From 5ed4fb69ff2096072ef965b5f70eee65ac768fbc Mon Sep 17 00:00:00 2001
From: Sean Eric Fagan <sef@FreeBSD.org>
Date: Wed, 20 Feb 2019 21:24:56 +0000
Subject: [PATCH] It turns out that setting the IV length is necessary with CCM
 in OpenSSL. This adds that back.

Reviewed by:	cem
---
 tools/tools/crypto/cryptocheck.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tools/tools/crypto/cryptocheck.c b/tools/tools/crypto/cryptocheck.c
index 47c6bc0cfcf3..8f35c6b7e345 100644
--- a/tools/tools/crypto/cryptocheck.c
+++ b/tools/tools/crypto/cryptocheck.c
@@ -1185,6 +1185,9 @@ openssl_ccm_encrypt(struct alg *alg, const EVP_CIPHER *cipher, const char *key,
 	if (EVP_EncryptInit_ex(ctx, cipher, NULL, NULL, NULL) != 1)
 		errx(1, "OpenSSL %s (%zu) ctx init failed: %s", alg->name,
 		    size, ERR_error_string(ERR_get_error(), NULL));
+	if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, iv_len, NULL) != 1)
+		errx(1, "OpenSSL %s (%zu) setting iv length failed: %s", alg->name,
+		    size, ERR_error_string(ERR_get_error(), NULL));
 	if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, AES_CBC_MAC_HASH_LEN, NULL) != 1)
 		errx(1, "OpenSSL %s (%zu) setting tag length failed: %s", alg->name,
 		     size, ERR_error_string(ERR_get_error(), NULL));