-
-
Notifications
You must be signed in to change notification settings - Fork 753
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Always set IV length for AES CCM ciphers #2245
base: master
Are you sure you want to change the base?
Conversation
Yeah it unfortunately looks like we can't just unconditionally do this :( |
No it looks like it ain't that easy 😞 Based on the OpenSSL wiki on AES with CCM, I still think that a change is warranted to make 12 byte IVs work so I'm gonna self review another proposal! |
openssl/src/symm.rs
Outdated
if let (Some(iv), Some(_iv_len)) = (iv, t.iv_len()) { | ||
ctx.set_iv_length(iv.len())?; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What do we think about this instead? I reintroduced the length check and added specific handling for the AES CCM ciphers, which are the ones with the IV length issue.
if let (Some(iv), Some(_iv_len)) = (iv, t.iv_len()) { | |
ctx.set_iv_length(iv.len())?; | |
if let (Some(iv), Some(iv_len)) = (iv, t.iv_len()) { | |
if iv.len() != iv_len | |
|| matches!( | |
t.nid(), | |
Nid::AES_128_CCM | Nid::AES_192_CCM | Nid::AES_256_CCM | |
) | |
{ | |
ctx.set_iv_length(iv.len())?; | |
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I hate it, but that's just OpenSSL I guess :P
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like boringssl's not happy with it though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I waited for you to give your opinion before pushing and running all of the CI. Now I pushed in 20ce889!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also, agree that it's not very pretty but it should (hopefully!) get the job done!
This fixes an issue where the IV length would not be set if the length was equal to the recommended length. The issue shows up at least when an IV of length 12 (which is returned by `t.iv_len()`) is used with the AES256 CCM cipher, as OpenSSL defaults the IV length to 7 bytes [^1] and it would not be correctly set to 12. [^1]: https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption Closes sfackler#2244.
20ce889
to
542b783
Compare
@sfackler please have another look at this! |
This fixes an issue where the IV length would not be set if the length
was equal to the recommended length. The issue shows up at least when an
IV of length 12 (which is returned by
t.iv_len()
) is used with theAES256 CCM cipher, as OpenSSL defaults the IV length to 7 bytes 1 and it
would not be correctly set to 12.
Closes #2244.
Footnotes
https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption ↩