Changeset 40283 in project


Ignore:
Timestamp:
07/18/21 15:36:06 (2 weeks ago)
Author:
Vasilij Schneidermann
Message:

openssl: Always supply IV length when using CCM

Location:
release/5/openssl/trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • release/5/openssl/trunk/openssl.cipher.scm

    r40254 r40283  
    219219    (when (not (EVP_CIPHER_CTX_set_key_length ctx key-length))
    220220      (openssl-error 'cipher-context-init! (list key-length effective-key-length)))
    221     (when (and iv-length (not (<= (EVP_CIPHER_CTX_iv_length ctx) iv-length)))
    222       (openssl-type-error 'cipher-context-init! "sufficient iv length" iv-length))
     221    (let ((min-iv-length (or effective-iv-length (EVP_CIPHER_CTX_iv_length ctx))))
     222      (when (and iv-length (< iv-length min-iv-length))
     223        (openssl-type-error 'cipher-context-init! "sufficient iv length" iv-length min-iv-length)))
    223224    (when effective-iv-length
    224225      (when (not (aead-cipher? ctx))
  • release/5/openssl/trunk/tests/cipher-test.scm

    r40254 r40283  
    130130    (let* ((plaintext "\x20\x21\x22\x23")
    131131           (message-length (string-length plaintext))
     132           (iv-length 7)
    132133           (iv (string->blob "\x10\x11\x12\x13\x14\x15\x16"))
    133134           (tag-length 4)
    134135           (auth-data (string->blob "\x00\x01\x02\x03\x04\x05\x06\x07")))
    135136      (receive (ciphertext tag)
    136           (string-encrypt-and-digest aes-128-ccm plaintext key iv message-length: message-length tag-length: tag-length auth-data: auth-data)
     137          (string-encrypt-and-digest aes-128-ccm plaintext key iv effective-iv-length: iv-length message-length: message-length tag-length: tag-length auth-data: auth-data)
    137138        (test "AES-CCM test vector (encryption)" "\x71\x62\x01\x5b" ciphertext)
    138139        (test "AES-CCM test vector (tag)" "\x4d\xac\x25\x5d" tag)
    139140        (test "AES-CCM test vector (decryption)" plaintext
    140               (string-decrypt-and-verify aes-128-ccm ciphertext tag key iv message-length: message-length tag-length: tag-length auth-data: auth-data))))
     141              (string-decrypt-and-verify aes-128-ccm ciphertext tag key iv effective-iv-length: iv-length message-length: message-length tag-length: tag-length auth-data: auth-data))))
    141142    (let* ((plaintext "\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f")
    142143           (message-length (string-length plaintext))
Note: See TracChangeset for help on using the changeset viewer.