Move AES-NI from EVP to AES for CTR mode.

The mode implementation for CTR has two variants - one takes the block function, while the other takes a "ctr32" function. The latter is expected to handle the lower 32 bits of the IV/counter, but is not expected to handle overflow. The AES-NI implementation for CTR currently uses the second variant. Provide aes_ctr32_encrypt_internal() as a function that can be replaced on a machine dependent basis, along with an aes_ctr32_encrypt_generic() function that provides the default implementation and can be used as a fallback. Wire up the AES-NI version for amd64 and i386, change AES_ctr128_encrypt() to use CRYPTO_ctr128_encrypt_ctr32() (which calls aes_ctr32_encrypt_internal()) and remove the various AES-NI specific EVP_CIPHER methods for CTR. Callers of AES_ctr128_encrypt() will now use AES-NI, if available. ok tb@
author: jsing <> 2025-06-27 17:10:45 +0000
committer: jsing <> 2025-06-27 17:10:45 +0000
commit: abb03e21a8d0fc7f97a871f5aee5a8084176540f (patch)
tree: 8acdb3ab7caf1e6f49b7bf3d7e6a066ca52920a2 /src/lib/libcrypto/evp
parent: c5c4895f860c5e071b09ef5f94bcfae0a51b148e (diff)
download: openbsd-abb03e21a8d0fc7f97a871f5aee5a8084176540f.tar.gz
openbsd-abb03e21a8d0fc7f97a871f5aee5a8084176540f.tar.bz2
openbsd-abb03e21a8d0fc7f97a871f5aee5a8084176540f.zip
1 files changed, 1 insertions, 67 deletions
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index 34f5513300..b00eb048e8 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_aes.c,v 1.75 2025/06/16 14:50:30 jsing Exp $ */
+/* $OpenBSD: e_aes.c,v 1.76 2025/06/27 17:10:45 jsing Exp $ */
 /* ====================================================================
 * Copyright (c) 2001-2011 The OpenSSL Project.  All rights reserved.
 *
@@ -160,21 +160,6 @@ void aesni_ccm64_decrypt_blocks (const unsigned char *in, unsigned char *out,
    unsigned char cmac[16]);
 static int
-aesni_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-    const unsigned char *in, size_t len)
-{
-        EVP_AES_KEY *eak = ctx->cipher_data;
-        unsigned int num = ctx->num;
-        CRYPTO_ctr128_encrypt_ctr32(in, out, len, &eak->ks, ctx->iv, ctx->buf,
-            &num, aesni_ctr32_encrypt_blocks);
-        ctx->num = (size_t)num;
-        return 1;
-}
-static int
 aesni_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
    const unsigned char *in, size_t len)
 {
@@ -562,19 +547,6 @@ EVP_aes_128_cfb8(void)
 }
 LCRYPTO_ALIAS(EVP_aes_128_cfb8);
-#ifdef AESNI_CAPABLE
-static const EVP_CIPHER aesni_128_ctr = {
-        .nid = NID_aes_128_ctr,
-        .block_size = 1,
-        .key_len = 16,
-        .iv_len = 16,
-        .flags = EVP_CIPH_CTR_MODE,
-        .init = aes_init_key,
-        .do_cipher = aesni_ctr_cipher,
-        .ctx_size = sizeof(EVP_AES_KEY),
-};
-#endif
 static const EVP_CIPHER aes_128_ctr = {
        .nid = NID_aes_128_ctr,
        .block_size = 1,
@@ -589,11 +561,7 @@ static const EVP_CIPHER aes_128_ctr = {
 const EVP_CIPHER *
 EVP_aes_128_ctr(void)
 {
-#ifdef AESNI_CAPABLE
-        return AESNI_CAPABLE ? &aesni_128_ctr : &aes_128_ctr;
-#else
        return &aes_128_ctr;
-#endif
 }
 LCRYPTO_ALIAS(EVP_aes_128_ctr);
@@ -722,19 +690,6 @@ EVP_aes_192_cfb8(void)
 }
 LCRYPTO_ALIAS(EVP_aes_192_cfb8);
-#ifdef AESNI_CAPABLE
-static const EVP_CIPHER aesni_192_ctr = {
-        .nid = NID_aes_192_ctr,
-        .block_size = 1,
-        .key_len = 24,
-        .iv_len = 16,
-        .flags = EVP_CIPH_CTR_MODE,
-        .init = aes_init_key,
-        .do_cipher = aesni_ctr_cipher,
-        .ctx_size = sizeof(EVP_AES_KEY),
-};
-#endif
 static const EVP_CIPHER aes_192_ctr = {
        .nid = NID_aes_192_ctr,
        .block_size = 1,
@@ -749,11 +704,7 @@ static const EVP_CIPHER aes_192_ctr = {
 const EVP_CIPHER *
 EVP_aes_192_ctr(void)
 {
-#ifdef AESNI_CAPABLE
-        return AESNI_CAPABLE ? &aesni_192_ctr : &aes_192_ctr;
-#else
        return &aes_192_ctr;
-#endif
 }
 LCRYPTO_ALIAS(EVP_aes_192_ctr);
@@ -882,19 +833,6 @@ EVP_aes_256_cfb8(void)
 }
 LCRYPTO_ALIAS(EVP_aes_256_cfb8);
-#ifdef AESNI_CAPABLE
-static const EVP_CIPHER aesni_256_ctr = {
-        .nid = NID_aes_256_ctr,
-        .block_size = 1,
-        .key_len = 32,
-        .iv_len = 16,
-        .flags = EVP_CIPH_CTR_MODE,
-        .init = aes_init_key,
-        .do_cipher = aesni_ctr_cipher,
-        .ctx_size = sizeof(EVP_AES_KEY),
-};
-#endif
 static const EVP_CIPHER aes_256_ctr = {
        .nid = NID_aes_256_ctr,
        .block_size = 1,
@@ -909,11 +847,7 @@ static const EVP_CIPHER aes_256_ctr = {
 const EVP_CIPHER *
 EVP_aes_256_ctr(void)
 {
-#ifdef AESNI_CAPABLE
-        return AESNI_CAPABLE ? &aesni_256_ctr : &aes_256_ctr;
-#else
        return &aes_256_ctr;
-#endif
 }
 LCRYPTO_ALIAS(EVP_aes_256_ctr);
author	jsing <>	2025-06-27 17:10:45 +0000
committer	jsing <>	2025-06-27 17:10:45 +0000
commit	abb03e21a8d0fc7f97a871f5aee5a8084176540f (patch)
tree	8acdb3ab7caf1e6f49b7bf3d7e6a066ca52920a2 /src/lib/libcrypto/evp
parent	c5c4895f860c5e071b09ef5f94bcfae0a51b148e (diff)
download	openbsd-abb03e21a8d0fc7f97a871f5aee5a8084176540f.tar.gz openbsd-abb03e21a8d0fc7f97a871f5aee5a8084176540f.tar.bz2 openbsd-abb03e21a8d0fc7f97a871f5aee5a8084176540f.zip

diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c index 34f5513300..b00eb048e8 100644 --- a/src/lib/libcrypto/evp/e_aes.c +++ b/src/lib/libcrypto/evp/e_aes.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: e_aes.c,v 1.75 2025/06/16 14:50:30 jsing Exp $ */	1	/* $OpenBSD: e_aes.c,v 1.76 2025/06/27 17:10:45 jsing Exp $ */
2	/* ====================================================================	2	/* ====================================================================
3	* Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.	3	* Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.
4	*	4	*
@@ -160,21 +160,6 @@ void aesni_ccm64_decrypt_blocks (const unsigned char in, unsigned char out,
160	unsigned char cmac[16]);	160	unsigned char cmac[16]);
161		161
162	static int	162	static int
163	aesni_ctr_cipher(EVP_CIPHER_CTX ctx, unsigned char out,
164	const unsigned char *in, size_t len)
165	{
166	EVP_AES_KEY *eak = ctx->cipher_data;
167	unsigned int num = ctx->num;
168
169	CRYPTO_ctr128_encrypt_ctr32(in, out, len, &eak->ks, ctx->iv, ctx->buf,
170	&num, aesni_ctr32_encrypt_blocks);
171
172	ctx->num = (size_t)num;
173
174	return 1;
175	}
176
177	static int
178	aesni_ecb_cipher(EVP_CIPHER_CTX ctx, unsigned char out,	163	aesni_ecb_cipher(EVP_CIPHER_CTX ctx, unsigned char out,
179	const unsigned char *in, size_t len)	164	const unsigned char *in, size_t len)
180	{	165	{
@@ -562,19 +547,6 @@ EVP_aes_128_cfb8(void)
562	}	547	}
563	LCRYPTO_ALIAS(EVP_aes_128_cfb8);	548	LCRYPTO_ALIAS(EVP_aes_128_cfb8);
564		549
565	#ifdef AESNI_CAPABLE
566	static const EVP_CIPHER aesni_128_ctr = {
567	.nid = NID_aes_128_ctr,
568	.block_size = 1,
569	.key_len = 16,
570	.iv_len = 16,
571	.flags = EVP_CIPH_CTR_MODE,
572	.init = aes_init_key,
573	.do_cipher = aesni_ctr_cipher,
574	.ctx_size = sizeof(EVP_AES_KEY),
575	};
576	#endif
577
578	static const EVP_CIPHER aes_128_ctr = {	550	static const EVP_CIPHER aes_128_ctr = {
579	.nid = NID_aes_128_ctr,	551	.nid = NID_aes_128_ctr,
580	.block_size = 1,	552	.block_size = 1,
@@ -589,11 +561,7 @@ static const EVP_CIPHER aes_128_ctr = {
589	const EVP_CIPHER *	561	const EVP_CIPHER *
590	EVP_aes_128_ctr(void)	562	EVP_aes_128_ctr(void)
591	{	563	{
592	#ifdef AESNI_CAPABLE
593	return AESNI_CAPABLE ? &aesni_128_ctr : &aes_128_ctr;
594	#else
595	return &aes_128_ctr;	564	return &aes_128_ctr;
596	#endif
597	}	565	}
598	LCRYPTO_ALIAS(EVP_aes_128_ctr);	566	LCRYPTO_ALIAS(EVP_aes_128_ctr);
599		567
@@ -722,19 +690,6 @@ EVP_aes_192_cfb8(void)
722	}	690	}
723	LCRYPTO_ALIAS(EVP_aes_192_cfb8);	691	LCRYPTO_ALIAS(EVP_aes_192_cfb8);
724		692
725	#ifdef AESNI_CAPABLE
726	static const EVP_CIPHER aesni_192_ctr = {
727	.nid = NID_aes_192_ctr,
728	.block_size = 1,
729	.key_len = 24,
730	.iv_len = 16,
731	.flags = EVP_CIPH_CTR_MODE,
732	.init = aes_init_key,
733	.do_cipher = aesni_ctr_cipher,
734	.ctx_size = sizeof(EVP_AES_KEY),
735	};
736	#endif
737
738	static const EVP_CIPHER aes_192_ctr = {	693	static const EVP_CIPHER aes_192_ctr = {
739	.nid = NID_aes_192_ctr,	694	.nid = NID_aes_192_ctr,
740	.block_size = 1,	695	.block_size = 1,
@@ -749,11 +704,7 @@ static const EVP_CIPHER aes_192_ctr = {
749	const EVP_CIPHER *	704	const EVP_CIPHER *
750	EVP_aes_192_ctr(void)	705	EVP_aes_192_ctr(void)
751	{	706	{
752	#ifdef AESNI_CAPABLE
753	return AESNI_CAPABLE ? &aesni_192_ctr : &aes_192_ctr;
754	#else
755	return &aes_192_ctr;	707	return &aes_192_ctr;
756	#endif
757	}	708	}
758	LCRYPTO_ALIAS(EVP_aes_192_ctr);	709	LCRYPTO_ALIAS(EVP_aes_192_ctr);
759		710
@@ -882,19 +833,6 @@ EVP_aes_256_cfb8(void)
882	}	833	}
883	LCRYPTO_ALIAS(EVP_aes_256_cfb8);	834	LCRYPTO_ALIAS(EVP_aes_256_cfb8);
884		835
885	#ifdef AESNI_CAPABLE
886	static const EVP_CIPHER aesni_256_ctr = {
887	.nid = NID_aes_256_ctr,
888	.block_size = 1,
889	.key_len = 32,
890	.iv_len = 16,
891	.flags = EVP_CIPH_CTR_MODE,
892	.init = aes_init_key,
893	.do_cipher = aesni_ctr_cipher,
894	.ctx_size = sizeof(EVP_AES_KEY),
895	};
896	#endif
897
898	static const EVP_CIPHER aes_256_ctr = {	836	static const EVP_CIPHER aes_256_ctr = {
899	.nid = NID_aes_256_ctr,	837	.nid = NID_aes_256_ctr,
900	.block_size = 1,	838	.block_size = 1,
@@ -909,11 +847,7 @@ static const EVP_CIPHER aes_256_ctr = {
909	const EVP_CIPHER *	847	const EVP_CIPHER *
910	EVP_aes_256_ctr(void)	848	EVP_aes_256_ctr(void)
911	{	849	{
912	#ifdef AESNI_CAPABLE
913	return AESNI_CAPABLE ? &aesni_256_ctr : &aes_256_ctr;
914	#else
915	return &aes_256_ctr;	850	return &aes_256_ctr;
916	#endif
917	}	851	}
918	LCRYPTO_ALIAS(EVP_aes_256_ctr);	852	LCRYPTO_ALIAS(EVP_aes_256_ctr);
919		853