summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/evp/e_aes.c
diff options
context:
space:
mode:
authorjsing <>2025-05-18 09:47:38 +0000
committerjsing <>2025-05-18 09:47:38 +0000
commit326a95a8c809a01004d17e615e71f4b2bf311169 (patch)
treebd8ab73a3563996ba86f6ded453981e16a183d21 /src/lib/libcrypto/evp/e_aes.c
parentc00502d28feaae51bcfe8d8d2d1ac3e4ae05ba2a (diff)
downloadopenbsd-326a95a8c809a01004d17e615e71f4b2bf311169.tar.gz
openbsd-326a95a8c809a01004d17e615e71f4b2bf311169.tar.bz2
openbsd-326a95a8c809a01004d17e615e71f4b2bf311169.zip
Simplify EVP code for AES CBC.
Change aes_cbc_cipher() to call AES_cbc_encrypt() directly, rather than via the stream.cbc function pointer. Remove stream.cbc since it is no longer used. Also provide a separate aes_cbc_init_key() function which makes this standalone and does not require checking mode flags. ok joshua@ tb@
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/evp/e_aes.c59
1 files changed, 33 insertions, 26 deletions
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index f672c998eb..59ed9e93e2 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: e_aes.c,v 1.62 2025/05/10 05:54:38 tb Exp $ */ 1/* $OpenBSD: e_aes.c,v 1.63 2025/05/18 09:47:38 jsing Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -69,7 +69,6 @@ typedef struct {
69 AES_KEY ks; 69 AES_KEY ks;
70 block128_f block; 70 block128_f block;
71 union { 71 union {
72 cbc128_f cbc;
73 ctr128_f ctr; 72 ctr128_f ctr;
74 } stream; 73 } stream;
75} EVP_AES_KEY; 74} EVP_AES_KEY;
@@ -175,24 +174,21 @@ aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
175 int ret, mode; 174 int ret, mode;
176 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; 175 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
177 176
177 dat->stream.ctr = NULL;
178
178 mode = ctx->cipher->flags & EVP_CIPH_MODE; 179 mode = ctx->cipher->flags & EVP_CIPH_MODE;
180
179 if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) && 181 if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) &&
180 !enc) { 182 !enc) {
181 ret = aesni_set_decrypt_key(key, ctx->key_len * 8, 183 ret = aesni_set_decrypt_key(key, ctx->key_len * 8,
182 ctx->cipher_data); 184 ctx->cipher_data);
183 dat->block = (block128_f)aesni_decrypt; 185 dat->block = (block128_f)aesni_decrypt;
184 dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
185 (cbc128_f)aesni_cbc_encrypt : NULL;
186 } else { 186 } else {
187 ret = aesni_set_encrypt_key(key, ctx->key_len * 8, 187 ret = aesni_set_encrypt_key(key, ctx->key_len * 8,
188 ctx->cipher_data); 188 ctx->cipher_data);
189 dat->block = (block128_f)aesni_encrypt; 189 dat->block = (block128_f)aesni_encrypt;
190 if (mode == EVP_CIPH_CBC_MODE) 190 if (mode == EVP_CIPH_CTR_MODE)
191 dat->stream.cbc = (cbc128_f)aesni_cbc_encrypt;
192 else if (mode == EVP_CIPH_CTR_MODE)
193 dat->stream.ctr = (ctr128_f)aesni_ctr32_encrypt_blocks; 191 dat->stream.ctr = (ctr128_f)aesni_ctr32_encrypt_blocks;
194 else
195 dat->stream.cbc = NULL;
196 } 192 }
197 193
198 if (ret < 0) { 194 if (ret < 0) {
@@ -332,18 +328,16 @@ aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
332 int ret, mode; 328 int ret, mode;
333 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; 329 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
334 330
331 dat->stream.ctr = NULL;
332
335 mode = ctx->cipher->flags & EVP_CIPH_MODE; 333 mode = ctx->cipher->flags & EVP_CIPH_MODE;
336 334
337 if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) && !enc) { 335 if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) && !enc) {
338 ret = AES_set_decrypt_key(key, ctx->key_len * 8, &dat->ks); 336 ret = AES_set_decrypt_key(key, ctx->key_len * 8, &dat->ks);
339 dat->block = (block128_f)AES_decrypt; 337 dat->block = (block128_f)AES_decrypt;
340 dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
341 (cbc128_f)AES_cbc_encrypt : NULL;
342 } else { 338 } else {
343 ret = AES_set_encrypt_key(key, ctx->key_len * 8, &dat->ks); 339 ret = AES_set_encrypt_key(key, ctx->key_len * 8, &dat->ks);
344 dat->block = (block128_f)AES_encrypt; 340 dat->block = (block128_f)AES_encrypt;
345 dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
346 (cbc128_f)AES_cbc_encrypt : NULL;
347#ifdef AES_CTR_ASM 341#ifdef AES_CTR_ASM
348 if (mode == EVP_CIPH_CTR_MODE) 342 if (mode == EVP_CIPH_CTR_MODE)
349 dat->stream.ctr = (ctr128_f)AES_ctr32_encrypt; 343 dat->stream.ctr = (ctr128_f)AES_ctr32_encrypt;
@@ -359,20 +353,33 @@ aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
359} 353}
360 354
361static int 355static int
356aes_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
357 const unsigned char *iv, int encrypt)
358{
359 EVP_AES_KEY *eak = ctx->cipher_data;
360
361 if (encrypt) {
362 if (AES_set_encrypt_key(key, ctx->key_len * 8, &eak->ks) < 0) {
363 EVPerror(EVP_R_AES_KEY_SETUP_FAILED);
364 return 0;
365 }
366 } else {
367 if (AES_set_decrypt_key(key, ctx->key_len * 8, &eak->ks) < 0) {
368 EVPerror(EVP_R_AES_KEY_SETUP_FAILED);
369 return 0;
370 }
371 }
372
373 return 1;
374}
375
376static int
362aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 377aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
363 const unsigned char *in, size_t len) 378 const unsigned char *in, size_t len)
364{ 379{
365 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; 380 EVP_AES_KEY *eak = ctx->cipher_data;
366 381
367 if (dat->stream.cbc) 382 AES_cbc_encrypt(in, out, len, &eak->ks, ctx->iv, ctx->encrypt);
368 (*dat->stream.cbc)(in, out, len, &dat->ks, ctx->iv,
369 ctx->encrypt);
370 else if (ctx->encrypt)
371 CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, ctx->iv,
372 dat->block);
373 else
374 CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, ctx->iv,
375 dat->block);
376 383
377 return 1; 384 return 1;
378} 385}
@@ -490,7 +497,7 @@ static const EVP_CIPHER aes_128_cbc = {
490 .key_len = 16, 497 .key_len = 16,
491 .iv_len = 16, 498 .iv_len = 16,
492 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE, 499 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE,
493 .init = aes_init_key, 500 .init = aes_cbc_init_key,
494 .do_cipher = aes_cbc_cipher, 501 .do_cipher = aes_cbc_cipher,
495 .ctx_size = sizeof(EVP_AES_KEY), 502 .ctx_size = sizeof(EVP_AES_KEY),
496}; 503};
@@ -736,7 +743,7 @@ static const EVP_CIPHER aes_192_cbc = {
736 .key_len = 24, 743 .key_len = 24,
737 .iv_len = 16, 744 .iv_len = 16,
738 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE, 745 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE,
739 .init = aes_init_key, 746 .init = aes_cbc_init_key,
740 .do_cipher = aes_cbc_cipher, 747 .do_cipher = aes_cbc_cipher,
741 .ctx_size = sizeof(EVP_AES_KEY), 748 .ctx_size = sizeof(EVP_AES_KEY),
742}; 749};
@@ -982,7 +989,7 @@ static const EVP_CIPHER aes_256_cbc = {
982 .key_len = 32, 989 .key_len = 32,
983 .iv_len = 16, 990 .iv_len = 16,
984 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE, 991 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE,
985 .init = aes_init_key, 992 .init = aes_cbc_init_key,
986 .do_cipher = aes_cbc_cipher, 993 .do_cipher = aes_cbc_cipher,
987 .ctx_size = sizeof(EVP_AES_KEY), 994 .ctx_size = sizeof(EVP_AES_KEY),
988}; 995};
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 14:09:41 +0000