We should first initialize, then set up decryption and only then push blocks for decryption. https://bugs.linaro.org/show_bug.cgi?id=2571
Signed-off-by: Maxim Uvarov <maxim.uva...@linaro.org> --- v2: clear reworking btw, it was tested here: https://s3.amazonaws.com/archive.travis-ci.org/jobs/171998583/log.txt platform/linux-generic/odp_crypto.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index c7431e6..9e09d42 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -398,6 +398,8 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_params_t *params, EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_enc); + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag); + /* Authenticate header data (if any) without encrypting them */ if (aad_head < cipherdata) { EVP_DecryptUpdate(ctx, NULL, &plain_len, @@ -414,8 +416,6 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_params_t *params, auth_len - (aad_tail - aad_head)); } - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag); - if (EVP_DecryptFinal_ex(ctx, cipherdata + cipher_len, &plain_len) < 0) return ODP_CRYPTO_ALG_ERR_ICV_CHECK; -- 2.7.1.250.gff4ea60
