aboutsummaryrefslogtreecommitdiff
path: root/internal/stupidgcm
diff options
context:
space:
mode:
authorJakob Unterwurzacher2016-05-04 21:04:27 +0200
committerJakob Unterwurzacher2016-05-05 00:08:25 +0200
commit508a949d9d07c8efb8ed838c2f7747341a917099 (patch)
treefaabdde24e480b4f84e21634fb3e5be141996156 /internal/stupidgcm
parentd0945b73d2ccca4a4684958411795970bfe9c07d (diff)
stupidgcm: reorder calls to support openssl <= 1.0.1c
This fixes the test failures on Travis CI. Quoting from https://github.com/openssl/openssl/commit/07a4ff79d23e45f1a45da717b7c1f41a5e1c7c0c /* Set expected tag value. A restriction in OpenSSL 1.0.1c and earlier * required the tag before any AAD or ciphertext */
Diffstat (limited to 'internal/stupidgcm')
-rw-r--r--internal/stupidgcm/stupidgcm.go10
1 files changed, 5 insertions, 5 deletions
diff --git a/internal/stupidgcm/stupidgcm.go b/internal/stupidgcm/stupidgcm.go
index fc53132..8bc956b 100644
--- a/internal/stupidgcm/stupidgcm.go
+++ b/internal/stupidgcm/stupidgcm.go
@@ -160,6 +160,11 @@ func (g stupidGCM) Open(dst, iv, in, authData []byte) ([]byte, error) {
opensslPanic("EVP_DecryptInit_ex II failed")
}
+ // Set expected GMAC tag
+ if C.EVP_CIPHER_CTX_ctrl(ctx, C.EVP_CTRL_GCM_SET_TAG, tagLen, (unsafe.Pointer)(&tag[0])) != 1 {
+ opensslPanic("EVP_CIPHER_CTX_ctrl failed")
+ }
+
// Provide authentication data
var resultLen C.int
if C.EVP_DecryptUpdate(ctx, nil, &resultLen, (*C.uchar)(&authData[0]), C.int(len(authData))) != 1 {
@@ -177,11 +182,6 @@ func (g stupidGCM) Open(dst, iv, in, authData []byte) ([]byte, error) {
log.Panicf("Unexpected length %d", resultLen)
}
- // Set expected GMAC tag
- if C.EVP_CIPHER_CTX_ctrl(ctx, C.EVP_CTRL_GCM_SET_TAG, tagLen, (unsafe.Pointer)(&tag[0])) != 1 {
- opensslPanic("EVP_CIPHER_CTX_ctrl failed")
- }
-
// Check GMAC
dummy := make([]byte, 16)
res := C.EVP_DecryptFinal_ex(ctx, (*C.uchar)(&dummy[0]), &resultLen)