Nevermind; there was a misunderstanding regarding some program flows. Thanks anyway, Andrew
-----Original Message----- From: Stephen Henson via RT [mailto:[email protected]] Sent: Friday, September 11, 2015 5:58 PM To: Andrew Felsher (afelsher) Cc: [email protected] Subject: [openssl.org #4037] IV-setting bug on AES/CCM decryption On Fri Sep 11 17:34:27 2015, [email protected] wrote: > Hi, > > While running some tests on a module using OpenSSL, we noticed that > when using EVP_CIPHER_CTX_ctrl(context, EVP_CTRL_CCM_SET_IVLEN, > length, NULL) to set the IV length, AES/CCM decryption does not seem > to detect a bad IV length. With encryption, it is detected and an > appropriate error code is returned. And AES/GCM, for example, detects > the bad IV length for both encryption and decryption. > Can you give a few more details? What do you mean by a "bad IV length" do you have some sample code? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
