Allow generic AES implementation to be used as a fallback.

Rename the C based AES implementation to *_generic() and provide *_internal() wrappers for these. This allows for architectures to provide accelerated versions without having to also provide a fallback implementation. ok tb@
author: jsing <> 2025-09-08 12:56:17 +0000
committer: jsing <> 2025-09-08 12:56:17 +0000
commit: edb41402990165c33fbbe4972a505d2b907f57b5 (patch)
tree: daa72754af93ced1ffe1d8665b2a3c371ea95b64 /src/lib
parent: 0b23e36dfa750e5a98824fc469f69a27c5f25d3b (diff)
download: openbsd-edb41402990165c33fbbe4972a505d2b907f57b5.tar.gz
openbsd-edb41402990165c33fbbe4972a505d2b907f57b5.tar.bz2
openbsd-edb41402990165c33fbbe4972a505d2b907f57b5.zip
3 files changed, 65 insertions, 19 deletions
diff --git a/src/lib/libcrypto/aes/aes_core.c b/src/lib/libcrypto/aes/aes_core.c
index 2311547100..d892ae771a 100644
--- a/src/lib/libcrypto/aes/aes_core.c
+++ b/src/lib/libcrypto/aes/aes_core.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: aes_core.c,v 1.28 2025/09/08 12:46:38 jsing Exp $ */
+/* $OpenBSD: aes_core.c,v 1.29 2025/09/08 12:56:17 jsing Exp $ */
 /**
 * rijndael-alg-fst.c
 *
@@ -51,10 +51,10 @@ Td3[x] = Si[x].[09, 0d, 0b, 0e];
 Td4[x] = Si[x].[01];
 */
-#if !defined(HAVE_AES_SET_ENCRYPT_KEY_INTERNAL) || \
+#if !defined(HAVE_AES_SET_ENCRYPT_KEY_GENERIC) || \
-    !defined(HAVE_AES_SET_DECRYPT_KEY_INTERNAL) || \
+    !defined(HAVE_AES_SET_DECRYPT_KEY_GENERIC) || \
-    !defined(HAVE_AES_ENCRYPT_INTERNAL) || \
+    !defined(HAVE_AES_ENCRYPT_GENERIC) || \
-    !defined(HAVE_AES_DECRYPT_INTERNAL)
+    !defined(HAVE_AES_DECRYPT_GENERIC)
 static const uint32_t Te0[256] = {
        0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
        0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
@@ -586,8 +586,8 @@ static const uint32_t Td3[256] = {
 };
 #endif
-#if !defined(HAVE_AES_ENCRYPT_INTERNAL) || \
+#if !defined(HAVE_AES_ENCRYPT_GENERIC) || \
-    !defined(HAVE_AES_DECRYPT_INTERNAL)
+    !defined(HAVE_AES_DECRYPT_GENERIC)
 static const uint8_t Td4[256] = {
        0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
        0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU,
@@ -624,8 +624,8 @@ static const uint8_t Td4[256] = {
 };
 #endif
-#if !defined(HAVE_AES_SET_ENCRYPT_KEY_INTERNAL) || \
+#if !defined(HAVE_AES_SET_ENCRYPT_KEY_GENERIC) || \
-    !defined(HAVE_AES_SET_DECRYPT_KEY_INTERNAL)
+    !defined(HAVE_AES_SET_DECRYPT_KEY_GENERIC)
 static const uint32_t rcon[] = {
        0x01000000, 0x02000000, 0x04000000, 0x08000000,
        0x10000000, 0x20000000, 0x40000000, 0x80000000,
@@ -633,12 +633,12 @@ static const uint32_t rcon[] = {
 };
 #endif
-#ifndef HAVE_AES_SET_ENCRYPT_KEY_INTERNAL
+#ifndef HAVE_AES_SET_ENCRYPT_KEY_GENERIC
 /*
 * Expand the cipher key into the encryption key schedule.
 */
 int
-aes_set_encrypt_key_internal(const unsigned char *userKey, const int bits,
+aes_set_encrypt_key_generic(const unsigned char *userKey, const int bits,
    AES_KEY *key)
 {
        uint32_t *rk;
@@ -725,12 +725,21 @@ aes_set_encrypt_key_internal(const unsigned char *userKey, const int bits,
 }
 #endif
-#ifndef HAVE_AES_SET_DECRYPT_KEY_INTERNAL
+#ifndef HAVE_AES_SET_ENCRYPT_KEY_INTERNAL
+int
+aes_set_encrypt_key_internal(const unsigned char *userKey, const int bits,
+    AES_KEY *key)
+{
+        return aes_set_encrypt_key_generic(userKey, bits, key);
+}
+#endif
+#ifndef HAVE_AES_SET_DECRYPT_KEY_GENERIC
 /*
 * Expand the cipher key into the decryption key schedule.
 */
 int
-aes_set_decrypt_key_internal(const unsigned char *userKey, const int bits,
+aes_set_decrypt_key_generic(const unsigned char *userKey, const int bits,
    AES_KEY *key)
 {
        uint32_t *rk;
@@ -786,12 +795,21 @@ aes_set_decrypt_key_internal(const unsigned char *userKey, const int bits,
 }
 #endif
-#ifndef HAVE_AES_ENCRYPT_INTERNAL
+#ifndef HAVE_AES_SET_DECRYPT_KEY_INTERNAL
+int
+aes_set_decrypt_key_internal(const unsigned char *userKey, const int bits,
+    AES_KEY *key)
+{
+        return aes_set_decrypt_key_generic(userKey, bits, key);
+}
+#endif
+#ifndef HAVE_AES_ENCRYPT_GENERIC
 /*
 * Encrypt a single block - in and out can overlap.
 */
 void
-aes_encrypt_internal(const unsigned char *in, unsigned char *out,
+aes_encrypt_generic(const unsigned char *in, unsigned char *out,
    const AES_KEY *key)
 {
        const uint32_t *rk;
@@ -978,12 +996,21 @@ aes_encrypt_internal(const unsigned char *in, unsigned char *out,
 }
 #endif
-#ifndef HAVE_AES_DECRYPT_INTERNAL
+#ifndef HAVE_AES_ENCRYPT_INTERNAL
+void
+aes_encrypt_internal(const unsigned char *in, unsigned char *out,
+    const AES_KEY *key)
+{
+        aes_encrypt_generic(in, out, key);
+}
+#endif
+#ifndef HAVE_AES_DECRYPT_GENERIC
 /*
 * Decrypt a single block - in and out can overlap.
 */
 void
-aes_decrypt_internal(const unsigned char *in, unsigned char *out,
+aes_decrypt_generic(const unsigned char *in, unsigned char *out,
    const AES_KEY *key)
 {
        const uint32_t *rk;
@@ -1169,3 +1196,12 @@ aes_decrypt_internal(const unsigned char *in, unsigned char *out,
        crypto_store_htobe32(&out[3 * 4], s3);
 }
 #endif
+#ifndef HAVE_AES_DECRYPT_INTERNAL
+void
+aes_decrypt_internal(const unsigned char *in, unsigned char *out,
+    const AES_KEY *key)
+{
+        aes_decrypt_generic(in, out, key);
+}
+#endif
diff --git a/src/lib/libcrypto/arch/amd64/crypto_arch.h b/src/lib/libcrypto/arch/amd64/crypto_arch.h
index a8f64cf235..9a179a571e 100644
--- a/src/lib/libcrypto/arch/amd64/crypto_arch.h
+++ b/src/lib/libcrypto/arch/amd64/crypto_arch.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: crypto_arch.h,v 1.14 2025/08/14 15:11:01 jsing Exp $ */
+/*      $OpenBSD: crypto_arch.h,v 1.15 2025/09/08 12:56:17 jsing Exp $ */
 /*
 * Copyright (c) 2024 Joel Sing <jsing@openbsd.org>
 *
@@ -33,6 +33,11 @@ extern uint64_t crypto_cpu_caps_amd64;
 #ifndef OPENSSL_NO_ASM
+#define HAVE_AES_SET_ENCRYPT_KEY_GENERIC
+#define HAVE_AES_SET_DECRYPT_KEY_GENERIC
+#define HAVE_AES_ENCRYPT_GENERIC
+#define HAVE_AES_DECRYPT_GENERIC
 #define HAVE_AES_SET_ENCRYPT_KEY_INTERNAL
 #define HAVE_AES_SET_DECRYPT_KEY_INTERNAL
 #define HAVE_AES_ENCRYPT_INTERNAL
diff --git a/src/lib/libcrypto/arch/i386/crypto_arch.h b/src/lib/libcrypto/arch/i386/crypto_arch.h
index d2faa36e2e..522ed2788b 100644
--- a/src/lib/libcrypto/arch/i386/crypto_arch.h
+++ b/src/lib/libcrypto/arch/i386/crypto_arch.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: crypto_arch.h,v 1.12 2025/07/22 09:18:02 jsing Exp $ */
+/*      $OpenBSD: crypto_arch.h,v 1.13 2025/09/08 12:56:17 jsing Exp $ */
 /*
 * Copyright (c) 2024 Joel Sing <jsing@openbsd.org>
 *
@@ -32,6 +32,11 @@ extern uint64_t crypto_cpu_caps_i386;
 #ifndef OPENSSL_NO_ASM
+#define HAVE_AES_SET_ENCRYPT_KEY_GENERIC
+#define HAVE_AES_SET_DECRYPT_KEY_GENERIC
+#define HAVE_AES_ENCRYPT_GENERIC
+#define HAVE_AES_DECRYPT_GENERIC
 #define HAVE_AES_SET_ENCRYPT_KEY_INTERNAL
 #define HAVE_AES_SET_DECRYPT_KEY_INTERNAL
 #define HAVE_AES_ENCRYPT_INTERNAL
author	jsing <>	2025-09-08 12:56:17 +0000
committer	jsing <>	2025-09-08 12:56:17 +0000
commit	edb41402990165c33fbbe4972a505d2b907f57b5 (patch)
tree	daa72754af93ced1ffe1d8665b2a3c371ea95b64 /src/lib
parent	0b23e36dfa750e5a98824fc469f69a27c5f25d3b (diff)
download	openbsd-edb41402990165c33fbbe4972a505d2b907f57b5.tar.gz openbsd-edb41402990165c33fbbe4972a505d2b907f57b5.tar.bz2 openbsd-edb41402990165c33fbbe4972a505d2b907f57b5.zip