summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libcrypto/evp/e_aes.c1189
1 files changed, 1056 insertions, 133 deletions
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index 05ed002950..274c20df60 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: e_aes.c,v 1.42 2020/06/05 18:44:42 tb Exp $ */ 1/* $OpenBSD: e_aes.c,v 1.43 2022/08/02 07:51:37 jsing Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -385,120 +385,7 @@ aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
385static int aesni_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 385static int aesni_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
386 const unsigned char *in, size_t len); 386 const unsigned char *in, size_t len);
387 387
388#define BLOCK_CIPHER_generic(n,keylen,blocksize,ivlen,nmode,mode,MODE,fl) \ 388#endif
389static const EVP_CIPHER aesni_##keylen##_##mode = { \
390 .nid = n##_##keylen##_##nmode, \
391 .block_size = blocksize, \
392 .key_len = keylen / 8, \
393 .iv_len = ivlen, \
394 .flags = fl | EVP_CIPH_##MODE##_MODE, \
395 .init = aesni_init_key, \
396 .do_cipher = aesni_##mode##_cipher, \
397 .ctx_size = sizeof(EVP_AES_KEY) \
398}; \
399static const EVP_CIPHER aes_##keylen##_##mode = { \
400 .nid = n##_##keylen##_##nmode, \
401 .block_size = blocksize, \
402 .key_len = keylen / 8, \
403 .iv_len = ivlen, \
404 .flags = fl | EVP_CIPH_##MODE##_MODE, \
405 .init = aes_init_key, \
406 .do_cipher = aes_##mode##_cipher, \
407 .ctx_size = sizeof(EVP_AES_KEY) \
408}; \
409const EVP_CIPHER * \
410EVP_aes_##keylen##_##mode(void) \
411{ \
412 return AESNI_CAPABLE ? \
413 &aesni_##keylen##_##mode : &aes_##keylen##_##mode; \
414}
415
416#define BLOCK_CIPHER_custom(n,keylen,blocksize,ivlen,mode,MODE,fl) \
417static const EVP_CIPHER aesni_##keylen##_##mode = { \
418 .nid = n##_##keylen##_##mode, \
419 .block_size = blocksize, \
420 .key_len = \
421 (EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) * \
422 keylen / 8, \
423 .iv_len = ivlen, \
424 .flags = fl | EVP_CIPH_##MODE##_MODE, \
425 .init = aesni_##mode##_init_key, \
426 .do_cipher = aesni_##mode##_cipher, \
427 .cleanup = aes_##mode##_cleanup, \
428 .ctx_size = sizeof(EVP_AES_##MODE##_CTX), \
429 .ctrl = aes_##mode##_ctrl \
430}; \
431static const EVP_CIPHER aes_##keylen##_##mode = { \
432 .nid = n##_##keylen##_##mode, \
433 .block_size = blocksize, \
434 .key_len = \
435 (EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) * \
436 keylen / 8, \
437 .iv_len = ivlen, \
438 .flags = fl | EVP_CIPH_##MODE##_MODE, \
439 .init = aes_##mode##_init_key, \
440 .do_cipher = aes_##mode##_cipher, \
441 .cleanup = aes_##mode##_cleanup, \
442 .ctx_size = sizeof(EVP_AES_##MODE##_CTX), \
443 .ctrl = aes_##mode##_ctrl \
444}; \
445const EVP_CIPHER * \
446EVP_aes_##keylen##_##mode(void) \
447{ \
448 return AESNI_CAPABLE ? \
449 &aesni_##keylen##_##mode : &aes_##keylen##_##mode; \
450}
451
452#else
453
454#define BLOCK_CIPHER_generic(n,keylen,blocksize,ivlen,nmode,mode,MODE,fl) \
455static const EVP_CIPHER aes_##keylen##_##mode = { \
456 .nid = n##_##keylen##_##nmode, \
457 .block_size = blocksize, \
458 .key_len = keylen / 8, \
459 .iv_len = ivlen, \
460 .flags = fl | EVP_CIPH_##MODE##_MODE, \
461 .init = aes_init_key, \
462 .do_cipher = aes_##mode##_cipher, \
463 .ctx_size = sizeof(EVP_AES_KEY) \
464}; \
465const EVP_CIPHER * \
466EVP_aes_##keylen##_##mode(void) \
467{ \
468 return &aes_##keylen##_##mode; \
469}
470
471#define BLOCK_CIPHER_custom(n,keylen,blocksize,ivlen,mode,MODE,fl) \
472static const EVP_CIPHER aes_##keylen##_##mode = { \
473 .nid = n##_##keylen##_##mode, \
474 .block_size = blocksize, \
475 .key_len = \
476 (EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) * \
477 keylen / 8, \
478 .iv_len = ivlen, \
479 .flags = fl | EVP_CIPH_##MODE##_MODE, \
480 .init = aes_##mode##_init_key, \
481 .do_cipher = aes_##mode##_cipher, \
482 .cleanup = aes_##mode##_cleanup, \
483 .ctx_size = sizeof(EVP_AES_##MODE##_CTX), \
484 .ctrl = aes_##mode##_ctrl \
485}; \
486const EVP_CIPHER * \
487EVP_aes_##keylen##_##mode(void) \
488{ \
489 return &aes_##keylen##_##mode; \
490}
491
492#endif
493
494#define BLOCK_CIPHER_generic_pack(nid,keylen,flags) \
495 BLOCK_CIPHER_generic(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \
496 BLOCK_CIPHER_generic(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \
497 BLOCK_CIPHER_generic(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \
498 BLOCK_CIPHER_generic(nid,keylen,1,16,cfb128,cfb,CFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \
499 BLOCK_CIPHER_generic(nid,keylen,1,16,cfb1,cfb1,CFB,flags) \
500 BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags) \
501 BLOCK_CIPHER_generic(nid,keylen,1,16,ctr,ctr,CTR,flags)
502 389
503static int 390static int
504aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 391aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@@ -664,7 +551,8 @@ aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
664 return 1; 551 return 1;
665} 552}
666 553
667static int aes_ctr_cipher (EVP_CIPHER_CTX *ctx, unsigned char *out, 554static int
555aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
668 const unsigned char *in, size_t len) 556 const unsigned char *in, size_t len)
669{ 557{
670 unsigned int num = ctx->num; 558 unsigned int num = ctx->num;
@@ -680,9 +568,722 @@ static int aes_ctr_cipher (EVP_CIPHER_CTX *ctx, unsigned char *out,
680 return 1; 568 return 1;
681} 569}
682 570
683BLOCK_CIPHER_generic_pack(NID_aes, 128, EVP_CIPH_FLAG_FIPS) 571
684BLOCK_CIPHER_generic_pack(NID_aes, 192, EVP_CIPH_FLAG_FIPS) 572#ifdef AESNI_CAPABLE
685BLOCK_CIPHER_generic_pack(NID_aes, 256, EVP_CIPH_FLAG_FIPS) 573static const EVP_CIPHER aesni_128_cbc = {
574 .nid = NID_aes_128_cbc,
575 .block_size = 16,
576 .key_len = 128 / 8,
577 .iv_len = 16,
578 .flags = EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE,
579 .init = aesni_init_key,
580 .do_cipher = aesni_cbc_cipher,
581 .ctx_size = sizeof(EVP_AES_KEY),
582};
583#endif
584
585static const EVP_CIPHER aes_128_cbc = {
586 .nid = NID_aes_128_cbc,
587 .block_size = 16,
588 .key_len = 128 / 8,
589 .iv_len = 16,
590 .flags = EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE,
591 .init = aes_init_key,
592 .do_cipher = aes_cbc_cipher,
593 .ctx_size = sizeof(EVP_AES_KEY),
594};
595
596const EVP_CIPHER *
597EVP_aes_128_cbc(void)
598{
599#ifdef AESNI_CAPABLE
600 return AESNI_CAPABLE ? &aesni_128_cbc : &aes_128_cbc;
601#else
602 return &aes_128_cbc;
603#endif
604}
605
606#ifdef AESNI_CAPABLE
607static const EVP_CIPHER aesni_128_ecb = {
608 .nid = NID_aes_128_ecb,
609 .block_size = 16,
610 .key_len = 128 / 8,
611 .iv_len = 0,
612 .flags = EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE,
613 .init = aesni_init_key,
614 .do_cipher = aesni_ecb_cipher,
615 .ctx_size = sizeof(EVP_AES_KEY),
616};
617#endif
618
619static const EVP_CIPHER aes_128_ecb = {
620 .nid = NID_aes_128_ecb,
621 .block_size = 16,
622 .key_len = 128 / 8,
623 .iv_len = 0,
624 .flags = EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE,
625 .init = aes_init_key,
626 .do_cipher = aes_ecb_cipher,
627 .ctx_size = sizeof(EVP_AES_KEY),
628};
629
630const EVP_CIPHER *
631EVP_aes_128_ecb(void)
632{
633#ifdef AESNI_CAPABLE
634 return AESNI_CAPABLE ? &aesni_128_ecb : &aes_128_ecb;
635#else
636 return &aes_128_ecb;
637#endif
638}
639
640#ifdef AESNI_CAPABLE
641static const EVP_CIPHER aesni_128_ofb = {
642 .nid = NID_aes_128_ofb128,
643 .block_size = 1,
644 .key_len = 128 / 8,
645 .iv_len = 16,
646 .flags = EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_OFB_MODE,
647 .init = aesni_init_key,
648 .do_cipher = aesni_ofb_cipher,
649 .ctx_size = sizeof(EVP_AES_KEY),
650};
651#endif
652
653static const EVP_CIPHER aes_128_ofb = {
654 .nid = NID_aes_128_ofb128,
655 .block_size = 1,
656 .key_len = 128 / 8,
657 .iv_len = 16,
658 .flags = EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_OFB_MODE,
659 .init = aes_init_key,
660 .do_cipher = aes_ofb_cipher,
661 .ctx_size = sizeof(EVP_AES_KEY),
662};
663
664const EVP_CIPHER *
665EVP_aes_128_ofb(void)
666{
667#ifdef AESNI_CAPABLE
668 return AESNI_CAPABLE ? &aesni_128_ofb : &aes_128_ofb;
669#else
670 return &aes_128_ofb;
671#endif
672}
673
674#ifdef AESNI_CAPABLE
675static const EVP_CIPHER aesni_128_cfb = {
676 .nid = NID_aes_128_cfb128,
677 .block_size = 1,
678 .key_len = 128 / 8,
679 .iv_len = 16,
680 .flags = EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CFB_MODE,
681 .init = aesni_init_key,
682 .do_cipher = aesni_cfb_cipher,
683 .ctx_size = sizeof(EVP_AES_KEY),
684};
685#endif
686
687static const EVP_CIPHER aes_128_cfb = {
688 .nid = NID_aes_128_cfb128,
689 .block_size = 1,
690 .key_len = 128 / 8,
691 .iv_len = 16,
692 .flags = EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CFB_MODE,
693 .init = aes_init_key,
694 .do_cipher = aes_cfb_cipher,
695 .ctx_size = sizeof(EVP_AES_KEY),
696};
697
698const EVP_CIPHER *
699EVP_aes_128_cfb(void)
700{
701#ifdef AESNI_CAPABLE
702 return AESNI_CAPABLE ? &aesni_128_cfb : &aes_128_cfb;
703#else
704 return &aes_128_cfb;
705#endif
706}
707
708#ifdef AESNI_CAPABLE
709static const EVP_CIPHER aesni_128_cfb1 = {
710 .nid = NID_aes_128_cfb1,
711 .block_size = 1,
712 .key_len = 128 / 8,
713 .iv_len = 16,
714 .flags = EVP_CIPH_FLAG_FIPS | EVP_CIPH_CFB_MODE,
715 .init = aesni_init_key,
716 .do_cipher = aesni_cfb1_cipher,
717 .ctx_size = sizeof(EVP_AES_KEY),
718};
719#endif
720
721static const EVP_CIPHER aes_128_cfb1 = {
722 .nid = NID_aes_128_cfb1,
723 .block_size = 1,
724 .key_len = 128 / 8,
725 .iv_len = 16,
726 .flags = EVP_CIPH_FLAG_FIPS | EVP_CIPH_CFB_MODE,
727 .init = aes_init_key,
728 .do_cipher = aes_cfb1_cipher,
729 .ctx_size = sizeof(EVP_AES_KEY),
730};
731
732const EVP_CIPHER *
733EVP_aes_128_cfb1(void)
734{
735#ifdef AESNI_CAPABLE
736 return AESNI_CAPABLE ? &aesni_128_cfb1 : &aes_128_cfb1;
737#else
738 return &aes_128_cfb1;
739#endif
740}
741
742#ifdef AESNI_CAPABLE
743static const EVP_CIPHER aesni_128_cfb8 = {
744 .nid = NID_aes_128_cfb8,
745 .block_size = 1,
746 .key_len = 128 / 8,
747 .iv_len = 16,
748 .flags = EVP_CIPH_FLAG_FIPS | EVP_CIPH_CFB_MODE,
749 .init = aesni_init_key,
750 .do_cipher = aesni_cfb8_cipher,
751 .ctx_size = sizeof(EVP_AES_KEY),
752};
753#endif
754
755static const EVP_CIPHER aes_128_cfb8 = {
756 .nid = NID_aes_128_cfb8,
757 .block_size = 1,
758 .key_len = 128 / 8,
759 .iv_len = 16,
760 .flags = EVP_CIPH_FLAG_FIPS | EVP_CIPH_CFB_MODE,
761 .init = aes_init_key,
762 .do_cipher = aes_cfb8_cipher,
763 .ctx_size = sizeof(EVP_AES_KEY),
764};
765
766const EVP_CIPHER *
767EVP_aes_128_cfb8(void)
768{
769#ifdef AESNI_CAPABLE
770 return AESNI_CAPABLE ? &aesni_128_cfb8 : &aes_128_cfb8;
771#else
772 return &aes_128_cfb8;
773#endif
774}
775
776#ifdef AESNI_CAPABLE
777static const EVP_CIPHER aesni_128_ctr = {
778 .nid = NID_aes_128_ctr,
779 .block_size = 1,
780 .key_len = 128 / 8,
781 .iv_len = 16,
782 .flags = EVP_CIPH_FLAG_FIPS | EVP_CIPH_CTR_MODE,
783 .init = aesni_init_key,
784 .do_cipher = aesni_ctr_cipher,
785 .ctx_size = sizeof(EVP_AES_KEY),
786};
787#endif
788
789static const EVP_CIPHER aes_128_ctr = {
790 .nid = NID_aes_128_ctr,
791 .block_size = 1,
792 .key_len = 128 / 8,
793 .iv_len = 16,
794 .flags = EVP_CIPH_FLAG_FIPS | EVP_CIPH_CTR_MODE,
795 .init = aes_init_key,
796 .do_cipher = aes_ctr_cipher,
797 .ctx_size = sizeof(EVP_AES_KEY),
798};
799
800const EVP_CIPHER *
801EVP_aes_128_ctr(void)
802{
803#ifdef AESNI_CAPABLE
804 return AESNI_CAPABLE ? &aesni_128_ctr : &aes_128_ctr;
805#else
806 return &aes_128_ctr;
807#endif
808}
809
810
811#ifdef AESNI_CAPABLE
812static const EVP_CIPHER aesni_192_cbc = {
813 .nid = NID_aes_192_cbc,
814 .block_size = 16,
815 .key_len = 192 / 8,
816 .iv_len = 16,
817 .flags = EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE,
818 .init = aesni_init_key,
819 .do_cipher = aesni_cbc_cipher,
820 .ctx_size = sizeof(EVP_AES_KEY),
821};
822#endif
823
824static const EVP_CIPHER aes_192_cbc = {
825 .nid = NID_aes_192_cbc,
826 .block_size = 16,
827 .key_len = 192 / 8,
828 .iv_len = 16,
829 .flags = EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE,
830 .init = aes_init_key,
831 .do_cipher = aes_cbc_cipher,
832 .ctx_size = sizeof(EVP_AES_KEY),
833};
834
835const EVP_CIPHER *
836EVP_aes_192_cbc(void)
837{
838#ifdef AESNI_CAPABLE
839 return AESNI_CAPABLE ? &aesni_192_cbc : &aes_192_cbc;
840#else
841 return &aes_192_cbc;
842#endif
843}
844
845#ifdef AESNI_CAPABLE
846static const EVP_CIPHER aesni_192_ecb = {
847 .nid = NID_aes_192_ecb,
848 .block_size = 16,
849 .key_len = 192 / 8,
850 .iv_len = 0,
851 .flags = EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE,
852 .init = aesni_init_key,
853 .do_cipher = aesni_ecb_cipher,
854 .ctx_size = sizeof(EVP_AES_KEY),
855};
856#endif
857
858static const EVP_CIPHER aes_192_ecb = {
859 .nid = NID_aes_192_ecb,
860 .block_size = 16,
861 .key_len = 192 / 8,
862 .iv_len = 0,
863 .flags = EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE,
864 .init = aes_init_key,
865 .do_cipher = aes_ecb_cipher,
866 .ctx_size = sizeof(EVP_AES_KEY),
867};
868
869const EVP_CIPHER *
870EVP_aes_192_ecb(void)
871{
872#ifdef AESNI_CAPABLE
873 return AESNI_CAPABLE ? &aesni_192_ecb : &aes_192_ecb;
874#else
875 return &aes_192_ecb;
876#endif
877}
878
879#ifdef AESNI_CAPABLE
880static const EVP_CIPHER aesni_192_ofb = {
881 .nid = NID_aes_192_ofb128,
882 .block_size = 1,
883 .key_len = 192 / 8,
884 .iv_len = 16,
885 .flags = EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_OFB_MODE,
886 .init = aesni_init_key,
887 .do_cipher = aesni_ofb_cipher,
888 .ctx_size = sizeof(EVP_AES_KEY),
889};
890#endif
891
892static const EVP_CIPHER aes_192_ofb = {
893 .nid = NID_aes_192_ofb128,
894 .block_size = 1,
895 .key_len = 192 / 8,
896 .iv_len = 16,
897 .flags = EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_OFB_MODE,
898 .init = aes_init_key,
899 .do_cipher = aes_ofb_cipher,
900 .ctx_size = sizeof(EVP_AES_KEY),
901};
902
903const EVP_CIPHER *
904EVP_aes_192_ofb(void)
905{
906#ifdef AESNI_CAPABLE
907 return AESNI_CAPABLE ? &aesni_192_ofb : &aes_192_ofb;
908#else
909 return &aes_192_ofb;
910#endif
911}
912
913#ifdef AESNI_CAPABLE
914static const EVP_CIPHER aesni_192_cfb = {
915 .nid = NID_aes_192_cfb128,
916 .block_size = 1,
917 .key_len = 192 / 8,
918 .iv_len = 16,
919 .flags = EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CFB_MODE,
920 .init = aesni_init_key,
921 .do_cipher = aesni_cfb_cipher,
922 .ctx_size = sizeof(EVP_AES_KEY),
923};
924#endif
925
926static const EVP_CIPHER aes_192_cfb = {
927 .nid = NID_aes_192_cfb128,
928 .block_size = 1,
929 .key_len = 192 / 8,
930 .iv_len = 16,
931 .flags = EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CFB_MODE,
932 .init = aes_init_key,
933 .do_cipher = aes_cfb_cipher,
934 .ctx_size = sizeof(EVP_AES_KEY),
935};
936
937const EVP_CIPHER *
938EVP_aes_192_cfb(void)
939{
940#ifdef AESNI_CAPABLE
941 return AESNI_CAPABLE ? &aesni_192_cfb : &aes_192_cfb;
942#else
943 return &aes_192_cfb;
944#endif
945}
946
947#ifdef AESNI_CAPABLE
948static const EVP_CIPHER aesni_192_cfb1 = {
949 .nid = NID_aes_192_cfb1,
950 .block_size = 1,
951 .key_len = 192 / 8,
952 .iv_len = 16,
953 .flags = EVP_CIPH_FLAG_FIPS | EVP_CIPH_CFB_MODE,
954 .init = aesni_init_key,
955 .do_cipher = aesni_cfb1_cipher,
956 .ctx_size = sizeof(EVP_AES_KEY),
957};
958#endif
959
960static const EVP_CIPHER aes_192_cfb1 = {
961 .nid = NID_aes_192_cfb1,
962 .block_size = 1,
963 .key_len = 192 / 8,
964 .iv_len = 16,
965 .flags = EVP_CIPH_FLAG_FIPS | EVP_CIPH_CFB_MODE,
966 .init = aes_init_key,
967 .do_cipher = aes_cfb1_cipher,
968 .ctx_size = sizeof(EVP_AES_KEY),
969};
970
971const EVP_CIPHER *
972EVP_aes_192_cfb1(void)
973{
974#ifdef AESNI_CAPABLE
975 return AESNI_CAPABLE ? &aesni_192_cfb1 : &aes_192_cfb1;
976#else
977 return &aes_192_cfb1;
978#endif
979}
980
981#ifdef AESNI_CAPABLE
982static const EVP_CIPHER aesni_192_cfb8 = {
983 .nid = NID_aes_192_cfb8,
984 .block_size = 1,
985 .key_len = 192 / 8,
986 .iv_len = 16,
987 .flags = EVP_CIPH_FLAG_FIPS | EVP_CIPH_CFB_MODE,
988 .init = aesni_init_key,
989 .do_cipher = aesni_cfb8_cipher,
990 .ctx_size = sizeof(EVP_AES_KEY),
991};
992#endif
993
994static const EVP_CIPHER aes_192_cfb8 = {
995 .nid = NID_aes_192_cfb8,
996 .block_size = 1,
997 .key_len = 192 / 8,
998 .iv_len = 16,
999 .flags = EVP_CIPH_FLAG_FIPS | EVP_CIPH_CFB_MODE,
1000 .init = aes_init_key,
1001 .do_cipher = aes_cfb8_cipher,
1002 .ctx_size = sizeof(EVP_AES_KEY),
1003};
1004
1005const EVP_CIPHER *
1006EVP_aes_192_cfb8(void)
1007{
1008#ifdef AESNI_CAPABLE
1009 return AESNI_CAPABLE ? &aesni_192_cfb8 : &aes_192_cfb8;
1010#else
1011 return &aes_192_cfb8;
1012#endif
1013}
1014
1015#ifdef AESNI_CAPABLE
1016static const EVP_CIPHER aesni_192_ctr = {
1017 .nid = NID_aes_192_ctr,
1018 .block_size = 1,
1019 .key_len = 192 / 8,
1020 .iv_len = 16,
1021 .flags = EVP_CIPH_FLAG_FIPS | EVP_CIPH_CTR_MODE,
1022 .init = aesni_init_key,
1023 .do_cipher = aesni_ctr_cipher,
1024 .ctx_size = sizeof(EVP_AES_KEY),
1025};
1026#endif
1027
1028static const EVP_CIPHER aes_192_ctr = {
1029 .nid = NID_aes_192_ctr,
1030 .block_size = 1,
1031 .key_len = 192 / 8,
1032 .iv_len = 16,
1033 .flags = EVP_CIPH_FLAG_FIPS | EVP_CIPH_CTR_MODE,
1034 .init = aes_init_key,
1035 .do_cipher = aes_ctr_cipher,
1036 .ctx_size = sizeof(EVP_AES_KEY),
1037};
1038
1039const EVP_CIPHER *
1040EVP_aes_192_ctr(void)
1041{
1042#ifdef AESNI_CAPABLE
1043 return AESNI_CAPABLE ? &aesni_192_ctr : &aes_192_ctr;
1044#else
1045 return &aes_192_ctr;
1046#endif
1047}
1048
1049
1050#ifdef AESNI_CAPABLE
1051static const EVP_CIPHER aesni_256_cbc = {
1052 .nid = NID_aes_256_cbc,
1053 .block_size = 16,
1054 .key_len = 256 / 8,
1055 .iv_len = 16,
1056 .flags = EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE,
1057 .init = aesni_init_key,
1058 .do_cipher = aesni_cbc_cipher,
1059 .ctx_size = sizeof(EVP_AES_KEY),
1060};
1061#endif
1062
1063static const EVP_CIPHER aes_256_cbc = {
1064 .nid = NID_aes_256_cbc,
1065 .block_size = 16,
1066 .key_len = 256 / 8,
1067 .iv_len = 16,
1068 .flags = EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE,
1069 .init = aes_init_key,
1070 .do_cipher = aes_cbc_cipher,
1071 .ctx_size = sizeof(EVP_AES_KEY),
1072};
1073
1074const EVP_CIPHER *
1075EVP_aes_256_cbc(void)
1076{
1077#ifdef AESNI_CAPABLE
1078 return AESNI_CAPABLE ? &aesni_256_cbc : &aes_256_cbc;
1079#else
1080 return &aes_256_cbc;
1081#endif
1082}
1083
1084#ifdef AESNI_CAPABLE
1085static const EVP_CIPHER aesni_256_ecb = {
1086 .nid = NID_aes_256_ecb,
1087 .block_size = 16,
1088 .key_len = 256 / 8,
1089 .iv_len = 0,
1090 .flags = EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE,
1091 .init = aesni_init_key,
1092 .do_cipher = aesni_ecb_cipher,
1093 .ctx_size = sizeof(EVP_AES_KEY),
1094};
1095#endif
1096
1097static const EVP_CIPHER aes_256_ecb = {
1098 .nid = NID_aes_256_ecb,
1099 .block_size = 16,
1100 .key_len = 256 / 8,
1101 .iv_len = 0,
1102 .flags = EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE,
1103 .init = aes_init_key,
1104 .do_cipher = aes_ecb_cipher,
1105 .ctx_size = sizeof(EVP_AES_KEY),
1106};
1107
1108const EVP_CIPHER *
1109EVP_aes_256_ecb(void)
1110{
1111#ifdef AESNI_CAPABLE
1112 return AESNI_CAPABLE ? &aesni_256_ecb : &aes_256_ecb;
1113#else
1114 return &aes_256_ecb;
1115#endif
1116}
1117
1118#ifdef AESNI_CAPABLE
1119static const EVP_CIPHER aesni_256_ofb = {
1120 .nid = NID_aes_256_ofb128,
1121 .block_size = 1,
1122 .key_len = 256 / 8,
1123 .iv_len = 16,
1124 .flags = EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_OFB_MODE,
1125 .init = aesni_init_key,
1126 .do_cipher = aesni_ofb_cipher,
1127 .ctx_size = sizeof(EVP_AES_KEY),
1128};
1129#endif
1130
1131static const EVP_CIPHER aes_256_ofb = {
1132 .nid = NID_aes_256_ofb128,
1133 .block_size = 1,
1134 .key_len = 256 / 8,
1135 .iv_len = 16,
1136 .flags = EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_OFB_MODE,
1137 .init = aes_init_key,
1138 .do_cipher = aes_ofb_cipher,
1139 .ctx_size = sizeof(EVP_AES_KEY),
1140};
1141
1142const EVP_CIPHER *
1143EVP_aes_256_ofb(void)
1144{
1145#ifdef AESNI_CAPABLE
1146 return AESNI_CAPABLE ? &aesni_256_ofb : &aes_256_ofb;
1147#else
1148 return &aes_256_ofb;
1149#endif
1150}
1151
1152#ifdef AESNI_CAPABLE
1153static const EVP_CIPHER aesni_256_cfb = {
1154 .nid = NID_aes_256_cfb128,
1155 .block_size = 1,
1156 .key_len = 256 / 8,
1157 .iv_len = 16,
1158 .flags = EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CFB_MODE,
1159 .init = aesni_init_key,
1160 .do_cipher = aesni_cfb_cipher,
1161 .ctx_size = sizeof(EVP_AES_KEY),
1162};
1163#endif
1164
1165static const EVP_CIPHER aes_256_cfb = {
1166 .nid = NID_aes_256_cfb128,
1167 .block_size = 1,
1168 .key_len = 256 / 8,
1169 .iv_len = 16,
1170 .flags = EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CFB_MODE,
1171 .init = aes_init_key,
1172 .do_cipher = aes_cfb_cipher,
1173 .ctx_size = sizeof(EVP_AES_KEY),
1174};
1175
1176const EVP_CIPHER *
1177EVP_aes_256_cfb(void)
1178{
1179#ifdef AESNI_CAPABLE
1180 return AESNI_CAPABLE ? &aesni_256_cfb : &aes_256_cfb;
1181#else
1182 return &aes_256_cfb;
1183#endif
1184}
1185
1186#ifdef AESNI_CAPABLE
1187static const EVP_CIPHER aesni_256_cfb1 = {
1188 .nid = NID_aes_256_cfb1,
1189 .block_size = 1,
1190 .key_len = 256 / 8,
1191 .iv_len = 16,
1192 .flags = EVP_CIPH_FLAG_FIPS | EVP_CIPH_CFB_MODE,
1193 .init = aesni_init_key,
1194 .do_cipher = aesni_cfb1_cipher,
1195 .ctx_size = sizeof(EVP_AES_KEY),
1196};
1197#endif
1198
1199static const EVP_CIPHER aes_256_cfb1 = {
1200 .nid = NID_aes_256_cfb1,
1201 .block_size = 1,
1202 .key_len = 256 / 8,
1203 .iv_len = 16,
1204 .flags = EVP_CIPH_FLAG_FIPS | EVP_CIPH_CFB_MODE,
1205 .init = aes_init_key,
1206 .do_cipher = aes_cfb1_cipher,
1207 .ctx_size = sizeof(EVP_AES_KEY),
1208};
1209
1210const EVP_CIPHER *
1211EVP_aes_256_cfb1(void)
1212{
1213#ifdef AESNI_CAPABLE
1214 return AESNI_CAPABLE ? &aesni_256_cfb1 : &aes_256_cfb1;
1215#else
1216 return &aes_256_cfb1;
1217#endif
1218}
1219
1220#ifdef AESNI_CAPABLE
1221static const EVP_CIPHER aesni_256_cfb8 = {
1222 .nid = NID_aes_256_cfb8,
1223 .block_size = 1,
1224 .key_len = 256 / 8,
1225 .iv_len = 16,
1226 .flags = EVP_CIPH_FLAG_FIPS | EVP_CIPH_CFB_MODE,
1227 .init = aesni_init_key,
1228 .do_cipher = aesni_cfb8_cipher,
1229 .ctx_size = sizeof(EVP_AES_KEY),
1230};
1231#endif
1232
1233static const EVP_CIPHER aes_256_cfb8 = {
1234 .nid = NID_aes_256_cfb8,
1235 .block_size = 1,
1236 .key_len = 256 / 8,
1237 .iv_len = 16,
1238 .flags = EVP_CIPH_FLAG_FIPS | EVP_CIPH_CFB_MODE,
1239 .init = aes_init_key,
1240 .do_cipher = aes_cfb8_cipher,
1241 .ctx_size = sizeof(EVP_AES_KEY),
1242};
1243
1244const EVP_CIPHER *
1245EVP_aes_256_cfb8(void)
1246{
1247#ifdef AESNI_CAPABLE
1248 return AESNI_CAPABLE ? &aesni_256_cfb8 : &aes_256_cfb8;
1249#else
1250 return &aes_256_cfb8;
1251#endif
1252}
1253
1254#ifdef AESNI_CAPABLE
1255static const EVP_CIPHER aesni_256_ctr = {
1256 .nid = NID_aes_256_ctr,
1257 .block_size = 1,
1258 .key_len = 256 / 8,
1259 .iv_len = 16,
1260 .flags = EVP_CIPH_FLAG_FIPS | EVP_CIPH_CTR_MODE,
1261 .init = aesni_init_key,
1262 .do_cipher = aesni_ctr_cipher,
1263 .ctx_size = sizeof(EVP_AES_KEY),
1264};
1265#endif
1266
1267static const EVP_CIPHER aes_256_ctr = {
1268 .nid = NID_aes_256_ctr,
1269 .block_size = 1,
1270 .key_len = 256 / 8,
1271 .iv_len = 16,
1272 .flags = EVP_CIPH_FLAG_FIPS | EVP_CIPH_CTR_MODE,
1273 .init = aes_init_key,
1274 .do_cipher = aes_ctr_cipher,
1275 .ctx_size = sizeof(EVP_AES_KEY),
1276};
1277
1278const EVP_CIPHER *
1279EVP_aes_256_ctr(void)
1280{
1281#ifdef AESNI_CAPABLE
1282 return AESNI_CAPABLE ? &aesni_256_ctr : &aes_256_ctr;
1283#else
1284 return &aes_256_ctr;
1285#endif
1286}
686 1287
687static int 1288static int
688aes_gcm_cleanup(EVP_CIPHER_CTX *c) 1289aes_gcm_cleanup(EVP_CIPHER_CTX *c)
@@ -1061,12 +1662,132 @@ aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1061 EVP_CIPH_FLAG_CUSTOM_CIPHER | EVP_CIPH_ALWAYS_CALL_INIT | \ 1662 EVP_CIPH_FLAG_CUSTOM_CIPHER | EVP_CIPH_ALWAYS_CALL_INIT | \
1062 EVP_CIPH_CTRL_INIT | EVP_CIPH_CUSTOM_COPY ) 1663 EVP_CIPH_CTRL_INIT | EVP_CIPH_CUSTOM_COPY )
1063 1664
1064BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM, 1665
1065 EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS) 1666#ifdef AESNI_CAPABLE
1066BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, gcm, GCM, 1667static const EVP_CIPHER aesni_128_gcm = {
1067 EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS) 1668 .nid = NID_aes_128_gcm,
1068BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, gcm, GCM, 1669 .block_size = 1,
1069 EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS) 1670 .key_len =
1671 (EVP_CIPH_GCM_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) *
1672 128 / 8,
1673 .iv_len = 12,
1674 .flags = EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS | EVP_CIPH_GCM_MODE,
1675 .init = aesni_gcm_init_key,
1676 .do_cipher = aesni_gcm_cipher,
1677 .cleanup = aes_gcm_cleanup,
1678 .ctx_size = sizeof(EVP_AES_GCM_CTX),
1679 .ctrl = aes_gcm_ctrl,
1680};
1681#endif
1682
1683static const EVP_CIPHER aes_128_gcm = {
1684 .nid = NID_aes_128_gcm,
1685 .block_size = 1,
1686 .key_len =
1687 (EVP_CIPH_GCM_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) *
1688 128 / 8,
1689 .iv_len = 12,
1690 .flags = EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS | EVP_CIPH_GCM_MODE,
1691 .init = aes_gcm_init_key,
1692 .do_cipher = aes_gcm_cipher,
1693 .cleanup = aes_gcm_cleanup,
1694 .ctx_size = sizeof(EVP_AES_GCM_CTX),
1695 .ctrl = aes_gcm_ctrl,
1696};
1697
1698const EVP_CIPHER *
1699EVP_aes_128_gcm(void)
1700{
1701#ifdef AESNI_CAPABLE
1702 return AESNI_CAPABLE ? &aesni_128_gcm : &aes_128_gcm;
1703#else
1704 return &aes_128_gcm;
1705#endif
1706}
1707
1708#ifdef AESNI_CAPABLE
1709static const EVP_CIPHER aesni_192_gcm = {
1710 .nid = NID_aes_192_gcm,
1711 .block_size = 1,
1712 .key_len =
1713 (EVP_CIPH_GCM_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) *
1714 192 / 8,
1715 .iv_len = 12,
1716 .flags = EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS | EVP_CIPH_GCM_MODE,
1717 .init = aesni_gcm_init_key,
1718 .do_cipher = aesni_gcm_cipher,
1719 .cleanup = aes_gcm_cleanup,
1720 .ctx_size = sizeof(EVP_AES_GCM_CTX),
1721 .ctrl = aes_gcm_ctrl,
1722};
1723#endif
1724
1725static const EVP_CIPHER aes_192_gcm = {
1726 .nid = NID_aes_192_gcm,
1727 .block_size = 1,
1728 .key_len =
1729 (EVP_CIPH_GCM_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) *
1730 192 / 8,
1731 .iv_len = 12,
1732 .flags = EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS | EVP_CIPH_GCM_MODE,
1733 .init = aes_gcm_init_key,
1734 .do_cipher = aes_gcm_cipher,
1735 .cleanup = aes_gcm_cleanup,
1736 .ctx_size = sizeof(EVP_AES_GCM_CTX),
1737 .ctrl = aes_gcm_ctrl,
1738};
1739
1740const EVP_CIPHER *
1741EVP_aes_192_gcm(void)
1742{
1743#ifdef AESNI_CAPABLE
1744 return AESNI_CAPABLE ? &aesni_192_gcm : &aes_192_gcm;
1745#else
1746 return &aes_192_gcm;
1747#endif
1748}
1749
1750#ifdef AESNI_CAPABLE
1751static const EVP_CIPHER aesni_256_gcm = {
1752 .nid = NID_aes_256_gcm,
1753 .block_size = 1,
1754 .key_len =
1755 (EVP_CIPH_GCM_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) *
1756 256 / 8,
1757 .iv_len = 12,
1758 .flags = EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS | EVP_CIPH_GCM_MODE,
1759 .init = aesni_gcm_init_key,
1760 .do_cipher = aesni_gcm_cipher,
1761 .cleanup = aes_gcm_cleanup,
1762 .ctx_size = sizeof(EVP_AES_GCM_CTX),
1763 .ctrl = aes_gcm_ctrl,
1764};
1765#endif
1766
1767static const EVP_CIPHER aes_256_gcm = {
1768 .nid = NID_aes_256_gcm,
1769 .block_size = 1,
1770 .key_len =
1771 (EVP_CIPH_GCM_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) *
1772 256 / 8,
1773 .iv_len = 12,
1774 .flags = EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS | EVP_CIPH_GCM_MODE,
1775 .init = aes_gcm_init_key,
1776 .do_cipher = aes_gcm_cipher,
1777 .cleanup = aes_gcm_cleanup,
1778 .ctx_size = sizeof(EVP_AES_GCM_CTX),
1779 .ctrl = aes_gcm_ctrl,
1780};
1781
1782const EVP_CIPHER *
1783EVP_aes_256_gcm(void)
1784{
1785#ifdef AESNI_CAPABLE
1786 return AESNI_CAPABLE ? &aesni_256_gcm : &aes_256_gcm;
1787#else
1788 return &aes_256_gcm;
1789#endif
1790}
1070 1791
1071static int 1792static int
1072aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) 1793aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
@@ -1197,8 +1918,90 @@ aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1197 ( EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV | \ 1918 ( EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV | \
1198 EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT | EVP_CIPH_CUSTOM_COPY ) 1919 EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT | EVP_CIPH_CUSTOM_COPY )
1199 1920
1200BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS, EVP_CIPH_FLAG_FIPS|XTS_FLAGS) 1921
1201BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, EVP_CIPH_FLAG_FIPS|XTS_FLAGS) 1922#ifdef AESNI_CAPABLE
1923static const EVP_CIPHER aesni_128_xts = {
1924 .nid = NID_aes_128_xts,
1925 .block_size = 1,
1926 .key_len =
1927 (EVP_CIPH_XTS_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) *
1928 128 / 8,
1929 .iv_len = 16,
1930 .flags = EVP_CIPH_FLAG_FIPS|XTS_FLAGS | EVP_CIPH_XTS_MODE,
1931 .init = aesni_xts_init_key,
1932 .do_cipher = aesni_xts_cipher,
1933 .cleanup = aes_xts_cleanup,
1934 .ctx_size = sizeof(EVP_AES_XTS_CTX),
1935 .ctrl = aes_xts_ctrl,
1936};
1937#endif
1938
1939static const EVP_CIPHER aes_128_xts = {
1940 .nid = NID_aes_128_xts,
1941 .block_size = 1,
1942 .key_len =
1943 (EVP_CIPH_XTS_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) *
1944 128 / 8,
1945 .iv_len = 16,
1946 .flags = EVP_CIPH_FLAG_FIPS|XTS_FLAGS | EVP_CIPH_XTS_MODE,
1947 .init = aes_xts_init_key,
1948 .do_cipher = aes_xts_cipher,
1949 .cleanup = aes_xts_cleanup,
1950 .ctx_size = sizeof(EVP_AES_XTS_CTX),
1951 .ctrl = aes_xts_ctrl,
1952};
1953
1954const EVP_CIPHER *
1955EVP_aes_128_xts(void)
1956{
1957#ifdef AESNI_CAPABLE
1958 return AESNI_CAPABLE ? &aesni_128_xts : &aes_128_xts;
1959#else
1960 return &aes_128_xts;
1961#endif
1962}
1963
1964#ifdef AESNI_CAPABLE
1965static const EVP_CIPHER aesni_256_xts = {
1966 .nid = NID_aes_256_xts,
1967 .block_size = 1,
1968 .key_len =
1969 (EVP_CIPH_XTS_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) *
1970 256 / 8,
1971 .iv_len = 16,
1972 .flags = EVP_CIPH_FLAG_FIPS|XTS_FLAGS | EVP_CIPH_XTS_MODE,
1973 .init = aesni_xts_init_key,
1974 .do_cipher = aesni_xts_cipher,
1975 .cleanup = aes_xts_cleanup,
1976 .ctx_size = sizeof(EVP_AES_XTS_CTX),
1977 .ctrl = aes_xts_ctrl,
1978};
1979#endif
1980
1981static const EVP_CIPHER aes_256_xts = {
1982 .nid = NID_aes_256_xts,
1983 .block_size = 1,
1984 .key_len =
1985 (EVP_CIPH_XTS_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) *
1986 256 / 8,
1987 .iv_len = 16,
1988 .flags = EVP_CIPH_FLAG_FIPS|XTS_FLAGS | EVP_CIPH_XTS_MODE,
1989 .init = aes_xts_init_key,
1990 .do_cipher = aes_xts_cipher,
1991 .cleanup = aes_xts_cleanup,
1992 .ctx_size = sizeof(EVP_AES_XTS_CTX),
1993 .ctrl = aes_xts_ctrl,
1994};
1995
1996const EVP_CIPHER *
1997EVP_aes_256_xts(void)
1998{
1999#ifdef AESNI_CAPABLE
2000 return AESNI_CAPABLE ? &aesni_256_xts : &aes_256_xts;
2001#else
2002 return &aes_256_xts;
2003#endif
2004}
1202 2005
1203static int 2006static int
1204aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) 2007aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
@@ -1360,12 +2163,132 @@ aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1360 2163
1361#define aes_ccm_cleanup NULL 2164#define aes_ccm_cleanup NULL
1362 2165
1363BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM, 2166
1364 EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) 2167#ifdef AESNI_CAPABLE
1365BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM, 2168static const EVP_CIPHER aesni_128_ccm = {
1366 EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) 2169 .nid = NID_aes_128_ccm,
1367BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM, 2170 .block_size = 1,
1368 EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) 2171 .key_len =
2172 (EVP_CIPH_CCM_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) *
2173 128 / 8,
2174 .iv_len = 12,
2175 .flags = EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS | EVP_CIPH_CCM_MODE,
2176 .init = aesni_ccm_init_key,
2177 .do_cipher = aesni_ccm_cipher,
2178 .cleanup = aes_ccm_cleanup,
2179 .ctx_size = sizeof(EVP_AES_CCM_CTX),
2180 .ctrl = aes_ccm_ctrl,
2181};
2182#endif
2183
2184static const EVP_CIPHER aes_128_ccm = {
2185 .nid = NID_aes_128_ccm,
2186 .block_size = 1,
2187 .key_len =
2188 (EVP_CIPH_CCM_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) *
2189 128 / 8,
2190 .iv_len = 12,
2191 .flags = EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS | EVP_CIPH_CCM_MODE,
2192 .init = aes_ccm_init_key,
2193 .do_cipher = aes_ccm_cipher,
2194 .cleanup = aes_ccm_cleanup,
2195 .ctx_size = sizeof(EVP_AES_CCM_CTX),
2196 .ctrl = aes_ccm_ctrl,
2197};
2198
2199const EVP_CIPHER *
2200EVP_aes_128_ccm(void)
2201{
2202#ifdef AESNI_CAPABLE
2203 return AESNI_CAPABLE ? &aesni_128_ccm : &aes_128_ccm;
2204#else
2205 return &aes_128_ccm;
2206#endif
2207}
2208
2209#ifdef AESNI_CAPABLE
2210static const EVP_CIPHER aesni_192_ccm = {
2211 .nid = NID_aes_192_ccm,
2212 .block_size = 1,
2213 .key_len =
2214 (EVP_CIPH_CCM_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) *
2215 192 / 8,
2216 .iv_len = 12,
2217 .flags = EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS | EVP_CIPH_CCM_MODE,
2218 .init = aesni_ccm_init_key,
2219 .do_cipher = aesni_ccm_cipher,
2220 .cleanup = aes_ccm_cleanup,
2221 .ctx_size = sizeof(EVP_AES_CCM_CTX),
2222 .ctrl = aes_ccm_ctrl,
2223};
2224#endif
2225
2226static const EVP_CIPHER aes_192_ccm = {
2227 .nid = NID_aes_192_ccm,
2228 .block_size = 1,
2229 .key_len =
2230 (EVP_CIPH_CCM_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) *
2231 192 / 8,
2232 .iv_len = 12,
2233 .flags = EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS | EVP_CIPH_CCM_MODE,
2234 .init = aes_ccm_init_key,
2235 .do_cipher = aes_ccm_cipher,
2236 .cleanup = aes_ccm_cleanup,
2237 .ctx_size = sizeof(EVP_AES_CCM_CTX),
2238 .ctrl = aes_ccm_ctrl,
2239};
2240
2241const EVP_CIPHER *
2242EVP_aes_192_ccm(void)
2243{
2244#ifdef AESNI_CAPABLE
2245 return AESNI_CAPABLE ? &aesni_192_ccm : &aes_192_ccm;
2246#else
2247 return &aes_192_ccm;
2248#endif
2249}
2250
2251#ifdef AESNI_CAPABLE
2252static const EVP_CIPHER aesni_256_ccm = {
2253 .nid = NID_aes_256_ccm,
2254 .block_size = 1,
2255 .key_len =
2256 (EVP_CIPH_CCM_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) *
2257 256 / 8,
2258 .iv_len = 12,
2259 .flags = EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS | EVP_CIPH_CCM_MODE,
2260 .init = aesni_ccm_init_key,
2261 .do_cipher = aesni_ccm_cipher,
2262 .cleanup = aes_ccm_cleanup,
2263 .ctx_size = sizeof(EVP_AES_CCM_CTX),
2264 .ctrl = aes_ccm_ctrl,
2265};
2266#endif
2267
2268static const EVP_CIPHER aes_256_ccm = {
2269 .nid = NID_aes_256_ccm,
2270 .block_size = 1,
2271 .key_len =
2272 (EVP_CIPH_CCM_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) *
2273 256 / 8,
2274 .iv_len = 12,
2275 .flags = EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS | EVP_CIPH_CCM_MODE,
2276 .init = aes_ccm_init_key,
2277 .do_cipher = aes_ccm_cipher,
2278 .cleanup = aes_ccm_cleanup,
2279 .ctx_size = sizeof(EVP_AES_CCM_CTX),
2280 .ctrl = aes_ccm_ctrl,
2281};
2282
2283const EVP_CIPHER *
2284EVP_aes_256_ccm(void)
2285{
2286#ifdef AESNI_CAPABLE
2287 return AESNI_CAPABLE ? &aesni_256_ccm : &aes_256_ccm;
2288#else
2289 return &aes_256_ccm;
2290#endif
2291}
1369 2292
1370#define EVP_AEAD_AES_GCM_TAG_LEN 16 2293#define EVP_AEAD_AES_GCM_TAG_LEN 16
1371 2294
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 06:29:54 +0000