From ab60626253853eaefb2f786779bc9aefc1de8395 Mon Sep 17 00:00:00 2001
From: Leon Timmermans <fawaka@gmail.com>
Date: Mon, 11 Aug 2025 22:08:39 +0200
Subject: [PATCH] Allow get_params to return length of AES-GCM IV parameters

Previously, EVP_CIPHER_CTX_get_params would not report the length of the
IV parameters when called with a NULL data pointer. This change makes the
function behave as documented.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28232)
---
 .../implementations/ciphers/ciphercommon_gcm.c      |  4 ++--
 test/evp_extra_test.c                               | 13 +++++++++++--
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/providers/implementations/ciphers/ciphercommon_gcm.c b/providers/implementations/ciphers/ciphercommon_gcm.c
index ca13834b983..d1dc31bce41 100644
--- a/providers/implementations/ciphers/ciphercommon_gcm.c
+++ b/providers/implementations/ciphers/ciphercommon_gcm.c
@@ -187,7 +187,7 @@ int ossl_gcm_get_ctx_params(void *vctx, OSSL_PARAM params[])
     if (p.iv != NULL) {
         if (!on_preupdate_generate_iv(ctx))
             return 0;
-        if (ctx->ivlen > p.iv->data_size) {
+        if (p.iv->data != NULL && ctx->ivlen > p.iv->data_size) {
             ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
             return 0;
         }
@@ -199,7 +199,7 @@ int ossl_gcm_get_ctx_params(void *vctx, OSSL_PARAM params[])
     if (p.updiv != NULL) {
         if (!on_preupdate_generate_iv(ctx))
             return 0;
-        if (ctx->ivlen > p.updiv->data_size) {
+        if (p.updiv->data != NULL && ctx->ivlen > p.updiv->data_size) {
             ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
             return 0;
         }
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index 52d684ea678..468aa995847 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -6396,8 +6396,8 @@ static int aes_gcm_encrypt(const unsigned char *gcm_key, size_t gcm_key_s,
     int outlen, tmplen;
     unsigned char outbuf[1024];
     unsigned char outtag[16];
-    OSSL_PARAM params[2] = {
-        OSSL_PARAM_END, OSSL_PARAM_END
+    OSSL_PARAM params[3] = {
+        OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END
     };
 
     if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
@@ -6424,6 +6424,15 @@ static int aes_gcm_encrypt(const unsigned char *gcm_key, size_t gcm_key_s,
             || !TEST_mem_eq(outtag, gcm_tag_s, gcm_tag, gcm_tag_s))
         goto err;
 
+    params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV,
+                                                  NULL, 0);
+    params[1] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_UPDATED_IV,
+                                                  NULL, 0);
+    params[2] = OSSL_PARAM_construct_end();
+    if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params))
+            || !TEST_size_t_eq(params[0].return_size, gcm_ivlen)
+            || !TEST_size_t_eq(params[1].return_size, gcm_ivlen))
+
     ret = 1;
 err:
     EVP_CIPHER_free(cipher);
-- 
2.47.3