Allow get_params to return length of AES-GCM IV parameters

author Leon Timmermans <fawaka@gmail.com>

Mon, 11 Aug 2025 20:08:39 +0000 (22:08 +0200)

committer Tomas Mraz <tomas@openssl.org>

Wed, 19 Nov 2025 13:19:20 +0000 (14:19 +0100)
author Leon Timmermans <fawaka@gmail.com>
Mon, 11 Aug 2025 20:08:39 +0000 (22:08 +0200)
committer Tomas Mraz <tomas@openssl.org>
Wed, 19 Nov 2025 13:19:20 +0000 (14:19 +0100)
diff --git a/providers/implementations/ciphers/ciphercommon_gcm.c b/providers/implementations/ciphers/ciphercommon_gcm.c

index ca13834b983f87a01b08236e7bf5b6000f7d7942..d1dc31bce413d3bdb6ee85774e72298d7b051048 100644 (file)
--- a/providers/implementations/ciphers/ciphercommon_gcm.c
+++ b/providers/implementations/ciphers/ciphercommon_gcm.c
@@ -187,7 +187,7 @@ int ossl_gcm_get_ctx_params(void *vctx, OSSL_PARAM params[])
      if (p.iv != NULL) {
          if (!on_preupdate_generate_iv(ctx))
              return 0;
-        if (ctx->ivlen > p.iv->data_size) {
+        if (p.iv->data != NULL && ctx->ivlen > p.iv->data_size) {
              ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
              return 0;
          }
@@ -199,7 +199,7 @@ int ossl_gcm_get_ctx_params(void *vctx, OSSL_PARAM params[])
      if (p.updiv != NULL) {
          if (!on_preupdate_generate_iv(ctx))
              return 0;
-        if (ctx->ivlen > p.updiv->data_size) {
+        if (p.updiv->data != NULL && ctx->ivlen > p.updiv->data_size) {
              ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
              return 0;
          }
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c

index 52d684ea678b960e2dd7468e120653b3c24a4545..468aa995847433aadc962a4988b6e588e5ea3785 100644 (file)
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -6396,8 +6396,8 @@ static int aes_gcm_encrypt(const unsigned char *gcm_key, size_t gcm_key_s,
      int outlen, tmplen;
      unsigned char outbuf[1024];
      unsigned char outtag[16];
-    OSSL_PARAM params[2] = {
-        OSSL_PARAM_END, OSSL_PARAM_END
+    OSSL_PARAM params[3] = {
+        OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END
      };
  
      if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
@@ -6424,6 +6424,15 @@ static int aes_gcm_encrypt(const unsigned char *gcm_key, size_t gcm_key_s,
              || !TEST_mem_eq(outtag, gcm_tag_s, gcm_tag, gcm_tag_s))
          goto err;
  
+    params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV,
+                                                  NULL, 0);
+    params[1] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_UPDATED_IV,
+                                                  NULL, 0);
+    params[2] = OSSL_PARAM_construct_end();
+    if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params))
+            || !TEST_size_t_eq(params[0].return_size, gcm_ivlen)
+            || !TEST_size_t_eq(params[1].return_size, gcm_ivlen))
+
      ret = 1;
  err:
      EVP_CIPHER_free(cipher);
author	Leon Timmermans <fawaka@gmail.com>
	Mon, 11 Aug 2025 20:08:39 +0000 (22:08 +0200)
committer	Tomas Mraz <tomas@openssl.org>
	Wed, 19 Nov 2025 13:19:20 +0000 (14:19 +0100)
providers/implementations/ciphers/ciphercommon_gcm.c		patch \| blob \| blame \| history
test/evp_extra_test.c		patch \| blob \| blame \| history