From 7cc5e0d283800c757e46d1476273d271120aa38d Mon Sep 17 00:00:00 2001 From: Benjamin Kaduk Date: Mon, 1 Jun 2020 12:31:55 -0700 Subject: [PATCH 1/1] Allow oversized buffers for provider cipher IV fetch When we're fetching an IV, there's no need to enforce that the provided buffer is exactly the same size as the IV we want to write into it. This might happen, for example, when EVP_CIPHER_CTX_iv_noconst() passes sizeof(ctx->iv) (that is, EVP_MAX_IV_LENGTH) for an AES-GCM cipher that uses a shorter IV. AES-OCB and CCM were also affected. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12039) --- providers/implementations/ciphers/cipher_aes_ocb.c | 2 +- providers/implementations/ciphers/ciphercommon_ccm.c | 2 +- providers/implementations/ciphers/ciphercommon_gcm.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/providers/implementations/ciphers/cipher_aes_ocb.c b/providers/implementations/ciphers/cipher_aes_ocb.c index 681eb9ee70..84ba062d6b 100644 --- a/providers/implementations/ciphers/cipher_aes_ocb.c +++ b/providers/implementations/ciphers/cipher_aes_ocb.c @@ -401,7 +401,7 @@ static int aes_ocb_get_ctx_params(void *vctx, OSSL_PARAM params[]) p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV); if (p != NULL) { - if (ctx->base.ivlen != p->data_size) { + if (ctx->base.ivlen > p->data_size) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); return 0; } diff --git a/providers/implementations/ciphers/ciphercommon_ccm.c b/providers/implementations/ciphers/ciphercommon_ccm.c index 3825a0741c..2b9a0687e3 100644 --- a/providers/implementations/ciphers/ciphercommon_ccm.c +++ b/providers/implementations/ciphers/ciphercommon_ccm.c @@ -160,7 +160,7 @@ int ccm_get_ctx_params(void *vctx, OSSL_PARAM params[]) p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV); if (p != NULL) { - if (ccm_get_ivlen(ctx) != p->data_size) { + if (ccm_get_ivlen(ctx) > p->data_size) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IVLEN); return 0; } diff --git a/providers/implementations/ciphers/ciphercommon_gcm.c b/providers/implementations/ciphers/ciphercommon_gcm.c index 06fbbd07aa..7daa8dce5b 100644 --- a/providers/implementations/ciphers/ciphercommon_gcm.c +++ b/providers/implementations/ciphers/ciphercommon_gcm.c @@ -156,7 +156,7 @@ int gcm_get_ctx_params(void *vctx, OSSL_PARAM params[]) if (p != NULL) { if (ctx->iv_gen != 1 && ctx->iv_gen_rand != 1) return 0; - if (ctx->ivlen != p->data_size) { + if (ctx->ivlen > p->data_size) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); return 0; } -- 2.34.1