Replace provider cipher flags with separate param fields

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13830)

diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index 2febcfc2d50a3711f5cdf48294b6d4c53bdc6759..3237683797b1d5fa71f9be541839f8b383b8fbed 100644 (file)
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -333,29 +333,41 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx)
 
 int evp_cipher_cache_constants(EVP_CIPHER *cipher)
 {
-    int ok;
+    int ok, aead = 0, custom_iv = 0, cts = 0, multiblock = 0;
     size_t ivlen = 0;
     size_t blksz = 0;
     size_t keylen = 0;
     unsigned int mode = 0;
-    unsigned long flags = 0;
-    OSSL_PARAM params[6];
+    OSSL_PARAM params[9];
 
     params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_BLOCK_SIZE, &blksz);
     params[1] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &ivlen);
     params[2] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &keylen);
     params[3] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_MODE, &mode);
-    params[4] = OSSL_PARAM_construct_ulong(OSSL_CIPHER_PARAM_FLAGS, &flags);
-    params[5] = OSSL_PARAM_construct_end();
+    params[4] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_AEAD, &aead);
+    params[5] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_CUSTOM_IV,
+                                         &custom_iv);
+    params[6] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_CTS, &cts);
+    params[7] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK,
+                                         &multiblock);
+    params[8] = OSSL_PARAM_construct_end();
     ok = evp_do_ciph_getparams(cipher, params);
     if (ok) {
-        /* Provided implementations may have a custom cipher_cipher */
-        if (cipher->prov != NULL && cipher->ccipher != NULL)
-            flags |= EVP_CIPH_FLAG_CUSTOM_CIPHER;
         cipher->block_size = blksz;
         cipher->iv_len = ivlen;
         cipher->key_len = keylen;
-        cipher->flags = flags | mode;
+        cipher->flags = mode;
+        if (aead)
+            cipher->flags |= EVP_CIPH_FLAG_AEAD_CIPHER;
+        if (custom_iv)
+            cipher->flags |= EVP_CIPH_CUSTOM_IV;
+        if (cts)
+            cipher->flags |= EVP_CIPH_FLAG_CTS;
+        if (multiblock)
+            cipher->flags |= EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK;
+        /* Provided implementations may have a custom cipher_cipher */
+        if (cipher->prov != NULL && cipher->ccipher != NULL)
+            cipher->flags |= EVP_CIPH_FLAG_CUSTOM_CIPHER;
     }
     return ok;
 }
@@ -686,11 +698,6 @@ const OSSL_PROVIDER *EVP_MD_provider(const EVP_MD *md)
     return md->prov;
 }
 
-int EVP_MD_block_size(const EVP_MD *md)
-{
-    return md->block_size;
-}
-
 int EVP_MD_type(const EVP_MD *md)
 {
     return md->type;
@@ -701,6 +708,15 @@ int EVP_MD_pkey_type(const EVP_MD *md)
     return md->pkey_type;
 }
 
+int EVP_MD_block_size(const EVP_MD *md)
+{
+    if (md == NULL) {
+        ERR_raise(ERR_LIB_EVP, EVP_R_MESSAGE_DIGEST_IS_NULL);
+        return -1;
+    }
+    return md->block_size;
+}
+
 int EVP_MD_size(const EVP_MD *md)
 {
     if (md == NULL) {
@@ -715,6 +731,30 @@ unsigned long EVP_MD_flags(const EVP_MD *md)
     return md->flags;
 }
 
+int evp_md_cache_constants(EVP_MD *md)
+{
+    int ok, xof = 0, algid_absent = 0;
+    size_t sz = 0, blksz = 0;
+    OSSL_PARAM params[5];
+
+    params[0] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_BLOCK_SIZE, &blksz);
+    params[1] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_SIZE, &sz);
+    params[2] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_XOF, &xof);
+    params[3] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_ALGID_ABSENT,
+                                         &algid_absent);
+    params[4] = OSSL_PARAM_construct_end();
+    ok = evp_do_md_getparams(md, params);
+    if (ok) {
+        md->block_size = blksz;
+        md->md_size = sz;
+        if (xof)
+            md->flags |= EVP_MD_FLAG_XOF;
+        if (algid_absent)
+            md->flags |= EVP_MD_FLAG_DIGALGID_ABSENT;
+    }
+    return ok;
+}
+
 EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type)
 {
     EVP_MD *md = evp_md_new();

diff --git a/doc/man7/provider-cipher.pod b/doc/man7/provider-cipher.pod
index 3ab277ecf9ac569d53a6785c8fc1666b62aecc3f..34a5ec0a7fe3fec646ba5fe098bd066eb3a8445e 100644 (file)
--- a/doc/man7/provider-cipher.pod
+++ b/doc/man7/provider-cipher.pod
@@ -218,13 +218,27 @@ For example AES in CTR mode has a block size of 1 (because it operates like a
 stream cipher), even though AES has a block size of 16.
 The length of the "blocksize" parameter should not exceed that of a B<size_t>.
 
-=item "flags" (B<OSSL_CIPHER_PARAM_FLAGS>) <unsigned integer>
+=item "aead" (B<OSSL_CIPHER_PARAM_AEAD>) <integer>
 
-Gets any flags for the associated cipher algorithm.
-See L<EVP_CIPHER_meth_set_flags(3)> for a list of currently defined cipher
-flags.
-The length of the "flags" parameter should equal that of an
-B<unsigned long int>.
+Gets 1 if this is an AEAD cipher algorithm, otherwise it gets 0.
+
+=item "custom-iv" (B<OSSL_CIPHER_PARAM_CUSTOM_IV>) <integer>
+
+Gets 1 if the cipher algorithm has a custom IV, otherwise it gets 0.
+Storing and initializing the IV is left entirely to the implementation, if a
+custom IV is used.
+
+=item "cts" (B<OSSL_CIPHER_PARAM_CTS>) <integer>
+
+Gets 1 if the cipher algorithm uses ciphertext stealing, otherwise it gets 0.
+This is currently used to indicate that the cipher is a one shot that only
+allows a single call to EVP_CipherUpdate().
+
+=item "tls-multi" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK>) <integer>
+
+Gets 1 if the cipher algorithm supports interleaving of crypto blocks, otherwise
+it gets 0. The interleaving is an optimization only applicable to certain
+TLS ciphers.
 
 =item "keylen" (B<OSSL_CIPHER_PARAM_KEYLEN>) <unsigned integer>
 
@@ -263,7 +277,7 @@ See L<EVP_EncryptInit(3)/AEAD Interface>.
 =item "taglen" (B<OSSL_CIPHER_PARAM_AEAD_TAGLEN>) <unsigned integer>
 
 Gets the tag length to be used for an AEAD cipher for the associated cipher ctx.
-It returns a default value if it has not been set.
+It gets a default value if it has not been set.
 The length of the "taglen" parameter should not exceed that of a B<size_t>.
 
 =item "tlsaad" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_AAD>) <octet string>

diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
index 4c4b0ab7000c21883c4df81e21063d5c3c75c8b9..ff2d1a03f9dd23e2e6ecdb0bda0577ccaacf6412 100644 (file)
--- a/include/openssl/core_names.h
+++ b/include/openssl/core_names.h
@@ -69,7 +69,10 @@ extern "C" {
 #define OSSL_CIPHER_PARAM_TLS_MAC_SIZE         "tls-mac-size" /* size_t */
 #define OSSL_CIPHER_PARAM_MODE                 "mode"         /* uint */
 #define OSSL_CIPHER_PARAM_BLOCK_SIZE           "blocksize"    /* size_t */
-#define OSSL_CIPHER_PARAM_FLAGS                "flags"        /* ulong */
+#define OSSL_CIPHER_PARAM_AEAD                 "aead"         /* int, 0 or 1 */
+#define OSSL_CIPHER_PARAM_CUSTOM_IV            "custom-iv"    /* int, 0 or 1 */
+#define OSSL_CIPHER_PARAM_CTS                  "cts"          /* int, 0 or 1 */
+#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK      "tls-multi"    /* int, 0 or 1 */
 #define OSSL_CIPHER_PARAM_KEYLEN               "keylen"       /* size_t */
 #define OSSL_CIPHER_PARAM_IVLEN                "ivlen"        /* size_t */
 #define OSSL_CIPHER_PARAM_IV                   "iv"           /* octet_string OR octet_ptr */
@@ -115,13 +118,14 @@ extern "C" {
 #define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
 
 /* digest parameters */
-#define OSSL_DIGEST_PARAM_XOFLEN     "xoflen"    /* size_t */
-#define OSSL_DIGEST_PARAM_SSL3_MS    "ssl3-ms"   /* octet string */
-#define OSSL_DIGEST_PARAM_PAD_TYPE   "pad_type"  /* uint */
-#define OSSL_DIGEST_PARAM_MICALG     "micalg"    /* utf8 string */
-#define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize" /* size_t */
-#define OSSL_DIGEST_PARAM_SIZE       "size"      /* size_t */
-#define OSSL_DIGEST_PARAM_FLAGS      "flags"     /* ulong */
+#define OSSL_DIGEST_PARAM_XOFLEN       "xoflen"        /* size_t */
+#define OSSL_DIGEST_PARAM_SSL3_MS      "ssl3-ms"       /* octet string */
+#define OSSL_DIGEST_PARAM_PAD_TYPE     "pad-type"      /* uint */
+#define OSSL_DIGEST_PARAM_MICALG       "micalg"        /* utf8 string */
+#define OSSL_DIGEST_PARAM_BLOCK_SIZE   "blocksize"     /* size_t */
+#define OSSL_DIGEST_PARAM_SIZE         "size"          /* size_t */
+#define OSSL_DIGEST_PARAM_XOF          "xof"           /* int, 0 or 1 */
+#define OSSL_DIGEST_PARAM_ALGID_ABSENT "algid-absent"  /* int, 0 or 1 */
 
 /* Known DIGEST names (not a complete list) */
 #define OSSL_DIGEST_NAME_MD5            "MD5"

diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
index 53bef600a5c5b8873316988812a65b32e2e9133b..03f216d22e300fe1a1ee4215eb26eefc6f362ecd 100644 (file)
--- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
+++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
@@ -30,11 +30,8 @@ const OSSL_DISPATCH ossl_##nm##kbits##sub##_functions[] = {                    \
 #else
 # include "prov/providercommonerr.h"
 
-/* TODO(3.0) Figure out what flags are required */
-# define AES_CBC_HMAC_SHA_FLAGS (EVP_CIPH_CBC_MODE                             \
-                                 | EVP_CIPH_FLAG_DEFAULT_ASN1                  \
-                                 | EVP_CIPH_FLAG_AEAD_CIPHER                   \
-                                 | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)
+# define AES_CBC_HMAC_SHA_FLAGS (PROV_CIPHER_FLAG_AEAD                         \
+                                 | PROV_CIPHER_FLAG_TLS1_MULTIBLOCK)
 
 static OSSL_FUNC_cipher_freectx_fn aes_cbc_hmac_sha1_freectx;
 static OSSL_FUNC_cipher_freectx_fn aes_cbc_hmac_sha256_freectx;

diff --git a/providers/implementations/ciphers/cipher_aes_cts.inc b/providers/implementations/ciphers/cipher_aes_cts.inc
index 6eb85a083fcb6d3291fbcb228f4294ee3e036802..dae112febfaffdd14ec8d897f3102ee9c526640a 100644 (file)
--- a/providers/implementations/ciphers/cipher_aes_cts.inc
+++ b/providers/implementations/ciphers/cipher_aes_cts.inc
@@ -12,6 +12,8 @@
 #include "cipher_aes_cts.h"
 #include "prov/providercommonerr.h"
 
+#define AES_CTS_FLAGS PROV_CIPHER_FLAG_CTS
+
 static OSSL_FUNC_cipher_get_ctx_params_fn aes_cbc_cts_get_ctx_params;
 static OSSL_FUNC_cipher_set_ctx_params_fn aes_cbc_cts_set_ctx_params;
 static OSSL_FUNC_cipher_gettable_ctx_params_fn aes_cbc_cts_gettable_ctx_params;
@@ -101,8 +103,8 @@ const OSSL_DISPATCH ossl_##alg##kbits##lcmode##_cts_functions[] = {            \
 };
 
 /* ossl_aes256cbc_cts_functions */
-IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, EVP_CIPH_FLAG_CTS, 256, 128, 128, block)
+IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, AES_CTS_FLAGS, 256, 128, 128, block)
 /* ossl_aes192cbc_cts_functions */
-IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, EVP_CIPH_FLAG_CTS, 192, 128, 128, block)
+IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, AES_CTS_FLAGS, 192, 128, 128, block)
 /* ossl_aes128cbc_cts_functions */
-IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, EVP_CIPH_FLAG_CTS, 128, 128, 128, block)
+IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, AES_CTS_FLAGS, 128, 128, 128, block)

diff --git a/providers/implementations/ciphers/cipher_aes_siv.c b/providers/implementations/ciphers/cipher_aes_siv.c
index 7a83506c24ad3f25a9355ecff39a1a394e16b326..469515bb8c68b028ceb80f1bd53a24df688e2a17 100644 (file)
--- a/providers/implementations/ciphers/cipher_aes_siv.c
+++ b/providers/implementations/ciphers/cipher_aes_siv.c
@@ -37,7 +37,6 @@ static void *aes_siv_newctx(void *provctx, size_t keybits, unsigned int mode,
     if (ctx != NULL) {
         ctx->taglen = SIV_LEN;
         ctx->mode = mode;
-        ctx->flags = flags;
         ctx->keylen = keybits / 8;
         ctx->hw = ossl_prov_cipher_hw_aes_siv(keybits);
         ctx->libctx = PROV_LIBCTX_OF(provctx);
@@ -259,7 +258,7 @@ static OSSL_FUNC_cipher_settable_ctx_params_fn                                 \
 static int alg##_##kbits##_##lc##_get_params(OSSL_PARAM params[])              \
 {                                                                              \
     return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE,    \
-                                     flags, 2*kbits, blkbits, ivbits);         \
+                                          flags, 2*kbits, blkbits, ivbits);    \
 }                                                                              \
 static void * alg##kbits##lc##_newctx(void *provctx)                           \
 {                                                                              \

diff --git a/providers/implementations/ciphers/cipher_aes_siv.h b/providers/implementations/ciphers/cipher_aes_siv.h
index 6d2649f04984824159f3aa7f7b68fa37c9dfcae5..c0b2a903bcba5957f1060f67580d41daefe68791 100644 (file)
--- a/providers/implementations/ciphers/cipher_aes_siv.h
+++ b/providers/implementations/ciphers/cipher_aes_siv.h
@@ -24,7 +24,6 @@ typedef struct prov_cipher_hw_aes_siv_st {
 typedef struct prov_siv_ctx_st {
     unsigned int mode;       /* The mode that we are using */
     unsigned int enc : 1;    /* Set to 1 if we are encrypting or 0 otherwise */
-    uint64_t flags;
     size_t keylen;           /* The input keylength (twice the alg key length) */
     size_t taglen;           /* the taglen is the same as the sivlen */
     SIV128_CONTEXT siv;

diff --git a/providers/implementations/ciphers/cipher_aes_wrp.c b/providers/implementations/ciphers/cipher_aes_wrp.c
index ca57666e7ab7a60d18d0c32e105672f745ba5429..dc625216ca0326300e097cc3503c1a2d40022407 100644 (file)
--- a/providers/implementations/ciphers/cipher_aes_wrp.c
+++ b/providers/implementations/ciphers/cipher_aes_wrp.c
@@ -22,10 +22,8 @@
 #define AES_WRAP_PAD_IVLEN   4
 #define AES_WRAP_NOPAD_IVLEN 8
 
-/* TODO(3.0) Figure out what flags need to be passed */
-#define WRAP_FLAGS (EVP_CIPH_WRAP_MODE | EVP_CIPH_CUSTOM_IV \
-                    | EVP_CIPH_ALWAYS_CALL_INIT)
-#define WRAP_FLAGS_INV (WRAP_FLAGS | EVP_CIPH_FLAG_INVERSE_CIPHER)
+#define WRAP_FLAGS (PROV_CIPHER_FLAG_CUSTOM_IV)
+#define WRAP_FLAGS_INV (WRAP_FLAGS | PROV_CIPHER_FLAG_INVERSE_CIPHER)
 
 typedef size_t (*aeswrap_fn)(void *key, const unsigned char *iv,
                              unsigned char *out, const unsigned char *in,
@@ -111,7 +109,7 @@ static int aes_wrap_init(void *vctx, const unsigned char *key,
          * to be the AES decryption function, then CIPH-1K will be the AES
          * encryption function.
          */
-        if ((ctx->flags & EVP_CIPH_FLAG_INVERSE_CIPHER) == 0)
+        if (ctx->inverse_cipher == 0)
             use_forward_transform = ctx->enc;
         else
             use_forward_transform = !ctx->enc;

diff --git a/providers/implementations/ciphers/cipher_aes_xts.c b/providers/implementations/ciphers/cipher_aes_xts.c
index 7ccad561980efb29c54060d9b4ea049c1ec007c2..cf768d27d450bc60a274c16722634a520363e7cc 100644 (file)
--- a/providers/implementations/ciphers/cipher_aes_xts.c
+++ b/providers/implementations/ciphers/cipher_aes_xts.c
@@ -20,12 +20,7 @@
 #include "prov/providercommon.h"
 #include "prov/providercommonerr.h"
 
-/* TODO (3.0) Figure out what flags need to be set */
-#define AES_XTS_FLAGS (EVP_CIPH_CUSTOM_IV          \
-                       | EVP_CIPH_ALWAYS_CALL_INIT \
-                       | EVP_CIPH_CTRL_INIT        \
-                       | EVP_CIPH_CUSTOM_COPY)
-
+#define AES_XTS_FLAGS PROV_CIPHER_FLAG_CUSTOM_IV
 #define AES_XTS_IV_BITS 128
 #define AES_XTS_BLOCK_BITS 8
 
@@ -233,10 +228,6 @@ static int aes_xts_set_ctx_params(void *vctx, const OSSL_PARAM params[])
     PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
     const OSSL_PARAM *p;
 
-    /*
-     * TODO(3.0) We need a general solution for handling missing parameters
-     * inside set_params and get_params methods.
-     */
     p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
     if (p != NULL) {
         size_t keylen;

diff --git a/providers/implementations/ciphers/cipher_blowfish.c b/providers/implementations/ciphers/cipher_blowfish.c
index 6320f560a0a2de69434ebbc243d434499ead7032..cf303bb8630f8ab97b7713f105261e51060de46f 100644 (file)
--- a/providers/implementations/ciphers/cipher_blowfish.c
+++ b/providers/implementations/ciphers/cipher_blowfish.c
@@ -19,7 +19,7 @@
 #include "prov/implementations.h"
 #include "prov/providercommon.h"
 
-#define BF_FLAGS (EVP_CIPH_VARIABLE_LENGTH)
+#define BF_FLAGS PROV_CIPHER_FLAG_VARIABLE_LENGTH
 
 static OSSL_FUNC_cipher_freectx_fn blowfish_freectx;
 static OSSL_FUNC_cipher_dupctx_fn blowfish_dupctx;

diff --git a/providers/implementations/ciphers/cipher_cast5.c b/providers/implementations/ciphers/cipher_cast5.c
index 7c686013d840c593e7ff8b5cda1bef1fcb5b0a18..1d525343b4280650954000e6cf0335cfd1093558 100644 (file)
--- a/providers/implementations/ciphers/cipher_cast5.c
+++ b/providers/implementations/ciphers/cipher_cast5.c
@@ -20,7 +20,7 @@
 #include "prov/providercommon.h"
 #include "prov/providercommonerr.h"
 
-#define CAST5_FLAGS (EVP_CIPH_VARIABLE_LENGTH)
+#define CAST5_FLAGS PROV_CIPHER_FLAG_VARIABLE_LENGTH
 
 static OSSL_FUNC_cipher_freectx_fn cast5_freectx;
 static OSSL_FUNC_cipher_dupctx_fn cast5_dupctx;

diff --git a/providers/implementations/ciphers/cipher_chacha20.c b/providers/implementations/ciphers/cipher_chacha20.c
index 8e0727ae4719c8320853ed7c79c7a262b2ee5839..b2fe1b1957b199db4b593910a4e2d29f44e9c8f4 100644 (file)
--- a/providers/implementations/ciphers/cipher_chacha20.c
+++ b/providers/implementations/ciphers/cipher_chacha20.c
@@ -17,8 +17,7 @@
 #define CHACHA20_KEYLEN (CHACHA_KEY_SIZE)
 #define CHACHA20_BLKLEN (1)
 #define CHACHA20_IVLEN (CHACHA_CTR_SIZE)
-/* TODO(3.0) Figure out what flags are required */
-#define CHACHA20_FLAGS (EVP_CIPH_CUSTOM_IV | EVP_CIPH_ALWAYS_CALL_INIT)
+#define CHACHA20_FLAGS (PROV_CIPHER_FLAG_CUSTOM_IV)
 
 static OSSL_FUNC_cipher_newctx_fn chacha20_newctx;
 static OSSL_FUNC_cipher_freectx_fn chacha20_freectx;

diff --git a/providers/implementations/ciphers/cipher_chacha20_poly1305.c b/providers/implementations/ciphers/cipher_chacha20_poly1305.c
index 7a9cc5c20fb3e3768f9bd3617a8f370c8455989c..919d4fba94eed316c19bc365a1371ea752bb1280 100644 (file)
--- a/providers/implementations/ciphers/cipher_chacha20_poly1305.c
+++ b/providers/implementations/ciphers/cipher_chacha20_poly1305.c
@@ -19,14 +19,8 @@
 #define CHACHA20_POLY1305_BLKLEN 1
 #define CHACHA20_POLY1305_MAX_IVLEN 12
 #define CHACHA20_POLY1305_MODE 0
-/* TODO(3.0) Figure out what flags are required */
-#define CHACHA20_POLY1305_FLAGS (EVP_CIPH_FLAG_AEAD_CIPHER                     \
-                                | EVP_CIPH_ALWAYS_CALL_INIT                    \
-                                | EVP_CIPH_CTRL_INIT                           \
-                                | EVP_CIPH_CUSTOM_COPY                         \
-                                | EVP_CIPH_FLAG_CUSTOM_CIPHER                  \
-                                | EVP_CIPH_CUSTOM_IV                           \
-                                | EVP_CIPH_CUSTOM_IV_LENGTH)
+#define CHACHA20_POLY1305_FLAGS (PROV_CIPHER_FLAG_AEAD                         \
+                                 | PROV_CIPHER_FLAG_CUSTOM_IV)
 
 static OSSL_FUNC_cipher_newctx_fn chacha20_poly1305_newctx;
 static OSSL_FUNC_cipher_freectx_fn chacha20_poly1305_freectx;

diff --git a/providers/implementations/ciphers/cipher_des.c b/providers/implementations/ciphers/cipher_des.c
index 345adfab60fcd8cff67a8edfaec7d79ffe15f7e5..ec186445c8b9107fb2f77f410a59f51dbd246577 100644 (file)
--- a/providers/implementations/ciphers/cipher_des.c
+++ b/providers/implementations/ciphers/cipher_des.c
@@ -20,8 +20,7 @@
 #include "prov/providercommon.h"
 #include "prov/providercommonerr.h"
 
-/* TODO(3.0) Figure out what flags need to be here */
-#define DES_FLAGS (EVP_CIPH_RAND_KEY)
+#define DES_FLAGS 0
 
 static OSSL_FUNC_cipher_freectx_fn des_freectx;
 static OSSL_FUNC_cipher_encrypt_init_fn des_einit;

diff --git a/providers/implementations/ciphers/cipher_des.h b/providers/implementations/ciphers/cipher_des.h
index aedb38177e4d9da974eb1bce10ac62b393dc224b..78ca686badcde7ea0965ae601225857c7f0d9a78 100644 (file)
--- a/providers/implementations/ciphers/cipher_des.h
+++ b/providers/implementations/ciphers/cipher_des.h
@@ -10,8 +10,7 @@
 #include <openssl/des.h>
 #include "crypto/des_platform.h"
 
-/* TODO(3.0) Figure out what flags need to be here */
-#define TDES_FLAGS (EVP_CIPH_RAND_KEY)
+#define TDES_FLAGS 0
 
 typedef struct prov_des_ctx_st {
     PROV_CIPHER_CTX base;      /* Must be first */

diff --git a/providers/implementations/ciphers/cipher_rc2.c b/providers/implementations/ciphers/cipher_rc2.c
index b7c244f245c3f148eb124165abc133581a7a2ad9..09d66b2cdde005b9e48e5a469a3998b851f97e84 100644 (file)
--- a/providers/implementations/ciphers/cipher_rc2.c
+++ b/providers/implementations/ciphers/cipher_rc2.c
@@ -23,6 +23,7 @@
 #define RC2_40_MAGIC    0xa0
 #define RC2_64_MAGIC    0x78
 #define RC2_128_MAGIC   0x3a
+#define RC2_FLAGS       PROV_CIPHER_FLAG_VARIABLE_LENGTH
 
 static OSSL_FUNC_cipher_freectx_fn rc2_freectx;
 static OSSL_FUNC_cipher_dupctx_fn rc2_dupctx;
@@ -242,15 +243,15 @@ const OSSL_DISPATCH ossl_##alg##kbits##lcmode##_functions[] = {                \
 };
 
 /* ossl_rc2128ecb_functions */
-IMPLEMENT_cipher(rc2, RC2, ecb, ECB, EVP_CIPH_VARIABLE_LENGTH, 128, 64, 0, block)
+IMPLEMENT_cipher(rc2, RC2, ecb, ECB, RC2_FLAGS, 128, 64, 0, block)
 /* ossl_rc2128cbc_functions */
-IMPLEMENT_cipher(rc2, RC2, cbc, CBC, EVP_CIPH_VARIABLE_LENGTH, 128, 64, 64, block)
+IMPLEMENT_cipher(rc2, RC2, cbc, CBC, RC2_FLAGS, 128, 64, 64, block)
 /* ossl_rc240cbc_functions */
-IMPLEMENT_cipher(rc2, RC2, cbc, CBC, EVP_CIPH_VARIABLE_LENGTH, 40, 64, 64, block)
+IMPLEMENT_cipher(rc2, RC2, cbc, CBC, RC2_FLAGS, 40, 64, 64, block)
 /* ossl_rc264cbc_functions */
-IMPLEMENT_cipher(rc2, RC2, cbc, CBC, EVP_CIPH_VARIABLE_LENGTH, 64, 64, 64, block)
+IMPLEMENT_cipher(rc2, RC2, cbc, CBC, RC2_FLAGS, 64, 64, 64, block)
 
 /* ossl_rc2128ofb128_functions */
-IMPLEMENT_cipher(rc2, RC2, ofb128, OFB, EVP_CIPH_VARIABLE_LENGTH, 128, 8, 64, stream)
+IMPLEMENT_cipher(rc2, RC2, ofb128, OFB, RC2_FLAGS, 128, 8, 64, stream)
 /* ossl_rc2128cfb128_functions */
-IMPLEMENT_cipher(rc2, RC2, cfb128, CFB, EVP_CIPH_VARIABLE_LENGTH, 128, 8, 64, stream)
+IMPLEMENT_cipher(rc2, RC2, cfb128, CFB, RC2_FLAGS, 128, 8, 64, stream)

diff --git a/providers/implementations/ciphers/cipher_rc4.c b/providers/implementations/ciphers/cipher_rc4.c
index 91644fca59cd36ece8b130cfc808cada2913daf3..18233bbac18c87026d98ec73397224107683bada 100644 (file)
--- a/providers/implementations/ciphers/cipher_rc4.c
+++ b/providers/implementations/ciphers/cipher_rc4.c
@@ -19,8 +19,7 @@
 #include "prov/implementations.h"
 #include "prov/providercommon.h"
 
-/* TODO (3.0) Figure out what flags are required */
-#define RC4_FLAGS EVP_CIPH_FLAG_DEFAULT_ASN1
+#define RC4_FLAGS PROV_CIPHER_FLAG_VARIABLE_LENGTH
 
 static OSSL_FUNC_cipher_freectx_fn rc4_freectx;
 static OSSL_FUNC_cipher_dupctx_fn rc4_dupctx;
@@ -97,6 +96,6 @@ const OSSL_DISPATCH ossl_##alg##kbits##_functions[] = {                        \
 };
 
 /* ossl_rc440_functions */
-IMPLEMENT_cipher(rc4, RC4, EVP_CIPH_VARIABLE_LENGTH, 40, 8, 0, stream)
+IMPLEMENT_cipher(rc4, RC4, RC4_FLAGS, 40, 8, 0, stream)
 /* ossl_rc4128_functions */
-IMPLEMENT_cipher(rc4, RC4, EVP_CIPH_VARIABLE_LENGTH, 128, 8, 0, stream)
+IMPLEMENT_cipher(rc4, RC4, RC4_FLAGS, 128, 8, 0, stream)

diff --git a/providers/implementations/ciphers/cipher_rc4_hmac_md5.c b/providers/implementations/ciphers/cipher_rc4_hmac_md5.c
index 9dc9615c04919430693fa5f105103146b0b1146a..b757197110d73a0b725330a7d7a16d7df487ecb3 100644 (file)
--- a/providers/implementations/ciphers/cipher_rc4_hmac_md5.c
+++ b/providers/implementations/ciphers/cipher_rc4_hmac_md5.c
@@ -20,9 +20,8 @@
 #include "prov/providercommon.h"
 #include "prov/providercommonerr.h"
 
-/* TODO(3.0) Figure out what flags are required */
-#define RC4_HMAC_MD5_FLAGS (EVP_CIPH_STREAM_CIPHER | EVP_CIPH_VARIABLE_LENGTH  \
-                            | EVP_CIPH_FLAG_AEAD_CIPHER)
+#define RC4_HMAC_MD5_FLAGS (PROV_CIPHER_FLAG_VARIABLE_LENGTH                   \
+                            | PROV_CIPHER_FLAG_AEAD)
 
 #define RC4_HMAC_MD5_KEY_BITS (16 * 8)
 #define RC4_HMAC_MD5_BLOCK_BITS (1 * 8)
@@ -183,10 +182,10 @@ static int rc4_hmac_md5_set_ctx_params(void *vctx, const OSSL_PARAM params[])
 static int rc4_hmac_md5_get_params(OSSL_PARAM params[])
 {
     return ossl_cipher_generic_get_params(params, RC4_HMAC_MD5_MODE,
-                                     RC4_HMAC_MD5_FLAGS,
-                                     RC4_HMAC_MD5_KEY_BITS,
-                                     RC4_HMAC_MD5_BLOCK_BITS,
-                                     RC4_HMAC_MD5_IV_BITS);
+                                          RC4_HMAC_MD5_FLAGS,
+                                          RC4_HMAC_MD5_KEY_BITS,
+                                          RC4_HMAC_MD5_BLOCK_BITS,
+                                          RC4_HMAC_MD5_IV_BITS);
 }
 
 const OSSL_DISPATCH ossl_rc4_hmac_ossl_md5_functions[] = {

diff --git a/providers/implementations/ciphers/cipher_rc5.c b/providers/implementations/ciphers/cipher_rc5.c
index 80de5f4bdd8dda40cce2deec9184f46a66833653..ec408ed885626adcb480f15f307c914d359e0f41 100644 (file)
--- a/providers/implementations/ciphers/cipher_rc5.c
+++ b/providers/implementations/ciphers/cipher_rc5.c
@@ -20,6 +20,8 @@
 #include "prov/providercommon.h"
 #include "prov/providercommonerr.h"
 
+#define RC5_FLAGS PROV_CIPHER_FLAG_VARIABLE_LENGTH
+
 static OSSL_FUNC_cipher_freectx_fn rc5_freectx;
 static OSSL_FUNC_cipher_dupctx_fn rc5_dupctx;
 OSSL_FUNC_cipher_gettable_ctx_params_fn rc5_gettable_ctx_params;
@@ -153,10 +155,10 @@ const OSSL_DISPATCH ossl_##alg##kbits##lcmode##_functions[] = {                \
 };
 
 /* ossl_rc5128ecb_functions */
-IMPLEMENT_cipher(rc5, RC5, ecb, ECB, EVP_CIPH_VARIABLE_LENGTH, 128, 64, 0, block)
+IMPLEMENT_cipher(rc5, RC5, ecb, ECB, RC5_FLAGS, 128, 64, 0, block)
 /* ossl_rc5128cbc_functions */
-IMPLEMENT_cipher(rc5, RC5, cbc, CBC, EVP_CIPH_VARIABLE_LENGTH, 128, 64, 64, block)
+IMPLEMENT_cipher(rc5, RC5, cbc, CBC, RC5_FLAGS, 128, 64, 64, block)
 /* ossl_rc5128ofb64_functions */
-IMPLEMENT_cipher(rc5, RC5, ofb64, OFB, EVP_CIPH_VARIABLE_LENGTH, 128, 8, 64, stream)
+IMPLEMENT_cipher(rc5, RC5, ofb64, OFB, RC5_FLAGS, 128, 8, 64, stream)
 /* ossl_rc5128cfb64_functions */
-IMPLEMENT_cipher(rc5, RC5, cfb64,  CFB, EVP_CIPH_VARIABLE_LENGTH, 128, 8, 64, stream)
+IMPLEMENT_cipher(rc5, RC5, cfb64,  CFB, RC5_FLAGS, 128, 8, 64, stream)

diff --git a/providers/implementations/ciphers/cipher_tdes.c b/providers/implementations/ciphers/cipher_tdes.c
index c9fb1ceda7956c3cacd904434abeb1355fd68c00..a2855af48189d0751d554f46f082db8d7f9b5cfa 100644 (file)
--- a/providers/implementations/ciphers/cipher_tdes.c
+++ b/providers/implementations/ciphers/cipher_tdes.c
@@ -20,7 +20,7 @@
 #include "prov/providercommonerr.h"
 
 /*
- * TODO(3.0) - ECB mode does not use an IV - but existing test code is setting
+ * NOTE: ECB mode does not use an IV - but existing test code is setting
  * an IV. Fixing this could potentially make applications break.
  */
 /* ossl_tdes_ede3_ecb_functions */

diff --git a/providers/implementations/ciphers/cipher_tdes.h b/providers/implementations/ciphers/cipher_tdes.h
index 081a00fffa2e32d23e23d27191c4fedc9a5bce91..9bef908cc341468082f457951cc4cc9900834087 100644 (file)
--- a/providers/implementations/ciphers/cipher_tdes.h
+++ b/providers/implementations/ciphers/cipher_tdes.h
@@ -13,9 +13,7 @@
 
 #define DES_BLOCK_SIZE 8
 #define TDES_IVLEN 8
-
-/* TODO(3.0) Figure out what flags need to be here */
-#define TDES_FLAGS (EVP_CIPH_RAND_KEY)
+#define TDES_FLAGS 0
 
 typedef struct prov_tdes_ctx_st {
     PROV_CIPHER_CTX base;      /* Must be first */

diff --git a/providers/implementations/ciphers/cipher_tdes_default_hw.c b/providers/implementations/ciphers/cipher_tdes_default_hw.c
index b7c7ea11f7fe18302f5c02023436ddb5d02db255..77b08ebbe151112163505b27208008a282eaa14b 100644 (file)
--- a/providers/implementations/ciphers/cipher_tdes_default_hw.c
+++ b/providers/implementations/ciphers/cipher_tdes_default_hw.c
@@ -101,7 +101,7 @@ static int ossl_cipher_hw_tdes_cfb1(PROV_CIPHER_CTX *ctx, unsigned char *out,
     size_t n;
     unsigned char c[1], d[1];
 
-    if ((ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) == 0)
+    if (ctx->use_bits == 0)
         inl *= 8;
     for (n = 0; n < inl; ++n) {
         c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;

diff --git a/providers/implementations/ciphers/cipher_tdes_wrap.c b/providers/implementations/ciphers/cipher_tdes_wrap.c
index acb8c97e33f559a110a7d18535fab56b8929e342..b78a77c254fe78bd0cc8e812e068a805cb958600 100644 (file)
--- a/providers/implementations/ciphers/cipher_tdes_wrap.c
+++ b/providers/implementations/ciphers/cipher_tdes_wrap.c
@@ -21,9 +21,7 @@
 #include "prov/providercommon.h"
 #include "prov/providercommonerr.h"
 
-/* TODO (3.0) Figure out what flags are required */
-#define TDES_WRAP_FLAGS (EVP_CIPH_WRAP_MODE | EVP_CIPH_CUSTOM_IV)
-
+#define TDES_WRAP_FLAGS PROV_CIPHER_FLAG_CUSTOM_IV
 
 static OSSL_FUNC_cipher_update_fn tdes_wrap_update;
 static OSSL_FUNC_cipher_cipher_fn tdes_wrap_cipher;

diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c
index d1e8c461b55c30e696554baf2a853510433de683..fa73edb47324cc78da36f00fdfd8633d6ee5d9e8 100644 (file)
--- a/providers/implementations/ciphers/ciphercommon.c
+++ b/providers/implementations/ciphers/ciphercommon.c
@@ -26,7 +26,10 @@ static const OSSL_PARAM cipher_known_gettable_params[] = {
     OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
     OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
     OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_BLOCK_SIZE, NULL),
-    OSSL_PARAM_ulong(OSSL_CIPHER_PARAM_FLAGS, NULL),
+    OSSL_PARAM_int(OSSL_CIPHER_PARAM_AEAD, NULL),
+    OSSL_PARAM_int(OSSL_CIPHER_PARAM_CUSTOM_IV, NULL),
+    OSSL_PARAM_int(OSSL_CIPHER_PARAM_CTS, NULL),
+    OSSL_PARAM_int(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK, NULL),
     { OSSL_CIPHER_PARAM_TLS_MAC, OSSL_PARAM_OCTET_PTR, NULL, 0, OSSL_PARAM_UNMODIFIED },
     OSSL_PARAM_END
 };
@@ -36,7 +39,7 @@ const OSSL_PARAM *ossl_cipher_generic_gettable_params(void *provctx)
 }
 
 int ossl_cipher_generic_get_params(OSSL_PARAM params[], unsigned int md,
-                                   unsigned long flags,
+                                   uint64_t flags,
                                    size_t kbits, size_t blkbits, size_t ivbits)
 {
     OSSL_PARAM *p;
@@ -46,8 +49,27 @@ int ossl_cipher_generic_get_params(OSSL_PARAM params[], unsigned int md,
         ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
         return 0;
     }
-    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_FLAGS);
-    if (p != NULL && !OSSL_PARAM_set_ulong(p, flags)) {
+    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD);
+    if (p != NULL
+        && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_AEAD) != 0)) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+        return 0;
+    }
+    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_CUSTOM_IV);
+    if (p != NULL
+        && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_CUSTOM_IV) != 0)) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+        return 0;
+    }
+    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_CTS);
+    if (p != NULL
+        && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_CTS) != 0)) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+        return 0;
+    }
+    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK);
+    if (p != NULL
+        && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_TLS1_MULTIBLOCK) != 0)) {
         ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
         return 0;
     }
@@ -80,7 +102,6 @@ CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(ossl_cipher_generic)
 /*
  * Variable key length cipher functions for OSSL_PARAM settables
  */
-
 int ossl_cipher_var_keylen_set_ctx_params(void *vctx, const OSSL_PARAM params[])
 {
     PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
@@ -168,7 +189,7 @@ static int cipher_generic_init_internal(PROV_CIPHER_CTX *ctx,
             return 0;
     }
     if (key != NULL) {
-        if ((ctx->flags & EVP_CIPH_VARIABLE_LENGTH) == 0) {
+        if (ctx->variable_keylength == 0) {
             if (keylen != ctx->keylen) {
                 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEYLEN);
                 return 0;
@@ -608,7 +629,11 @@ void ossl_cipher_generic_initkey(void *vctx, size_t kbits, size_t blkbits,
 {
     PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
 
-    ctx->flags = flags;
+    if ((flags & PROV_CIPHER_FLAG_INVERSE_CIPHER) != 0)
+        ctx->inverse_cipher = 1;
+    if ((flags & PROV_CIPHER_FLAG_VARIABLE_LENGTH) != 0)
+        ctx->variable_keylength = 1;
+
     ctx->pad = 1;
     ctx->keylen = ((kbits) / 8);
     ctx->ivlen = ((ivbits) / 8);

diff --git a/providers/implementations/ciphers/ciphercommon_ccm.c b/providers/implementations/ciphers/ciphercommon_ccm.c
index cb529f5f315981c5ac7bd0c3bccbd11a6aa31e7a..0009e9876c56d69aa30b0e6945aecf49223b4c8e 100644 (file)
--- a/providers/implementations/ciphers/ciphercommon_ccm.c
+++ b/providers/implementations/ciphers/ciphercommon_ccm.c
@@ -291,9 +291,8 @@ int ccm_stream_final(void *vctx, unsigned char *out, size_t *outl,
     return 1;
 }
 
-int ccm_cipher(void *vctx,
-                      unsigned char *out, size_t *outl, size_t outsize,
-                      const unsigned char *in, size_t inl)
+int ccm_cipher(void *vctx, unsigned char *out, size_t *outl, size_t outsize,
+               const unsigned char *in, size_t inl)
 {
     PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;
 

diff --git a/providers/implementations/ciphers/ciphercommon_hw.c b/providers/implementations/ciphers/ciphercommon_hw.c
index 70635930115796bd88fb8acf670f2d7d87723679..8673e7b744beeac92bcff841dfdf476f7ce884c8 100644 (file)
--- a/providers/implementations/ciphers/ciphercommon_hw.c
+++ b/providers/implementations/ciphers/ciphercommon_hw.c
@@ -85,7 +85,7 @@ int ossl_cipher_hw_generic_cfb1(PROV_CIPHER_CTX *dat, unsigned char *out,
 {
     int num = dat->num;
 
-    if ((dat->flags & EVP_CIPH_FLAG_LENGTH_BITS) != 0) {
+    if (dat->use_bits) {
         CRYPTO_cfb128_1_encrypt(in, out, len, dat->ks, dat->iv, &num,
                                 dat->enc, dat->block);
         dat->num = num;

diff --git a/providers/implementations/include/prov/ciphercommon.h b/providers/implementations/include/prov/ciphercommon.h
index efc7eb9223f20258d519c6af2138ff864f870fff..ee35400936cc42b6cc1016f1325c261b203a8ded 100644 (file)
--- a/providers/implementations/include/prov/ciphercommon.h
+++ b/providers/implementations/include/prov/ciphercommon.h
@@ -34,6 +34,15 @@ typedef int (PROV_CIPHER_HW_FN)(PROV_CIPHER_CTX *dat, unsigned char *out,
 /* TODO(3.0): VERIFY ME */
 #define MAX_TLS_MAC_SIZE    48
 
+/* Internal flags that can be queried */
+#define PROV_CIPHER_FLAG_AEAD             0x0001
+#define PROV_CIPHER_FLAG_CUSTOM_IV        0x0002
+#define PROV_CIPHER_FLAG_CTS              0x0004
+#define PROV_CIPHER_FLAG_TLS1_MULTIBLOCK  0x0008
+/* Internal flags that are only used within the provider */
+#define PROV_CIPHER_FLAG_VARIABLE_LENGTH  0x0010
+#define PROV_CIPHER_FLAG_INVERSE_CIPHER   0x0020
+
 struct prov_cipher_ctx_st {
     block128_f block;
     union {
@@ -52,7 +61,9 @@ struct prov_cipher_ctx_st {
     unsigned int enc : 1;    /* Set to 1 for encrypt, or 0 otherwise */
     unsigned int iv_set : 1; /* Set when the iv is copied to the iv/oiv buffers */
     unsigned int updated : 1; /* Set to 1 during update for one shot ciphers */
-
+    unsigned int variable_keylength : 1;
+    unsigned int inverse_cipher : 1; /* set to 1 to use inverse cipher */
+    unsigned int use_bits : 1; /* Set to 0 for cfb1 to use bits instead of bytes */
 
     unsigned int tlsversion; /* If TLS padding is in use the TLS version number */
     unsigned char *tlsmac;   /* tls MAC extracted from the last record */
@@ -73,7 +84,6 @@ struct prov_cipher_ctx_st {
      * manage partial blocks themselves.
      */
     unsigned int num;
-    uint64_t flags;
 
     /* The original value of the iv */
     unsigned char oiv[GENERIC_BLOCK_SIZE];
@@ -110,11 +120,12 @@ OSSL_FUNC_cipher_gettable_ctx_params_fn ossl_cipher_aead_gettable_ctx_params;
 OSSL_FUNC_cipher_settable_ctx_params_fn ossl_cipher_aead_settable_ctx_params;
 
 int ossl_cipher_generic_get_params(OSSL_PARAM params[], unsigned int md,
-                              unsigned long flags,
-                              size_t kbits, size_t blkbits, size_t ivbits);
+                                   uint64_t flags,
+                                   size_t kbits, size_t blkbits, size_t ivbits);
 void ossl_cipher_generic_initkey(void *vctx, size_t kbits, size_t blkbits,
-                            size_t ivbits, unsigned int mode, uint64_t flags,
-                            const PROV_CIPHER_HW *hw, void *provctx);
+                                 size_t ivbits, unsigned int mode,
+                                 uint64_t flags,
+                                 const PROV_CIPHER_HW *hw, void *provctx);
 
 #define IMPLEMENT_generic_cipher_func(alg, UCALG, lcmode, UCMODE, flags, kbits,\
                                       blkbits, ivbits, typ)                    \

diff --git a/providers/implementations/include/prov/ciphercommon_aead.h b/providers/implementations/include/prov/ciphercommon_aead.h
index 47175f7247dd4d253b41576e60947eea23690df1..63fdb541519b6f4f4cc3c30ea2ac5bc910b1898e 100644 (file)
--- a/providers/implementations/include/prov/ciphercommon_aead.h
+++ b/providers/implementations/include/prov/ciphercommon_aead.h
@@ -9,21 +9,16 @@
 
 #define UNINITIALISED_SIZET ((size_t)-1)
 
-/* TODO(3.0) Figure out what flags are really needed */
-#define AEAD_FLAGS (EVP_CIPH_FLAG_AEAD_CIPHER           \
-                    | EVP_CIPH_CUSTOM_IV                \
-                    | EVP_CIPH_ALWAYS_CALL_INIT         \
-                    | EVP_CIPH_CTRL_INIT                \
-                    | EVP_CIPH_CUSTOM_COPY)
+#define AEAD_FLAGS (PROV_CIPHER_FLAG_AEAD | PROV_CIPHER_FLAG_CUSTOM_IV)
 
 #define IMPLEMENT_aead_cipher(alg, lc, UCMODE, flags, kbits, blkbits, ivbits)  \
-static OSSL_FUNC_cipher_get_params_fn alg##_##kbits##_##lc##_get_params;         \
+static OSSL_FUNC_cipher_get_params_fn alg##_##kbits##_##lc##_get_params;       \
 static int alg##_##kbits##_##lc##_get_params(OSSL_PARAM params[])              \
 {                                                                              \
-    return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE,         \
+    return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE,    \
                                      flags, kbits, blkbits, ivbits);           \
 }                                                                              \
-static OSSL_FUNC_cipher_newctx_fn alg##kbits##lc##_newctx;                       \
+static OSSL_FUNC_cipher_newctx_fn alg##kbits##lc##_newctx;                     \
 static void * alg##kbits##lc##_newctx(void *provctx)                           \
 {                                                                              \
     return alg##_##lc##_newctx(provctx, kbits);                                \
@@ -43,10 +38,10 @@ const OSSL_DISPATCH ossl_##alg##kbits##lc##_functions[] = {                    \
     { OSSL_FUNC_CIPHER_SET_CTX_PARAMS,                                         \
       (void (*)(void)) lc##_set_ctx_params },                                  \
     { OSSL_FUNC_CIPHER_GETTABLE_PARAMS,                                        \
-      (void (*)(void))ossl_cipher_generic_gettable_params },                        \
+      (void (*)(void))ossl_cipher_generic_gettable_params },                   \
     { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS,                                    \
-      (void (*)(void))ossl_cipher_aead_gettable_ctx_params },                       \
+      (void (*)(void))ossl_cipher_aead_gettable_ctx_params },                  \
     { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS,                                    \
-      (void (*)(void))ossl_cipher_aead_settable_ctx_params },                       \
+      (void (*)(void))ossl_cipher_aead_settable_ctx_params },                  \
     { 0, NULL }                                                                \
 }