Set cipher IV as octet string and pointer from providers

[openssl.git] / providers / implementations / ciphers / cipher_aes_cbc_hmac_sha.c

diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
index 00b46c3..ece4341 100644 (file)
--- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
+++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,8 +7,14 @@
  * https://www.openssl.org/source/license.html
  */
 
-/* Dispatch functions for AES_CBC_HMAC_SHA ciphers */
+/*
+ * AES low level APIs are deprecated for public use, but still ok for internal
+ * use where we're using them to implement the higher level EVP interface, as is
+ * the case here.
+ */
+#include "internal/deprecated.h"
 
+/* Dispatch functions for AES_CBC_HMAC_SHA ciphers */
 
 #include "cipher_aes_cbc_hmac_sha.h"
 #include "prov/implementations.h"
@@ -63,9 +69,11 @@ static int aes_set_ctx_params(void *vctx, const OSSL_PARAM params[])
     PROV_AES_HMAC_SHA_CTX *ctx = (PROV_AES_HMAC_SHA_CTX *)vctx;
     PROV_CIPHER_HW_AES_HMAC_SHA *hw =
        (PROV_CIPHER_HW_AES_HMAC_SHA *)ctx->hw;
-    EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
-    const OSSL_PARAM *p, *p1, *pin;
+    const OSSL_PARAM *p;
     int ret = 1;
+# if !defined(OPENSSL_NO_MULTIBLOCK)
+    EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
+# endif
 
     p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_MAC_KEY);
     if (p != NULL) {
@@ -95,8 +103,8 @@ static int aes_set_ctx_params(void *vctx, const OSSL_PARAM params[])
      */
     p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD);
     if (p != NULL) {
-        p1 = OSSL_PARAM_locate_const(params,
-                OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE);
+        const OSSL_PARAM *p1 = OSSL_PARAM_locate_const(params,
+                                   OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE);
         if (p->data_type != OSSL_PARAM_OCTET_STRING
             || p1 == NULL
             || !OSSL_PARAM_get_uint(p1, &mb_param.interleave)) {
@@ -120,10 +128,11 @@ static int aes_set_ctx_params(void *vctx, const OSSL_PARAM params[])
      */
     p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC);
     if (p != NULL) {
-        p1 = OSSL_PARAM_locate_const(params,
-                OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE);
-        pin = OSSL_PARAM_locate_const(params,
-                   OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN);
+        const OSSL_PARAM *p1 = OSSL_PARAM_locate_const(params,
+                                   OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE);
+        const OSSL_PARAM *pin = OSSL_PARAM_locate_const(params,
+                                    OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN);
+
         if (p->data_type != OSSL_PARAM_OCTET_STRING
             || pin == NULL
             || pin->data_type != OSSL_PARAM_OCTET_STRING
@@ -169,13 +178,13 @@ static int aes_set_ctx_params(void *vctx, const OSSL_PARAM params[])
 static int aes_get_ctx_params(void *vctx, OSSL_PARAM params[])
 {
     PROV_AES_HMAC_SHA_CTX *ctx = (PROV_AES_HMAC_SHA_CTX *)vctx;
-    PROV_CIPHER_HW_AES_HMAC_SHA *hw =
-       (PROV_CIPHER_HW_AES_HMAC_SHA *)ctx->hw;
     OSSL_PARAM *p;
 
 # if !defined(OPENSSL_NO_MULTIBLOCK)
     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE);
     if (p != NULL) {
+        PROV_CIPHER_HW_AES_HMAC_SHA *hw =
+           (PROV_CIPHER_HW_AES_HMAC_SHA *)ctx->hw;
         size_t len = hw->tls1_multiblock_max_bufsize(ctx);
 
         if (!OSSL_PARAM_set_size_t(p, len)) {
@@ -220,7 +229,8 @@ static int aes_get_ctx_params(void *vctx, OSSL_PARAM params[])
     }
     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
     if (p != NULL
-        && !OSSL_PARAM_set_octet_string(p, ctx->base.oiv, ctx->base.ivlen)) {
+        && !OSSL_PARAM_set_octet_string(p, ctx->base.oiv, ctx->base.ivlen)
+        && !OSSL_PARAM_set_octet_ptr(p, &ctx->base.oiv, ctx->base.ivlen)) {
         ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
         return 0;
     }
@@ -274,7 +284,7 @@ static void aes_cbc_hmac_sha1_freectx(void *vctx)
     PROV_AES_HMAC_SHA1_CTX *ctx = (PROV_AES_HMAC_SHA1_CTX *)vctx;
 
     if (ctx != NULL)
-        OPENSSL_clear_free(ctx, sizeof(ctx));
+        OPENSSL_clear_free(ctx, sizeof(*ctx));
 }
 
 static void *aes_cbc_hmac_sha256_newctx(void *provctx, size_t kbits,
@@ -295,7 +305,7 @@ static void aes_cbc_hmac_sha256_freectx(void *vctx)
     PROV_AES_HMAC_SHA256_CTX *ctx = (PROV_AES_HMAC_SHA256_CTX *)vctx;
 
     if (ctx != NULL)
-        OPENSSL_clear_free(ctx, sizeof(ctx));
+        OPENSSL_clear_free(ctx, sizeof(*ctx));
 }
 
 # define IMPLEMENT_CIPHER(nm, sub, kbits, blkbits, ivbits, flags)               \