summaryrefslogtreecommitdiff
path: root/cryptfs/openssl_aead.go
diff options
context:
space:
mode:
Diffstat (limited to 'cryptfs/openssl_aead.go')
-rw-r--r--cryptfs/openssl_aead.go12
1 files changed, 4 insertions, 8 deletions
diff --git a/cryptfs/openssl_aead.go b/cryptfs/openssl_aead.go
index 9baa6d5..1ec7c48 100644
--- a/cryptfs/openssl_aead.go
+++ b/cryptfs/openssl_aead.go
@@ -63,10 +63,6 @@ func (be opensslGCM) Seal(dst, nonce, plaintext, data []byte) []byte {
// The ciphertext and dst may alias exactly or not at all.
func (be opensslGCM) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) {
- if len(data) > 0 {
- panic("Extra data is not supported")
- }
-
l := len(ciphertext)
tag := ciphertext[l-AUTH_TAG_LEN : l]
ciphertext = ciphertext[0 : l-AUTH_TAG_LEN]
@@ -76,6 +72,10 @@ func (be opensslGCM) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) {
if err != nil {
return nil, err
}
+ err = dctx.ExtraData(data)
+ if err != nil {
+ return nil, err
+ }
part, err := dctx.DecryptUpdate(ciphertext)
if err != nil {
return nil, err
@@ -90,10 +90,6 @@ func (be opensslGCM) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) {
return nil, err
}
plainBuf.Write(part)
- err = dctx.ExtraData(data)
- if err != nil {
- return nil, err
- }
return plainBuf.Bytes(), nil
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-06 23:06:51 +0000