The current check for iv_gen and iv_gen_rand only lets you fetch
the IV for the case when it was set internally. It might also make
sense to fetch the IV if one was set at cipher-context creation time,
so switch to checking the iv_state, which should be enough to ensure
that there is valid data in the context to be copied out.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
if (p != NULL) {
- if (ctx->iv_gen != 1 && ctx->iv_gen_rand != 1)
+ if (ctx->iv_state == IV_STATE_UNINITIALISED)
return 0;
if (ctx->ivlen > p->data_size) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV_STATE);
if (p != NULL) {
- if (ctx->iv_gen != 1 && ctx->iv_gen_rand != 1)
+ if (ctx->iv_state == IV_STATE_UNINITIALISED)
return 0;
if (ctx->ivlen > p->data_size) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);