diff options
author | Benjamin Kaduk <bkaduk@akamai.com> | 2020-06-19 22:31:41 -0700 |
---|---|---|
committer | Benjamin Kaduk <bkaduk@akamai.com> | 2020-08-11 07:07:57 -0700 |
commit | ef58f9af93cdd75b9798cdb177319995dc7a7d50 (patch) | |
tree | 9c026c981b4563fc2c4778463db3e89bec2164b9 /providers/implementations/ciphers | |
parent | 440b852a0f79ac4a7e101606a7c32d212e06d203 (diff) |
Make GCM providers more generous about fetching IVs
The current check for iv_gen and iv_gen_rand only lets you fetch
the IV for the case when it was set internally. It might also make
sense to fetch the IV if one was set at cipher-context creation time,
so switch to checking the iv_state, which should be enough to ensure
that there is valid data in the context to be copied out.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)
Diffstat (limited to 'providers/implementations/ciphers')
-rw-r--r-- | providers/implementations/ciphers/ciphercommon_gcm.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/providers/implementations/ciphers/ciphercommon_gcm.c b/providers/implementations/ciphers/ciphercommon_gcm.c index 415483cf2b..06649b3dc3 100644 --- a/providers/implementations/ciphers/ciphercommon_gcm.c +++ b/providers/implementations/ciphers/ciphercommon_gcm.c @@ -154,7 +154,7 @@ int gcm_get_ctx_params(void *vctx, OSSL_PARAM params[]) p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV); if (p != NULL) { - if (ctx->iv_gen != 1 && ctx->iv_gen_rand != 1) + if (ctx->iv_state == IV_STATE_UNINITIALISED) return 0; if (ctx->ivlen > p->data_size) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); @@ -169,7 +169,7 @@ int gcm_get_ctx_params(void *vctx, OSSL_PARAM params[]) p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV_STATE); if (p != NULL) { - if (ctx->iv_gen != 1 && ctx->iv_gen_rand != 1) + if (ctx->iv_state == IV_STATE_UNINITIALISED) return 0; if (ctx->ivlen > p->data_size) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); |