Treat OPEN same way as DECRYPT in case of a CipherUpdate/Final error

Without this change Decrypt returned INVALID_PARAM, while Open
returned INTERNAL in the same case (e.g. wrong key).

Change-Id: I8aaf77b4a550303a68834dd0ace9fa5a52130868

diff --git a/src/encrypt.c b/src/encrypt.c
index dfc2fcb32fec6c3372d44154ed020a5e3afbc743..510e6f8885685e6131dfc63297121ed5de4bbdba 100644 (file)
--- a/src/encrypt.c
+++ b/src/encrypt.c
@@ -1064,7 +1064,7 @@ int encrypt_update(yaca_context_h ctx,
 
        ret = EVP_CipherUpdate(c->cipher_ctx, output, &loutput_len, input, input_len);
        if (ret != 1 || loutput_len < 0) {
-               if (mode == EVP_CIPH_CCM_MODE && op_type == OP_DECRYPT) {
+               if (mode == EVP_CIPH_CCM_MODE && (op_type == OP_DECRYPT || op_type == OP_OPEN)) {
                        /* A non positive return value from EVP_CipherUpdate should be considered as
                         * a failure to authenticate ciphertext and/or AAD.
                         * It does not necessarily indicate a more serious error.
@@ -1108,7 +1108,7 @@ int encrypt_finalize(yaca_context_h ctx,
        if (mode != EVP_CIPH_WRAP_MODE && mode != EVP_CIPH_CCM_MODE) {
                ret = EVP_CipherFinal(c->cipher_ctx, output, &loutput_len);
                if (ret != 1 || loutput_len < 0) {
-                       if (mode == EVP_CIPH_GCM_MODE && op_type == OP_DECRYPT)
+                       if (mode == EVP_CIPH_GCM_MODE && (op_type == OP_DECRYPT || op_type == OP_OPEN))
                        /* A non positive return value from EVP_CipherFinal should be considered as
                         * a failure to authenticate ciphertext and/or AAD.
                         * It does not necessarily indicate a more serious error.