root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Make GCM providers more generous about fetching IVs 

The current check for iv_gen and iv_gen_rand only lets you fetch
the IV for the case when it was set internally.  It might also make
sense to fetch the IV if one was set at cipher-context creation time,
so switch to checking the iv_state, which should be enough to ensure
that there is valid data in the context to be copied out.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)
This commit is contained in:
Benjamin Kaduk 2020-06-19 22:31:41 -07:00
parent 440b852a0f
commit ef58f9af93
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
providers/implementations/ciphers/ciphercommon_gcm.c
View File

@ -154,7 +154,7 @@ int gcm_get_ctx_params(void *vctx, OSSL_PARAM params[])
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
if (p != NULL) {
if (ctx->iv_gen != 1 && ctx->iv_gen_rand != 1)
if (ctx->iv_state == IV_STATE_UNINITIALISED)
return 0;
if (ctx->ivlen > p->data_size) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
@ -169,7 +169,7 @@ int gcm_get_ctx_params(void *vctx, OSSL_PARAM params[])
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV_STATE);
if (p != NULL) {
if (ctx->iv_gen != 1 && ctx->iv_gen_rand != 1)
if (ctx->iv_state == IV_STATE_UNINITIALISED)
return 0;
if (ctx->ivlen > p->data_size) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);