diff options
| author | jsing <> | 2025-07-21 10:24:23 +0000 |
|---|---|---|
| committer | jsing <> | 2025-07-21 10:24:23 +0000 |
| commit | b73facdeca098be7e538e556c1a293942db3110c (patch) | |
| tree | ff569faf5125c023700a2783ef5d648c47c81313 /src/lib/libcrypto/arch | |
| parent | 32c75086555dc2a71cc1500a21b0d024fe48ceaf (diff) | |
| download | openbsd-b73facdeca098be7e538e556c1a293942db3110c.tar.gz openbsd-b73facdeca098be7e538e556c1a293942db3110c.tar.bz2 openbsd-b73facdeca098be7e538e556c1a293942db3110c.zip | |
Move AES-NI from EVP to AES for CCM mode.
The mode implementation for CCM has two variants - one takes the block
function, while the other takes a "ccm64" function. The latter is expected
to handle the lower 64 bits of the IV/counter but only for 16 byte blocks.
The AES-NI implementation for CCM currently uses the second variant.
Provide aes_ccm64_encrypt_internal() as a function that can be replaced on
a machine dependent basis, along with an aes_ccm64_encrypt_generic()
function that provides the default implementation and can be used as a
fallback. Wire up the AES-NI version for amd64 and i386, change EVP's
aes_ccm_cipher() to use CRYPTO_ctr128_{en,de}crypt_ccm64() with
aes_ccm64_encrypt_internal()) and remove the various AES-NI specific
EVP_CIPHER methods for CCM.
ok tb@
Diffstat (limited to 'src/lib/libcrypto/arch')
| -rw-r--r-- | src/lib/libcrypto/arch/amd64/crypto_arch.h | 3 | ||||
| -rw-r--r-- | src/lib/libcrypto/arch/i386/crypto_arch.h | 3 |
2 files changed, 4 insertions, 2 deletions
diff --git a/src/lib/libcrypto/arch/amd64/crypto_arch.h b/src/lib/libcrypto/arch/amd64/crypto_arch.h index 7c3c89a088..a51021a307 100644 --- a/src/lib/libcrypto/arch/amd64/crypto_arch.h +++ b/src/lib/libcrypto/arch/amd64/crypto_arch.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: crypto_arch.h,v 1.10 2025/07/13 06:01:33 jsing Exp $ */ | 1 | /* $OpenBSD: crypto_arch.h,v 1.11 2025/07/21 10:24:23 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2024 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2024 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -38,6 +38,7 @@ extern uint64_t crypto_cpu_caps_amd64; | |||
| 38 | #define HAVE_AES_ENCRYPT_INTERNAL | 38 | #define HAVE_AES_ENCRYPT_INTERNAL |
| 39 | #define HAVE_AES_DECRYPT_INTERNAL | 39 | #define HAVE_AES_DECRYPT_INTERNAL |
| 40 | #define HAVE_AES_CBC_ENCRYPT_INTERNAL | 40 | #define HAVE_AES_CBC_ENCRYPT_INTERNAL |
| 41 | #define HAVE_AES_CCM64_ENCRYPT_INTERNAL | ||
| 41 | #define HAVE_AES_CTR32_ENCRYPT_INTERNAL | 42 | #define HAVE_AES_CTR32_ENCRYPT_INTERNAL |
| 42 | #define HAVE_AES_XTS_ENCRYPT_INTERNAL | 43 | #define HAVE_AES_XTS_ENCRYPT_INTERNAL |
| 43 | 44 | ||
diff --git a/src/lib/libcrypto/arch/i386/crypto_arch.h b/src/lib/libcrypto/arch/i386/crypto_arch.h index 8b292165fb..34d041b382 100644 --- a/src/lib/libcrypto/arch/i386/crypto_arch.h +++ b/src/lib/libcrypto/arch/i386/crypto_arch.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: crypto_arch.h,v 1.9 2025/07/13 06:01:33 jsing Exp $ */ | 1 | /* $OpenBSD: crypto_arch.h,v 1.10 2025/07/21 10:24:23 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2024 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2024 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -38,6 +38,7 @@ extern uint64_t crypto_cpu_caps_i386; | |||
| 38 | #define HAVE_AES_ENCRYPT_INTERNAL | 38 | #define HAVE_AES_ENCRYPT_INTERNAL |
| 39 | #define HAVE_AES_DECRYPT_INTERNAL | 39 | #define HAVE_AES_DECRYPT_INTERNAL |
| 40 | #define HAVE_AES_CBC_ENCRYPT_INTERNAL | 40 | #define HAVE_AES_CBC_ENCRYPT_INTERNAL |
| 41 | #define HAVE_AES_CCM64_ENCRYPT_INTERNAL | ||
| 41 | #define HAVE_AES_CTR32_ENCRYPT_INTERNAL | 42 | #define HAVE_AES_CTR32_ENCRYPT_INTERNAL |
| 42 | #define HAVE_AES_XTS_ENCRYPT_INTERNAL | 43 | #define HAVE_AES_XTS_ENCRYPT_INTERNAL |
| 43 | 44 | ||