Skip to content

EVP_CIPHER_CTX_get_iv_length() reports 16 for AES-ECB with symcryptprovider #170

Description

@qmuntal

Summary

When using SymCrypt-OpenSSL’s OpenSSL 3 provider (symcryptprovider), an initialized AES-ECB cipher context reports an IV length of 16 via EVP_CIPHER_CTX_get_iv_length().

ECB mode does not use an IV, so the expected context IV length is 0. OpenSSL’s default/FIPS providers report 0 for AES-ECB. The SymCrypt-OpenSSL provider appears to report the AES block size or a generic AES context IV buffer length instead.

This looks like an OpenSSL provider metadata compatibility issue in SymCrypt-OpenSSL, not an issue in the core SymCrypt primitive.

Environment

Observed on Azure Linux 3 with:

  • OpenSSL: 3.3.5
  • Provider module: symcryptprovider.so
  • SymCrypt provider version: 1.9.5
  • Provider path: ossl-modules

Expected Behavior

For AES-ECB:

EVP_CIPHER_get_iv_length(cipher) == 0
EVP_CIPHER_CTX_get_iv_length(ctx) == 0

ECB has no IV, so both cipher-level and initialized-context-level IV length should be zero.

Actual Behavior

With symcryptprovider:

EVP_CIPHER_get_iv_length(cipher) == 0
EVP_CIPHER_CTX_get_iv_length(ctx) == 16

The cipher-level metadata is correct, but the initialized context reports 16.

Why This Matters

This can break applications or test suites that use OpenSSL EVP metadata to validate cipher parameters. Even if AES-ECB encryption/decryption itself works correctly, the context metadata is inconsistent with OpenSSL provider behavior and with ECB semantics.

This may cause callers to incorrectly believe AES-ECB requires or has an IV after initialization.

Plain C Reproducer

#include <openssl/evp.h>
#include <openssl/provider.h>
#include <stdio.h>
#include <string.h>

static int test_provider(const char *provider_name)
{
    int ret = 1;
    OSSL_LIB_CTX *libctx = NULL;
    OSSL_PROVIDER *provider = NULL;
    EVP_CIPHER *cipher = NULL;
    EVP_CIPHER_CTX *ctx = NULL;

    unsigned char key[16];
    memset(key, 0, sizeof(key));

    libctx = OSSL_LIB_CTX_new();
    if (libctx == NULL) {
        fprintf(stderr, "OSSL_LIB_CTX_new failed\n");
        goto cleanup;
    }

    provider = OSSL_PROVIDER_load(libctx, provider_name);
    if (provider == NULL) {
        fprintf(stderr, "OSSL_PROVIDER_load(%s) failed\n", provider_name);
        goto cleanup;
    }

    cipher = EVP_CIPHER_fetch(libctx, "AES-128-ECB", NULL);
    if (cipher == NULL) {
        fprintf(stderr, "EVP_CIPHER_fetch(AES-128-ECB) failed for provider %s\n", provider_name);
        goto cleanup;
    }

    ctx = EVP_CIPHER_CTX_new();
    if (ctx == NULL) {
        fprintf(stderr, "EVP_CIPHER_CTX_new failed\n");
        goto cleanup;
    }

    if (EVP_CipherInit_ex2(ctx, cipher, key, NULL, 1, NULL) != 1) {
        fprintf(stderr, "EVP_CipherInit_ex2 failed for provider %s\n", provider_name);
        goto cleanup;
    }

    printf("provider: %s\n", provider_name);
    printf("EVP_CIPHER_get0_name: %s\n", EVP_CIPHER_get0_name(cipher));
    printf("EVP_CIPHER_get_iv_length: %d\n", EVP_CIPHER_get_iv_length(cipher));
    printf("EVP_CIPHER_CTX_get_iv_length: %d\n", EVP_CIPHER_CTX_get_iv_length(ctx));
    printf("\n");

    ret = 0;

cleanup:
    EVP_CIPHER_CTX_free(ctx);
    EVP_CIPHER_free(cipher);
    OSSL_PROVIDER_unload(provider);
    OSSL_LIB_CTX_free(libctx);
    return ret;
}

int main(void)
{
    int ret = 0;

    ret |= test_provider("default");
    ret |= test_provider("symcryptprovider");

    return ret;
}

Build

cc -Wall -Wextra -o aes_ecb_ivlen_repro aes_ecb_ivlen_repro.c -lcrypto

Run

If the provider is not in OpenSSL’s default module path:

OPENSSL_MODULES=/usr/lib64/ossl-modules ./aes_ecb_ivlen_repro

Otherwise:

./aes_ecb_ivlen_repro

Observed Output

Example output:

provider: default
EVP_CIPHER_get0_name: AES-128-ECB
EVP_CIPHER_get_iv_length: 0
EVP_CIPHER_CTX_get_iv_length: 0

provider: symcryptprovider
EVP_CIPHER_get0_name: AES-128-ECB
EVP_CIPHER_get_iv_length: 0
EVP_CIPHER_CTX_get_iv_length: 16

Suggested Fix

In SymCrypt-OpenSSL’s AES cipher provider implementation, ensure the context IV length returned for ECB mode is 0.

The provider likely needs to special-case ECB when returning the cipher context IV length, rather than returning the AES block size or a generic AES IV buffer size.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions