d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

It turns out that setting the IV length is necessary with CCM in OpenSSL.

Browse Source 
This adds that back.

Reviewed by:	cem
This commit is contained in:
sef 2019-02-20 21:24:56 +00:00
parent f6f04d1a3a
commit 5e2c80229c
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
tools/tools/crypto/cryptocheck.c
View File

@ -1185,6 +1185,9 @@ openssl_ccm_encrypt(struct alg *alg, const EVP_CIPHER *cipher, const char *key,
if (EVP_EncryptInit_ex(ctx, cipher, NULL, NULL, NULL) != 1)
errx(1, "OpenSSL %s (%zu) ctx init failed: %s", alg->name,
size, ERR_error_string(ERR_get_error(), NULL));
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, iv_len, NULL) != 1)
errx(1, "OpenSSL %s (%zu) setting iv length failed: %s", alg->name,
size, ERR_error_string(ERR_get_error(), NULL));
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, AES_CBC_MAC_HASH_LEN, NULL) != 1)
errx(1, "OpenSSL %s (%zu) setting tag length failed: %s", alg->name,
size, ERR_error_string(ERR_get_error(), NULL));