diff options
author | Jakob Unterwurzacher | 2016-05-04 21:04:27 +0200 |
---|---|---|
committer | Jakob Unterwurzacher | 2016-05-05 00:08:25 +0200 |
commit | 508a949d9d07c8efb8ed838c2f7747341a917099 (patch) | |
tree | faabdde24e480b4f84e21634fb3e5be141996156 /internal | |
parent | d0945b73d2ccca4a4684958411795970bfe9c07d (diff) |
stupidgcm: reorder calls to support openssl <= 1.0.1c
This fixes the test failures on Travis CI.
Quoting from https://github.com/openssl/openssl/commit/07a4ff79d23e45f1a45da717b7c1f41a5e1c7c0c
/* Set expected tag value. A restriction in OpenSSL 1.0.1c and earlier
* required the tag before any AAD or ciphertext */
Diffstat (limited to 'internal')
-rw-r--r-- | internal/stupidgcm/stupidgcm.go | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/internal/stupidgcm/stupidgcm.go b/internal/stupidgcm/stupidgcm.go index fc53132..8bc956b 100644 --- a/internal/stupidgcm/stupidgcm.go +++ b/internal/stupidgcm/stupidgcm.go @@ -160,6 +160,11 @@ func (g stupidGCM) Open(dst, iv, in, authData []byte) ([]byte, error) { opensslPanic("EVP_DecryptInit_ex II failed") } + // Set expected GMAC tag + if C.EVP_CIPHER_CTX_ctrl(ctx, C.EVP_CTRL_GCM_SET_TAG, tagLen, (unsafe.Pointer)(&tag[0])) != 1 { + opensslPanic("EVP_CIPHER_CTX_ctrl failed") + } + // Provide authentication data var resultLen C.int if C.EVP_DecryptUpdate(ctx, nil, &resultLen, (*C.uchar)(&authData[0]), C.int(len(authData))) != 1 { @@ -177,11 +182,6 @@ func (g stupidGCM) Open(dst, iv, in, authData []byte) ([]byte, error) { log.Panicf("Unexpected length %d", resultLen) } - // Set expected GMAC tag - if C.EVP_CIPHER_CTX_ctrl(ctx, C.EVP_CTRL_GCM_SET_TAG, tagLen, (unsafe.Pointer)(&tag[0])) != 1 { - opensslPanic("EVP_CIPHER_CTX_ctrl failed") - } - // Check GMAC dummy := make([]byte, 16) res := C.EVP_DecryptFinal_ex(ctx, (*C.uchar)(&dummy[0]), &resultLen) |