if (ctx->fetched_cipher != NULL)
EVP_CIPHER_free(ctx->fetched_cipher);
memset(ctx, 0, sizeof(*ctx));
+ ctx->iv_len = -1;
return 1;
ENGINE_finish(ctx->engine);
#endif
memset(ctx, 0, sizeof(*ctx));
+ ctx->iv_len = -1;
return 1;
}
#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
ENGINE *tmpimpl = NULL;
#endif
+
+ ctx->iv_len = -1;
+
/*
* enc == 1 means we are encrypting.
* enc == 0 means we are decrypting.
if (arg < 0)
return 0;
params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &sz);
+ ctx->iv_len = -1;
break;
case EVP_CTRL_CCM_SET_L:
if (arg < 2 || arg > 8)
return 0;
sz = 15 - arg;
params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &sz);
+ ctx->iv_len = -1;
break;
case EVP_CTRL_AEAD_SET_IV_FIXED:
params[0] = OSSL_PARAM_construct_octet_string(
int EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX *ctx, const OSSL_PARAM params[])
{
- if (ctx->cipher != NULL && ctx->cipher->set_ctx_params != NULL)
+ if (ctx->cipher != NULL && ctx->cipher->set_ctx_params != NULL) {
+ ctx->iv_len = -1;
return ctx->cipher->set_ctx_params(ctx->algctx, params);
+ }
return 0;
}
int EVP_CIPHER_CTX_get_iv_length(const EVP_CIPHER_CTX *ctx)
{
- int rv, len = EVP_CIPHER_get_iv_length(ctx->cipher);
- size_t v = len;
- OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
-
- params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &v);
- rv = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
- if (rv == EVP_CTRL_RET_UNSUPPORTED)
- goto legacy;
- return rv != 0 ? (int)v : -1;
- /* Code below to be removed when legacy support is dropped. */
-legacy:
- if ((EVP_CIPHER_get_flags(ctx->cipher) & EVP_CIPH_CUSTOM_IV_LENGTH) != 0) {
- rv = EVP_CIPHER_CTX_ctrl((EVP_CIPHER_CTX *)ctx, EVP_CTRL_GET_IVLEN,
- 0, &len);
- return (rv == 1) ? len : -1;
+ if (ctx->iv_len < 0) {
+ int rv, len = EVP_CIPHER_get_iv_length(ctx->cipher);
+ size_t v = len;
+ OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
+
+ params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &v);
+ rv = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
+ if (rv != EVP_CTRL_RET_UNSUPPORTED) {
+ if (rv <= 0)
+ return -1;
+ len = (int)v;
+ }
+ /* Code below to be removed when legacy support is dropped. */
+ else if ((EVP_CIPHER_get_flags(ctx->cipher)
+ & EVP_CIPH_CUSTOM_IV_LENGTH) != 0) {
+ rv = EVP_CIPHER_CTX_ctrl((EVP_CIPHER_CTX *)ctx, EVP_CTRL_GET_IVLEN,
+ 0, &len);
+ if (rv <= 0)
+ return -1;
+ }
+ /*-
+ * Casting away the const is annoying but required here. We need to
+ * cache the result for performance reasons.
+ */
+ ((EVP_CIPHER_CTX *)ctx)->iv_len = len;
}
- return len;
+ return ctx->iv_len;
}
int EVP_CIPHER_CTX_get_tag_length(const EVP_CIPHER_CTX *ctx)
/* FIXME: Should this even exist? It appears unused */
void *app_data; /* application stuff */
int key_len; /* May change for variable length cipher */
+ int iv_len; /* IV length */
unsigned long flags; /* Various flags */
void *cipher_data; /* per EVP data */
int final_used;