Remove lower limit on GCM mode ciphers

Fixes #16057

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16064)

providers/implementations/ciphers/cipher_aes_gcm.c

@@ -20,9 +20,6 @@
 #include "prov/implementations.h"
 #include "prov/providercommon.h"
 
-#define AES_GCM_IV_MIN_SIZE     (64 / 8) /* size in bytes */
-/* Note: GCM_IV_MAX_SIZE is listed in ciphercommon_gcm.h */
-
 static void *aes_gcm_newctx(void *provctx, size_t keybits)
 {
     PROV_AES_GCM_CTX *ctx;
@@ -33,7 +30,7 @@ static void *aes_gcm_newctx(void *provctx, size_t keybits)
     ctx = OPENSSL_zalloc(sizeof(*ctx));
     if (ctx != NULL)
         ossl_gcm_initctx(provctx, &ctx->base, keybits,
-                         ossl_prov_aes_hw_gcm(keybits), AES_GCM_IV_MIN_SIZE);
+                         ossl_prov_aes_hw_gcm(keybits));
     return ctx;
 }
 

providers/implementations/ciphers/cipher_aria_gcm.c

@@ -13,8 +13,6 @@
 #include "prov/implementations.h"
 #include "prov/providercommon.h"
 
-#define ARIA_GCM_IV_MIN_SIZE     (32 / 8) /* size in bytes */
-
 static void *aria_gcm_newctx(void *provctx, size_t keybits)
 {
     PROV_ARIA_GCM_CTX *ctx;
@@ -25,7 +23,7 @@ static void *aria_gcm_newctx(void *provctx, size_t keybits)
     ctx = OPENSSL_zalloc(sizeof(*ctx));
     if (ctx != NULL)
         ossl_gcm_initctx(provctx, &ctx->base, keybits,
-                         ossl_prov_aria_hw_gcm(keybits), ARIA_GCM_IV_MIN_SIZE);
+                         ossl_prov_aria_hw_gcm(keybits));
     return ctx;
 }
 

providers/implementations/ciphers/ciphercommon_gcm.c

@@ -26,13 +26,12 @@ static int gcm_cipher_internal(PROV_GCM_CTX *ctx, unsigned char *out,
                                size_t len);
 
 void ossl_gcm_initctx(void *provctx, PROV_GCM_CTX *ctx, size_t keybits,
-                      const PROV_GCM_HW *hw, size_t ivlen_min)
+                      const PROV_GCM_HW *hw)
 {
     ctx->pad = 1;
     ctx->mode = EVP_CIPH_GCM_MODE;
     ctx->taglen = UNINITIALISED_SIZET;
     ctx->tls_aad_len = UNINITIALISED_SIZET;
-    ctx->ivlen_min = ivlen_min;
     ctx->ivlen = (EVP_GCM_TLS_FIXED_IV_LEN + EVP_GCM_TLS_EXPLICIT_IV_LEN);
     ctx->keylen = keybits / 8;
     ctx->hw = hw;
@@ -51,7 +50,7 @@ static int gcm_init(void *vctx, const unsigned char *key, size_t keylen,
     ctx->enc = enc;
 
     if (iv != NULL) {
-        if (ivlen < ctx->ivlen_min || ivlen > sizeof(ctx->iv)) {
+        if (ivlen == 0 || ivlen > sizeof(ctx->iv)) {
             ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
             return 0;
         }

providers/implementations/include/prov/ciphercommon_gcm.h

@@ -48,7 +48,6 @@ typedef struct prov_gcm_ctx_st {
     unsigned int mode;          /* The mode that we are using */
     size_t keylen;
     size_t ivlen;
-    size_t ivlen_min;
     size_t taglen;
     size_t tls_aad_pad_sz;
     size_t tls_aad_len;         /* TLS AAD length */
@@ -110,7 +109,7 @@ OSSL_FUNC_cipher_cipher_fn ossl_gcm_cipher;
 OSSL_FUNC_cipher_update_fn ossl_gcm_stream_update;
 OSSL_FUNC_cipher_final_fn ossl_gcm_stream_final;
 void ossl_gcm_initctx(void *provctx, PROV_GCM_CTX *ctx, size_t keybits,
-                      const PROV_GCM_HW *hw, size_t ivlen_min);
+                      const PROV_GCM_HW *hw);
 
 int ossl_gcm_setiv(PROV_GCM_CTX *ctx, const unsigned char *iv, size_t ivlen);
 int ossl_gcm_aad_update(PROV_GCM_CTX *ctx, const unsigned char *aad,