diff options
| author | Damien Miller <djm@mindrot.org> | 2013-01-12 22:41:26 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2013-01-12 22:41:26 +1100 |
| commit | c20eb8b8eac8b6cb1f86199e16dc7d13902a760b (patch) | |
| tree | 4e3f7788823b47467e44994918e5a44bda54e9ac /cipher.c | |
| parent | 1422c0887c8e92f7159f6f6ddd4974aab177c6de (diff) | |
| download | openssh-git-c20eb8b8eac8b6cb1f86199e16dc7d13902a760b.tar.gz | |
- djm@cvs.openbsd.org 2013/01/12 11:22:04
[cipher.c]
improve error message for integrity failure in AES-GCM modes; ok markus@
Diffstat (limited to 'cipher.c')
| -rw-r--r-- | cipher.c | 10 |
1 files changed, 7 insertions, 3 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.c,v 1.85 2013/01/08 18:49:04 markus Exp $ */ +/* $OpenBSD: cipher.c,v 1.86 2013/01/12 11:22:04 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -342,8 +342,12 @@ cipher_crypt(CipherContext *cc, u_char *dest, const u_char *src, fatal("%s: EVP_Cipher failed", __func__); if (authlen) { /* compute tag (on encrypt) or verify tag (on decrypt) */ - if (EVP_Cipher(&cc->evp, NULL, NULL, 0) < 0) - fatal("%s: EVP_Cipher(finish) failed", __func__); + if (EVP_Cipher(&cc->evp, NULL, NULL, 0) < 0) { + if (cc->encrypt) + fatal("%s: EVP_Cipher(final) failed", __func__); + else + fatal("Decryption integrity check failed"); + } if (cc->encrypt && !EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_GET_TAG, authlen, dest + aadlen + len)) |