diff options
author | Tomas Mraz <tomas@openssl.org> | 2021-04-09 12:01:16 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2021-04-12 09:49:09 +0200 |
commit | 4ec4b063e0d4cc3d58c709e309b1ec5a9aea3379 (patch) | |
tree | 80aa9d500d29c32e783600a54c5b8273dfd68ffb /providers/implementations/ciphers | |
parent | 3f883c7c835ff577a6df37e238956c5b9016dc93 (diff) |
Always reset IV for CBC, OFB, and CFB mode on cipher context reinit
This is necessary to keep compatibility with 1.1.1 implementation
of the CBC, OFB, and CFB mode ciphers.
Fixes #14704
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14811)
Diffstat (limited to 'providers/implementations/ciphers')
-rw-r--r-- | providers/implementations/ciphers/ciphercommon.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c index 53ecbc9012..2019699cc2 100644 --- a/providers/implementations/ciphers/ciphercommon.c +++ b/providers/implementations/ciphers/ciphercommon.c @@ -191,6 +191,13 @@ static int cipher_generic_init_internal(PROV_CIPHER_CTX *ctx, if (!ossl_cipher_generic_initiv(ctx, iv, ivlen)) return 0; } + if (iv == NULL && ctx->iv_set + && (ctx->mode == EVP_CIPH_CBC_MODE + || ctx->mode == EVP_CIPH_CFB_MODE + || ctx->mode == EVP_CIPH_OFB_MODE)) + /* reset IV for these modes to keep compatibility with 1.1.1 */ + memcpy(ctx->iv, ctx->oiv, ctx->ivlen); + if (key != NULL) { if (ctx->variable_keylength == 0) { if (keylen != ctx->keylen) { |