tpm2: Refactor code that gets current IV

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
2026-01-06 18:17:49 +00:00 · 2023-02-11 11:15:41 -05:00 · 2023-02-11 11:15:41 -05:00 · f531ad6927
commit f531ad6927
parent 520a2fa27d
3 changed files with 27 additions and 2 deletions
--- a/src/tpm2/crypto/openssl/CryptSym.c
+++ b/src/tpm2/crypto/openssl/CryptSym.c
@ -621,7 +621,8 @@ CryptSymmetricEncrypt(
            ERROR_RETURN(TPM_RC_FAILURE);

        ivInOut->t.size = ivLen;
-        memcpy(ivInOut->t.buffer, EVP_CIPHER_CTX_iv(ctx), ivInOut->t.size);
+        if (DoEVPGetIV(ctx, ivInOut->t.buffer, ivInOut->t.size))
+            ERROR_RETURN(TPM_RC_FAILURE);
    }
 Exit:
    if (retVal == TPM_RC_SUCCESS && pOut != dOut)
@ -743,7 +744,8 @@ CryptSymmetricDecrypt(
            ERROR_RETURN(TPM_RC_FAILURE);

        ivInOut->t.size = ivLen;
-        memcpy(ivInOut->t.buffer, EVP_CIPHER_CTX_iv(ctx), ivInOut->t.size);
+        if (DoEVPGetIV(ctx, ivInOut->t.buffer, ivInOut->t.size))
+            ERROR_RETURN(TPM_RC_FAILURE);
    }

 Exit:
--- a/src/tpm2/crypto/openssl/Helpers.c
+++ b/src/tpm2/crypto/openssl/Helpers.c
@ -286,6 +286,22 @@ evpfunc GetEVPCipher(TPM_ALG_ID    algorithm,       // IN
    return evpfn;
 }

+TPM_RC DoEVPGetIV(
+                  EVP_CIPHER_CTX    *ctx,    // IN: required context
+                  unsigned char     *iv,     // IN: pointer to buffer for IV
+                  size_t             iv_len  // IN: size of the buffer
+                  )
+{
+    const unsigned char *c_iv;
+
+    c_iv = EVP_CIPHER_CTX_iv(ctx);
+    if (!c_iv)
+        return TPM_RC_FAILURE;
+    memcpy(iv, c_iv, iv_len);
+
+    return 0;
+}
+
 #endif // USE_OPENSSL_FUNCTIONS_SYMMETRIC

 #if USE_OPENSSL_FUNCTIONS_EC
--- a/src/tpm2/crypto/openssl/Helpers_fp.h
+++ b/src/tpm2/crypto/openssl/Helpers_fp.h
@ -80,6 +80,13 @@ evpfunc GetEVPCipher(TPM_ALG_ID    algorithm,       // IN
                     BYTE         *keyToUse,        // OUT same as key or stretched key
                     UINT16       *keyToUseLen      // IN/OUT
                     );
+
+TPM_RC DoEVPGetIV(
+                  EVP_CIPHER_CTX    *ctx,    // IN: required context
+                  unsigned char     *iv,     // IN: pointer to buffer for IV
+                  size_t             iv_len  // IN: size of the buffer
+                  );
+
 #endif

 #if USE_OPENSSL_FUNCTIONS_EC