diff options
28 files changed, 822 insertions, 1027 deletions
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 6f58e27004..f93ba61318 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -19,7 +19,8 @@ #include "internal/evp_int.h" #include "internal/cryptlib.h" #include "internal/modes_int.h" -#include "modes_lcl.h" +#include "internal/siv_int.h" +#include "internal/aes_platform.h" #include "evp_locl.h" typedef struct { @@ -111,50 +112,6 @@ typedef struct { #define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4)) -#ifdef VPAES_ASM -int vpaes_set_encrypt_key(const unsigned char *userKey, int bits, - AES_KEY *key); -int vpaes_set_decrypt_key(const unsigned char *userKey, int bits, - AES_KEY *key); - -void vpaes_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); -void vpaes_decrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); - -void vpaes_cbc_encrypt(const unsigned char *in, - unsigned char *out, - size_t length, - const AES_KEY *key, unsigned char *ivec, int enc); -#endif -#ifdef BSAES_ASM -void bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char ivec[16], int enc); -void bsaes_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, - const unsigned char ivec[16]); -void bsaes_xts_encrypt(const unsigned char *inp, unsigned char *out, - size_t len, const AES_KEY *key1, - const AES_KEY *key2, const unsigned char iv[16]); -void bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out, - size_t len, const AES_KEY *key1, - const AES_KEY *key2, const unsigned char iv[16]); -#endif -#ifdef AES_CTR_ASM -void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const AES_KEY *key, - const unsigned char ivec[AES_BLOCK_SIZE]); -#endif -#ifdef AES_XTS_ASM -void AES_xts_encrypt(const unsigned char *inp, unsigned char *out, size_t len, - const AES_KEY *key1, const AES_KEY *key2, - const unsigned char iv[16]); -void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len, - const AES_KEY *key1, const AES_KEY *key2, - const unsigned char iv[16]); -#endif - /* increment counter (64-bit int) by 1 */ static void ctr64_inc(unsigned char *counter) { @@ -171,105 +128,10 @@ static void ctr64_inc(unsigned char *counter) } while (n); } -#if defined(OPENSSL_CPUID_OBJ) && (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC)) -# include "ppc_arch.h" -# ifdef VPAES_ASM -# define VPAES_CAPABLE (OPENSSL_ppccap_P & PPC_ALTIVEC) -# endif -# define HWAES_CAPABLE (OPENSSL_ppccap_P & PPC_CRYPTO207) -# define HWAES_set_encrypt_key aes_p8_set_encrypt_key -# define HWAES_set_decrypt_key aes_p8_set_decrypt_key -# define HWAES_encrypt aes_p8_encrypt -# define HWAES_decrypt aes_p8_decrypt -# define HWAES_cbc_encrypt aes_p8_cbc_encrypt -# define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks -# define HWAES_xts_encrypt aes_p8_xts_encrypt -# define HWAES_xts_decrypt aes_p8_xts_decrypt -#endif - -#if defined(AES_ASM) && !defined(I386_ONLY) && ( \ - ((defined(__i386) || defined(__i386__) || \ - defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64) ) - -extern unsigned int OPENSSL_ia32cap_P[]; - -# ifdef VPAES_ASM -# define VPAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32))) -# endif -# ifdef BSAES_ASM -# define BSAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32))) -# endif -/* - * AES-NI section - */ -# define AESNI_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(57-32))) - -int aesni_set_encrypt_key(const unsigned char *userKey, int bits, - AES_KEY *key); -int aesni_set_decrypt_key(const unsigned char *userKey, int bits, - AES_KEY *key); - -void aesni_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); -void aesni_decrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); - -void aesni_ecb_encrypt(const unsigned char *in, - unsigned char *out, - size_t length, const AES_KEY *key, int enc); -void aesni_cbc_encrypt(const unsigned char *in, - unsigned char *out, - size_t length, - const AES_KEY *key, unsigned char *ivec, int enc); - -void aesni_ctr32_encrypt_blocks(const unsigned char *in, - unsigned char *out, - size_t blocks, - const void *key, const unsigned char *ivec); - -void aesni_xts_encrypt(const unsigned char *in, - unsigned char *out, - size_t length, - const AES_KEY *key1, const AES_KEY *key2, - const unsigned char iv[16]); - -void aesni_xts_decrypt(const unsigned char *in, - unsigned char *out, - size_t length, - const AES_KEY *key1, const AES_KEY *key2, - const unsigned char iv[16]); - -void aesni_ccm64_encrypt_blocks(const unsigned char *in, - unsigned char *out, - size_t blocks, - const void *key, - const unsigned char ivec[16], - unsigned char cmac[16]); - -void aesni_ccm64_decrypt_blocks(const unsigned char *in, - unsigned char *out, - size_t blocks, - const void *key, - const unsigned char ivec[16], - unsigned char cmac[16]); - +#if defined(AESNI_CAPABLE) # if defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) -size_t aesni_gcm_encrypt(const unsigned char *in, - unsigned char *out, - size_t len, - const void *key, unsigned char ivec[16], u64 *Xi); # define AES_gcm_encrypt aesni_gcm_encrypt -size_t aesni_gcm_decrypt(const unsigned char *in, - unsigned char *out, - size_t len, - const void *key, unsigned char ivec[16], u64 *Xi); # define AES_gcm_decrypt aesni_gcm_decrypt -void gcm_ghash_avx(u64 Xi[2], const u128 Htable[16], const u8 *in, - size_t len); -# define AES_GCM_ASM(gctx) (gctx->ctr==aesni_ctr32_encrypt_blocks && \ - gctx->gcm.ghash==gcm_ghash_avx) # define AES_GCM_ASM2(gctx) (gctx->gcm.block==(block128_f)aesni_encrypt && \ gctx->gcm.ghash==gcm_ghash_avx) # undef AES_GCM_ASM2 /* minor size optimization */ @@ -471,19 +333,6 @@ static int aesni_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len); # ifndef OPENSSL_NO_OCB -void aesni_ocb_encrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const void *key, - size_t start_block_num, - unsigned char offset_i[16], - const unsigned char L_[][16], - unsigned char checksum[16]); -void aesni_ocb_decrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const void *key, - size_t start_block_num, - unsigned char offset_i[16], - const unsigned char L_[][16], - unsigned char checksum[16]); - static int aesni_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { @@ -584,81 +433,7 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \ const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ { return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; } -#elif defined(AES_ASM) && (defined(__sparc) || defined(__sparc__)) - -# include "sparc_arch.h" - -extern unsigned int OPENSSL_sparcv9cap_P[]; - -/* - * Initial Fujitsu SPARC64 X support - */ -# define HWAES_CAPABLE (OPENSSL_sparcv9cap_P[0] & SPARCV9_FJAESX) -# define HWAES_set_encrypt_key aes_fx_set_encrypt_key -# define HWAES_set_decrypt_key aes_fx_set_decrypt_key -# define HWAES_encrypt aes_fx_encrypt -# define HWAES_decrypt aes_fx_decrypt -# define HWAES_cbc_encrypt aes_fx_cbc_encrypt -# define HWAES_ctr32_encrypt_blocks aes_fx_ctr32_encrypt_blocks - -# define SPARC_AES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_AES) - -void aes_t4_set_encrypt_key(const unsigned char *key, int bits, AES_KEY *ks); -void aes_t4_set_decrypt_key(const unsigned char *key, int bits, AES_KEY *ks); -void aes_t4_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); -void aes_t4_decrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); -/* - * Key-length specific subroutines were chosen for following reason. - * Each SPARC T4 core can execute up to 8 threads which share core's - * resources. Loading as much key material to registers allows to - * minimize references to shared memory interface, as well as amount - * of instructions in inner loops [much needed on T4]. But then having - * non-key-length specific routines would require conditional branches - * either in inner loops or on subroutines' entries. Former is hardly - * acceptable, while latter means code size increase to size occupied - * by multiple key-length specific subroutines, so why fight? - */ -void aes128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, - unsigned char *ivec); -void aes128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, - unsigned char *ivec); -void aes192_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, - unsigned char *ivec); -void aes192_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, - unsigned char *ivec); -void aes256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, - unsigned char *ivec); -void aes256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, - unsigned char *ivec); -void aes128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const AES_KEY *key, - unsigned char *ivec); -void aes192_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const AES_KEY *key, - unsigned char *ivec); -void aes256_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const AES_KEY *key, - unsigned char *ivec); -void aes128_t4_xts_encrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const AES_KEY *key1, - const AES_KEY *key2, const unsigned char *ivec); -void aes128_t4_xts_decrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const AES_KEY *key1, - const AES_KEY *key2, const unsigned char *ivec); -void aes256_t4_xts_encrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const AES_KEY *key1, - const AES_KEY *key2, const unsigned char *ivec); -void aes256_t4_xts_decrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const AES_KEY *key1, - const AES_KEY *key2, const unsigned char *ivec); +#elif defined(SPARC_AES_CAPABLE) static int aes_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) @@ -1012,12 +787,8 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \ const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ { return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; } -#elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__) -/* - * IBM S390X support - */ -# include "s390x_arch.h" - +#elif defined(S390X_aes_128_CAPABLE) +/* IBM S390X support */ typedef struct { union { OSSL_UNION_ALIGN; @@ -1170,24 +941,10 @@ typedef struct { } aes; } S390X_AES_CCM_CTX; -/* Convert key size to function code: [16,24,32] -> [18,19,20]. */ -# define S390X_AES_FC(keylen) (S390X_AES_128 + ((((keylen) << 3) - 128) >> 6)) - -/* Most modes of operation need km for partial block processing. */ -# define S390X_aes_128_CAPABLE (OPENSSL_s390xcap_P.km[0] & \ - S390X_CAPBIT(S390X_AES_128)) -# define S390X_aes_192_CAPABLE (OPENSSL_s390xcap_P.km[0] & \ - S390X_CAPBIT(S390X_AES_192)) -# define S390X_aes_256_CAPABLE (OPENSSL_s390xcap_P.km[0] & \ - S390X_CAPBIT(S390X_AES_256)) - # define s390x_aes_init_key aes_init_key static int s390x_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); -# define S390X_aes_128_cbc_CAPABLE 1 /* checked by callee */ -# define S390X_aes_192_cbc_CAPABLE 1 -# define S390X_aes_256_cbc_CAPABLE 1 # define S390X_AES_CBC_CTX EVP_AES_KEY # define s390x_aes_cbc_init_key aes_init_key @@ -1196,10 +953,6 @@ static int s390x_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, static int s390x_aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len); -# define S390X_aes_128_ecb_CAPABLE S390X_aes_128_CAPABLE -# define S390X_aes_192_ecb_CAPABLE S390X_aes_192_CAPABLE -# define S390X_aes_256_ecb_CAPABLE S390X_aes_256_CAPABLE - static int s390x_aes_ecb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) @@ -1224,16 +977,6 @@ static int s390x_aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return 1; } -# define S390X_aes_128_ofb_CAPABLE (S390X_aes_128_CAPABLE && \ - (OPENSSL_s390xcap_P.kmo[0] & \ - S390X_CAPBIT(S390X_AES_128))) -# define S390X_aes_192_ofb_CAPABLE (S390X_aes_192_CAPABLE && \ - (OPENSSL_s390xcap_P.kmo[0] & \ - S390X_CAPBIT(S390X_AES_192))) -# define S390X_aes_256_ofb_CAPABLE (S390X_aes_256_CAPABLE && \ - (OPENSSL_s390xcap_P.kmo[0] & \ - S390X_CAPBIT(S390X_AES_256))) - static int s390x_aes_ofb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *ivec, int enc) @@ -1289,16 +1032,6 @@ static int s390x_aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return 1; } -# define S390X_aes_128_cfb_CAPABLE (S390X_aes_128_CAPABLE && \ - (OPENSSL_s390xcap_P.kmf[0] & \ - S390X_CAPBIT(S390X_AES_128))) -# define S390X_aes_192_cfb_CAPABLE (S390X_aes_192_CAPABLE && \ - (OPENSSL_s390xcap_P.kmf[0] & \ - S390X_CAPBIT(S390X_AES_192))) -# define S390X_aes_256_cfb_CAPABLE (S390X_aes_256_CAPABLE && \ - (OPENSSL_s390xcap_P.kmf[0] & \ - S390X_CAPBIT(S390X_AES_256))) - static int s390x_aes_cfb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *ivec, int enc) @@ -1365,13 +1098,6 @@ static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return 1; } -# define S390X_aes_128_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \ - S390X_CAPBIT(S390X_AES_128)) -# define S390X_aes_192_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \ - S390X_CAPBIT(S390X_AES_192)) -# define S390X_aes_256_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \ - S390X_CAPBIT(S390X_AES_256)) - static int s390x_aes_cfb8_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *ivec, int enc) @@ -1400,19 +1126,12 @@ static int s390x_aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return 1; } -# define S390X_aes_128_cfb1_CAPABLE 0 -# define S390X_aes_192_cfb1_CAPABLE 0 -# define S390X_aes_256_cfb1_CAPABLE 0 - # define s390x_aes_cfb1_init_key aes_init_key # define s390x_aes_cfb1_cipher aes_cfb1_cipher static int s390x_aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len); -# define S390X_aes_128_ctr_CAPABLE 1 /* checked by callee */ -# define S390X_aes_192_ctr_CAPABLE 1 -# define S390X_aes_256_ctr_CAPABLE 1 # define S390X_AES_CTR_CTX EVP_AES_KEY # define s390x_aes_ctr_init_key aes_init_key @@ -1421,16 +1140,6 @@ static int s390x_aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, static int s390x_aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len); -# define S390X_aes_128_gcm_CAPABLE (S390X_aes_128_CAPABLE && \ - (OPENSSL_s390xcap_P.kma[0] & \ - S390X_CAPBIT(S390X_AES_128))) -# define S390X_aes_192_gcm_CAPABLE (S390X_aes_192_CAPABLE && \ - (OPENSSL_s390xcap_P.kma[0] & \ - S390X_CAPBIT(S390X_AES_192))) -# define S390X_aes_256_gcm_CAPABLE (S390X_aes_256_CAPABLE && \ - (OPENSSL_s390xcap_P.kma[0] & \ - S390X_CAPBIT(S390X_AES_256))) - /* iv + padding length for iv lengths != 12 */ # define S390X_gcm_ivpadlen(i) ((((i) + 15) >> 4 << 4) + 16) @@ -1954,8 +1663,6 @@ static int s390x_aes_gcm_cleanup(EVP_CIPHER_CTX *c) } # define S390X_AES_XTS_CTX EVP_AES_XTS_CTX -# define S390X_aes_128_xts_CAPABLE 1 /* checked by callee */ -# define S390X_aes_256_xts_CAPABLE 1 # define s390x_aes_xts_init_key aes_xts_init_key static int s390x_aes_xts_init_key(EVP_CIPHER_CTX *ctx, @@ -1968,18 +1675,6 @@ static int s390x_aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, static int s390x_aes_xts_ctrl(EVP_CIPHER_CTX *, int type, int arg, void *ptr); # define s390x_aes_xts_cleanup aes_xts_cleanup -# define S390X_aes_128_ccm_CAPABLE (S390X_aes_128_CAPABLE && \ - (OPENSSL_s390xcap_P.kmac[0] & \ - S390X_CAPBIT(S390X_AES_128))) -# define S390X_aes_192_ccm_CAPABLE (S390X_aes_192_CAPABLE && \ - (OPENSSL_s390xcap_P.kmac[0] & \ - S390X_CAPBIT(S390X_AES_192))) -# define S390X_aes_256_ccm_CAPABLE (S390X_aes_256_CAPABLE && \ - (OPENSSL_s390xcap_P.kmac[0] & \ - S390X_CAPBIT(S390X_AES_256))) - -# define S390X_CCM_AAD_FLAG 0x40 - /*- * Set nonce and length fields. Code is big-endian. */ @@ -2452,9 +2147,6 @@ static int s390x_aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) # ifndef OPENSSL_NO_OCB # define S390X_AES_OCB_CTX EVP_AES_OCB_CTX -# define S390X_aes_128_ocb_CAPABLE 0 -# define S390X_aes_192_ocb_CAPABLE 0 -# define S390X_aes_256_ocb_CAPABLE 0 # define s390x_aes_ocb_init_key aes_ocb_init_key static int s390x_aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, @@ -2470,9 +2162,6 @@ static int s390x_aes_ocb_ctrl(EVP_CIPHER_CTX *, int type, int arg, void *ptr); # ifndef OPENSSL_NO_SIV # define S390X_AES_SIV_CTX EVP_AES_SIV_CTX -# define S390X_aes_128_siv_CAPABLE 0 -# define S390X_aes_192_siv_CAPABLE 0 -# define S390X_aes_256_siv_CAPABLE 0 # define s390x_aes_siv_init_key aes_siv_init_key # define s390x_aes_siv_cipher aes_siv_cipher @@ -2583,48 +2272,6 @@ const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ #endif -#if defined(OPENSSL_CPUID_OBJ) && (defined(__arm__) || defined(__arm) || defined(__aarch64__)) -# include "arm_arch.h" -# if __ARM_MAX_ARCH__>=7 -# if defined(BSAES_ASM) -# define BSAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON) -# endif -# if defined(VPAES_ASM) -# define VPAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON) -# endif -# define HWAES_CAPABLE (OPENSSL_armcap_P & ARMV8_AES) -# define HWAES_set_encrypt_key aes_v8_set_encrypt_key -# define HWAES_set_decrypt_key aes_v8_set_decrypt_key -# define HWAES_encrypt aes_v8_encrypt -# define HWAES_decrypt aes_v8_decrypt -# define HWAES_cbc_encrypt aes_v8_cbc_encrypt -# define HWAES_ctr32_encrypt_blocks aes_v8_ctr32_encrypt_blocks -# endif -#endif - -#if defined(HWAES_CAPABLE) -int HWAES_set_encrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key); -int HWAES_set_decrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key); -void HWAES_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); -void HWAES_decrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); -void HWAES_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char *ivec, const int enc); -void HWAES_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, - const unsigned char ivec[16]); -void HWAES_xts_encrypt(const unsigned char *inp, unsigned char *out, - size_t len, const AES_KEY *key1, - const AES_KEY *key2, const unsigned char iv[16]); -void HWAES_xts_decrypt(const unsigned char *inp, unsigned char *out, - size_t len, const AES_KEY *key1, - const AES_KEY *key2, const unsigned char iv[16]); -#endif - #define BLOCK_CIPHER_generic_pack(nid,keylen,flags) \ BLOCK_CIPHER_generic(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ BLOCK_CIPHER_generic(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ @@ -4110,29 +3757,6 @@ static int aes_ocb_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) } } -# ifdef HWAES_CAPABLE -# ifdef HWAES_ocb_encrypt -void HWAES_ocb_encrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const void *key, - size_t start_block_num, - unsigned char offset_i[16], - const unsigned char L_[][16], - unsigned char checksum[16]); -# else -# define HWAES_ocb_encrypt ((ocb128_f)NULL) -# endif -# ifdef HWAES_ocb_decrypt -void HWAES_ocb_decrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const void *key, - size_t start_block_num, - unsigned char offset_i[16], - const unsigned char L_[][16], - unsigned char checksum[16]); -# else -# define HWAES_ocb_decrypt ((ocb128_f)NULL) -# endif -# endif - static int aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c index f6450f3996..8d557e512e 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha1.c +++ b/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -7,17 +7,15 @@ * https://www.openssl.org/source/license.html */ -#include <openssl/opensslconf.h> - #include <stdio.h> #include <string.h> - +#include <openssl/opensslconf.h> #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/aes.h> #include <openssl/sha.h> #include <openssl/rand.h> -#include "modes_lcl.h" +#include "internal/modes_int.h" #include "internal/evp_int.h" #include "internal/constant_time_locl.h" diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c index cd51e93cc1..6efd3000b8 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha256.c +++ b/crypto/evp/e_aes_cbc_hmac_sha256.c @@ -7,18 +7,15 @@ * https://www.openssl.org/source/license.html */ -#include <openssl/opensslconf.h> - #include <stdio.h> #include <string.h> - - +#include <openssl/opensslconf.h> #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/aes.h> #include <openssl/sha.h> #include <openssl/rand.h> -#include "modes_lcl.h" +#include "internal/modes_int.h" #include "internal/constant_time_locl.h" #include "internal/evp_int.h" diff --git a/crypto/evp/e_aria.c b/crypto/evp/e_aria.c index 5404dd480f..f2588f141a 100644 --- a/crypto/evp/e_aria.c +++ b/crypto/evp/e_aria.c @@ -16,7 +16,7 @@ # include <openssl/rand_drbg.h> # include "internal/aria.h" # include "internal/evp_int.h" -# include "modes_lcl.h" +# include "internal/modes_int.h" # include "evp_locl.h" /* ARIA subkey Structure */ diff --git a/crypto/evp/e_camellia.c b/crypto/evp/e_camellia.c index e018ba48f3..9def167bfa 100644 --- a/crypto/evp/e_camellia.c +++ b/crypto/evp/e_camellia.c @@ -18,7 +18,7 @@ NON_EMPTY_TRANSLATION_UNIT # include <assert.h> # include <openssl/camellia.h> # include "internal/evp_int.h" -# include "modes_lcl.h" +# include "internal/modes_int.h" static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 3b83d1173c..c1f7e77eb1 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -920,9 +920,11 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) { - int ok = evp_do_param(c->cipher, &keylen, sizeof(keylen), - OSSL_CIPHER_PARAM_KEYLEN, OSSL_PARAM_INTEGER, - evp_do_ciph_ctx_setparams, c->provctx); + int ok; + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + + params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_KEYLEN, &keylen); + ok = evp_do_ciph_ctx_setparams(c->cipher, c->provctx, params); if (ok != -2) return ok; @@ -943,23 +945,27 @@ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad) { int ok; + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; if (pad) ctx->flags &= ~EVP_CIPH_NO_PADDING; else ctx->flags |= EVP_CIPH_NO_PADDING; - ok = evp_do_param(ctx->cipher, &pad, sizeof(pad), - OSSL_CIPHER_PARAM_PADDING, OSSL_PARAM_INTEGER, - evp_do_ciph_ctx_setparams, ctx->provctx); + params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_PADDING, &pad); + ok = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->provctx, params); + return ok != 0; } int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) { int ret = -2; /* Unsupported */ + int set_params = 1; + size_t sz; + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - if (!ctx->cipher) { + if (ctx == NULL || ctx->cipher == NULL) { EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET); return 0; } @@ -969,25 +975,65 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) switch (type) { case EVP_CTRL_SET_KEY_LENGTH: - ret = evp_do_param(ctx->cipher, &arg, sizeof(arg), - OSSL_CIPHER_PARAM_KEYLEN, OSSL_PARAM_INTEGER, - evp_do_ciph_ctx_setparams, ctx->provctx); - break; - case EVP_CTRL_GET_IV: - ret = evp_do_param(ctx->cipher, ptr, arg, - OSSL_CIPHER_PARAM_IV, OSSL_PARAM_OCTET_STRING, - evp_do_ciph_ctx_getparams, ctx->provctx); + params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_KEYLEN, &arg); break; case EVP_CTRL_RAND_KEY: /* Used by DES */ case EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS: /* Used by DASYNC */ case EVP_CTRL_INIT: /* TODO(3.0) Purely legacy, no provider counterpart */ - ret = -2; /* Unsupported */ + default: + return -2; /* Unsupported */ + case EVP_CTRL_GET_IV: + set_params = 0; + params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV, + ptr, (size_t)arg); + break; + case EVP_CTRL_AEAD_SET_IVLEN: + if (arg < 0) + return 0; + sz = (size_t)arg; + params[0] = + OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, &sz); break; + case EVP_CTRL_GCM_SET_IV_FI |