Move AES-NI for ECB out of EVP.

Make aes_ecb_encrypt_internal() replaceable and provide machine dependent versions for amd64 and i386, which dispatch to AES-NI if appropriate. Remove the AES-NI specific EVP methods for ECB. This removes the last of the machine dependent code from EVP AES. ok bcook@ joshua@ tb@
author: jsing <> 2025-07-22 09:13:49 +0000
committer: jsing <> 2025-07-22 09:13:49 +0000
commit: c128b1d7f07c34584cba1744237fac46230292d7 (patch)
tree: c109a52c16069d775f54e57aabf8ee4bdc49d5f5 /src
parent: a480cc6bd46609c720ef107acb4380c9f5d05fb0 (diff)
download: openbsd-c128b1d7f07c34584cba1744237fac46230292d7.tar.gz
openbsd-c128b1d7f07c34584cba1744237fac46230292d7.tar.bz2
openbsd-c128b1d7f07c34584cba1744237fac46230292d7.zip
6 files changed, 58 insertions, 87 deletions
diff --git a/src/lib/libcrypto/aes/aes.c b/src/lib/libcrypto/aes/aes.c
index 33e6273268..693badcd66 100644
--- a/src/lib/libcrypto/aes/aes.c
+++ b/src/lib/libcrypto/aes/aes.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: aes.c,v 1.13 2025/07/21 10:24:23 jsing Exp $ */
+/* $OpenBSD: aes.c,v 1.14 2025/07/22 09:13:49 jsing Exp $ */
 /* ====================================================================
 * Copyright (c) 2002-2006 The OpenSSL Project.  All rights reserved.
 *
@@ -310,6 +310,7 @@ AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
 }
 LCRYPTO_ALIAS(AES_ecb_encrypt);
+#ifndef HAVE_AES_ECB_ENCRYPT_INTERNAL
 void
 aes_ecb_encrypt_internal(const unsigned char *in, unsigned char *out,
    size_t len, const AES_KEY *key, int encrypt)
@@ -321,6 +322,7 @@ aes_ecb_encrypt_internal(const unsigned char *in, unsigned char *out,
                len -= AES_BLOCK_SIZE;
        }
 }
+#endif
 #define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long))
 typedef struct {
diff --git a/src/lib/libcrypto/aes/aes_amd64.c b/src/lib/libcrypto/aes/aes_amd64.c
index 436983d872..183a5cce14 100644
--- a/src/lib/libcrypto/aes/aes_amd64.c
+++ b/src/lib/libcrypto/aes/aes_amd64.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: aes_amd64.c,v 1.4 2025/07/21 10:24:23 jsing Exp $ */
+/* $OpenBSD: aes_amd64.c,v 1.5 2025/07/22 09:13:49 jsing Exp $ */
 /*
 * Copyright (c) 2025 Joel Sing <jsing@openbsd.org>
 *
@@ -68,6 +68,9 @@ void aesni_ccm64_decrypt_blocks(const unsigned char *in, unsigned char *out,
 void aesni_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
    size_t blocks, const void *key, const unsigned char *ivec);
+void aesni_ecb_encrypt(const unsigned char *in, unsigned char *out,
+    size_t length, const AES_KEY *key, int enc);
 void aesni_xts_encrypt(const unsigned char *in, unsigned char *out,
    size_t length, const AES_KEY *key1, const AES_KEY *key2,
    const unsigned char iv[16]);
@@ -161,6 +164,27 @@ aes_ctr32_encrypt_internal(const unsigned char *in, unsigned char *out,
 }
 void
+aes_ecb_encrypt_internal(const unsigned char *in, unsigned char *out,
+    size_t len, const AES_KEY *key, int encrypt)
+{
+        if ((crypto_cpu_caps_amd64 & CRYPTO_CPU_CAPS_AMD64_AES) != 0) {
+                aesni_ecb_encrypt(in, out, len, key, encrypt);
+                return;
+        }
+        while (len >= AES_BLOCK_SIZE) {
+                if (encrypt)
+                        aes_encrypt_generic(in, out, key);
+                else
+                        aes_decrypt_generic(in, out, key);
+                in += AES_BLOCK_SIZE;
+                out += AES_BLOCK_SIZE;
+                len -= AES_BLOCK_SIZE;
+        }
+}
+void
 aes_xts_encrypt_internal(const unsigned char *in, unsigned char *out,
    size_t len, const AES_KEY *key1, const AES_KEY *key2,
    const unsigned char iv[16], int encrypt)
diff --git a/src/lib/libcrypto/aes/aes_i386.c b/src/lib/libcrypto/aes/aes_i386.c
index 7f2241eaf5..85a14454da 100644
--- a/src/lib/libcrypto/aes/aes_i386.c
+++ b/src/lib/libcrypto/aes/aes_i386.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: aes_i386.c,v 1.4 2025/07/21 10:24:23 jsing Exp $ */
+/* $OpenBSD: aes_i386.c,v 1.5 2025/07/22 09:13:49 jsing Exp $ */
 /*
 * Copyright (c) 2025 Joel Sing <jsing@openbsd.org>
 *
@@ -68,6 +68,9 @@ void aesni_ccm64_decrypt_blocks(const unsigned char *in, unsigned char *out,
 void aesni_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
    size_t blocks, const void *key, const unsigned char *ivec);
+void aesni_ecb_encrypt(const unsigned char *in, unsigned char *out,
+    size_t length, const AES_KEY *key, int enc);
 void aesni_xts_encrypt(const unsigned char *in, unsigned char *out,
    size_t length, const AES_KEY *key1, const AES_KEY *key2,
    const unsigned char iv[16]);
@@ -161,6 +164,27 @@ aes_ctr32_encrypt_internal(const unsigned char *in, unsigned char *out,
 }
 void
+aes_ecb_encrypt_internal(const unsigned char *in, unsigned char *out,
+    size_t len, const AES_KEY *key, int encrypt)
+{
+        if ((crypto_cpu_caps_i386 & CRYPTO_CPU_CAPS_I386_AES) != 0) {
+                aesni_ecb_encrypt(in, out, len, key, encrypt);
+                return;
+        }
+        while (len >= AES_BLOCK_SIZE) {
+                if (encrypt)
+                        aes_encrypt_generic(in, out, key);
+                else
+                        aes_decrypt_generic(in, out, key);
+                in += AES_BLOCK_SIZE;
+                out += AES_BLOCK_SIZE;
+                len -= AES_BLOCK_SIZE;
+        }
+}
+void
 aes_xts_encrypt_internal(const unsigned char *in, unsigned char *out,
    size_t len, const AES_KEY *key1, const AES_KEY *key2,
    const unsigned char iv[16], int encrypt)
diff --git a/src/lib/libcrypto/arch/amd64/crypto_arch.h b/src/lib/libcrypto/arch/amd64/crypto_arch.h
index a51021a307..e8faf0bca1 100644
--- a/src/lib/libcrypto/arch/amd64/crypto_arch.h
+++ b/src/lib/libcrypto/arch/amd64/crypto_arch.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: crypto_arch.h,v 1.11 2025/07/21 10:24:23 jsing Exp $ */
+/*      $OpenBSD: crypto_arch.h,v 1.12 2025/07/22 09:13:49 jsing Exp $ */
 /*
 * Copyright (c) 2024 Joel Sing <jsing@openbsd.org>
 *
@@ -40,6 +40,7 @@ extern uint64_t crypto_cpu_caps_amd64;
 #define HAVE_AES_CBC_ENCRYPT_INTERNAL
 #define HAVE_AES_CCM64_ENCRYPT_INTERNAL
 #define HAVE_AES_CTR32_ENCRYPT_INTERNAL
+#define HAVE_AES_ECB_ENCRYPT_INTERNAL
 #define HAVE_AES_XTS_ENCRYPT_INTERNAL
 #define HAVE_GCM128_INIT
diff --git a/src/lib/libcrypto/arch/i386/crypto_arch.h b/src/lib/libcrypto/arch/i386/crypto_arch.h
index 34d041b382..ccaa3e8494 100644
--- a/src/lib/libcrypto/arch/i386/crypto_arch.h
+++ b/src/lib/libcrypto/arch/i386/crypto_arch.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: crypto_arch.h,v 1.10 2025/07/21 10:24:23 jsing Exp $ */
+/*      $OpenBSD: crypto_arch.h,v 1.11 2025/07/22 09:13:49 jsing Exp $ */
 /*
 * Copyright (c) 2024 Joel Sing <jsing@openbsd.org>
 *
@@ -40,6 +40,7 @@ extern uint64_t crypto_cpu_caps_i386;
 #define HAVE_AES_CBC_ENCRYPT_INTERNAL
 #define HAVE_AES_CCM64_ENCRYPT_INTERNAL
 #define HAVE_AES_CTR32_ENCRYPT_INTERNAL
+#define HAVE_AES_ECB_ENCRYPT_INTERNAL
 #define HAVE_AES_XTS_ENCRYPT_INTERNAL
 #define HAVE_GCM128_INIT
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index 0949c8bdb4..005f1c49b2 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_aes.c,v 1.80 2025/07/21 10:24:23 jsing Exp $ */
+/* $OpenBSD: e_aes.c,v 1.81 2025/07/22 09:13:49 jsing Exp $ */
 /* ====================================================================
 * Copyright (c) 2001-2011 The OpenSSL Project.  All rights reserved.
 *
@@ -99,36 +99,6 @@ typedef struct {
 #define MAXBITCHUNK     ((size_t)1<<(sizeof(size_t)*8-4))
-#if     defined(AES_ASM) &&                             (  \
-        ((defined(__i386)       || defined(__i386__)    || \
-          defined(_M_IX86)))|| \
-        defined(__x86_64)       || defined(__x86_64__)  || \
-        defined(_M_AMD64)       || defined(_M_X64)      || \
-        defined(__INTEL__)                              )
-#include "x86_arch.h"
-/*
- * AES-NI section
- */
-#define AESNI_CAPABLE   (crypto_cpu_caps_ia32() & CPUCAP_MASK_AESNI)
-void aesni_ecb_encrypt(const unsigned char *in, unsigned char *out,
-    size_t length, const AES_KEY *key, int enc);
-static int
-aesni_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-    const unsigned char *in, size_t len)
-{
-        if (len < ctx->cipher->block_size)
-                return 1;
-        aesni_ecb_encrypt(in, out, len, ctx->cipher_data, ctx->encrypt);
-        return 1;
-}
-#endif
 static int
 aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
    const unsigned char *iv, int enc)
@@ -301,19 +271,6 @@ EVP_aes_128_cbc(void)
 }
 LCRYPTO_ALIAS(EVP_aes_128_cbc);
-#ifdef AESNI_CAPABLE
-static const EVP_CIPHER aesni_128_ecb = {
-        .nid = NID_aes_128_ecb,
-        .block_size = 16,
-        .key_len = 16,
-        .iv_len = 0,
-        .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE,
-        .init = aes_ecb_init_key,
-        .do_cipher = aesni_ecb_cipher,
-        .ctx_size = sizeof(EVP_AES_KEY),
-};
-#endif
 static const EVP_CIPHER aes_128_ecb = {
        .nid = NID_aes_128_ecb,
        .block_size = 16,
@@ -328,11 +285,7 @@ static const EVP_CIPHER aes_128_ecb = {
 const EVP_CIPHER *
 EVP_aes_128_ecb(void)
 {
-#ifdef AESNI_CAPABLE
-        return AESNI_CAPABLE ? &aesni_128_ecb : &aes_128_ecb;
-#else
        return &aes_128_ecb;
-#endif
 }
 LCRYPTO_ALIAS(EVP_aes_128_ecb);
@@ -444,19 +397,6 @@ EVP_aes_192_cbc(void)
 }
 LCRYPTO_ALIAS(EVP_aes_192_cbc);
-#ifdef AESNI_CAPABLE
-static const EVP_CIPHER aesni_192_ecb = {
-        .nid = NID_aes_192_ecb,
-        .block_size = 16,
-        .key_len = 24,
-        .iv_len = 0,
-        .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE,
-        .init = aes_ecb_init_key,
-        .do_cipher = aesni_ecb_cipher,
-        .ctx_size = sizeof(EVP_AES_KEY),
-};
-#endif
 static const EVP_CIPHER aes_192_ecb = {
        .nid = NID_aes_192_ecb,
        .block_size = 16,
@@ -471,11 +411,7 @@ static const EVP_CIPHER aes_192_ecb = {
 const EVP_CIPHER *
 EVP_aes_192_ecb(void)
 {
-#ifdef AESNI_CAPABLE
-        return AESNI_CAPABLE ? &aesni_192_ecb : &aes_192_ecb;
-#else
        return &aes_192_ecb;
-#endif
 }
 LCRYPTO_ALIAS(EVP_aes_192_ecb);
@@ -587,19 +523,6 @@ EVP_aes_256_cbc(void)
 }
 LCRYPTO_ALIAS(EVP_aes_256_cbc);
-#ifdef AESNI_CAPABLE
-static const EVP_CIPHER aesni_256_ecb = {
-        .nid = NID_aes_256_ecb,
-        .block_size = 16,
-        .key_len = 32,
-        .iv_len = 0,
-        .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE,
-        .init = aes_ecb_init_key,
-        .do_cipher = aesni_ecb_cipher,
-        .ctx_size = sizeof(EVP_AES_KEY),
-};
-#endif
 static const EVP_CIPHER aes_256_ecb = {
        .nid = NID_aes_256_ecb,
        .block_size = 16,
@@ -614,11 +537,7 @@ static const EVP_CIPHER aes_256_ecb = {
 const EVP_CIPHER *
 EVP_aes_256_ecb(void)
 {
-#ifdef AESNI_CAPABLE
-        return AESNI_CAPABLE ? &aesni_256_ecb : &aes_256_ecb;
-#else
        return &aes_256_ecb;
-#endif
 }
 LCRYPTO_ALIAS(EVP_aes_256_ecb);
author	jsing <>	2025-07-22 09:13:49 +0000
committer	jsing <>	2025-07-22 09:13:49 +0000
commit	c128b1d7f07c34584cba1744237fac46230292d7 (patch)
tree	c109a52c16069d775f54e57aabf8ee4bdc49d5f5 /src
parent	a480cc6bd46609c720ef107acb4380c9f5d05fb0 (diff)
download	openbsd-c128b1d7f07c34584cba1744237fac46230292d7.tar.gz openbsd-c128b1d7f07c34584cba1744237fac46230292d7.tar.bz2 openbsd-c128b1d7f07c34584cba1744237fac46230292d7.zip