AEAD: Raise an error on EVP_DecryptFinal_ex() without the tag being set

author Daniel Kubec <kubec@openssl.org>

Sat, 11 Oct 2025 10:45:42 +0000 (12:45 +0200)

committer Tomas Mraz <tomas@openssl.org>

Tue, 14 Oct 2025 15:58:14 +0000 (17:58 +0200)
author Daniel Kubec <kubec@openssl.org>
Sat, 11 Oct 2025 10:45:42 +0000 (12:45 +0200)
committer Tomas Mraz <tomas@openssl.org>
Tue, 14 Oct 2025 15:58:14 +0000 (17:58 +0200)
diff --git a/providers/implementations/ciphers/cipher_chacha20_poly1305.c.in b/providers/implementations/ciphers/cipher_chacha20_poly1305.c.in

index bfb54d7f84183c609454711283e0d02973c297b9..4ef3ed5e060b7f743256cde47610ef8c94ce532e 100644 (file)
--- a/providers/implementations/ciphers/cipher_chacha20_poly1305.c.in
+++ b/providers/implementations/ciphers/cipher_chacha20_poly1305.c.in
@@ -338,8 +338,10 @@ static int chacha20_poly1305_final(void *vctx, unsigned char *out, size_t *outl,
          return 0;
  
      /* The tag must be set before actually decrypting data */
-    if (!ctx->base.enc && ctx->tag_len == 0)
+    if (!ctx->base.enc && ctx->tag_len == 0) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_TAG_NOT_SET);
          return 0;
+    }
  
      if (hw->aead_cipher((PROV_CIPHER_CTX *)ctx, out, outl, NULL, 0) <= 0)
          return 0;
diff --git a/providers/implementations/ciphers/ciphercommon_ccm.c.in b/providers/implementations/ciphers/ciphercommon_ccm.c.in

index 56bfb6d3dc2fbeaa5aaa69dfd049e349cd812e12..922312773c503a45260336b3ea6ca98e4530c2e3 100644 (file)
--- a/providers/implementations/ciphers/ciphercommon_ccm.c.in
+++ b/providers/implementations/ciphers/ciphercommon_ccm.c.in
@@ -442,8 +442,10 @@ static int ccm_cipher_internal(PROV_CCM_CTX *ctx, unsigned char *out,
              ctx->tag_set = 1;
          } else {
              /* The tag must be set before actually decrypting data */
-            if (!ctx->tag_set)
+            if (!ctx->tag_set) {
+                ERR_raise(ERR_LIB_PROV, PROV_R_TAG_NOT_SET);
                  goto err;
+            }
  
              if (!hw->auth_decrypt(ctx, in, out, len, ctx->buf, ctx->m))
                  goto err;
diff --git a/providers/implementations/ciphers/ciphercommon_gcm.c.in b/providers/implementations/ciphers/ciphercommon_gcm.c.in

index 4964f15e67d6d190e173c8c6471d8489636abafd..08417687ebab271996048ea72ccbbb412427d167 100644 (file)
--- a/providers/implementations/ciphers/ciphercommon_gcm.c.in
+++ b/providers/implementations/ciphers/ciphercommon_gcm.c.in
@@ -465,8 +465,10 @@ static int gcm_cipher_internal(PROV_GCM_CTX *ctx, unsigned char *out,
          }
      } else {
          /* The tag must be set before actually decrypting data */
-        if (!ctx->enc && ctx->taglen == UNINITIALISED_SIZET)
+        if (!ctx->enc && ctx->taglen == UNINITIALISED_SIZET) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_TAG_NOT_SET);
              goto err;
+        }
          if (!hw->cipherfinal(ctx, ctx->buf))
              goto err;
          ctx->iv_state = IV_STATE_FINISHED; /* Don't reuse the IV */
author	Daniel Kubec <kubec@openssl.org>
	Sat, 11 Oct 2025 10:45:42 +0000 (12:45 +0200)
committer	Tomas Mraz <tomas@openssl.org>
	Tue, 14 Oct 2025 15:58:14 +0000 (17:58 +0200)
providers/implementations/ciphers/cipher_chacha20_poly1305.c.in		patch \| blob \| blame \| history
providers/implementations/ciphers/ciphercommon_ccm.c.in		patch \| blob \| blame \| history
providers/implementations/ciphers/ciphercommon_gcm.c.in		patch \| blob \| blame \| history