diff --git a/src/tpm2/crypto/openssl/CryptSym.c b/src/tpm2/crypto/openssl/CryptSym.c index 9fe88e0a..5a44b3ba 100644 --- a/src/tpm2/crypto/openssl/CryptSym.c +++ b/src/tpm2/crypto/openssl/CryptSym.c @@ -621,7 +621,8 @@ CryptSymmetricEncrypt( ERROR_RETURN(TPM_RC_FAILURE); ivInOut->t.size = ivLen; - memcpy(ivInOut->t.buffer, EVP_CIPHER_CTX_iv(ctx), ivInOut->t.size); + if (DoEVPGetIV(ctx, ivInOut->t.buffer, ivInOut->t.size)) + ERROR_RETURN(TPM_RC_FAILURE); } Exit: if (retVal == TPM_RC_SUCCESS && pOut != dOut) @@ -743,7 +744,8 @@ CryptSymmetricDecrypt( ERROR_RETURN(TPM_RC_FAILURE); ivInOut->t.size = ivLen; - memcpy(ivInOut->t.buffer, EVP_CIPHER_CTX_iv(ctx), ivInOut->t.size); + if (DoEVPGetIV(ctx, ivInOut->t.buffer, ivInOut->t.size)) + ERROR_RETURN(TPM_RC_FAILURE); } Exit: diff --git a/src/tpm2/crypto/openssl/Helpers.c b/src/tpm2/crypto/openssl/Helpers.c index ac3afaaf..5a1ddc35 100644 --- a/src/tpm2/crypto/openssl/Helpers.c +++ b/src/tpm2/crypto/openssl/Helpers.c @@ -286,6 +286,22 @@ evpfunc GetEVPCipher(TPM_ALG_ID algorithm, // IN return evpfn; } +TPM_RC DoEVPGetIV( + EVP_CIPHER_CTX *ctx, // IN: required context + unsigned char *iv, // IN: pointer to buffer for IV + size_t iv_len // IN: size of the buffer + ) +{ + const unsigned char *c_iv; + + c_iv = EVP_CIPHER_CTX_iv(ctx); + if (!c_iv) + return TPM_RC_FAILURE; + memcpy(iv, c_iv, iv_len); + + return 0; +} + #endif // USE_OPENSSL_FUNCTIONS_SYMMETRIC #if USE_OPENSSL_FUNCTIONS_EC diff --git a/src/tpm2/crypto/openssl/Helpers_fp.h b/src/tpm2/crypto/openssl/Helpers_fp.h index 5b9ca14e..c42402d9 100644 --- a/src/tpm2/crypto/openssl/Helpers_fp.h +++ b/src/tpm2/crypto/openssl/Helpers_fp.h @@ -80,6 +80,13 @@ evpfunc GetEVPCipher(TPM_ALG_ID algorithm, // IN BYTE *keyToUse, // OUT same as key or stretched key UINT16 *keyToUseLen // IN/OUT ); + +TPM_RC DoEVPGetIV( + EVP_CIPHER_CTX *ctx, // IN: required context + unsigned char *iv, // IN: pointer to buffer for IV + size_t iv_len // IN: size of the buffer + ); + #endif #if USE_OPENSSL_FUNCTIONS_EC