Summary
When using SymCrypt-OpenSSL’s OpenSSL 3 provider (symcryptprovider), an initialized AES-ECB cipher context reports an IV length of 16 via EVP_CIPHER_CTX_get_iv_length().
ECB mode does not use an IV, so the expected context IV length is 0. OpenSSL’s default/FIPS providers report 0 for AES-ECB. The SymCrypt-OpenSSL provider appears to report the AES block size or a generic AES context IV buffer length instead.
This looks like an OpenSSL provider metadata compatibility issue in SymCrypt-OpenSSL, not an issue in the core SymCrypt primitive.
Environment
Observed on Azure Linux 3 with:
- OpenSSL:
3.3.5
- Provider module:
symcryptprovider.so
- SymCrypt provider version:
1.9.5
- Provider path: ossl-modules
Expected Behavior
For AES-ECB:
EVP_CIPHER_get_iv_length(cipher) == 0
EVP_CIPHER_CTX_get_iv_length(ctx) == 0
ECB has no IV, so both cipher-level and initialized-context-level IV length should be zero.
Actual Behavior
With symcryptprovider:
EVP_CIPHER_get_iv_length(cipher) == 0
EVP_CIPHER_CTX_get_iv_length(ctx) == 16
The cipher-level metadata is correct, but the initialized context reports 16.
Why This Matters
This can break applications or test suites that use OpenSSL EVP metadata to validate cipher parameters. Even if AES-ECB encryption/decryption itself works correctly, the context metadata is inconsistent with OpenSSL provider behavior and with ECB semantics.
This may cause callers to incorrectly believe AES-ECB requires or has an IV after initialization.
Plain C Reproducer
#include <openssl/evp.h>
#include <openssl/provider.h>
#include <stdio.h>
#include <string.h>
static int test_provider(const char *provider_name)
{
int ret = 1;
OSSL_LIB_CTX *libctx = NULL;
OSSL_PROVIDER *provider = NULL;
EVP_CIPHER *cipher = NULL;
EVP_CIPHER_CTX *ctx = NULL;
unsigned char key[16];
memset(key, 0, sizeof(key));
libctx = OSSL_LIB_CTX_new();
if (libctx == NULL) {
fprintf(stderr, "OSSL_LIB_CTX_new failed\n");
goto cleanup;
}
provider = OSSL_PROVIDER_load(libctx, provider_name);
if (provider == NULL) {
fprintf(stderr, "OSSL_PROVIDER_load(%s) failed\n", provider_name);
goto cleanup;
}
cipher = EVP_CIPHER_fetch(libctx, "AES-128-ECB", NULL);
if (cipher == NULL) {
fprintf(stderr, "EVP_CIPHER_fetch(AES-128-ECB) failed for provider %s\n", provider_name);
goto cleanup;
}
ctx = EVP_CIPHER_CTX_new();
if (ctx == NULL) {
fprintf(stderr, "EVP_CIPHER_CTX_new failed\n");
goto cleanup;
}
if (EVP_CipherInit_ex2(ctx, cipher, key, NULL, 1, NULL) != 1) {
fprintf(stderr, "EVP_CipherInit_ex2 failed for provider %s\n", provider_name);
goto cleanup;
}
printf("provider: %s\n", provider_name);
printf("EVP_CIPHER_get0_name: %s\n", EVP_CIPHER_get0_name(cipher));
printf("EVP_CIPHER_get_iv_length: %d\n", EVP_CIPHER_get_iv_length(cipher));
printf("EVP_CIPHER_CTX_get_iv_length: %d\n", EVP_CIPHER_CTX_get_iv_length(ctx));
printf("\n");
ret = 0;
cleanup:
EVP_CIPHER_CTX_free(ctx);
EVP_CIPHER_free(cipher);
OSSL_PROVIDER_unload(provider);
OSSL_LIB_CTX_free(libctx);
return ret;
}
int main(void)
{
int ret = 0;
ret |= test_provider("default");
ret |= test_provider("symcryptprovider");
return ret;
}
Build
cc -Wall -Wextra -o aes_ecb_ivlen_repro aes_ecb_ivlen_repro.c -lcrypto
Run
If the provider is not in OpenSSL’s default module path:
OPENSSL_MODULES=/usr/lib64/ossl-modules ./aes_ecb_ivlen_repro
Otherwise:
Observed Output
Example output:
provider: default
EVP_CIPHER_get0_name: AES-128-ECB
EVP_CIPHER_get_iv_length: 0
EVP_CIPHER_CTX_get_iv_length: 0
provider: symcryptprovider
EVP_CIPHER_get0_name: AES-128-ECB
EVP_CIPHER_get_iv_length: 0
EVP_CIPHER_CTX_get_iv_length: 16
Suggested Fix
In SymCrypt-OpenSSL’s AES cipher provider implementation, ensure the context IV length returned for ECB mode is 0.
The provider likely needs to special-case ECB when returning the cipher context IV length, rather than returning the AES block size or a generic AES IV buffer size.
Summary
When using SymCrypt-OpenSSL’s OpenSSL 3 provider (
symcryptprovider), an initialized AES-ECB cipher context reports an IV length of16viaEVP_CIPHER_CTX_get_iv_length().ECB mode does not use an IV, so the expected context IV length is
0. OpenSSL’s default/FIPS providers report0for AES-ECB. The SymCrypt-OpenSSL provider appears to report the AES block size or a generic AES context IV buffer length instead.This looks like an OpenSSL provider metadata compatibility issue in SymCrypt-OpenSSL, not an issue in the core SymCrypt primitive.
Environment
Observed on Azure Linux 3 with:
3.3.5symcryptprovider.so1.9.5Expected Behavior
For AES-ECB:
ECB has no IV, so both cipher-level and initialized-context-level IV length should be zero.
Actual Behavior
With
symcryptprovider:The cipher-level metadata is correct, but the initialized context reports
16.Why This Matters
This can break applications or test suites that use OpenSSL EVP metadata to validate cipher parameters. Even if AES-ECB encryption/decryption itself works correctly, the context metadata is inconsistent with OpenSSL provider behavior and with ECB semantics.
This may cause callers to incorrectly believe AES-ECB requires or has an IV after initialization.
Plain C Reproducer
Build
Run
If the provider is not in OpenSSL’s default module path:
Otherwise:
Observed Output
Example output:
Suggested Fix
In SymCrypt-OpenSSL’s AES cipher provider implementation, ensure the context IV length returned for ECB mode is
0.The provider likely needs to special-case ECB when returning the cipher context IV length, rather than returning the AES block size or a generic AES IV buffer size.