From: Pauli <paul.dale@oracle.com>
Date: Thu, 5 Sep 2019 04:15:02 +0000 (+1000)
Subject: CMAC using common cipher get code
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1dcc7ee6cf816e5fba8b99d278829031d71ee9df;p=openssl

CMAC using common cipher get code

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9770)
---

diff --git a/providers/common/macs/cmac_prov.c b/providers/common/macs/cmac_prov.c
index 7c15bc77b0..aee0b2bb0a 100644
--- a/providers/common/macs/cmac_prov.c
+++ b/providers/common/macs/cmac_prov.c
@@ -16,6 +16,7 @@
 
 #include "internal/provider_algs.h"
 #include "internal/provider_ctx.h"
+#include "internal/provider_util.h"
 
 /*
  * Forward declaration of everything implemented here.  This is not strictly
@@ -38,21 +39,7 @@ static OSSL_OP_mac_final_fn cmac_final;
 struct cmac_data_st {
     void *provctx;
     CMAC_CTX *ctx;
-
-    /*
-     * References to the underlying cipher implementation.  tmpcipher
-     * caches the cipher, always.  alloc_cipher only holds a reference
-     * to an explicitly fetched cipher.
-     * tmpcipher is cleared after a CMAC_Init call.
-     */
-    const EVP_CIPHER *tmpcipher; /* cached CMAC cipher */
-    EVP_CIPHER *alloc_cipher;    /* fetched CMAC cipher */
-
-    /*
-     * Conditions for legacy EVP_CIPHER uses.
-     * tmpengine is cleared after a CMAC_Init call.
-     */
-    ENGINE *tmpengine;           /* CMAC cipher engine (legacy) */
+    PROV_CIPHER cipher;
 };
 
 static void *cmac_new(void *provctx)
@@ -76,7 +63,7 @@ static void cmac_free(void *vmacctx)
 
     if (macctx != NULL) {
         CMAC_CTX_free(macctx->ctx);
-        EVP_CIPHER_free(macctx->alloc_cipher);
+        ossl_prov_cipher_reset(&macctx->cipher);
         OPENSSL_free(macctx);
     }
 }
@@ -86,19 +73,11 @@ static void *cmac_dup(void *vsrc)
     struct cmac_data_st *src = vsrc;
     struct cmac_data_st *dst = cmac_new(src->provctx);
 
-    if (!CMAC_CTX_copy(dst->ctx, src->ctx)) {
+    if (!CMAC_CTX_copy(dst->ctx, src->ctx)
+        || !ossl_prov_cipher_copy(&dst->cipher, &src->cipher)) {
         cmac_free(dst);
         return NULL;
     }
-
-    if (src->alloc_cipher != NULL && !EVP_CIPHER_up_ref(src->alloc_cipher)) {
-        cmac_free(dst);
-        return NULL;
-    }
-
-    dst->tmpengine = src->tmpengine;
-    dst->tmpcipher = src->tmpcipher;
-    dst->alloc_cipher = src->alloc_cipher;
     return dst;
 }
 
@@ -112,12 +91,11 @@ static size_t cmac_size(void *vmacctx)
 static int cmac_init(void *vmacctx)
 {
     struct cmac_data_st *macctx = vmacctx;
-    int rv = CMAC_Init(macctx->ctx, NULL, 0, macctx->tmpcipher,
-                       (ENGINE *)macctx->tmpengine);
-
-    macctx->tmpcipher = NULL;
-    macctx->tmpengine = NULL;
+    int rv = CMAC_Init(macctx->ctx, NULL, 0,
+                       ossl_prov_cipher_cipher(&macctx->cipher),
+                       ossl_prov_cipher_engine(&macctx->cipher));
 
+    ossl_prov_cipher_reset(&macctx->cipher);
     return rv;
 }
 
@@ -174,67 +152,22 @@ static const OSSL_PARAM *cmac_settable_ctx_params(void)
 static int cmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[])
 {
     struct cmac_data_st *macctx = vmacctx;
+    OPENSSL_CTX *ctx = PROV_LIBRARY_CONTEXT_OF(macctx->provctx);
     const OSSL_PARAM *p;
 
-    if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_CIPHER)) != NULL) {
-        if (p->data_type != OSSL_PARAM_UTF8_STRING)
-            return 0;
-
-        {
-            const char *algoname = p->data;
-            const char *propquery = NULL;
-
-/* Inside the FIPS module, we don't support engines */
-#if !defined(FIPS_MODE) && !defined(OPENSSL_NO_ENGINE)
-            ENGINE_finish(macctx->tmpengine);
-            macctx->tmpengine = NULL;
-
-            if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_ENGINE))
-                != NULL) {
-                if (p->data_type != OSSL_PARAM_UTF8_STRING)
-                    return 0;
-
-                macctx->tmpengine = ENGINE_by_id(p->data);
-                if (macctx->tmpengine == NULL)
-                    return 0;
-            }
-#endif
-            if ((p = OSSL_PARAM_locate_const(params,
-                                             OSSL_MAC_PARAM_PROPERTIES))
-                != NULL) {
-                if (p->data_type != OSSL_PARAM_UTF8_STRING)
-                    return 0;
-
-                propquery = p->data;
-            }
+    if (!ossl_prov_cipher_load_from_params(&macctx->cipher, params, ctx))
+        return 0;
 
-            EVP_CIPHER_free(macctx->alloc_cipher);
-
-            macctx->tmpcipher = macctx->alloc_cipher =
-                EVP_CIPHER_fetch(PROV_LIBRARY_CONTEXT_OF(macctx->provctx),
-                                 algoname, propquery);
-
-#ifndef FIPS_MODE /* Inside the FIPS module, we don't support legacy digests */
-            /* TODO(3.0) BEGIN legacy stuff, to be removed */
-            if (macctx->tmpcipher == NULL)
-                macctx->tmpcipher = EVP_get_cipherbyname(algoname);
-            /* TODO(3.0) END of legacy stuff */
-#endif
-
-            if (macctx->tmpcipher == NULL)
-                return 0;
-        }
-    }
     if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_KEY)) != NULL) {
         if (p->data_type != OSSL_PARAM_OCTET_STRING)
             return 0;
 
         if (!CMAC_Init(macctx->ctx, p->data, p->data_size,
-                       macctx->tmpcipher, macctx->tmpengine))
+                       ossl_prov_cipher_cipher(&macctx->cipher),
+                       ossl_prov_cipher_engine(&macctx->cipher)))
             return 0;
 
-        macctx->tmpcipher = NULL;
-        macctx->tmpengine = NULL;
+        ossl_prov_cipher_reset(&macctx->cipher);
     }
     return 1;
 }