Move AES-NI for ECB out of EVP.

Make aes_ecb_encrypt_internal() replaceable and provide machine dependent versions for amd64 and i386, which dispatch to AES-NI if appropriate. Remove the AES-NI specific EVP methods for ECB. This removes the last of the machine dependent code from EVP AES. ok bcook@ joshua@ tb@
author: jsing <> 2025-07-22 09:13:49 +0000
committer: jsing <> 2025-07-22 09:13:49 +0000
commit: da7a63b669ad2a502ae120afede3fd850082e8b6 (patch)
tree: c109a52c16069d775f54e57aabf8ee4bdc49d5f5 /src/lib/libcrypto/aes
parent: b73facdeca098be7e538e556c1a293942db3110c (diff)
download: openbsd-da7a63b669ad2a502ae120afede3fd850082e8b6.tar.gz
openbsd-da7a63b669ad2a502ae120afede3fd850082e8b6.tar.bz2
openbsd-da7a63b669ad2a502ae120afede3fd850082e8b6.zip
3 files changed, 53 insertions, 3 deletions
diff --git a/src/lib/libcrypto/aes/aes.c b/src/lib/libcrypto/aes/aes.c
index 33e6273268..693badcd66 100644
--- a/src/lib/libcrypto/aes/aes.c
+++ b/src/lib/libcrypto/aes/aes.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: aes.c,v 1.13 2025/07/21 10:24:23 jsing Exp $ */
+/* $OpenBSD: aes.c,v 1.14 2025/07/22 09:13:49 jsing Exp $ */
 /* ====================================================================
 * Copyright (c) 2002-2006 The OpenSSL Project.  All rights reserved.
 *
@@ -310,6 +310,7 @@ AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
 }
 LCRYPTO_ALIAS(AES_ecb_encrypt);
+#ifndef HAVE_AES_ECB_ENCRYPT_INTERNAL
 void
 aes_ecb_encrypt_internal(const unsigned char *in, unsigned char *out,
    size_t len, const AES_KEY *key, int encrypt)
@@ -321,6 +322,7 @@ aes_ecb_encrypt_internal(const unsigned char *in, unsigned char *out,
                len -= AES_BLOCK_SIZE;
        }
 }
+#endif
 #define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long))
 typedef struct {
diff --git a/src/lib/libcrypto/aes/aes_amd64.c b/src/lib/libcrypto/aes/aes_amd64.c
index 436983d872..183a5cce14 100644
--- a/src/lib/libcrypto/aes/aes_amd64.c
+++ b/src/lib/libcrypto/aes/aes_amd64.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: aes_amd64.c,v 1.4 2025/07/21 10:24:23 jsing Exp $ */
+/* $OpenBSD: aes_amd64.c,v 1.5 2025/07/22 09:13:49 jsing Exp $ */
 /*
 * Copyright (c) 2025 Joel Sing <jsing@openbsd.org>
 *
@@ -68,6 +68,9 @@ void aesni_ccm64_decrypt_blocks(const unsigned char *in, unsigned char *out,
 void aesni_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
    size_t blocks, const void *key, const unsigned char *ivec);
+void aesni_ecb_encrypt(const unsigned char *in, unsigned char *out,
+    size_t length, const AES_KEY *key, int enc);
 void aesni_xts_encrypt(const unsigned char *in, unsigned char *out,
    size_t length, const AES_KEY *key1, const AES_KEY *key2,
    const unsigned char iv[16]);
@@ -161,6 +164,27 @@ aes_ctr32_encrypt_internal(const unsigned char *in, unsigned char *out,
 }
 void
+aes_ecb_encrypt_internal(const unsigned char *in, unsigned char *out,
+    size_t len, const AES_KEY *key, int encrypt)
+{
+        if ((crypto_cpu_caps_amd64 & CRYPTO_CPU_CAPS_AMD64_AES) != 0) {
+                aesni_ecb_encrypt(in, out, len, key, encrypt);
+                return;
+        }
+        while (len >= AES_BLOCK_SIZE) {
+                if (encrypt)
+                        aes_encrypt_generic(in, out, key);
+                else
+                        aes_decrypt_generic(in, out, key);
+                in += AES_BLOCK_SIZE;
+                out += AES_BLOCK_SIZE;
+                len -= AES_BLOCK_SIZE;
+        }
+}
+void
 aes_xts_encrypt_internal(const unsigned char *in, unsigned char *out,
    size_t len, const AES_KEY *key1, const AES_KEY *key2,
    const unsigned char iv[16], int encrypt)
diff --git a/src/lib/libcrypto/aes/aes_i386.c b/src/lib/libcrypto/aes/aes_i386.c
index 7f2241eaf5..85a14454da 100644
--- a/src/lib/libcrypto/aes/aes_i386.c
+++ b/src/lib/libcrypto/aes/aes_i386.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: aes_i386.c,v 1.4 2025/07/21 10:24:23 jsing Exp $ */
+/* $OpenBSD: aes_i386.c,v 1.5 2025/07/22 09:13:49 jsing Exp $ */
 /*
 * Copyright (c) 2025 Joel Sing <jsing@openbsd.org>
 *
@@ -68,6 +68,9 @@ void aesni_ccm64_decrypt_blocks(const unsigned char *in, unsigned char *out,
 void aesni_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
    size_t blocks, const void *key, const unsigned char *ivec);
+void aesni_ecb_encrypt(const unsigned char *in, unsigned char *out,
+    size_t length, const AES_KEY *key, int enc);
 void aesni_xts_encrypt(const unsigned char *in, unsigned char *out,
    size_t length, const AES_KEY *key1, const AES_KEY *key2,
    const unsigned char iv[16]);
@@ -161,6 +164,27 @@ aes_ctr32_encrypt_internal(const unsigned char *in, unsigned char *out,
 }
 void
+aes_ecb_encrypt_internal(const unsigned char *in, unsigned char *out,
+    size_t len, const AES_KEY *key, int encrypt)
+{
+        if ((crypto_cpu_caps_i386 & CRYPTO_CPU_CAPS_I386_AES) != 0) {
+                aesni_ecb_encrypt(in, out, len, key, encrypt);
+                return;
+        }
+        while (len >= AES_BLOCK_SIZE) {
+                if (encrypt)
+                        aes_encrypt_generic(in, out, key);
+                else
+                        aes_decrypt_generic(in, out, key);
+                in += AES_BLOCK_SIZE;
+                out += AES_BLOCK_SIZE;
+                len -= AES_BLOCK_SIZE;
+        }
+}
+void
 aes_xts_encrypt_internal(const unsigned char *in, unsigned char *out,
    size_t len, const AES_KEY *key1, const AES_KEY *key2,
    const unsigned char iv[16], int encrypt)
author	jsing <>	2025-07-22 09:13:49 +0000
committer	jsing <>	2025-07-22 09:13:49 +0000
commit	da7a63b669ad2a502ae120afede3fd850082e8b6 (patch)
tree	c109a52c16069d775f54e57aabf8ee4bdc49d5f5 /src/lib/libcrypto/aes
parent	b73facdeca098be7e538e556c1a293942db3110c (diff)
download	openbsd-da7a63b669ad2a502ae120afede3fd850082e8b6.tar.gz openbsd-da7a63b669ad2a502ae120afede3fd850082e8b6.tar.bz2 openbsd-da7a63b669ad2a502ae120afede3fd850082e8b6.zip

diff --git a/src/lib/libcrypto/aes/aes.c b/src/lib/libcrypto/aes/aes.c index 33e6273268..693badcd66 100644 --- a/src/lib/libcrypto/aes/aes.c +++ b/src/lib/libcrypto/aes/aes.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: aes.c,v 1.13 2025/07/21 10:24:23 jsing Exp $ */	1	/* $OpenBSD: aes.c,v 1.14 2025/07/22 09:13:49 jsing Exp $ */
2	/* ====================================================================	2	/* ====================================================================
3	* Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved.	3	* Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved.
4	*	4	*
@@ -310,6 +310,7 @@ AES_ecb_encrypt(const unsigned char in, unsigned char out,
310	}	310	}
311	LCRYPTO_ALIAS(AES_ecb_encrypt);	311	LCRYPTO_ALIAS(AES_ecb_encrypt);
312		312
		313	#ifndef HAVE_AES_ECB_ENCRYPT_INTERNAL
313	void	314	void
314	aes_ecb_encrypt_internal(const unsigned char in, unsigned char out,	315	aes_ecb_encrypt_internal(const unsigned char in, unsigned char out,
315	size_t len, const AES_KEY *key, int encrypt)	316	size_t len, const AES_KEY *key, int encrypt)
@@ -321,6 +322,7 @@ aes_ecb_encrypt_internal(const unsigned char in, unsigned char out,
321	len -= AES_BLOCK_SIZE;	322	len -= AES_BLOCK_SIZE;
322	}	323	}
323	}	324	}
		325	#endif
324		326
325	#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long))	327	#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long))
326	typedef struct {	328	typedef struct {


diff --git a/src/lib/libcrypto/aes/aes_amd64.c b/src/lib/libcrypto/aes/aes_amd64.c index 436983d872..183a5cce14 100644 --- a/src/lib/libcrypto/aes/aes_amd64.c +++ b/src/lib/libcrypto/aes/aes_amd64.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: aes_amd64.c,v 1.4 2025/07/21 10:24:23 jsing Exp $ */	1	/* $OpenBSD: aes_amd64.c,v 1.5 2025/07/22 09:13:49 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2025 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2025 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -68,6 +68,9 @@ void aesni_ccm64_decrypt_blocks(const unsigned char in, unsigned char out,
68	void aesni_ctr32_encrypt_blocks(const unsigned char in, unsigned char out,	68	void aesni_ctr32_encrypt_blocks(const unsigned char in, unsigned char out,
69	size_t blocks, const void key, const unsigned char ivec);	69	size_t blocks, const void key, const unsigned char ivec);
70		70
		71	void aesni_ecb_encrypt(const unsigned char in, unsigned char out,
		72	size_t length, const AES_KEY *key, int enc);
		73
71	void aesni_xts_encrypt(const unsigned char in, unsigned char out,	74	void aesni_xts_encrypt(const unsigned char in, unsigned char out,
72	size_t length, const AES_KEY key1, const AES_KEY key2,	75	size_t length, const AES_KEY key1, const AES_KEY key2,
73	const unsigned char iv[16]);	76	const unsigned char iv[16]);
@@ -161,6 +164,27 @@ aes_ctr32_encrypt_internal(const unsigned char in, unsigned char out,
161	}	164	}
162		165
163	void	166	void
		167	aes_ecb_encrypt_internal(const unsigned char in, unsigned char out,
		168	size_t len, const AES_KEY *key, int encrypt)
		169	{
		170	if ((crypto_cpu_caps_amd64 & CRYPTO_CPU_CAPS_AMD64_AES) != 0) {
		171	aesni_ecb_encrypt(in, out, len, key, encrypt);
		172	return;
		173	}
		174
		175	while (len >= AES_BLOCK_SIZE) {
		176	if (encrypt)
		177	aes_encrypt_generic(in, out, key);
		178	else
		179	aes_decrypt_generic(in, out, key);
		180
		181	in += AES_BLOCK_SIZE;
		182	out += AES_BLOCK_SIZE;
		183	len -= AES_BLOCK_SIZE;
		184	}
		185	}
		186
		187	void
164	aes_xts_encrypt_internal(const unsigned char in, unsigned char out,	188	aes_xts_encrypt_internal(const unsigned char in, unsigned char out,
165	size_t len, const AES_KEY key1, const AES_KEY key2,	189	size_t len, const AES_KEY key1, const AES_KEY key2,
166	const unsigned char iv[16], int encrypt)	190	const unsigned char iv[16], int encrypt)


diff --git a/src/lib/libcrypto/aes/aes_i386.c b/src/lib/libcrypto/aes/aes_i386.c index 7f2241eaf5..85a14454da 100644 --- a/src/lib/libcrypto/aes/aes_i386.c +++ b/src/lib/libcrypto/aes/aes_i386.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: aes_i386.c,v 1.4 2025/07/21 10:24:23 jsing Exp $ */	1	/* $OpenBSD: aes_i386.c,v 1.5 2025/07/22 09:13:49 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2025 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2025 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -68,6 +68,9 @@ void aesni_ccm64_decrypt_blocks(const unsigned char in, unsigned char out,
68	void aesni_ctr32_encrypt_blocks(const unsigned char in, unsigned char out,	68	void aesni_ctr32_encrypt_blocks(const unsigned char in, unsigned char out,
69	size_t blocks, const void key, const unsigned char ivec);	69	size_t blocks, const void key, const unsigned char ivec);
70		70
		71	void aesni_ecb_encrypt(const unsigned char in, unsigned char out,
		72	size_t length, const AES_KEY *key, int enc);
		73
71	void aesni_xts_encrypt(const unsigned char in, unsigned char out,	74	void aesni_xts_encrypt(const unsigned char in, unsigned char out,
72	size_t length, const AES_KEY key1, const AES_KEY key2,	75	size_t length, const AES_KEY key1, const AES_KEY key2,
73	const unsigned char iv[16]);	76	const unsigned char iv[16]);
@@ -161,6 +164,27 @@ aes_ctr32_encrypt_internal(const unsigned char in, unsigned char out,
161	}	164	}
162		165
163	void	166	void
		167	aes_ecb_encrypt_internal(const unsigned char in, unsigned char out,
		168	size_t len, const AES_KEY *key, int encrypt)
		169	{
		170	if ((crypto_cpu_caps_i386 & CRYPTO_CPU_CAPS_I386_AES) != 0) {
		171	aesni_ecb_encrypt(in, out, len, key, encrypt);
		172	return;
		173	}
		174
		175	while (len >= AES_BLOCK_SIZE) {
		176	if (encrypt)
		177	aes_encrypt_generic(in, out, key);
		178	else
		179	aes_decrypt_generic(in, out, key);
		180
		181	in += AES_BLOCK_SIZE;
		182	out += AES_BLOCK_SIZE;
		183	len -= AES_BLOCK_SIZE;
		184	}
		185	}
		186
		187	void
164	aes_xts_encrypt_internal(const unsigned char in, unsigned char out,	188	aes_xts_encrypt_internal(const unsigned char in, unsigned char out,
165	size_t len, const AES_KEY key1, const AES_KEY key2,	189	size_t len, const AES_KEY key1, const AES_KEY key2,
166	const unsigned char iv[16], int encrypt)	190	const unsigned char iv[16], int encrypt)