diff options
author | Jack Lloyd <[email protected]> | 2018-08-09 11:24:21 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2018-08-09 11:24:21 -0400 |
commit | fe242c20a01ae2e8a4589c353cdbc080ae629487 (patch) | |
tree | f988cd3a411f61ae1c570ab75c55bfebc4ab26d1 | |
parent | 42f69c656f78bc44c9bf8bde479b9cca91454ca6 (diff) |
Fix GCM bug: would accept AD without keyed if AD was empty
-rw-r--r-- | src/lib/modes/aead/gcm/ghash.cpp | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/modes/aead/gcm/ghash.cpp b/src/lib/modes/aead/gcm/ghash.cpp index 763879ce4..1d1e68e1c 100644 --- a/src/lib/modes/aead/gcm/ghash.cpp +++ b/src/lib/modes/aead/gcm/ghash.cpp @@ -49,8 +49,6 @@ void GHASH::gcm_multiply(secure_vector<uint8_t>& x, const uint8_t input[], size_t blocks) { - verify_key_set(m_HM.size()); - #if defined(BOTAN_HAS_GCM_CLMUL) if(CPUID::has_clmul()) { @@ -113,6 +111,8 @@ void GHASH::gcm_multiply(secure_vector<uint8_t>& x, void GHASH::ghash_update(secure_vector<uint8_t>& ghash, const uint8_t input[], size_t length) { + verify_key_set(m_HM.size()); + /* This assumes if less than block size input then we're just on the final block and should pad with zeros |