Chiebot-Mirror
/
boringssl
mirror of https://gitee.com/mirrors/boringssl.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

Return the correct value in EVP_CIPHER_CTX_iv_length after EVP_CTRL_AEAD_SET_IVLEN

Browse Source 
Previously, EVP_CIPHER_CTX_iv_length always returned the cipher's fixed IV length. Now, after modification with EVP_CTRL_AEAD_SET_IVLEN, it returns the correct value.

Fixed: 626
Change-Id: Id98c929439850b3e83a80111f35aabebc6e5d47a
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/62907
Commit-Queue: Bob Beck <bbe@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
chromium-stable
Alex Gaynor 1 year ago committed by Boringssl LUCI CQ
parent f7629e189a
commit db1e9877fd
4 changed files with 16 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      crypto/cipher_extra/cipher_test.cc
  2. 10
      crypto/fipsmodule/cipher/cipher.c
  3. 4
      crypto/fipsmodule/cipher/e_aes.c
  4. 1
      include/openssl/cipher.h

1
crypto/cipher_extra/cipher_test.cc
Unescape View File

@ -211,6 +211,7 @@ static void TestCipherAPI(const EVP_CIPHER *cipher, Operation op, bool padding,
ASSERT_LE(iv.size(), size_t{INT_MAX}); ASSERT_LE(iv.size(), size_t{INT_MAX});
ASSERT_TRUE(EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_AEAD_SET_IVLEN, ASSERT_TRUE(EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_AEAD_SET_IVLEN,
static_cast<int>(iv.size()), 0)); static_cast<int>(iv.size()), 0));
ASSERT_EQ(EVP_CIPHER_CTX_iv_length(ctx.get()), iv.size());
} else { } else {
ASSERT_EQ(iv.size(), EVP_CIPHER_CTX_iv_length(ctx.get())); ASSERT_EQ(iv.size(), EVP_CIPHER_CTX_iv_length(ctx.get()));
} }

10
crypto/fipsmodule/cipher/cipher.c
Unescape View File

@ -586,6 +586,16 @@ unsigned EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx) {
} }
unsigned EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) { unsigned EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) {
if (EVP_CIPHER_mode(ctx->cipher) == EVP_CIPH_GCM_MODE) {
int length;
int res = EVP_CIPHER_CTX_ctrl((EVP_CIPHER_CTX *)ctx, EVP_CTRL_GET_IVLEN, 0,
&length);
// EVP_CIPHER_CTX_ctrl returning an error should be impossible under this
// circumstance. If it somehow did, fallback to the static cipher iv_len.
if (res == 1) {
return length;
}
}
return ctx->cipher->iv_len; return ctx->cipher->iv_len;
} }

4
crypto/fipsmodule/cipher/e_aes.c
Unescape View File

@ -454,6 +454,10 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) {
gctx->ivlen = arg; gctx->ivlen = arg;
return 1; return 1;
case EVP_CTRL_GET_IVLEN:
*(int *)ptr = gctx->ivlen;
return 1;
case EVP_CTRL_AEAD_SET_TAG: case EVP_CTRL_AEAD_SET_TAG:
if (arg <= 0 || arg > 16 || c->encrypt) { if (arg <= 0 || arg > 16 || c->encrypt) {
return 0; return 0;

1
include/openssl/cipher.h
Unescape View File

@ -542,6 +542,7 @@ OPENSSL_EXPORT void EVP_CIPHER_CTX_set_flags(const EVP_CIPHER_CTX *ctx,
#define EVP_CTRL_AEAD_SET_MAC_KEY 0x17 #define EVP_CTRL_AEAD_SET_MAC_KEY 0x17
// EVP_CTRL_GCM_SET_IV_INV sets the GCM invocation field, decrypt only // EVP_CTRL_GCM_SET_IV_INV sets the GCM invocation field, decrypt only
#define EVP_CTRL_GCM_SET_IV_INV 0x18 #define EVP_CTRL_GCM_SET_IV_INV 0x18
#define EVP_CTRL_GET_IVLEN 0x19
// The following constants are unused. // The following constants are unused.
#define EVP_GCM_TLS_FIXED_IV_LEN 4 #define EVP_GCM_TLS_FIXED_IV_LEN 4

Write Preview
Loading…
Cancel
Save