From 3fcbcbf42a8ac52b9a09725f93483abc27f577ed Mon Sep 17 00:00:00 2001
From: Stanislav Klima <sklima@ra.rockwell.com>
Date: Mon, 9 Mar 2020 17:45:15 +0100
Subject: [PATCH] Revert "Logically dead code."

This reverts commit 2db62f744ab72df4e00c89093c034616b53b4184.
---
 src/ssl.c | 29 +++++++++++++++++++++++++++--
 1 file changed, 27 insertions(+), 2 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 95191dac1..b418f7f80 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -17124,14 +17124,39 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
             case AES_256_GCM_TYPE :
                 WOLFSSL_MSG("AES GCM");
                 if (ctx->enc) {
-                    ret = wc_AesGcmEncrypt(&ctx->cipher.aes, dst, src, len,
+                    if (dst){
+                        /* encrypt confidential data*/
+                        ret = wc_AesGcmEncrypt(&ctx->cipher.aes, dst, src, len,
                                   ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz,
                                   NULL, 0);
+                    }
+                    else {
+                        /* authenticated, non-confidential data */
+                        ret = wc_AesGcmEncrypt(&ctx->cipher.aes, NULL, NULL, 0,
+                                  ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz,
+                                  src, len);
+                        /* Reset partial authTag error for AAD*/
+                        if (ret == AES_GCM_AUTH_E)
+                            ret = 0;
+                    }
                 }
                 else {
-                    ret = wc_AesGcmDecrypt(&ctx->cipher.aes, dst, src, len,
+                    if (dst){
+                        /* decrypt confidential data*/
+                        ret = wc_AesGcmDecrypt(&ctx->cipher.aes, dst, src, len,
                                   ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz,
                                   NULL, 0);
+                    }
+                    else {
+                        /* authenticated, non-confidential data*/
+                        ret = wc_AesGcmDecrypt(&ctx->cipher.aes, NULL, NULL, 0,
+                                  ctx->iv, ctx->ivSz,
+                                  ctx->authTag, ctx->authTagSz,
+                                  src, len);
+                        /* Reset partial authTag error for AAD*/
+                        if (ret == AES_GCM_AUTH_E)
+                            ret = 0;
+                    }
                 }
                 break;
 #endif /* HAVE_AESGCM */