d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

It turns out that setting the IV length is necessary with CCM in OpenSSL.

Browse Source 
This adds that back.

Reviewed by:	cem
This commit is contained in:
Sean Eric Fagan 2019-02-20 21:24:56 +00:00
parent 6cea60aef5
commit 5ed4fb69ff
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=344388
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
tools/tools/crypto/cryptocheck.c
View File

@ -1185,6 +1185,9 @@ openssl_ccm_encrypt(struct alg *alg, const EVP_CIPHER *cipher, const char *key,
if (EVP_EncryptInit_ex(ctx, cipher, NULL, NULL, NULL) != 1)
errx(1, "OpenSSL %s (%zu) ctx init failed: %s", alg->name,
size, ERR_error_string(ERR_get_error(), NULL));
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, iv_len, NULL) != 1)
errx(1, "OpenSSL %s (%zu) setting iv length failed: %s", alg->name,
size, ERR_error_string(ERR_get_error(), NULL));
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, AES_CBC_MAC_HASH_LEN, NULL) != 1)
errx(1, "OpenSSL %s (%zu) setting tag length failed: %s", alg->name,
size, ERR_error_string(ERR_get_error(), NULL));