Retire EVP_CTRL_GET_IV

It is superseded by EVP_CIPHER_CTX_get_iv(), is only present on master,
and had only a couple of in-tree callers that are easy to convert.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12233)

diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index c037090695eecf6cc3dd75aec2e23c45b97743d2..dca83bcd5c626f70e2000825327873323ec49bd2 100644 (file)
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -2588,14 +2588,6 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
         memcpy(ptr, c->buf, arg);
         return 1;
 
-    case EVP_CTRL_GET_IV:
-        if (gctx->iv_gen != 1 && gctx->iv_gen_rand != 1)
-            return 0;
-        if (gctx->ivlen != arg)
-            return 0;
-        memcpy(ptr, gctx->iv, arg);
-        return 1;
-
     case EVP_CTRL_GCM_SET_IV_FIXED:
         /* Special case: -1 length restores whole IV */
         if (arg == -1) {

diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 44108db30bc2fa037e1ee9cd4afdb88c90b2f560..71b5386232bf468e5c839e646d92d5e662c474da 100644 (file)
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -971,12 +971,6 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
     case EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS: /* Used by DASYNC */
     default:
         goto end;
-    case EVP_CTRL_GET_IV:
-        set_params = 0;
-        params[0] =
-            OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV_STATE, ptr,
-                                              sz);
-        break;
     case EVP_CTRL_AEAD_SET_IVLEN:
         if (arg < 0)
             return 0;

diff --git a/include/internal/ktls.h b/include/internal/ktls.h
index 9212bb4343576119ab009ff165b8c963bb5a8084..535e563479d88df955e27a676126bd5785814875 100644 (file)
--- a/include/internal/ktls.h
+++ b/include/internal/ktls.h
@@ -346,9 +346,10 @@ static ossl_inline int ktls_configure_crypto(const EVP_CIPHER *c, int tls_versio
 
     if (tls_version == TLS1_2_VERSION &&
         EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) {
-        EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GET_IV,
-                            EVP_GCM_TLS_FIXED_IV_LEN + EVP_GCM_TLS_EXPLICIT_IV_LEN,
-                            geniv);
+        if (!EVP_CIPHER_CTX_get_iv_state(dd, geniv,
+                                         EVP_GCM_TLS_FIXED_IV_LEN
+                                         + EVP_GCM_TLS_EXPLICIT_IV_LEN))
+            return 0;
         iiv = geniv;
     }
 

diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index e38add9d1b13d0aadfc921d1d61e1a7d65246e24..76e5565f36678f984bd7dc14a3217d502a36e2a5 100644 (file)
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -386,8 +386,7 @@ DEPRECATEDIN_3_0(int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))
 # define         EVP_CTRL_SET_PIPELINE_INPUT_LENS        0x24
 /* Get the IV length used by the cipher */
 # define         EVP_CTRL_GET_IVLEN                      0x25
-/* Get the IV used by the cipher */
-# define         EVP_CTRL_GET_IV                         0x26
+/* 0x26 is unused */
 /* Tell the cipher it's doing a speed test (SIV disallows multiple ops) */
 # define         EVP_CTRL_SET_SPEED                      0x27
 /* Get the unprotectedAttrs from cipher ctx */

diff --git a/test/aesgcmtest.c b/test/aesgcmtest.c
index bacbb8f114cf0520920c13ae472945c4e4293681..a68ec74d3a857bba6e9cdcbcda01714a261534e6 100644 (file)
--- a/test/aesgcmtest.c
+++ b/test/aesgcmtest.c
@@ -58,7 +58,7 @@ static int do_encrypt(unsigned char *iv_gen, unsigned char *ct, int *ct_len,
           && TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16,
                                            tag) > 0)
           && TEST_true(iv_gen == NULL
-                  || EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_IV, 12, iv_gen) > 0);
+                  || EVP_CIPHER_CTX_get_iv(ctx, iv_gen, 12));
     EVP_CIPHER_CTX_free(ctx);
     return ret;
 }