From a3d286069f989dd16c6f91930a0df9fedfa2dd64 Mon Sep 17 00:00:00 2001
From: Jakob Unterwurzacher
Date: Tue, 6 Oct 2015 22:27:37 +0200
Subject: Use block number as authentication data

---
 cryptfs/openssl_aead.go | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

(limited to 'cryptfs/openssl_aead.go')

diff --git a/cryptfs/openssl_aead.go b/cryptfs/openssl_aead.go
index 9baa6d5..1ec7c48 100644
--- a/cryptfs/openssl_aead.go
+++ b/cryptfs/openssl_aead.go
@@ -63,10 +63,6 @@ func (be opensslGCM) Seal(dst, nonce, plaintext, data []byte) []byte {
 // The ciphertext and dst may alias exactly or not at all.
 func (be opensslGCM) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) {
 
-	if len(data) > 0 {
-		panic("Extra data is not supported")
-	}
-
 	l := len(ciphertext)
 	tag := ciphertext[l-AUTH_TAG_LEN : l]
 	ciphertext = ciphertext[0 : l-AUTH_TAG_LEN]
@@ -76,6 +72,10 @@ func (be opensslGCM) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) {
 	if err != nil {
 		return nil, err
 	}
+	err = dctx.ExtraData(data)
+	if err != nil {
+		return nil, err
+	}
 	part, err := dctx.DecryptUpdate(ciphertext)
 	if err != nil {
 		return nil, err
@@ -90,10 +90,6 @@ func (be opensslGCM) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) {
 		return nil, err
 	}
 	plainBuf.Write(part)
-	err = dctx.ExtraData(data)
-	if err != nil {
-		return nil, err
-	}
 
 	return plainBuf.Bytes(), nil
 }
-- 
cgit v1.2.3