stupidgcm: reorder calls to support openssl <= 1.0.1c

This fixes the test failures on Travis CI.

Quoting from https://github.com/openssl/openssl/commit/07a4ff79d23e45f1a45da717b7c1f41a5e1c7c0c

	/* Set expected tag value. A restriction in OpenSSL 1.0.1c and earlier
	 * required the tag before any AAD or ciphertext */

1 files changed, 5 insertions, 5 deletions

diff --git a/internal/stupidgcm/stupidgcm.go b/internal/stupidgcm/stupidgcm.go
index fc53132..8bc956b 100644
--- a/internal/stupidgcm/stupidgcm.go
+++ b/internal/stupidgcm/stupidgcm.go
@@ -160,6 +160,11 @@ func (g stupidGCM) Open(dst, iv, in, authData []byte) ([]byte, error) {
 		opensslPanic("EVP_DecryptInit_ex II failed")
 	}
 
+	// Set expected GMAC tag
+	if C.EVP_CIPHER_CTX_ctrl(ctx, C.EVP_CTRL_GCM_SET_TAG, tagLen, (unsafe.Pointer)(&tag[0])) != 1 {
+		opensslPanic("EVP_CIPHER_CTX_ctrl failed")
+	}
+
 	// Provide authentication data
 	var resultLen C.int
 	if C.EVP_DecryptUpdate(ctx, nil, &resultLen, (*C.uchar)(&authData[0]), C.int(len(authData))) != 1 {
@@ -177,11 +182,6 @@ func (g stupidGCM) Open(dst, iv, in, authData []byte) ([]byte, error) {
 		log.Panicf("Unexpected length %d", resultLen)
 	}
 
-	// Set expected GMAC tag
-	if C.EVP_CIPHER_CTX_ctrl(ctx, C.EVP_CTRL_GCM_SET_TAG, tagLen, (unsafe.Pointer)(&tag[0])) != 1 {
-		opensslPanic("EVP_CIPHER_CTX_ctrl failed")
-	}
-
 	// Check GMAC
 	dummy := make([]byte, 16)
 	res := C.EVP_DecryptFinal_ex(ctx, (*C.uchar)(&dummy[0]), &resultLen)