From fb1aeb3ffff2948edeb710e65aef261b589c7403 Mon Sep 17 00:00:00 2001
From: Dimitri Staessens <dimitri@ouroboros.rocks>
Date: Thu, 22 Jan 2026 21:34:42 +0100
Subject: lib: Fix allocation of IV and tags

The packet buffer was allocating a fixed header for the IV, but did
not account for the tag at all (remnant of the old hardcoded CBC
mode-only proof-of-concept). Never ran into issues because we always
reserved ample space. But it now properly reserves the correct space
for IV and tag.

Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
---
 src/lib/crypt.c | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

(limited to 'src/lib/crypt.c')

diff --git a/src/lib/crypt.c b/src/lib/crypt.c
index a050fe38..600f8336 100644
--- a/src/lib/crypt.c
+++ b/src/lib/crypt.c
@@ -619,6 +619,34 @@ void crypt_destroy_ctx(struct crypt_ctx * crypt)
         free(crypt);
 }
 
+int crypt_get_ivsz(struct crypt_ctx * ctx)
+{
+        if (ctx == NULL)
+                return -EINVAL;
+
+#ifdef HAVE_OPENSSL
+        assert(ctx->ctx != NULL);
+        return openssl_crypt_get_ivsz(ctx->ctx);
+#else
+        assert(ctx->ctx == NULL);
+        return -ENOTSUP;
+#endif
+}
+
+int crypt_get_tagsz(struct crypt_ctx * ctx)
+{
+        if (ctx == NULL)
+                return -EINVAL;
+
+#ifdef HAVE_OPENSSL
+        assert(ctx->ctx != NULL);
+        return openssl_crypt_get_tagsz(ctx->ctx);
+#else
+        assert(ctx->ctx == NULL);
+        return -ENOTSUP;
+#endif
+}
+
 int crypt_load_privkey_file(const char * path,
                             void **      key)
 {
-- 
cgit v1.2.3