diff options
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | cipher.c | 10 |
2 files changed, 13 insertions, 3 deletions
@@ -1,3 +1,9 @@ | |||
1 | 20130112 | ||
2 | - (djm) OpenBSD CVS Sync | ||
3 | - djm@cvs.openbsd.org 2013/01/12 11:22:04 | ||
4 | [cipher.c] | ||
5 | improve error message for integrity failure in AES-GCM modes; ok markus@ | ||
6 | |||
1 | 20130109 | 7 | 20130109 |
2 | - (djm) OpenBSD CVS Sync | 8 | - (djm) OpenBSD CVS Sync |
3 | - dtucker@cvs.openbsd.org 2012/12/14 05:26:43 | 9 | - dtucker@cvs.openbsd.org 2012/12/14 05:26:43 |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: cipher.c,v 1.85 2013/01/08 18:49:04 markus Exp $ */ | 1 | /* $OpenBSD: cipher.c,v 1.86 2013/01/12 11:22:04 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -342,8 +342,12 @@ cipher_crypt(CipherContext *cc, u_char *dest, const u_char *src, | |||
342 | fatal("%s: EVP_Cipher failed", __func__); | 342 | fatal("%s: EVP_Cipher failed", __func__); |
343 | if (authlen) { | 343 | if (authlen) { |
344 | /* compute tag (on encrypt) or verify tag (on decrypt) */ | 344 | /* compute tag (on encrypt) or verify tag (on decrypt) */ |
345 | if (EVP_Cipher(&cc->evp, NULL, NULL, 0) < 0) | 345 | if (EVP_Cipher(&cc->evp, NULL, NULL, 0) < 0) { |
346 | fatal("%s: EVP_Cipher(finish) failed", __func__); | 346 | if (cc->encrypt) |
347 | fatal("%s: EVP_Cipher(final) failed", __func__); | ||
348 | else | ||
349 | fatal("Decryption integrity check failed"); | ||
350 | } | ||
347 | if (cc->encrypt && | 351 | if (cc->encrypt && |
348 | !EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_GET_TAG, | 352 | !EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_GET_TAG, |
349 | authlen, dest + aadlen + len)) | 353 | authlen, dest + aadlen + len)) |