diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2019-09-11 17:52:30 +1000 |
---|---|---|
committer | Shane Lontis <shane.lontis@oracle.com> | 2019-09-11 17:52:30 +1000 |
commit | dc64dc2edd215d6cc5843c1bfe1f0b64bff26adc (patch) | |
tree | 2e2fb32d97e77ddc2cac66d0577dba3ddd73fa1c /providers/common | |
parent | 64115f05ac950390e80e3993703513cda439fca0 (diff) |
Add EVP_CIPHER_CTX_tag_length()
There is no deprecated CTRL support for this new field.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9698)
Diffstat (limited to 'providers/common')
-rw-r--r-- | providers/common/ciphers/cipher_ccm.c | 14 | ||||
-rw-r--r-- | providers/common/ciphers/cipher_common.c | 1 | ||||
-rw-r--r-- | providers/common/ciphers/cipher_gcm.c | 11 | ||||
-rw-r--r-- | providers/common/include/internal/ciphers/cipher_ccm.h | 2 |
4 files changed, 25 insertions, 3 deletions
diff --git a/providers/common/ciphers/cipher_ccm.c b/providers/common/ciphers/cipher_ccm.c index 8970b02670..9c58dfeafa 100644 --- a/providers/common/ciphers/cipher_ccm.c +++ b/providers/common/ciphers/cipher_ccm.c @@ -148,6 +148,16 @@ int ccm_get_ctx_params(void *vctx, OSSL_PARAM params[]) return 0; } + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAGLEN); + if (p != NULL) { + size_t m = ctx->m; + + if (!OSSL_PARAM_set_size_t(p, m)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } + } + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV); if (p != NULL) { if (ccm_get_ivlen(ctx) != p->data_size) { @@ -346,7 +356,7 @@ static int ccm_cipher_internal(PROV_CCM_CTX *ctx, unsigned char *out, if (!ctx->key_set) return 0; - if (ctx->tls_aad_len >= 0) + if (ctx->tls_aad_len != UNINITIALISED_SIZET) return ccm_tls_cipher(ctx, out, padlen, in, len); /* EVP_*Final() doesn't return any data */ @@ -406,7 +416,7 @@ void ccm_initctx(PROV_CCM_CTX *ctx, size_t keybits, const PROV_CCM_HW *hw) ctx->len_set = 0; ctx->l = 8; ctx->m = 12; - ctx->tls_aad_len = -1; + ctx->tls_aad_len = UNINITIALISED_SIZET; ctx->hw = hw; } diff --git a/providers/common/ciphers/cipher_common.c b/providers/common/ciphers/cipher_common.c index de67fc1341..18d6dd9ca5 100644 --- a/providers/common/ciphers/cipher_common.c +++ b/providers/common/ciphers/cipher_common.c @@ -85,6 +85,7 @@ const OSSL_PARAM *cipher_generic_settable_ctx_params(void) static const OSSL_PARAM cipher_aead_known_gettable_ctx_params[] = { OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL), OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL), + OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN, NULL), OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0), OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0), OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL), diff --git a/providers/common/ciphers/cipher_gcm.c b/providers/common/ciphers/cipher_gcm.c index 4247319091..9a61eabdfc 100644 --- a/providers/common/ciphers/cipher_gcm.c +++ b/providers/common/ciphers/cipher_gcm.c @@ -98,6 +98,16 @@ int gcm_get_ctx_params(void *vctx, OSSL_PARAM params[]) ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return 0; } + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAGLEN); + if (p != NULL) { + size_t taglen = (ctx->taglen != UNINITIALISED_SIZET) ? ctx->taglen : + GCM_TAG_MAX_SIZE; + + if (!OSSL_PARAM_set_size_t(p, taglen)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } + } p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV); if (p != NULL) { @@ -133,6 +143,7 @@ int gcm_get_ctx_params(void *vctx, OSSL_PARAM params[]) return 0; } } + return 1; } diff --git a/providers/common/include/internal/ciphers/cipher_ccm.h b/providers/common/include/internal/ciphers/cipher_ccm.h index 08a2d46858..757c22eb53 100644 --- a/providers/common/include/internal/ciphers/cipher_ccm.h +++ b/providers/common/include/internal/ciphers/cipher_ccm.h @@ -35,7 +35,7 @@ typedef struct prov_ccm_st { unsigned int len_set : 1; /* Set if message length set */ size_t l, m; /* L and M parameters from RFC3610 */ size_t keylen; - int tls_aad_len; /* TLS AAD length */ + size_t tls_aad_len; /* TLS AAD length */ size_t tls_aad_pad_sz; unsigned char iv[AES_BLOCK_SIZE]; unsigned char buf[AES_BLOCK_SIZE]; |