hardcoresushi/libgocryptfs
1
0
Fork 0
Code Issues Pull Requests Releases Activity

stupidgcm: reorder calls to support openssl <= 1.0.1c

Browse Source 
This fixes the test failures on Travis CI.

Quoting from 07a4ff79d2

	/* Set expected tag value. A restriction in OpenSSL 1.0.1c and earlier
	 * required the tag before any AAD or ciphertext */
This commit is contained in:
Jakob Unterwurzacher 2016-05-04 21:04:27 +02:00
parent d0945b73d2
commit 508a949d9d
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
internal/stupidgcm/stupidgcm.go
View File

@ -160,6 +160,11 @@ func (g stupidGCM) Open(dst, iv, in, authData []byte) ([]byte, error) {
opensslPanic("EVP_DecryptInit_ex II failed")
}
// Set expected GMAC tag
if C.EVP_CIPHER_CTX_ctrl(ctx, C.EVP_CTRL_GCM_SET_TAG, tagLen, (unsafe.Pointer)(&tag[0])) != 1 {
opensslPanic("EVP_CIPHER_CTX_ctrl failed")
}
// Provide authentication data
var resultLen C.int
if C.EVP_DecryptUpdate(ctx, nil, &resultLen, (*C.uchar)(&authData[0]), C.int(len(authData))) != 1 {
@ -177,11 +182,6 @@ func (g stupidGCM) Open(dst, iv, in, authData []byte) ([]byte, error) {
log.Panicf("Unexpected length %d", resultLen)
}
// Set expected GMAC tag
if C.EVP_CIPHER_CTX_ctrl(ctx, C.EVP_CTRL_GCM_SET_TAG, tagLen, (unsafe.Pointer)(&tag[0])) != 1 {
opensslPanic("EVP_CIPHER_CTX_ctrl failed")
}
// Check GMAC
dummy := make([]byte, 16)
res := C.EVP_DecryptFinal_ex(ctx, (*C.uchar)(&dummy[0]), &resultLen)