[openssl-dev] [openssl.org #4037] IV-setting bug on AES/CCM decryption
Andrew Felsher via RT
rt at openssl.org
Fri Sep 11 17:34:28 UTC 2015
Hi,
While running some tests on a module using OpenSSL, we noticed that when using EVP_CIPHER_CTX_ctrl(context, EVP_CTRL_CCM_SET_IVLEN, length, NULL) to set the IV length, AES/CCM decryption does not seem to detect a bad IV length. With encryption, it is detected and an appropriate error code is returned. And AES/GCM, for example, detects the bad IV length for both encryption and decryption.
Regards,
Andrew Felsher
-------------- next part --------------
_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-mod at openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
More information about the openssl-dev
mailing list