Add EVP_CIPHER_CTX_tag_length()

There is no deprecated CTRL support for this new field.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9698)

4 files changed, 25 insertions, 3 deletions

diff --git a/providers/common/ciphers/cipher_ccm.c b/providers/common/ciphers/cipher_ccm.c
index 8970b02670..9c58dfeafa 100644
--- a/providers/common/ciphers/cipher_ccm.c
+++ b/providers/common/ciphers/cipher_ccm.c
@@ -148,6 +148,16 @@ int ccm_get_ctx_params(void *vctx, OSSL_PARAM params[])
         return 0;
     }
 
+    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAGLEN);
+    if (p != NULL) {
+        size_t m = ctx->m;
+
+        if (!OSSL_PARAM_set_size_t(p, m)) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+            return 0;
+        }
+    }
+
     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
     if (p != NULL) {
         if (ccm_get_ivlen(ctx) != p->data_size) {
@@ -346,7 +356,7 @@ static int ccm_cipher_internal(PROV_CCM_CTX *ctx, unsigned char *out,
     if (!ctx->key_set)
         return 0;
 
-    if (ctx->tls_aad_len >= 0)
+    if (ctx->tls_aad_len != UNINITIALISED_SIZET)
         return ccm_tls_cipher(ctx, out, padlen, in, len);
 
     /* EVP_*Final() doesn't return any data */
@@ -406,7 +416,7 @@ void ccm_initctx(PROV_CCM_CTX *ctx, size_t keybits, const PROV_CCM_HW *hw)
     ctx->len_set = 0;
     ctx->l = 8;
     ctx->m = 12;
-    ctx->tls_aad_len = -1;
+    ctx->tls_aad_len = UNINITIALISED_SIZET;
     ctx->hw = hw;
 }
 
diff --git a/providers/common/ciphers/cipher_common.c b/providers/common/ciphers/cipher_common.c
index de67fc1341..18d6dd9ca5 100644
--- a/providers/common/ciphers/cipher_common.c
+++ b/providers/common/ciphers/cipher_common.c
@@ -85,6 +85,7 @@ const OSSL_PARAM *cipher_generic_settable_ctx_params(void)
 static const OSSL_PARAM cipher_aead_known_gettable_ctx_params[] = {
     OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
     OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
+    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN, NULL),
     OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),
     OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
     OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL),
diff --git a/providers/common/ciphers/cipher_gcm.c b/providers/common/ciphers/cipher_gcm.c
index 4247319091..9a61eabdfc 100644
--- a/providers/common/ciphers/cipher_gcm.c
+++ b/providers/common/ciphers/cipher_gcm.c
@@ -98,6 +98,16 @@ int gcm_get_ctx_params(void *vctx, OSSL_PARAM params[])
         ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
         return 0;
     }
+    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAGLEN);
+    if (p != NULL) {
+        size_t taglen = (ctx->taglen != UNINITIALISED_SIZET) ? ctx->taglen :
+                         GCM_TAG_MAX_SIZE;
+
+        if (!OSSL_PARAM_set_size_t(p, taglen)) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+            return 0;
+        }
+    }
 
     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
     if (p != NULL) {
@@ -133,6 +143,7 @@ int gcm_get_ctx_params(void *vctx, OSSL_PARAM params[])
             return 0;
         }
     }
+
     return 1;
 }
 
diff --git a/providers/common/include/internal/ciphers/cipher_ccm.h b/providers/common/include/internal/ciphers/cipher_ccm.h
index 08a2d46858..757c22eb53 100644
--- a/providers/common/include/internal/ciphers/cipher_ccm.h
+++ b/providers/common/include/internal/ciphers/cipher_ccm.h
@@ -35,7 +35,7 @@ typedef struct prov_ccm_st {
     unsigned int len_set : 1;  /* Set if message length set */
     size_t l, m;               /* L and M parameters from RFC3610 */
     size_t keylen;
-    int tls_aad_len;           /* TLS AAD length */
+    size_t tls_aad_len;        /* TLS AAD length */
     size_t tls_aad_pad_sz;
     unsigned char iv[AES_BLOCK_SIZE];
     unsigned char buf[AES_BLOCK_SIZE];