Skip to content

fix: EVP_CIPHER_iv_length returns 0 for AES-CFB128 and AES-OFB (ZD-21730) #10364

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
douzzer merged 2 commits into from
Jun 4, 2026
Merged

fix: EVP_CIPHER_iv_length returns 0 for AES-CFB128 and AES-OFB (ZD-21730) #10364

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
58d3d84
fix: EVP_CIPHER_iv_length returns 0 for CFB/OFB modes
MarkAtwood Apr 30, 2026
f9d6a03
fix: add CFB128 and OFB cases to wolfSSL_EVP_get_cipherbynid
MarkAtwood Apr 30, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 44 additions & 0 deletions tests/api/test_evp_cipher.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -501,6 +501,28 @@ int test_wolfSSL_EVP_CIPHER_iv_length(void)
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
NID_chacha20_poly1305,
#endif
#ifdef WOLFSSL_AES_CFB
#ifdef WOLFSSL_AES_128
NID_aes_128_cfb128,
#endif
#ifdef WOLFSSL_AES_192
NID_aes_192_cfb128,
#endif
#ifdef WOLFSSL_AES_256
NID_aes_256_cfb128,
#endif
#endif /* WOLFSSL_AES_CFB */
#ifdef WOLFSSL_AES_OFB
#ifdef WOLFSSL_AES_128
NID_aes_128_ofb,
#endif
#ifdef WOLFSSL_AES_192
NID_aes_192_ofb,
#endif
#ifdef WOLFSSL_AES_256
NID_aes_256_ofb,
#endif
#endif /* WOLFSSL_AES_OFB */
};
int iv_lengths[] = {
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
Expand Down Expand Up @@ -546,6 +568,28 @@ int test_wolfSSL_EVP_CIPHER_iv_length(void)
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
CHACHA20_POLY1305_AEAD_IV_SIZE,
#endif
#ifdef WOLFSSL_AES_CFB
#ifdef WOLFSSL_AES_128
AES_BLOCK_SIZE,
#endif
#ifdef WOLFSSL_AES_192
AES_BLOCK_SIZE,
#endif
#ifdef WOLFSSL_AES_256
AES_BLOCK_SIZE,
#endif
#endif /* WOLFSSL_AES_CFB */
#ifdef WOLFSSL_AES_OFB
#ifdef WOLFSSL_AES_128
AES_BLOCK_SIZE,
#endif
#ifdef WOLFSSL_AES_192
AES_BLOCK_SIZE,
#endif
#ifdef WOLFSSL_AES_256
AES_BLOCK_SIZE,
#endif
#endif /* WOLFSSL_AES_OFB */
};
int i;
int nidsLen = (sizeof(nids)/sizeof(int));
Expand Down
83 changes: 83 additions & 0 deletions wolfcrypt/src/evp.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5674,6 +5674,34 @@ const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbynid(int id)
return wolfSSL_EVP_aes_256_ccm();
#endif
#endif
#ifdef WOLFSSL_AES_OFB
#ifdef WOLFSSL_AES_128
case WC_NID_aes_128_ofb:
return wolfSSL_EVP_aes_128_ofb();
#endif
#ifdef WOLFSSL_AES_192
case WC_NID_aes_192_ofb:
return wolfSSL_EVP_aes_192_ofb();
#endif
#ifdef WOLFSSL_AES_256
case WC_NID_aes_256_ofb:
return wolfSSL_EVP_aes_256_ofb();
#endif
#endif /* WOLFSSL_AES_OFB */
#ifdef WOLFSSL_AES_CFB
#ifdef WOLFSSL_AES_128
case WC_NID_aes_128_cfb128:
return wolfSSL_EVP_aes_128_cfb128();
#endif
#ifdef WOLFSSL_AES_192
case WC_NID_aes_192_cfb128:
return wolfSSL_EVP_aes_192_cfb128();
#endif
#ifdef WOLFSSL_AES_256
case WC_NID_aes_256_cfb128:
return wolfSSL_EVP_aes_256_cfb128();
#endif
#endif /* WOLFSSL_AES_CFB */
#endif

#ifdef HAVE_ARIA
Expand Down Expand Up @@ -9960,6 +9988,61 @@ int wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER* cipher)
#endif /* WOLFSSL_AES_256 */
#endif /* WOLFSSL_AES_XTS && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) */

#ifdef WOLFSSL_AES_OFB
#ifdef WOLFSSL_AES_128
if (XSTRCMP(name, EVP_AES_128_OFB) == 0)
return WC_AES_BLOCK_SIZE;
#endif
#ifdef WOLFSSL_AES_192
if (XSTRCMP(name, EVP_AES_192_OFB) == 0)
return WC_AES_BLOCK_SIZE;
#endif
#ifdef WOLFSSL_AES_256
if (XSTRCMP(name, EVP_AES_256_OFB) == 0)
return WC_AES_BLOCK_SIZE;
#endif
#endif /* WOLFSSL_AES_OFB */
#ifdef WOLFSSL_AES_CFB
#ifndef WOLFSSL_NO_AES_CFB_1_8
#ifdef WOLFSSL_AES_128
if (XSTRCMP(name, EVP_AES_128_CFB1) == 0)
return WC_AES_BLOCK_SIZE;
#endif
#ifdef WOLFSSL_AES_192
if (XSTRCMP(name, EVP_AES_192_CFB1) == 0)
return WC_AES_BLOCK_SIZE;
#endif
#ifdef WOLFSSL_AES_256
if (XSTRCMP(name, EVP_AES_256_CFB1) == 0)
return WC_AES_BLOCK_SIZE;
#endif
#ifdef WOLFSSL_AES_128
if (XSTRCMP(name, EVP_AES_128_CFB8) == 0)
return WC_AES_BLOCK_SIZE;
#endif
#ifdef WOLFSSL_AES_192
if (XSTRCMP(name, EVP_AES_192_CFB8) == 0)
return WC_AES_BLOCK_SIZE;
#endif
#ifdef WOLFSSL_AES_256
if (XSTRCMP(name, EVP_AES_256_CFB8) == 0)
return WC_AES_BLOCK_SIZE;
#endif
#endif /* !WOLFSSL_NO_AES_CFB_1_8 */
#ifdef WOLFSSL_AES_128
if (XSTRCMP(name, EVP_AES_128_CFB128) == 0)
return WC_AES_BLOCK_SIZE;
#endif
#ifdef WOLFSSL_AES_192
if (XSTRCMP(name, EVP_AES_192_CFB128) == 0)
return WC_AES_BLOCK_SIZE;
#endif
#ifdef WOLFSSL_AES_256
if (XSTRCMP(name, EVP_AES_256_CFB128) == 0)
return WC_AES_BLOCK_SIZE;
#endif
#endif /* WOLFSSL_AES_CFB */

#endif
#ifdef HAVE_ARIA
if (XSTRCMP(name, EVP_ARIA_128_GCM) == 0)
Expand Down
Loading