eliott/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird synced 2026-04-25 17:25:08 +02:00
Code Issues Packages Projects Releases Wiki Activity

LibCrypto: Use EVP_EncryptInit instead of EVP_DecryptInit in GCM encrypt

Browse Source 
The first EVP initialization call in AESGCMCipher::encrypt() used
EVP_DecryptInit. Every other cipher mode in the file correctly matches
its init calls to the operation direction (CBC, CTR, OCB, KW).

The second EVP_EncryptInit call overrides the context direction before
any ciphertext is produced, but the EVP_CTRL_GCM_SET_IVLEN control call
on the next line executes while the context is in decrypt mode.
This commit is contained in:
Praise-Garfield
2026-03-16 17:30:46 +00:00
committed by Jelle Raaijmakers
parent 3a95df60f9
commit 22e8e99d4c
Notes: github-actions[bot] 2026-03-19 21:29:30 +00:00 
Author: https://github.com/Praise-Garfield
Commit: https://github.com/LadybirdBrowser/ladybird/commit/22e8e99d4c0
Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/8452
Reviewed-by: https://github.com/gmta
2 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Libraries/LibCrypto/Cipher/AES.cpp
View File

@@ -119,7 +119,7 @@ ErrorOr<AESGCMCipher::EncryptedData> AESGCMCipher::encrypt(ReadonlyBytes plainte
{
auto ctx = TRY(OpenSSL_CIPHER_CTX::create());
OPENSSL_TRY(EVP_DecryptInit(ctx.ptr(), m_cipher, nullptr, nullptr));
OPENSSL_TRY(EVP_EncryptInit(ctx.ptr(), m_cipher, nullptr, nullptr));
OPENSSL_TRY(EVP_CIPHER_CTX_ctrl(ctx.ptr(), EVP_CTRL_GCM_SET_IVLEN, iv.size(), nullptr));
OPENSSL_TRY(EVP_EncryptInit(ctx.ptr(), nullptr, m_key.data(), iv.data()));

16
Tests/LibCrypto/TestAES.cpp
View File

@@ -444,6 +444,22 @@ TEST_CASE(test_AES_GCM_128bit_encrypt_with_aad)
EXPECT(memcmp(result_tag, tag.data(), tag.size()) == 0);
}
TEST_CASE(test_AES_GCM_128bit_encrypt_decrypt_round_trip_with_non_standard_iv)
{
Crypto::Cipher::AESGCMCipher cipher("\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08"_b);
auto plaintext = "The quick brown fox jumps over the lazy dog!"_b;
// 16-byte IV (non-standard; default is 12) to exercise EVP_CTRL_GCM_SET_IVLEN.
auto iv = "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10"_b;
auto aad = "\xde\xad\xbe\xef"_b;
auto [ciphertext, tag] = TRY_OR_FAIL(cipher.encrypt(plaintext, iv, aad, 16));
EXPECT_NE(ciphertext.size(), 0u);
auto decrypted = TRY_OR_FAIL(cipher.decrypt(ciphertext, iv, aad, tag));
EXPECT_EQ(decrypted.size(), plaintext.size());
EXPECT(memcmp(plaintext.data(), decrypted.data(), plaintext.size()) == 0);
}
TEST_CASE(test_AES_GCM_128bit_decrypt_empty)
{
Crypto::Cipher::AESGCMCipher cipher("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"_b);