From: Tomas Mraz <tomas@openssl.org>
Date: Wed, 1 Nov 2023 13:00:22 +0000 (+0100)
Subject: When changing IV length invalidate previously set IV
X-Git-Tag: openssl-3.1.5~137
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=38595b9a6ad5a752214322ecb8a17be38b4e4b0b;p=thirdparty%2Fopenssl.git

When changing IV length invalidate previously set IV

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

(cherry picked from commit eddbb78f4e5196eee33b2fd3d6adeabb69d52eb7)

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22613)
---

diff --git a/providers/implementations/ciphers/cipher_aes_ocb.c b/providers/implementations/ciphers/cipher_aes_ocb.c
index ce377ad5740..eab315453ef 100644
--- a/providers/implementations/ciphers/cipher_aes_ocb.c
+++ b/providers/implementations/ciphers/cipher_aes_ocb.c
@@ -387,7 +387,10 @@ static int aes_ocb_set_ctx_params(void *vctx, const OSSL_PARAM params[])
         /* IV len must be 1 to 15 */
         if (sz < OCB_MIN_IV_LEN || sz > OCB_MAX_IV_LEN)
             return 0;
-        ctx->base.ivlen = sz;
+        if (ctx->base.ivlen != sz) {
+            ctx->base.ivlen = sz;
+            ctx->iv_state = IV_STATE_UNINITIALISED;
+        }
     }
     p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
     if (p != NULL) {
diff --git a/providers/implementations/ciphers/ciphercommon_ccm.c b/providers/implementations/ciphers/ciphercommon_ccm.c
index ce3f7527f31..33105911e36 100644
--- a/providers/implementations/ciphers/ciphercommon_ccm.c
+++ b/providers/implementations/ciphers/ciphercommon_ccm.c
@@ -109,7 +109,10 @@ int ossl_ccm_set_ctx_params(void *vctx, const OSSL_PARAM params[])
             ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
             return 0;
         }
-        ctx->l = ivlen;
+        if (ctx->l != ivlen) {
+            ctx->l = ivlen;
+            ctx->iv_set = 0;
+        }
     }
 
     p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD);
diff --git a/providers/implementations/ciphers/ciphercommon_gcm.c b/providers/implementations/ciphers/ciphercommon_gcm.c
index ed95c97ff47..4ec73d5a6db 100644
--- a/providers/implementations/ciphers/ciphercommon_gcm.c
+++ b/providers/implementations/ciphers/ciphercommon_gcm.c
@@ -261,7 +261,12 @@ int ossl_gcm_set_ctx_params(void *vctx, const OSSL_PARAM params[])
             ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
             return 0;
         }
-        ctx->ivlen = sz;
+        if (ctx->ivlen != sz) {
+            /* If the iv was already set or autogenerated, it is invalid. */
+            if (ctx->iv_state != IV_STATE_UNINITIALISED)
+                ctx->iv_state = IV_STATE_FINISHED;
+            ctx->ivlen = sz;
+        }
     }
 
     p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD);