2 * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * Generic dispatch table functions for ciphers.
14 /* For SSL3_VERSION */
15 #include <openssl/ssl.h>
16 #include <openssl/proverr.h>
17 #include "ciphercommon_local.h"
18 #include "prov/provider_ctx.h"
19 #include "prov/providercommon.h"
22 * Generic cipher functions for OSSL_PARAM gettables and settables
24 static const OSSL_PARAM cipher_known_gettable_params
[] = {
25 OSSL_PARAM_uint(OSSL_CIPHER_PARAM_MODE
, NULL
),
26 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN
, NULL
),
27 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN
, NULL
),
28 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_BLOCK_SIZE
, NULL
),
29 OSSL_PARAM_int(OSSL_CIPHER_PARAM_AEAD
, NULL
),
30 OSSL_PARAM_int(OSSL_CIPHER_PARAM_CUSTOM_IV
, NULL
),
31 OSSL_PARAM_int(OSSL_CIPHER_PARAM_CTS
, NULL
),
32 OSSL_PARAM_int(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK
, NULL
),
33 { OSSL_CIPHER_PARAM_TLS_MAC
, OSSL_PARAM_OCTET_PTR
, NULL
, 0, OSSL_PARAM_UNMODIFIED
},
36 const OSSL_PARAM
*ossl_cipher_generic_gettable_params(void *provctx
)
38 return cipher_known_gettable_params
;
41 int ossl_cipher_generic_get_params(OSSL_PARAM params
[], unsigned int md
,
43 size_t kbits
, size_t blkbits
, size_t ivbits
)
47 p
= OSSL_PARAM_locate(params
, OSSL_CIPHER_PARAM_MODE
);
48 if (p
!= NULL
&& !OSSL_PARAM_set_uint(p
, md
)) {
49 ERR_raise(ERR_LIB_PROV
, PROV_R_FAILED_TO_SET_PARAMETER
);
52 p
= OSSL_PARAM_locate(params
, OSSL_CIPHER_PARAM_AEAD
);
54 && !OSSL_PARAM_set_int(p
, (flags
& PROV_CIPHER_FLAG_AEAD
) != 0)) {
55 ERR_raise(ERR_LIB_PROV
, PROV_R_FAILED_TO_SET_PARAMETER
);
58 p
= OSSL_PARAM_locate(params
, OSSL_CIPHER_PARAM_CUSTOM_IV
);
60 && !OSSL_PARAM_set_int(p
, (flags
& PROV_CIPHER_FLAG_CUSTOM_IV
) != 0)) {
61 ERR_raise(ERR_LIB_PROV
, PROV_R_FAILED_TO_SET_PARAMETER
);
64 p
= OSSL_PARAM_locate(params
, OSSL_CIPHER_PARAM_CTS
);
66 && !OSSL_PARAM_set_int(p
, (flags
& PROV_CIPHER_FLAG_CTS
) != 0)) {
67 ERR_raise(ERR_LIB_PROV
, PROV_R_FAILED_TO_SET_PARAMETER
);
70 p
= OSSL_PARAM_locate(params
, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK
);
72 && !OSSL_PARAM_set_int(p
, (flags
& PROV_CIPHER_FLAG_TLS1_MULTIBLOCK
) != 0)) {
73 ERR_raise(ERR_LIB_PROV
, PROV_R_FAILED_TO_SET_PARAMETER
);
76 p
= OSSL_PARAM_locate(params
, OSSL_CIPHER_PARAM_KEYLEN
);
77 if (p
!= NULL
&& !OSSL_PARAM_set_size_t(p
, kbits
/ 8)) {
78 ERR_raise(ERR_LIB_PROV
, PROV_R_FAILED_TO_SET_PARAMETER
);
81 p
= OSSL_PARAM_locate(params
, OSSL_CIPHER_PARAM_BLOCK_SIZE
);
82 if (p
!= NULL
&& !OSSL_PARAM_set_size_t(p
, blkbits
/ 8)) {
83 ERR_raise(ERR_LIB_PROV
, PROV_R_FAILED_TO_SET_PARAMETER
);
86 p
= OSSL_PARAM_locate(params
, OSSL_CIPHER_PARAM_IVLEN
);
87 if (p
!= NULL
&& !OSSL_PARAM_set_size_t(p
, ivbits
/ 8)) {
88 ERR_raise(ERR_LIB_PROV
, PROV_R_FAILED_TO_SET_PARAMETER
);
94 CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(ossl_cipher_generic
)
95 CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(ossl_cipher_generic
)
97 CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(ossl_cipher_generic
)
98 OSSL_PARAM_uint(OSSL_CIPHER_PARAM_TLS_VERSION
, NULL
),
99 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_TLS_MAC_SIZE
, NULL
),
100 CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(ossl_cipher_generic
)
103 * Variable key length cipher functions for OSSL_PARAM settables
105 int ossl_cipher_var_keylen_set_ctx_params(void *vctx
, const OSSL_PARAM params
[])
107 PROV_CIPHER_CTX
*ctx
= (PROV_CIPHER_CTX
*)vctx
;
110 if (!ossl_cipher_generic_set_ctx_params(vctx
, params
))
112 p
= OSSL_PARAM_locate_const(params
, OSSL_CIPHER_PARAM_KEYLEN
);
116 if (!OSSL_PARAM_get_size_t(p
, &keylen
)) {
117 ERR_raise(ERR_LIB_PROV
, PROV_R_FAILED_TO_GET_PARAMETER
);
120 ctx
->keylen
= keylen
;
125 CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(ossl_cipher_var_keylen
)
126 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN
, NULL
),
127 CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(ossl_cipher_var_keylen
)
130 * AEAD cipher functions for OSSL_PARAM gettables and settables
132 static const OSSL_PARAM cipher_aead_known_gettable_ctx_params
[] = {
133 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN
, NULL
),
134 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN
, NULL
),
135 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN
, NULL
),
136 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV
, NULL
, 0),
137 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_UPDATED_IV
, NULL
, 0),
138 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG
, NULL
, 0),
139 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD
, NULL
),
140 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN
, NULL
, 0),
143 const OSSL_PARAM
*ossl_cipher_aead_gettable_ctx_params(
144 ossl_unused
void *provctx
147 return cipher_aead_known_gettable_ctx_params
;
150 static const OSSL_PARAM cipher_aead_known_settable_ctx_params
[] = {
151 OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN
, NULL
),
152 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG
, NULL
, 0),
153 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD
, NULL
, 0),
154 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED
, NULL
, 0),
155 OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV
, NULL
, 0),
158 const OSSL_PARAM
*ossl_cipher_aead_settable_ctx_params(
159 ossl_unused
void *provctx
162 return cipher_aead_known_settable_ctx_params
;
165 void ossl_cipher_generic_reset_ctx(PROV_CIPHER_CTX
*ctx
)
167 if (ctx
!= NULL
&& ctx
->alloced
) {
168 OPENSSL_free(ctx
->tlsmac
);
174 static int cipher_generic_init_internal(PROV_CIPHER_CTX
*ctx
,
175 const unsigned char *key
, size_t keylen
,
176 const unsigned char *iv
, size_t ivlen
,
182 ctx
->enc
= enc
? 1 : 0;
184 if (!ossl_prov_is_running())
187 if (iv
!= NULL
&& ctx
->mode
!= EVP_CIPH_ECB_MODE
) {
188 if (!ossl_cipher_generic_initiv(ctx
, iv
, ivlen
))
192 if (ctx
->variable_keylength
== 0) {
193 if (keylen
!= ctx
->keylen
) {
194 ERR_raise(ERR_LIB_PROV
, PROV_R_INVALID_KEY_LENGTH
);
198 ctx
->keylen
= keylen
;
200 return ctx
->hw
->init(ctx
, key
, ctx
->keylen
);
205 int ossl_cipher_generic_einit(void *vctx
, const unsigned char *key
,
206 size_t keylen
, const unsigned char *iv
,
209 return cipher_generic_init_internal((PROV_CIPHER_CTX
*)vctx
, key
, keylen
,
213 int ossl_cipher_generic_dinit(void *vctx
, const unsigned char *key
,
214 size_t keylen
, const unsigned char *iv
,
217 return cipher_generic_init_internal((PROV_CIPHER_CTX
*)vctx
, key
, keylen
,
221 /* Max padding including padding length byte */
222 #define MAX_PADDING 256
224 int ossl_cipher_generic_block_update(void *vctx
, unsigned char *out
,
225 size_t *outl
, size_t outsize
,
226 const unsigned char *in
, size_t inl
)
229 PROV_CIPHER_CTX
*ctx
= (PROV_CIPHER_CTX
*)vctx
;
230 size_t blksz
= ctx
->blocksize
;
233 if (ctx
->tlsversion
> 0) {
235 * Each update call corresponds to a TLS record and is individually
239 /* Sanity check inputs */
244 ERR_raise(ERR_LIB_PROV
, PROV_R_CIPHER_OPERATION_FAILED
);
249 unsigned char padval
;
254 padnum
= blksz
- (inl
% blksz
);
256 if (outsize
< inl
+ padnum
) {
257 ERR_raise(ERR_LIB_PROV
, PROV_R_CIPHER_OPERATION_FAILED
);
261 if (padnum
> MAX_PADDING
) {
262 ERR_raise(ERR_LIB_PROV
, PROV_R_CIPHER_OPERATION_FAILED
);
265 padval
= (unsigned char)(padnum
- 1);
266 if (ctx
->tlsversion
== SSL3_VERSION
) {
268 memset(out
+ inl
, 0, padnum
- 1);
269 *(out
+ inl
+ padnum
- 1) = padval
;
271 /* we need to add 'padnum' padding bytes of value padval */
272 for (loop
= inl
; loop
< inl
+ padnum
; loop
++)
278 if ((inl
% blksz
) != 0) {
279 ERR_raise(ERR_LIB_PROV
, PROV_R_CIPHER_OPERATION_FAILED
);
284 /* Shouldn't normally fail */
285 if (!ctx
->hw
->cipher(ctx
, out
, in
, inl
)) {
286 ERR_raise(ERR_LIB_PROV
, PROV_R_CIPHER_OPERATION_FAILED
);
291 OPENSSL_free(ctx
->tlsmac
);
296 /* This only fails if padding is publicly invalid */
299 && !tlsunpadblock(ctx
->libctx
, ctx
->tlsversion
, out
, outl
,
300 blksz
, &ctx
->tlsmac
, &ctx
->alloced
,
301 ctx
->tlsmacsize
, 0)) {
302 ERR_raise(ERR_LIB_PROV
, PROV_R_CIPHER_OPERATION_FAILED
);
309 nextblocks
= fillblock(ctx
->buf
, &ctx
->bufsz
, blksz
, &in
, &inl
);
311 nextblocks
= inl
& ~(blksz
-1);
314 * If we're decrypting and we end an update on a block boundary we hold
315 * the last block back in case this is the last update call and the last
318 if (ctx
->bufsz
== blksz
&& (ctx
->enc
|| inl
> 0 || !ctx
->pad
)) {
319 if (outsize
< blksz
) {
320 ERR_raise(ERR_LIB_PROV
, PROV_R_OUTPUT_BUFFER_TOO_SMALL
);
323 if (!ctx
->hw
->cipher(ctx
, out
, ctx
->buf
, blksz
)) {
324 ERR_raise(ERR_LIB_PROV
, PROV_R_CIPHER_OPERATION_FAILED
);
331 if (nextblocks
> 0) {
332 if (!ctx
->enc
&& ctx
->pad
&& nextblocks
== inl
) {
333 if (!ossl_assert(inl
>= blksz
)) {
334 ERR_raise(ERR_LIB_PROV
, PROV_R_OUTPUT_BUFFER_TOO_SMALL
);
339 outlint
+= nextblocks
;
340 if (outsize
< outlint
) {
341 ERR_raise(ERR_LIB_PROV
, PROV_R_OUTPUT_BUFFER_TOO_SMALL
);
345 if (nextblocks
> 0) {
346 if (!ctx
->hw
->cipher(ctx
, out
, in
, nextblocks
)) {
347 ERR_raise(ERR_LIB_PROV
, PROV_R_CIPHER_OPERATION_FAILED
);
353 if (inl
!= 0 && !trailingdata(ctx
->buf
, &ctx
->bufsz
, blksz
, &in
, &inl
)) {
354 /* ERR_raise already called */
362 int ossl_cipher_generic_block_final(void *vctx
, unsigned char *out
,
363 size_t *outl
, size_t outsize
)
365 PROV_CIPHER_CTX
*ctx
= (PROV_CIPHER_CTX
*)vctx
;
366 size_t blksz
= ctx
->blocksize
;
368 if (!ossl_prov_is_running())
371 if (ctx
->tlsversion
> 0) {
372 /* We never finalize TLS, so this is an error */
373 ERR_raise(ERR_LIB_PROV
, PROV_R_CIPHER_OPERATION_FAILED
);
379 padblock(ctx
->buf
, &ctx
->bufsz
, blksz
);
380 } else if (ctx
->bufsz
== 0) {
383 } else if (ctx
->bufsz
!= blksz
) {
384 ERR_raise(ERR_LIB_PROV
, PROV_R_WRONG_FINAL_BLOCK_LENGTH
);
388 if (outsize
< blksz
) {
389 ERR_raise(ERR_LIB_PROV
, PROV_R_OUTPUT_BUFFER_TOO_SMALL
);
392 if (!ctx
->hw
->cipher(ctx
, out
, ctx
->buf
, blksz
)) {
393 ERR_raise(ERR_LIB_PROV
, PROV_R_CIPHER_OPERATION_FAILED
);
402 if (ctx
->bufsz
!= blksz
) {
403 if (ctx
->bufsz
== 0 && !ctx
->pad
) {
407 ERR_raise(ERR_LIB_PROV
, PROV_R_WRONG_FINAL_BLOCK_LENGTH
);
411 if (!ctx
->hw
->cipher(ctx
, ctx
->buf
, ctx
->buf
, blksz
)) {
412 ERR_raise(ERR_LIB_PROV
, PROV_R_CIPHER_OPERATION_FAILED
);
416 if (ctx
->pad
&& !unpadblock(ctx
->buf
, &ctx
->bufsz
, blksz
)) {
417 /* ERR_raise already called */
421 if (outsize
< ctx
->bufsz
) {
422 ERR_raise(ERR_LIB_PROV
, PROV_R_OUTPUT_BUFFER_TOO_SMALL
);
425 memcpy(out
, ctx
->buf
, ctx
->bufsz
);
431 int ossl_cipher_generic_stream_update(void *vctx
, unsigned char *out
,
432 size_t *outl
, size_t outsize
,
433 const unsigned char *in
, size_t inl
)
435 PROV_CIPHER_CTX
*ctx
= (PROV_CIPHER_CTX
*)vctx
;
443 ERR_raise(ERR_LIB_PROV
, PROV_R_OUTPUT_BUFFER_TOO_SMALL
);
447 if (!ctx
->hw
->cipher(ctx
, out
, in
, inl
)) {
448 ERR_raise(ERR_LIB_PROV
, PROV_R_CIPHER_OPERATION_FAILED
);
453 if (!ctx
->enc
&& ctx
->tlsversion
> 0) {
455 * Remove any TLS padding. Only used by cipher_aes_cbc_hmac_sha1_hw.c and
456 * cipher_aes_cbc_hmac_sha256_hw.c
458 if (ctx
->removetlspad
) {
460 * We should have already failed in the cipher() call above if this
463 if (!ossl_assert(*outl
>= (size_t)(out
[inl
- 1] + 1)))
465 /* The actual padding length */
466 *outl
-= out
[inl
- 1] + 1;
469 /* TLS MAC and explicit IV if relevant. We should have already failed
470 * in the cipher() call above if *outl is too short.
472 if (!ossl_assert(*outl
>= ctx
->removetlsfixed
))
474 *outl
-= ctx
->removetlsfixed
;
476 /* Extract the MAC if there is one */
477 if (ctx
->tlsmacsize
> 0) {
478 if (*outl
< ctx
->tlsmacsize
)
481 ctx
->tlsmac
= out
+ *outl
- ctx
->tlsmacsize
;
482 *outl
-= ctx
->tlsmacsize
;
488 int ossl_cipher_generic_stream_final(void *vctx
, unsigned char *out
,
489 size_t *outl
, size_t outsize
)
491 if (!ossl_prov_is_running())
498 int ossl_cipher_generic_cipher(void *vctx
, unsigned char *out
, size_t *outl
,
499 size_t outsize
, const unsigned char *in
,
502 PROV_CIPHER_CTX
*ctx
= (PROV_CIPHER_CTX
*)vctx
;
504 if (!ossl_prov_is_running())
508 ERR_raise(ERR_LIB_PROV
, PROV_R_OUTPUT_BUFFER_TOO_SMALL
);
512 if (!ctx
->hw
->cipher(ctx
, out
, in
, inl
)) {
513 ERR_raise(ERR_LIB_PROV
, PROV_R_CIPHER_OPERATION_FAILED
);
521 int ossl_cipher_generic_get_ctx_params(void *vctx
, OSSL_PARAM params
[])
523 PROV_CIPHER_CTX
*ctx
= (PROV_CIPHER_CTX
*)vctx
;
526 p
= OSSL_PARAM_locate(params
, OSSL_CIPHER_PARAM_IVLEN
);
527 if (p
!= NULL
&& !OSSL_PARAM_set_size_t(p
, ctx
->ivlen
)) {
528 ERR_raise(ERR_LIB_PROV
, PROV_R_FAILED_TO_SET_PARAMETER
);
531 p
= OSSL_PARAM_locate(params
, OSSL_CIPHER_PARAM_PADDING
);
532 if (p
!= NULL
&& !OSSL_PARAM_set_uint(p
, ctx
->pad
)) {
533 ERR_raise(ERR_LIB_PROV
, PROV_R_FAILED_TO_SET_PARAMETER
);
536 p
= OSSL_PARAM_locate(params
, OSSL_CIPHER_PARAM_IV
);
538 && !OSSL_PARAM_set_octet_ptr(p
, &ctx
->oiv
, ctx
->ivlen
)
539 && !OSSL_PARAM_set_octet_string(p
, &ctx
->oiv
, ctx
->ivlen
)) {
540 ERR_raise(ERR_LIB_PROV
, PROV_R_FAILED_TO_SET_PARAMETER
);
543 p
= OSSL_PARAM_locate(params
, OSSL_CIPHER_PARAM_UPDATED_IV
);
545 && !OSSL_PARAM_set_octet_ptr(p
, &ctx
->iv
, ctx
->ivlen
)
546 && !OSSL_PARAM_set_octet_string(p
, &ctx
->iv
, ctx
->ivlen
)) {
547 ERR_raise(ERR_LIB_PROV
, PROV_R_FAILED_TO_SET_PARAMETER
);
550 p
= OSSL_PARAM_locate(params
, OSSL_CIPHER_PARAM_NUM
);
551 if (p
!= NULL
&& !OSSL_PARAM_set_uint(p
, ctx
->num
)) {
552 ERR_raise(ERR_LIB_PROV
, PROV_R_FAILED_TO_SET_PARAMETER
);
555 p
= OSSL_PARAM_locate(params
, OSSL_CIPHER_PARAM_KEYLEN
);
556 if (p
!= NULL
&& !OSSL_PARAM_set_size_t(p
, ctx
->keylen
)) {
557 ERR_raise(ERR_LIB_PROV
, PROV_R_FAILED_TO_SET_PARAMETER
);
560 p
= OSSL_PARAM_locate(params
, OSSL_CIPHER_PARAM_TLS_MAC
);
562 && !OSSL_PARAM_set_octet_ptr(p
, ctx
->tlsmac
, ctx
->tlsmacsize
)) {
563 ERR_raise(ERR_LIB_PROV
, PROV_R_FAILED_TO_SET_PARAMETER
);
569 int ossl_cipher_generic_set_ctx_params(void *vctx
, const OSSL_PARAM params
[])
571 PROV_CIPHER_CTX
*ctx
= (PROV_CIPHER_CTX
*)vctx
;
574 p
= OSSL_PARAM_locate_const(params
, OSSL_CIPHER_PARAM_PADDING
);
578 if (!OSSL_PARAM_get_uint(p
, &pad
)) {
579 ERR_raise(ERR_LIB_PROV
, PROV_R_FAILED_TO_GET_PARAMETER
);
582 ctx
->pad
= pad
? 1 : 0;
584 p
= OSSL_PARAM_locate_const(params
, OSSL_CIPHER_PARAM_TLS_VERSION
);
586 if (!OSSL_PARAM_get_uint(p
, &ctx
->tlsversion
)) {
587 ERR_raise(ERR_LIB_PROV
, PROV_R_FAILED_TO_GET_PARAMETER
);
591 p
= OSSL_PARAM_locate_const(params
, OSSL_CIPHER_PARAM_TLS_MAC_SIZE
);
593 if (!OSSL_PARAM_get_size_t(p
, &ctx
->tlsmacsize
)) {
594 ERR_raise(ERR_LIB_PROV
, PROV_R_FAILED_TO_GET_PARAMETER
);
598 p
= OSSL_PARAM_locate_const(params
, OSSL_CIPHER_PARAM_NUM
);
602 if (!OSSL_PARAM_get_uint(p
, &num
)) {
603 ERR_raise(ERR_LIB_PROV
, PROV_R_FAILED_TO_GET_PARAMETER
);
611 int ossl_cipher_generic_initiv(PROV_CIPHER_CTX
*ctx
, const unsigned char *iv
,
614 if (ivlen
!= ctx
->ivlen
615 || ivlen
> sizeof(ctx
->iv
)) {
616 ERR_raise(ERR_LIB_PROV
, PROV_R_INVALID_IV_LENGTH
);
620 memcpy(ctx
->iv
, iv
, ivlen
);
621 memcpy(ctx
->oiv
, iv
, ivlen
);
625 void ossl_cipher_generic_initkey(void *vctx
, size_t kbits
, size_t blkbits
,
626 size_t ivbits
, unsigned int mode
,
627 uint64_t flags
, const PROV_CIPHER_HW
*hw
,
630 PROV_CIPHER_CTX
*ctx
= (PROV_CIPHER_CTX
*)vctx
;
632 if ((flags
& PROV_CIPHER_FLAG_INVERSE_CIPHER
) != 0)
633 ctx
->inverse_cipher
= 1;
634 if ((flags
& PROV_CIPHER_FLAG_VARIABLE_LENGTH
) != 0)
635 ctx
->variable_keylength
= 1;
638 ctx
->keylen
= ((kbits
) / 8);
639 ctx
->ivlen
= ((ivbits
) / 8);
642 ctx
->blocksize
= blkbits
/ 8;
644 ctx
->libctx
= PROV_LIBCTX_OF(provctx
); /* used for rand */