From 52effe6a13ba852509e0a964f06aae44ab00abc9 Mon Sep 17 00:00:00 2001 From: tb Date: Thu, 28 Sep 2023 11:35:10 +0000 Subject: [PATCH] Check that EVP_CIPHER_CTX_iv_length() matches what was set This really only covers AES-GCM. From beck --- regress/lib/libcrypto/aead/aeadtest.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/regress/lib/libcrypto/aead/aeadtest.c b/regress/lib/libcrypto/aead/aeadtest.c index 4d24a817684..7144cb98d67 100644 --- a/regress/lib/libcrypto/aead/aeadtest.c +++ b/regress/lib/libcrypto/aead/aeadtest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: aeadtest.c,v 1.24 2023/07/07 07:44:59 bcook Exp $ */ +/* $OpenBSD: aeadtest.c,v 1.25 2023/09/28 11:35:10 tb Exp $ */ /* * Copyright (c) 2022 Joel Sing * Copyright (c) 2014, Google Inc. @@ -203,6 +203,7 @@ run_cipher_aead_encrypt_test(const EVP_CIPHER *cipher, EVP_CIPHER_CTX *ctx; size_t out_len; int len; + int ivlen; int ret = 0; if ((ctx = EVP_CIPHER_CTX_new()) == NULL) { @@ -220,6 +221,13 @@ run_cipher_aead_encrypt_test(const EVP_CIPHER *cipher, goto err; } + ivlen = EVP_CIPHER_CTX_iv_length(ctx); + if (ivlen != (int)lengths[NONCE]) { + fprintf(stderr, "FAIL = ivlen %d != nonce length %d\n", ivlen, + (int)lengths[NONCE]); + goto err; + } + if (!EVP_EncryptInit_ex(ctx, NULL, NULL, bufs[KEY], NULL)) { fprintf(stderr, "FAIL: EVP_EncryptInit_ex with key\n"); goto err; -- 2.20.1