From 542b783a5cf109e3b82d26b22707bd75124895ed Mon Sep 17 00:00:00 2001
From: Love Westlund <love.westlund@proton.me>
Date: Mon, 27 May 2024 21:48:56 +0200
Subject: [PATCH] Always set IV length for AES CCM ciphers

This fixes an issue where the IV length would not be set if the length
was equal to the recommended length. The issue shows up at least when an
IV of length 12 (which is returned by `t.iv_len()`) is used with the
AES256 CCM cipher, as OpenSSL defaults the IV length to 7 bytes [^1] and it
would not be correctly set to 12.

[^1]: https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption

Closes sfackler/rust-openssl#2244.
---
 openssl/src/symm.rs | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/openssl/src/symm.rs b/openssl/src/symm.rs
index af010569e..8ad525f2c 100644
--- a/openssl/src/symm.rs
+++ b/openssl/src/symm.rs
@@ -627,7 +627,12 @@ impl Crypter {
         ctx.set_key_length(key.len())?;
 
         if let (Some(iv), Some(iv_len)) = (iv, t.iv_len()) {
-            if iv.len() != iv_len {
+            if iv.len() != iv_len
+                || matches!(
+                    t.nid(),
+                    Nid::AES_128_CCM | Nid::AES_192_CCM | Nid::AES_256_CCM
+                )
+            {
                 ctx.set_iv_length(iv.len())?;
             }
         }