From 1a868f39cb79273ca24bba8235f31ac4cf962d25 Mon Sep 17 00:00:00 2001
From: Christian Heimes <cheimes@redhat.com>
Date: Wed, 5 Jun 2019 14:58:18 +0200
Subject: Only EVP_CTRL_AEAD_SET_TAG in _aead_setup for CCM mode (#4916)

---
 src/cryptography/hazmat/backends/openssl/aead.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/cryptography/hazmat/backends/openssl/aead.py')

diff --git a/src/cryptography/hazmat/backends/openssl/aead.py b/src/cryptography/hazmat/backends/openssl/aead.py
index 1335b4f9..0cad15cc 100644
--- a/src/cryptography/hazmat/backends/openssl/aead.py
+++ b/src/cryptography/hazmat/backends/openssl/aead.py
@@ -49,10 +49,11 @@ def _aead_setup(backend, cipher_name, key, nonce, tag, tag_len, operation):
             ctx, backend._lib.EVP_CTRL_AEAD_SET_TAG, len(tag), tag
         )
         backend.openssl_assert(res != 0)
-    else:
+    elif cipher_name.endswith(b"-ccm"):
         res = backend._lib.EVP_CIPHER_CTX_ctrl(
             ctx, backend._lib.EVP_CTRL_AEAD_SET_TAG, tag_len, backend._ffi.NULL
         )
+        backend.openssl_assert(res != 0)
 
     nonce_ptr = backend._ffi.from_buffer(nonce)
     key_ptr = backend._ffi.from_buffer(key)
-- 
cgit v1.2.3