From 906d5a0879934186cbc20d4367212abe68b4bcad Mon Sep 17 00:00:00 2001
From: Hannes Mehnert <hannes@mehnert.org>
Date: Tue, 19 Mar 2024 12:11:16 +0100
Subject: [PATCH] ccm: do not clobber tag (as remarked by @reynir)

---
 src/ccm.ml          | 5 ++---
 src/cipher_block.ml | 1 -
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/ccm.ml b/src/ccm.ml
index 15d5975b..f74edc3b 100644
--- a/src/ccm.ml
+++ b/src/ccm.ml
@@ -165,8 +165,7 @@ let generation_encryption ~cipher ~key ~nonce ~maclen ~adata data =
 let decryption_verification ~cipher ~key ~nonce ~maclen ~adata ~tag data =
   valid_nonce nonce;
   let cdata, t = crypto_core ~cipher ~mode:Decrypt ~key ~nonce ~maclen ~adata data in
-  crypto_t tag nonce cipher key ;
-  (* needs a eqaf release *)
-  match Eqaf.equal (Bytes.unsafe_to_string tag) (Bytes.unsafe_to_string t) with
+  crypto_t t nonce cipher key ;
+  match Eqaf.equal tag (Bytes.unsafe_to_string t) with
   | true  -> Some (Bytes.unsafe_to_string cdata)
   | false -> None
diff --git a/src/cipher_block.ml b/src/cipher_block.ml
index 73490874..474b42df 100644
--- a/src/cipher_block.ml
+++ b/src/cipher_block.ml
@@ -349,7 +349,6 @@ module Modes = struct
       cdata ^ ctag
 
     let authenticate_decrypt_tag ~key ~nonce ?(adata = "") ~tag cs =
-      let tag = Bytes.of_string tag in
       Ccm.decryption_verification ~cipher ~key ~nonce ~maclen:tag_size ~adata ~tag cs
 
     let authenticate_decrypt ~key ~nonce ?adata data =