Closed mamckee closed 6 months ago
message(FATAL_ERROR "Provide symcrypt pkg-config or set SYMCRYPT_ROOT_DIR variable")
np: tabs #Resolved
Refers to: CMakeLists.txt:19 in 55d107f. [](commit_id = 55d107fb4626a97dcb778ffeba4846c8f3c54615, deletion_comment = False)
A scenario exists in the engine that prevents this from working. EVP_CIPHER_CTX_iv_length calls into the engine, so the engine has no way of knowing the IV length for an IV passed to e_scossl_aes_gcm_init_key. The engine will continue to reject any IVs that aren't 12-bytes.
I don't follow this comment. Can't the engine save the IV length and use that for subsequent calls?
A scenario exists in the engine that prevents this from working. EVP_CIPHER_CTX_iv_length calls into the engine, so the engine has no way of knowing the IV length for an IV passed to e_scossl_aes_gcm_init_key. The engine will continue to reject any IVs that aren't 12-bytes.
I don't follow this comment. Can't the engine save the IV length and use that for subsequent calls?
It depends on EVP_CTRL_AEAD_SET_IVLEN being set before EVP_CTRL_INIT. We might be able to rework this (i.e. not setting the IV until e_scossl_aes_gcm_init_key) but I don't want to spend a ton of time on adding new behavior to the engine. I'm sure there was a reason the IV was set in EVP_CTRL_INIT so it's something I'm hesitant to modify unless we need to.
This PR updates existing tests for OpenSSL 3, and fixes any bugs found in testing
OPENSSL_strcasecmp
preventing the provider from running with OpenSSL versions below 3.0.4, when this API was exported