Allow get_params to return length of the AES-GCM tag parameter

Previously, EVP_CIPHER_CTX_get_params would not report the length of the
tag parameter when called with a NULL data pointer. This change makes the
function behave as documented.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28232)

(cherry picked from commit fc563b4d48e2229f6d52a95ff32a527fa983ef68)

diff --git a/providers/implementations/ciphers/ciphercommon_gcm.c.in b/providers/implementations/ciphers/ciphercommon_gcm.c.in
index 781e692099078396effaff60650590c9f3cec488..bd7431a83e0be43e3bda6ef3cd100d6185f3953e 100644 (file)
--- a/providers/implementations/ciphers/ciphercommon_gcm.c.in
+++ b/providers/implementations/ciphers/ciphercommon_gcm.c.in
@@ -224,13 +224,15 @@ int ossl_gcm_get_ctx_params(void *vctx, OSSL_PARAM params[])
 
     if (p.tag != NULL) {
         sz = p.tag->data_size;
-        if (sz == 0
-            || sz > EVP_GCM_TLS_TAG_LEN
-            || !ctx->enc
-            || ctx->taglen == UNINITIALISED_SIZET) {
+        if (!ctx->enc || ctx->taglen == UNINITIALISED_SIZET) {
             ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG);
             return 0;
         }
+        if (p.tag->data != NULL && (sz > EVP_GCM_TLS_TAG_LEN || sz == 0)) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG);
+            return 0;
+        }
+
         if (!OSSL_PARAM_set_octet_string(p.tag, ctx->buf, sz)) {
             ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
             return 0;

diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index 2ae461d5ae7ef555a9db8e736b3ffb1124f889e4..43df19d048cc5e0543818e3271ef8c510a25bbe0 100644 (file)
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -6304,8 +6304,8 @@ static int aes_gcm_encrypt(const unsigned char *gcm_key, size_t gcm_key_s,
     int outlen, tmplen;
     unsigned char outbuf[1024];
     unsigned char outtag[16];
-    OSSL_PARAM params[3] = {
-        OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END
+    OSSL_PARAM params[4] = {
+        OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END
     };
 
     if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
@@ -6336,10 +6336,13 @@ static int aes_gcm_encrypt(const unsigned char *gcm_key, size_t gcm_key_s,
                                                   NULL, 0);
     params[1] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_UPDATED_IV,
                                                   NULL, 0);
-    params[2] = OSSL_PARAM_construct_end();
+    params[2] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
+                                                  NULL, 0);
+    params[3] = OSSL_PARAM_construct_end();
     if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params))
             || !TEST_size_t_eq(params[0].return_size, gcm_ivlen)
-            || !TEST_size_t_eq(params[1].return_size, gcm_ivlen))
+            || !TEST_size_t_eq(params[1].return_size, gcm_ivlen)
+            || !TEST_size_t_eq(params[2].return_size, sizeof(outtag)))
 
     ret = 1;
 err: