f (patch)
tree: 3cc3a08ffbd6576c6d3e5859805616a076c667dd /crypto/evp/e_aria.c
parent: 51356a066e936354c817097cf873f4974bbea291 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/crypto/evp/e_aria.c b/crypto/evp/e_aria.c
index a8c4fc32e2..9720fcb7e5 100644
--- a/crypto/evp/e_aria.c
+++ b/crypto/evp/e_aria.c
@@ -695,8 +695,6 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     if (!cctx->iv_set)
         return -1;
 
-    if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set)
-        return -1;
     if (!out) {
         if (!in) {
             if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
@@ -711,6 +709,11 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         CRYPTO_ccm128_aad(ccm, in, len);
         return len;
     }
+
+    /* The tag must be set before actually decrypting data */
+    if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set)
+        return -1;
+
     /* If not set length yet do it */
     if (!cctx->len_set) {
         if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
author	Patrick Steuer <patrick.steuer@de.ibm.com>	2019-11-02 00:02:47 +0100
committer	Patrick Steuer <patrick.steuer@de.ibm.com>	2019-11-20 10:40:55 +0100
commit	f7382fbbd846dd3bdea6b8c03b6af22faf0ab94f (patch)
tree	3cc3a08ffbd6576c6d3e5859805616a076c667dd /crypto/evp/e_aria.c
parent	51356a066e936354c817097cf873f4974bbea291 (diff)