Allow get_params to return length of the AES-GCM tag parameter

author Leon Timmermans <fawaka@gmail.com>

Mon, 11 Aug 2025 20:25:59 +0000 (22:25 +0200)

committer Tomas Mraz <tomas@openssl.org>

Wed, 19 Nov 2025 13:19:20 +0000 (14:19 +0100)
author Leon Timmermans <fawaka@gmail.com>
Mon, 11 Aug 2025 20:25:59 +0000 (22:25 +0200)
committer Tomas Mraz <tomas@openssl.org>
Wed, 19 Nov 2025 13:19:20 +0000 (14:19 +0100)
diff --git a/providers/implementations/ciphers/ciphercommon_gcm.c b/providers/implementations/ciphers/ciphercommon_gcm.c

index d1dc31bce413d3bdb6ee85774e72298d7b051048..305b723c5c10b2a68f853f04f7db13addb22a266 100644 (file)
--- a/providers/implementations/ciphers/ciphercommon_gcm.c
+++ b/providers/implementations/ciphers/ciphercommon_gcm.c
@@ -216,13 +216,15 @@ int ossl_gcm_get_ctx_params(void *vctx, OSSL_PARAM params[])
  
      if (p.tag != NULL) {
          sz = p.tag->data_size;
-        if (sz == 0
-            || sz > EVP_GCM_TLS_TAG_LEN
-            || !ctx->enc
-            || ctx->taglen == UNINITIALISED_SIZET) {
+        if (!ctx->enc || ctx->taglen == UNINITIALISED_SIZET) {
              ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG);
              return 0;
          }
+        if (p.tag->data != NULL && (sz > EVP_GCM_TLS_TAG_LEN || sz == 0)) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG);
+            return 0;
+        }
+
          if (!OSSL_PARAM_set_octet_string(p.tag, ctx->buf, sz)) {
              ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
              return 0;
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c

index 468aa995847433aadc962a4988b6e588e5ea3785..581eb401899e3e5623db122871e01210c56f0caa 100644 (file)
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -6396,8 +6396,8 @@ static int aes_gcm_encrypt(const unsigned char *gcm_key, size_t gcm_key_s,
      int outlen, tmplen;
      unsigned char outbuf[1024];
      unsigned char outtag[16];
-    OSSL_PARAM params[3] = {
-        OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END
+    OSSL_PARAM params[4] = {
+        OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END
      };
  
      if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
@@ -6428,10 +6428,13 @@ static int aes_gcm_encrypt(const unsigned char *gcm_key, size_t gcm_key_s,
                                                    NULL, 0);
      params[1] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_UPDATED_IV,
                                                    NULL, 0);
-    params[2] = OSSL_PARAM_construct_end();
+    params[2] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
+                                                  NULL, 0);
+    params[3] = OSSL_PARAM_construct_end();
      if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params))
              || !TEST_size_t_eq(params[0].return_size, gcm_ivlen)
-            || !TEST_size_t_eq(params[1].return_size, gcm_ivlen))
+            || !TEST_size_t_eq(params[1].return_size, gcm_ivlen)
+            || !TEST_size_t_eq(params[2].return_size, sizeof(outtag)))
  
      ret = 1;
  err:
author	Leon Timmermans <fawaka@gmail.com>
	Mon, 11 Aug 2025 20:25:59 +0000 (22:25 +0200)
committer	Tomas Mraz <tomas@openssl.org>
	Wed, 19 Nov 2025 13:19:20 +0000 (14:19 +0100)
providers/implementations/ciphers/ciphercommon_gcm.c		patch \| blob \| blame \| history
test/evp_extra_test.c		patch \| blob \| blame \| history