Replumbing: make the oneshot proider cipher function like the others

The OP_cipher_final function takes a return output size and an output
buffer size argument.  The oneshot OP_cipher_cipher function should do
the same.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8849)

diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index 189c953266d9eb522dba95a040128462bbbf44be..34b938281efddc9f8471eac42329f501571f0756 100644 (file)
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -232,8 +232,14 @@ int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                const unsigned char *in, unsigned int inl)
 {
     if (ctx->cipher->prov != NULL) {
+        size_t outl = 0;         /* ignored */
+        int blocksize = EVP_CIPHER_CTX_block_size(ctx);
+
         if (ctx->cipher->ccipher != NULL)
-            return ctx->cipher->ccipher(ctx->provctx, out, in, (size_t)inl);
+            return
+                ctx->cipher->ccipher(ctx->provctx, out, &outl,
+                                     inl + (blocksize == 1 ? 0 : blocksize),
+                                     in, (size_t)inl);
         return 0;
     }
 

diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h
index d58888607e7b50825c8f691581004bf9a90ab5bf..74b3fdfda980aa27d7ff7930e7baa6be6da6c0f6 100644 (file)
--- a/include/openssl/core_numbers.h
+++ b/include/openssl/core_numbers.h
@@ -140,8 +140,9 @@ OSSL_CORE_MAKE_FUNC(int, OP_cipher_update,
 OSSL_CORE_MAKE_FUNC(int, OP_cipher_final,
                     (void *, unsigned char *out, size_t *outl, size_t outsize))
 OSSL_CORE_MAKE_FUNC(int, OP_cipher_cipher,
-                    (void *, unsigned char *out, const unsigned char *in,
-                     size_t inl))
+                    (void *,
+                     unsigned char *out, size_t *outl, size_t outsize,
+                     const unsigned char *in, size_t inl))
 OSSL_CORE_MAKE_FUNC(void, OP_cipher_freectx, (void *vctx))
 OSSL_CORE_MAKE_FUNC(void *, OP_cipher_dupctx, (void *vctx))
 OSSL_CORE_MAKE_FUNC(size_t, OP_cipher_key_length, (void))

diff --git a/providers/common/ciphers/aes.c b/providers/common/ciphers/aes.c
index 5c6e6703f8d3a9e6cb25b3c629bfcd1cab58aab9..2e93461621c2b18d90b33297ab9e5e19cb6e6aea 100644 (file)
--- a/providers/common/ciphers/aes.c
+++ b/providers/common/ciphers/aes.c
@@ -235,16 +235,23 @@ static int aes_stream_final(void *vctx, unsigned char *out, size_t *outl,
     return 1;
 }
 
-static int aes_cipher(void *vctx, unsigned char *out, const unsigned char *in,
-                      size_t inl)
+static int aes_cipher(void *vctx,
+                      unsigned char *out, size_t *outl, size_t outsize,
+                      const unsigned char *in, size_t inl)
 {
     PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
 
+    if (outsize < inl) {
+        PROVerr(PROV_F_AES_CIPHER, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
+        return 0;
+    }
+
     if (!ctx->ciph->cipher(ctx, out, in, inl)) {
         PROVerr(PROV_F_AES_CIPHER, PROV_R_CIPHER_OPERATION_FAILED);
         return 0;
     }
 
+    *outl = inl;
     return 1;
 }