I created a pull request about a week ago (https://github.com/openssl/openssl/pull/172) but it seems things work better if I send an email also?
I believe EVP should make it hard to shoot yourself in the foot, so this change ensures that a user cannot accidentally decrypt data with an encryption context or vice-versa. For example, without the check, if an encryption context is used to decrypt EVP_aes_256_gcm encrypted data, the code will fail to validate the TAG. Alok
evp_check_ctx_encrypt.patch
Description: Binary data
