Relax CCM tag check.

In CCM mode don't require a tag before initialising decrypt: this allows the tag length to be set without requiring the tag. Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-06-09 23:17:06 +01:00 · 2015-06-09 23:17:06 +01:00 · 9cca7be11d
commit 9cca7be11d
parent 36f038f104
1 changed files with 1 additions and 1 deletions
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@ -1866,7 +1866,7 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
    case EVP_CTRL_AEAD_SET_TAG:
        if ((arg & 1) || arg < 4 || arg > 16)
            return 0;
-        if ((c->encrypt && ptr) || (!c->encrypt && !ptr))
+        if (c->encrypt && ptr)
            return 0;
        if (ptr) {
            cctx->tag_set = 1;