From 1eae5e17d399f969dd174d2f35c9a4d5bf50948b Mon Sep 17 00:00:00 2001 From: tb <> Date: Thu, 28 Sep 2023 11:35:10 +0000 Subject: Check that EVP_CIPHER_CTX_iv_length() matches what was set This really only covers AES-GCM. From beck --- src/regress/lib/libcrypto/aead/aeadtest.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/regress/lib/libcrypto/aead/aeadtest.c b/src/regress/lib/libcrypto/aead/aeadtest.c index 4d24a81768..7144cb98d6 100644 --- a/src/regress/lib/libcrypto/aead/aeadtest.c +++ b/src/regress/lib/libcrypto/aead/aeadtest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: aeadtest.c,v 1.24 2023/07/07 07:44:59 bcook Exp $ */ +/* $OpenBSD: aeadtest.c,v 1.25 2023/09/28 11:35:10 tb Exp $ */ /* * Copyright (c) 2022 Joel Sing * Copyright (c) 2014, Google Inc. @@ -203,6 +203,7 @@ run_cipher_aead_encrypt_test(const EVP_CIPHER *cipher, EVP_CIPHER_CTX *ctx; size_t out_len; int len; + int ivlen; int ret = 0; if ((ctx = EVP_CIPHER_CTX_new()) == NULL) { @@ -220,6 +221,13 @@ run_cipher_aead_encrypt_test(const EVP_CIPHER *cipher, goto err; } + ivlen = EVP_CIPHER_CTX_iv_length(ctx); + if (ivlen != (int)lengths[NONCE]) { + fprintf(stderr, "FAIL = ivlen %d != nonce length %d\n", ivlen, + (int)lengths[NONCE]); + goto err; + } + if (!EVP_EncryptInit_ex(ctx, NULL, NULL, bufs[KEY], NULL)) { fprintf(stderr, "FAIL: EVP_EncryptInit_ex with key\n"); goto err; -- cgit v1.2.3-55-g6feb