aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2018-08-09 11:24:21 -0400
committerJack Lloyd <[email protected]>2018-08-09 11:24:21 -0400
commitfe242c20a01ae2e8a4589c353cdbc080ae629487 (patch)
treef988cd3a411f61ae1c570ab75c55bfebc4ab26d1
parent42f69c656f78bc44c9bf8bde479b9cca91454ca6 (diff)
Fix GCM bug: would accept AD without keyed if AD was empty
-rw-r--r--src/lib/modes/aead/gcm/ghash.cpp4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/modes/aead/gcm/ghash.cpp b/src/lib/modes/aead/gcm/ghash.cpp
index 763879ce4..1d1e68e1c 100644
--- a/src/lib/modes/aead/gcm/ghash.cpp
+++ b/src/lib/modes/aead/gcm/ghash.cpp
@@ -49,8 +49,6 @@ void GHASH::gcm_multiply(secure_vector<uint8_t>& x,
const uint8_t input[],
size_t blocks)
{
- verify_key_set(m_HM.size());
-
#if defined(BOTAN_HAS_GCM_CLMUL)
if(CPUID::has_clmul())
{
@@ -113,6 +111,8 @@ void GHASH::gcm_multiply(secure_vector<uint8_t>& x,
void GHASH::ghash_update(secure_vector<uint8_t>& ghash,
const uint8_t input[], size_t length)
{
+ verify_key_set(m_HM.size());
+
/*
This assumes if less than block size input then we're just on the
final block and should pad with zeros