Move cipher ctx 'original iv' parameter into the provider

[openssl.git] / providers / default / ciphers / cipher_aes_ocb.c

diff --git a/providers/default/ciphers/cipher_aes_ocb.c b/providers/default/ciphers/cipher_aes_ocb.c
index 93df4a5dbc75542b9b5d5df47316a07e476c4e76..95c0658fee88fe6f6b97b87637ff2f4d9fa466ac 100644 (file)
--- a/providers/default/ciphers/cipher_aes_ocb.c
+++ b/providers/default/ciphers/cipher_aes_ocb.c
@@ -107,7 +107,8 @@ static int aes_ocb_init(void *vctx, const unsigned char *key, size_t keylen,
            }
            ctx->base.ivlen = ivlen;
        }
-       memcpy(ctx->base.iv, iv, ivlen);
+       if (!cipher_generic_initiv(&ctx->base, iv, ivlen))
+           return 0;
        ctx->iv_state = IV_STATE_BUFFERED;
    }
    if (key != NULL) {
@@ -287,7 +288,6 @@ static void aes_ocb_freectx(void *vctx)
 
     if (ctx != NULL) {
         aes_generic_ocb_cleanup(ctx);
-        OPENSSL_cleanse(ctx->base.iv, sizeof(ctx->base.iv));
         OPENSSL_clear_free(ctx,  sizeof(*ctx));
     }
 }
@@ -388,7 +388,7 @@ static int aes_ocb_get_ctx_params(void *vctx, OSSL_PARAM params[])
             ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
             return 0;
         }
-        if (!OSSL_PARAM_set_octet_string(p, ctx->base.iv, ctx->base.ivlen)) {
+        if (!OSSL_PARAM_set_octet_string(p, ctx->base.oiv, ctx->base.ivlen)) {
             ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
             return 0;
         }