providers/implementations/ciphers/cipher_aes_ocb.c

   1 /*
   2  * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 /*
  11  * AES low level APIs are deprecated for public use, but still ok for internal
  12  * use where we're using them to implement the higher level EVP interface, as is
  13  * the case here.
  14  */
  15 #include "internal/deprecated.h"
  16
  17 #include <openssl/proverr.h>
  18 #include "cipher_aes_ocb.h"
  19 #include "prov/providercommon.h"
  20 #include "prov/ciphercommon_aead.h"
  21 #include "prov/implementations.h"
  22
  23 #define AES_OCB_FLAGS AEAD_FLAGS
  24
  25 #define OCB_DEFAULT_TAG_LEN 16
  26 #define OCB_DEFAULT_IV_LEN  12
  27 #define OCB_MIN_IV_LEN      1
  28 #define OCB_MAX_IV_LEN      15
  29
  30 PROV_CIPHER_FUNC(int, ocb_cipher, (PROV_AES_OCB_CTX *ctx,
  31                                    const unsigned char *in, unsigned char *out,
  32                                    size_t nextblock));
  33 /* forward declarations */
  34 static OSSL_FUNC_cipher_encrypt_init_fn aes_ocb_einit;
  35 static OSSL_FUNC_cipher_decrypt_init_fn aes_ocb_dinit;
  36 static OSSL_FUNC_cipher_update_fn aes_ocb_block_update;
  37 static OSSL_FUNC_cipher_final_fn aes_ocb_block_final;
  38 static OSSL_FUNC_cipher_cipher_fn aes_ocb_cipher;
  39 static OSSL_FUNC_cipher_freectx_fn aes_ocb_freectx;
  40 static OSSL_FUNC_cipher_dupctx_fn aes_ocb_dupctx;
  41 static OSSL_FUNC_cipher_get_ctx_params_fn aes_ocb_get_ctx_params;
  42 static OSSL_FUNC_cipher_set_ctx_params_fn aes_ocb_set_ctx_params;
  43 static OSSL_FUNC_cipher_gettable_ctx_params_fn cipher_ocb_gettable_ctx_params;
  44 static OSSL_FUNC_cipher_settable_ctx_params_fn cipher_ocb_settable_ctx_params;
  45
  46 /*
  47  * The following methods could be moved into PROV_AES_OCB_HW if
  48  * multiple hardware implementations are ever needed.
  49  */
  50 static ossl_inline int aes_generic_ocb_setiv(PROV_AES_OCB_CTX *ctx,
  51                                              const unsigned char *iv,
  52                                              size_t ivlen, size_t taglen)
  53 {
  54     return (CRYPTO_ocb128_setiv(&ctx->ocb, iv, ivlen, taglen) == 1);
  55 }
  56
  57 static ossl_inline int aes_generic_ocb_setaad(PROV_AES_OCB_CTX *ctx,
  58                                               const unsigned char *aad,
  59                                               size_t alen)
  60 {
  61     return CRYPTO_ocb128_aad(&ctx->ocb, aad, alen) == 1;
  62 }
  63
  64 static ossl_inline int aes_generic_ocb_gettag(PROV_AES_OCB_CTX *ctx,
  65                                               unsigned char *tag, size_t tlen)
  66 {
  67     return CRYPTO_ocb128_tag(&ctx->ocb, tag, tlen) > 0;
  68 }
  69
  70 static ossl_inline int aes_generic_ocb_final(PROV_AES_OCB_CTX *ctx)
  71 {
  72     return (CRYPTO_ocb128_finish(&ctx->ocb, ctx->tag, ctx->taglen) == 0);
  73 }
  74
  75 static ossl_inline void aes_generic_ocb_cleanup(PROV_AES_OCB_CTX *ctx)
  76 {
  77     CRYPTO_ocb128_cleanup(&ctx->ocb);
  78 }
  79
  80 static ossl_inline int aes_generic_ocb_cipher(PROV_AES_OCB_CTX *ctx,
  81                                               const unsigned char *in,
  82                                               unsigned char *out, size_t len)
  83 {
  84     if (ctx->base.enc) {
  85         if (!CRYPTO_ocb128_encrypt(&ctx->ocb, in, out, len))
  86             return 0;
  87     } else {
  88         if (!CRYPTO_ocb128_decrypt(&ctx->ocb, in, out, len))
  89             return 0;
  90     }
  91     return 1;
  92 }
  93
  94 static ossl_inline int aes_generic_ocb_copy_ctx(PROV_AES_OCB_CTX *dst,
  95                                                 PROV_AES_OCB_CTX *src)
  96 {
  97     return CRYPTO_ocb128_copy_ctx(&dst->ocb, &src->ocb,
  98                                   &dst->ksenc.ks, &dst->ksdec.ks);
  99 }
 100
 101 /*-
 102  * Provider dispatch functions
 103  */
 104 static int aes_ocb_init(void *vctx, const unsigned char *key, size_t keylen,
 105                         const unsigned char *iv, size_t ivlen,
 106                         const OSSL_PARAM params[], int enc)
 107 {
 108     PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
 109
 110     if (!ossl_prov_is_running())
 111         return 0;
 112
 113     ctx->aad_buf_len = 0;
 114     ctx->data_buf_len = 0;
 115     ctx->base.enc = enc;
 116
 117     if (iv != NULL) {
 118         if (ivlen != ctx->base.ivlen) {
 119             /* IV len must be 1 to 15 */
 120             if (ivlen < OCB_MIN_IV_LEN || ivlen > OCB_MAX_IV_LEN) {
 121                 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
 122                 return 0;
 123             }
 124             ctx->base.ivlen = ivlen;
 125         }
 126         if (!ossl_cipher_generic_initiv(&ctx->base, iv, ivlen))
 127             return 0;
 128         ctx->iv_state = IV_STATE_BUFFERED;
 129     }
 130     if (key != NULL) {
 131         if (keylen != ctx->base.keylen) {
 132             ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
 133             return 0;
 134         }
 135         if (!ctx->base.hw->init(&ctx->base, key, keylen))
 136             return 0;
 137     }
 138     return aes_ocb_set_ctx_params(ctx, params);
 139 }
 140
 141 static int aes_ocb_einit(void *vctx, const unsigned char *key, size_t keylen,
 142                          const unsigned char *iv, size_t ivlen,
 143                          const OSSL_PARAM params[])
 144 {
 145     return aes_ocb_init(vctx, key, keylen, iv, ivlen, params, 1);
 146 }
 147
 148 static int aes_ocb_dinit(void *vctx, const unsigned char *key, size_t keylen,
 149                          const unsigned char *iv, size_t ivlen,
 150                          const OSSL_PARAM params[])
 151 {
 152     return aes_ocb_init(vctx, key, keylen, iv, ivlen, params, 0);
 153 }
 154
 155 /*
 156  * Because of the way OCB works, both the AAD and data are buffered in the
 157  * same way. Only the last block can be a partial block.
 158  */
 159 static int aes_ocb_block_update_internal(PROV_AES_OCB_CTX *ctx,
 160                                          unsigned char *buf, size_t *bufsz,
 161                                          unsigned char *out, size_t *outl,
 162                                          size_t outsize, const unsigned char *in,
 163                                          size_t inl, OSSL_ocb_cipher_fn ciph)
 164 {
 165     size_t nextblocks;
 166     size_t outlint = 0;
 167
 168     if (*bufsz != 0)
 169         nextblocks = ossl_cipher_fillblock(buf, bufsz, AES_BLOCK_SIZE, &in, &inl);
 170     else
 171         nextblocks = inl & ~(AES_BLOCK_SIZE-1);
 172
 173     if (*bufsz == AES_BLOCK_SIZE) {
 174         if (outsize < AES_BLOCK_SIZE) {
 175             ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
 176             return 0;
 177         }
 178         if (!ciph(ctx, buf, out, AES_BLOCK_SIZE)) {
 179             ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
 180             return 0;
 181         }
 182         *bufsz = 0;
 183         outlint = AES_BLOCK_SIZE;
 184         if (out != NULL)
 185             out += AES_BLOCK_SIZE;
 186     }
 187     if (nextblocks > 0) {
 188         outlint += nextblocks;
 189         if (outsize < outlint) {
 190             ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
 191             return 0;
 192         }
 193         if (!ciph(ctx, in, out, nextblocks)) {
 194             ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
 195             return 0;
 196         }
 197         in += nextblocks;
 198         inl -= nextblocks;
 199     }
 200     if (inl != 0
 201         && !ossl_cipher_trailingdata(buf, bufsz, AES_BLOCK_SIZE, &in, &inl)) {
 202         /* PROVerr already called */
 203         return 0;
 204     }
 205
 206     *outl = outlint;
 207     return inl == 0;
 208 }
 209
 210 /* A wrapper function that has the same signature as cipher */
 211 static int cipher_updateaad(PROV_AES_OCB_CTX *ctx, const unsigned char *in,
 212                             unsigned char *out, size_t len)
 213 {
 214     return aes_generic_ocb_setaad(ctx, in, len);
 215 }
 216
 217 static int update_iv(PROV_AES_OCB_CTX *ctx)
 218 {
 219     if (ctx->iv_state == IV_STATE_FINISHED
 220         || ctx->iv_state == IV_STATE_UNINITIALISED)
 221         return 0;
 222     if (ctx->iv_state == IV_STATE_BUFFERED) {
 223         if (!aes_generic_ocb_setiv(ctx, ctx->base.iv, ctx->base.ivlen,
 224                                    ctx->taglen))
 225             return 0;
 226         ctx->iv_state = IV_STATE_COPIED;
 227     }
 228     return 1;
 229 }
 230
 231 static int aes_ocb_block_update(void *vctx, unsigned char *out, size_t *outl,
 232                                 size_t outsize, const unsigned char *in,
 233                                 size_t inl)
 234 {
 235     PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
 236     unsigned char *buf;
 237     size_t *buflen;
 238     OSSL_ocb_cipher_fn fn;
 239
 240     if (!ctx->key_set || !update_iv(ctx))
 241         return 0;
 242
 243     if (inl == 0) {
 244         *outl = 0;
 245         return 1;
 246     }
 247
 248     /* Are we dealing with AAD or normal data here? */
 249     if (out == NULL) {
 250         buf = ctx->aad_buf;
 251         buflen = &ctx->aad_buf_len;
 252         fn = cipher_updateaad;
 253     } else {
 254         buf = ctx->data_buf;
 255         buflen = &ctx->data_buf_len;
 256         fn = aes_generic_ocb_cipher;
 257     }
 258     return aes_ocb_block_update_internal(ctx, buf, buflen, out, outl, outsize,
 259                                          in, inl, fn);
 260 }
 261
 262 static int aes_ocb_block_final(void *vctx, unsigned char *out, size_t *outl,
 263                                size_t outsize)
 264 {
 265     PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
 266
 267     if (!ossl_prov_is_running())
 268         return 0;
 269
 270     /* If no block_update has run then the iv still needs to be set */
 271     if (!ctx->key_set || !update_iv(ctx))
 272         return 0;
 273
 274     /*
 275      * Empty the buffer of any partial block that we might have been provided,
 276      * both for data and AAD
 277      */
 278     *outl = 0;
 279     if (ctx->data_buf_len > 0) {
 280         if (!aes_generic_ocb_cipher(ctx, ctx->data_buf, out, ctx->data_buf_len))
 281             return 0;
 282         *outl = ctx->data_buf_len;
 283         ctx->data_buf_len = 0;
 284     }
 285     if (ctx->aad_buf_len > 0) {
 286         if (!aes_generic_ocb_setaad(ctx, ctx->aad_buf, ctx->aad_buf_len))
 287             return 0;
 288         ctx->aad_buf_len = 0;
 289     }
 290     if (ctx->base.enc) {
 291         /* If encrypting then just get the tag */
 292         if (!aes_generic_ocb_gettag(ctx, ctx->tag, ctx->taglen))
 293             return 0;
 294     } else {
 295         /* If decrypting then verify */
 296         if (ctx->taglen == 0)
 297             return 0;
 298         if (!aes_generic_ocb_final(ctx))
 299             return 0;
 300     }
 301     /* Don't reuse the IV */
 302     ctx->iv_state = IV_STATE_FINISHED;
 303     return 1;
 304 }
 305
 306 static void *aes_ocb_newctx(void *provctx, size_t kbits, size_t blkbits,
 307                             size_t ivbits, unsigned int mode, uint64_t flags)
 308 {
 309     PROV_AES_OCB_CTX *ctx;
 310
 311     if (!ossl_prov_is_running())
 312         return NULL;
 313
 314     ctx = OPENSSL_zalloc(sizeof(*ctx));
 315     if (ctx != NULL) {
 316         ossl_cipher_generic_initkey(ctx, kbits, blkbits, ivbits, mode, flags,
 317                                     ossl_prov_cipher_hw_aes_ocb(kbits), NULL);
 318         ctx->taglen = OCB_DEFAULT_TAG_LEN;
 319     }
 320     return ctx;
 321 }
 322
 323 static void aes_ocb_freectx(void *vctx)
 324 {
 325     PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
 326
 327     if (ctx != NULL) {
 328         aes_generic_ocb_cleanup(ctx);
 329         ossl_cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx);
 330         OPENSSL_clear_free(ctx,  sizeof(*ctx));
 331     }
 332 }
 333
 334 static void *aes_ocb_dupctx(void *vctx)
 335 {
 336     PROV_AES_OCB_CTX *in = (PROV_AES_OCB_CTX *)vctx;
 337     PROV_AES_OCB_CTX *ret;
 338
 339     if (!ossl_prov_is_running())
 340         return NULL;
 341
 342     ret = OPENSSL_malloc(sizeof(*ret));
 343     if (ret == NULL)
 344         return NULL;
 345     *ret = *in;
 346     if (!aes_generic_ocb_copy_ctx(ret, in)) {
 347         OPENSSL_free(ret);
 348         ret = NULL;
 349     }
 350     return ret;
 351 }
 352
 353 static int aes_ocb_set_ctx_params(void *vctx, const OSSL_PARAM params[])
 354 {
 355     PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
 356     const OSSL_PARAM *p;
 357     size_t sz;
 358
 359     if (params == NULL)
 360         return 1;
 361
 362     p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TAG);
 363     if (p != NULL) {
 364         if (p->data_type != OSSL_PARAM_OCTET_STRING) {
 365             ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
 366             return 0;
 367         }
 368         if (p->data == NULL) {
 369             /* Tag len must be 0 to 16 */
 370             if (p->data_size > OCB_MAX_TAG_LEN)
 371                 return 0;
 372             ctx->taglen = p->data_size;
 373         } else {
 374             if (p->data_size != ctx->taglen || ctx->base.enc)
 375                 return 0;
 376             memcpy(ctx->tag, p->data, p->data_size);
 377         }
 378      }
 379     p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_IVLEN);
 380     if (p != NULL) {
 381         if (!OSSL_PARAM_get_size_t(p, &sz)) {
 382             ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
 383             return 0;
 384         }
 385         /* IV len must be 1 to 15 */
 386         if (sz < OCB_MIN_IV_LEN || sz > OCB_MAX_IV_LEN)
 387             return 0;
 388         ctx->base.ivlen = sz;
 389     }
 390     p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
 391     if (p != NULL) {
 392         size_t keylen;
 393
 394         if (!OSSL_PARAM_get_size_t(p, &keylen)) {
 395             ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
 396             return 0;
 397         }
 398         if (ctx->base.keylen != keylen) {
 399             ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
 400             return 0;
 401         }
 402     }
 403     return 1;
 404 }
 405
 406 static int aes_ocb_get_ctx_params(void *vctx, OSSL_PARAM params[])
 407 {
 408     PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
 409     OSSL_PARAM *p;
 410
 411     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
 412     if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->base.ivlen)) {
 413         ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
 414         return 0;
 415     }
 416     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
 417     if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->base.keylen)) {
 418         ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
 419         return 0;
 420     }
 421     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAGLEN);
 422     if (p != NULL) {
 423         if (!OSSL_PARAM_set_size_t(p, ctx->taglen)) {
 424             ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
 425             return 0;
 426         }
 427     }
 428
 429     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
 430     if (p != NULL) {
 431         if (ctx->base.ivlen > p->data_size) {
 432             ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
 433             return 0;
 434         }
 435         if (!OSSL_PARAM_set_octet_string(p, ctx->base.oiv, ctx->base.ivlen)
 436             && !OSSL_PARAM_set_octet_ptr(p, &ctx->base.oiv, ctx->base.ivlen)) {
 437             ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
 438             return 0;
 439         }
 440     }
 441     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_UPDATED_IV);
 442     if (p != NULL) {
 443         if (ctx->base.ivlen > p->data_size) {
 444             ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
 445             return 0;
 446         }
 447         if (!OSSL_PARAM_set_octet_string(p, ctx->base.iv, ctx->base.ivlen)
 448             && !OSSL_PARAM_set_octet_ptr(p, &ctx->base.iv, ctx->base.ivlen)) {
 449             ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
 450             return 0;
 451         }
 452     }
 453     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAG);
 454     if (p != NULL) {
 455         if (p->data_type != OSSL_PARAM_OCTET_STRING) {
 456             ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
 457             return 0;
 458         }
 459         if (!ctx->base.enc || p->data_size != ctx->taglen) {
 460             ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH);
 461             return 0;
 462         }
 463         memcpy(p->data, ctx->tag, ctx->taglen);
 464     }
 465     return 1;
 466 }
 467
 468 static const OSSL_PARAM cipher_ocb_known_gettable_ctx_params[] = {
 469     OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
 470     OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
 471     OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN, NULL),
 472     OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),
 473     OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_UPDATED_IV, NULL, 0),
 474     OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
 475     OSSL_PARAM_END
 476 };
 477 static const OSSL_PARAM *cipher_ocb_gettable_ctx_params(ossl_unused void *cctx,
 478                                                         ossl_unused void *p_ctx)
 479 {
 480     return cipher_ocb_known_gettable_ctx_params;
 481 }
 482
 483 static const OSSL_PARAM cipher_ocb_known_settable_ctx_params[] = {
 484     OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
 485     OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, NULL),
 486     OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
 487     OSSL_PARAM_END
 488 };
 489 static const OSSL_PARAM *cipher_ocb_settable_ctx_params(ossl_unused void *cctx,
 490                                                         ossl_unused void *p_ctx)
 491 {
 492     return cipher_ocb_known_settable_ctx_params;
 493 }
 494
 495 static int aes_ocb_cipher(void *vctx, unsigned char *out, size_t *outl,
 496                           size_t outsize, const unsigned char *in, size_t inl)
 497 {
 498     PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
 499
 500     if (!ossl_prov_is_running())
 501         return 0;
 502
 503     if (outsize < inl) {
 504         ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
 505         return 0;
 506     }
 507
 508     if (!aes_generic_ocb_cipher(ctx, in, out, inl)) {
 509         ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
 510         return 0;
 511     }
 512
 513     *outl = inl;
 514     return 1;
 515 }
 516
 517 #define IMPLEMENT_cipher(mode, UCMODE, flags, kbits, blkbits, ivbits)          \
 518 static OSSL_FUNC_cipher_get_params_fn aes_##kbits##_##mode##_get_params;       \
 519 static int aes_##kbits##_##mode##_get_params(OSSL_PARAM params[])              \
 520 {                                                                              \
 521     return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE,    \
 522                                           flags, kbits, blkbits, ivbits);      \
 523 }                                                                              \
 524 static OSSL_FUNC_cipher_newctx_fn aes_##kbits##_##mode##_newctx;               \
 525 static void *aes_##kbits##_##mode##_newctx(void *provctx)                      \
 526 {                                                                              \
 527     return aes_##mode##_newctx(provctx, kbits, blkbits, ivbits,                \
 528                                EVP_CIPH_##UCMODE##_MODE, flags);               \
 529 }                                                                              \
 530 const OSSL_DISPATCH ossl_##aes##kbits##mode##_functions[] = {                  \
 531     { OSSL_FUNC_CIPHER_NEWCTX,                                                 \
 532         (void (*)(void))aes_##kbits##_##mode##_newctx },                       \
 533     { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_##mode##_einit },     \
 534     { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_##mode##_dinit },     \
 535     { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))aes_##mode##_block_update },    \
 536     { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))aes_##mode##_block_final },      \
 537     { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))aes_ocb_cipher },               \
 538     { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_##mode##_freectx },        \
 539     { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_##mode##_dupctx },          \
 540     { OSSL_FUNC_CIPHER_GET_PARAMS,                                             \
 541         (void (*)(void))aes_##kbits##_##mode##_get_params },                   \
 542     { OSSL_FUNC_CIPHER_GET_CTX_PARAMS,                                         \
 543         (void (*)(void))aes_##mode##_get_ctx_params },                         \
 544     { OSSL_FUNC_CIPHER_SET_CTX_PARAMS,                                         \
 545         (void (*)(void))aes_##mode##_set_ctx_params },                         \
 546     { OSSL_FUNC_CIPHER_GETTABLE_PARAMS,                                        \
 547         (void (*)(void))ossl_cipher_generic_gettable_params },                 \
 548     { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS,                                    \
 549         (void (*)(void))cipher_ocb_gettable_ctx_params },                      \
 550     { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS,                                    \
 551         (void (*)(void))cipher_ocb_settable_ctx_params },                      \
 552     OSSL_DISPATCH_END                                                          \
 553 }
 554
 555 IMPLEMENT_cipher(ocb, OCB, AES_OCB_FLAGS, 256, 128, OCB_DEFAULT_IV_LEN * 8);
 556 IMPLEMENT_cipher(ocb, OCB, AES_OCB_FLAGS, 192, 128, OCB_DEFAULT_IV_LEN * 8);
 557 IMPLEMENT_cipher(ocb, OCB, AES_OCB_FLAGS, 128, 128, OCB_DEFAULT_IV_LEN * 8);