summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/evp/e_aes.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/evp/e_aes.c1169
1 files changed, 123 insertions, 1046 deletions
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index 7753c18c15..e1ae1e9a5b 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: e_aes.c,v 1.59 2024/09/06 09:57:32 tb Exp $ */ 1/* $OpenBSD: e_aes.c,v 1.83 2025/07/22 09:31:09 jsing Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -59,19 +59,15 @@
59 59
60#ifndef OPENSSL_NO_AES 60#ifndef OPENSSL_NO_AES
61#include <openssl/aes.h> 61#include <openssl/aes.h>
62#include <openssl/err.h>
63#include <openssl/evp.h> 62#include <openssl/evp.h>
64 63
64#include "aes_local.h"
65#include "err_local.h"
65#include "evp_local.h" 66#include "evp_local.h"
66#include "modes_local.h" 67#include "modes_local.h"
67 68
68typedef struct { 69typedef struct {
69 AES_KEY ks; 70 AES_KEY ks;
70 block128_f block;
71 union {
72 cbc128_f cbc;
73 ctr128_f ctr;
74 } stream;
75} EVP_AES_KEY; 71} EVP_AES_KEY;
76 72
77typedef struct { 73typedef struct {
@@ -84,15 +80,11 @@ typedef struct {
84 int taglen; 80 int taglen;
85 int iv_gen; /* It is OK to generate IVs */ 81 int iv_gen; /* It is OK to generate IVs */
86 int tls_aad_len; /* TLS AAD length */ 82 int tls_aad_len; /* TLS AAD length */
87 ctr128_f ctr;
88} EVP_AES_GCM_CTX; 83} EVP_AES_GCM_CTX;
89 84
90typedef struct { 85typedef struct {
91 AES_KEY ks1, ks2; /* AES key schedules to use */ 86 AES_KEY ks1, ks2; /* AES key schedules to use */
92 XTS128_CONTEXT xts; 87 XTS128_CONTEXT xts; /* XXX - replace with flags. */
93 void (*stream)(const unsigned char *in, unsigned char *out,
94 size_t length, const AES_KEY *key1, const AES_KEY *key2,
95 const unsigned char iv[16]);
96} EVP_AES_XTS_CTX; 88} EVP_AES_XTS_CTX;
97 89
98typedef struct { 90typedef struct {
@@ -103,131 +95,17 @@ typedef struct {
103 int len_set; /* Set if message length set */ 95 int len_set; /* Set if message length set */
104 int L, M; /* L and M parameters from RFC3610 */ 96 int L, M; /* L and M parameters from RFC3610 */
105 CCM128_CONTEXT ccm; 97 CCM128_CONTEXT ccm;
106 ccm128_f str;
107} EVP_AES_CCM_CTX; 98} EVP_AES_CCM_CTX;
108 99
109#define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4)) 100#define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4))
110 101
111#ifdef VPAES_ASM
112int vpaes_set_encrypt_key(const unsigned char *userKey, int bits,
113 AES_KEY *key);
114int vpaes_set_decrypt_key(const unsigned char *userKey, int bits,
115 AES_KEY *key);
116
117void vpaes_encrypt(const unsigned char *in, unsigned char *out,
118 const AES_KEY *key);
119void vpaes_decrypt(const unsigned char *in, unsigned char *out,
120 const AES_KEY *key);
121
122void vpaes_cbc_encrypt(const unsigned char *in, unsigned char *out,
123 size_t length, const AES_KEY *key, unsigned char *ivec, int enc);
124#endif
125#ifdef BSAES_ASM
126void bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out,
127 size_t length, const AES_KEY *key, unsigned char ivec[16], int enc);
128void bsaes_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
129 size_t len, const AES_KEY *key, const unsigned char ivec[16]);
130void bsaes_xts_encrypt(const unsigned char *inp, unsigned char *out,
131 size_t len, const AES_KEY *key1, const AES_KEY *key2,
132 const unsigned char iv[16]);
133void bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out,
134 size_t len, const AES_KEY *key1, const AES_KEY *key2,
135 const unsigned char iv[16]);
136#endif
137#ifdef AES_CTR_ASM
138void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
139 size_t blocks, const AES_KEY *key,
140 const unsigned char ivec[AES_BLOCK_SIZE]);
141#endif
142#ifdef AES_XTS_ASM
143void AES_xts_encrypt(const char *inp, char *out, size_t len,
144 const AES_KEY *key1, const AES_KEY *key2, const unsigned char iv[16]);
145void AES_xts_decrypt(const char *inp, char *out, size_t len,
146 const AES_KEY *key1, const AES_KEY *key2, const unsigned char iv[16]);
147#endif
148
149#if defined(AES_ASM) && ( \
150 ((defined(__i386) || defined(__i386__) || \
151 defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \
152 defined(__x86_64) || defined(__x86_64__) || \
153 defined(_M_AMD64) || defined(_M_X64) || \
154 defined(__INTEL__) )
155
156#include "x86_arch.h"
157
158#ifdef VPAES_ASM
159#define VPAES_CAPABLE (crypto_cpu_caps_ia32() & CPUCAP_MASK_SSSE3)
160#endif
161#ifdef BSAES_ASM
162#define BSAES_CAPABLE VPAES_CAPABLE
163#endif
164/*
165 * AES-NI section
166 */
167#define AESNI_CAPABLE (crypto_cpu_caps_ia32() & CPUCAP_MASK_AESNI)
168
169int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
170 AES_KEY *key);
171int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
172 AES_KEY *key);
173
174void aesni_encrypt(const unsigned char *in, unsigned char *out,
175 const AES_KEY *key);
176void aesni_decrypt(const unsigned char *in, unsigned char *out,
177 const AES_KEY *key);
178
179void aesni_ecb_encrypt(const unsigned char *in, unsigned char *out,
180 size_t length, const AES_KEY *key, int enc);
181void aesni_cbc_encrypt(const unsigned char *in, unsigned char *out,
182 size_t length, const AES_KEY *key, unsigned char *ivec, int enc);
183
184void aesni_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
185 size_t blocks, const void *key, const unsigned char *ivec);
186
187void aesni_xts_encrypt(const unsigned char *in, unsigned char *out,
188 size_t length, const AES_KEY *key1, const AES_KEY *key2,
189 const unsigned char iv[16]);
190
191void aesni_xts_decrypt(const unsigned char *in, unsigned char *out,
192 size_t length, const AES_KEY *key1, const AES_KEY *key2,
193 const unsigned char iv[16]);
194
195void aesni_ccm64_encrypt_blocks (const unsigned char *in, unsigned char *out,
196 size_t blocks, const void *key, const unsigned char ivec[16],
197 unsigned char cmac[16]);
198
199void aesni_ccm64_decrypt_blocks (const unsigned char *in, unsigned char *out,
200 size_t blocks, const void *key, const unsigned char ivec[16],
201 unsigned char cmac[16]);
202
203static int 102static int
204aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 103aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
205 const unsigned char *iv, int enc) 104 const unsigned char *iv, int enc)
206{ 105{
207 int ret, mode; 106 EVP_AES_KEY *eak = ctx->cipher_data;
208 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
209
210 mode = ctx->cipher->flags & EVP_CIPH_MODE;
211 if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) &&
212 !enc) {
213 ret = aesni_set_decrypt_key(key, ctx->key_len * 8,
214 ctx->cipher_data);
215 dat->block = (block128_f)aesni_decrypt;
216 dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
217 (cbc128_f)aesni_cbc_encrypt : NULL;
218 } else {
219 ret = aesni_set_encrypt_key(key, ctx->key_len * 8,
220 ctx->cipher_data);
221 dat->block = (block128_f)aesni_encrypt;
222 if (mode == EVP_CIPH_CBC_MODE)
223 dat->stream.cbc = (cbc128_f)aesni_cbc_encrypt;
224 else if (mode == EVP_CIPH_CTR_MODE)
225 dat->stream.ctr = (ctr128_f)aesni_ctr32_encrypt_blocks;
226 else
227 dat->stream.cbc = NULL;
228 }
229 107
230 if (ret < 0) { 108 if (AES_set_encrypt_key(key, ctx->key_len * 8, &eak->ks) < 0) {
231 EVPerror(EVP_R_AES_KEY_SETUP_FAILED); 109 EVPerror(EVP_R_AES_KEY_SETUP_FAILED);
232 return 0; 110 return 0;
233 } 111 }
@@ -236,213 +114,54 @@ aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
236} 114}
237 115
238static int 116static int
239aesni_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 117aes_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
240 const unsigned char *in, size_t len) 118 const unsigned char *iv, int encrypt)
241{
242 aesni_cbc_encrypt(in, out, len, ctx->cipher_data, ctx->iv,
243 ctx->encrypt);
244
245 return 1;
246}
247
248static int
249aesni_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
250 const unsigned char *in, size_t len)
251{ 119{
252 size_t bl = ctx->cipher->block_size; 120 EVP_AES_KEY *eak = ctx->cipher_data;
253 121
254 if (len < bl) 122 if (encrypt) {
255 return 1; 123 if (AES_set_encrypt_key(key, ctx->key_len * 8, &eak->ks) < 0) {
256 124 EVPerror(EVP_R_AES_KEY_SETUP_FAILED);
257 aesni_ecb_encrypt(in, out, len, ctx->cipher_data, ctx->encrypt); 125 return 0;
258
259 return 1;
260}
261
262static int
263aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
264 const unsigned char *iv, int enc)
265{
266 EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
267
268 if (!iv && !key)
269 return 1;
270 if (key) {
271 aesni_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
272 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
273 (block128_f)aesni_encrypt);
274 gctx->ctr = (ctr128_f)aesni_ctr32_encrypt_blocks;
275 /* If we have an iv can set it directly, otherwise use
276 * saved IV.
277 */
278 if (iv == NULL && gctx->iv_set)
279 iv = gctx->iv;
280 if (iv) {
281 CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
282 gctx->iv_set = 1;
283 } 126 }
284 gctx->key_set = 1;
285 } else { 127 } else {
286 /* If key set use IV, otherwise copy */ 128 if (AES_set_decrypt_key(key, ctx->key_len * 8, &eak->ks) < 0) {
287 if (gctx->key_set) 129 EVPerror(EVP_R_AES_KEY_SETUP_FAILED);
288 CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); 130 return 0;
289 else
290 memcpy(gctx->iv, iv, gctx->ivlen);
291 gctx->iv_set = 1;
292 gctx->iv_gen = 0;
293 }
294 return 1;
295}
296
297static int
298aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
299 const unsigned char *iv, int enc)
300{
301 EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
302
303 if (!iv && !key)
304 return 1;
305
306 if (key) {
307 /* key_len is two AES keys */
308 if (enc) {
309 aesni_set_encrypt_key(key, ctx->key_len * 4,
310 &xctx->ks1);
311 xctx->xts.block1 = (block128_f)aesni_encrypt;
312 xctx->stream = aesni_xts_encrypt;
313 } else {
314 aesni_set_decrypt_key(key, ctx->key_len * 4,
315 &xctx->ks1);
316 xctx->xts.block1 = (block128_f)aesni_decrypt;
317 xctx->stream = aesni_xts_decrypt;
318 } 131 }
319
320 aesni_set_encrypt_key(key + ctx->key_len / 2,
321 ctx->key_len * 4, &xctx->ks2);
322 xctx->xts.block2 = (block128_f)aesni_encrypt;
323
324 xctx->xts.key1 = &xctx->ks1;
325 }
326
327 if (iv) {
328 xctx->xts.key2 = &xctx->ks2;
329 memcpy(ctx->iv, iv, 16);
330 } 132 }
331 133
332 return 1; 134 return 1;
333} 135}
334 136
335static int 137static int
336aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 138aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
337 const unsigned char *iv, int enc) 139 const unsigned char *in, size_t len)
338{
339 EVP_AES_CCM_CTX *cctx = ctx->cipher_data;
340
341 if (!iv && !key)
342 return 1;
343 if (key) {
344 aesni_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks);
345 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
346 &cctx->ks, (block128_f)aesni_encrypt);
347 cctx->str = enc ? (ccm128_f)aesni_ccm64_encrypt_blocks :
348 (ccm128_f)aesni_ccm64_decrypt_blocks;
349 cctx->key_set = 1;
350 }
351 if (iv) {
352 memcpy(ctx->iv, iv, 15 - cctx->L);
353 cctx->iv_set = 1;
354 }
355 return 1;
356}
357
358#endif
359
360static int
361aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
362 const unsigned char *iv, int enc)
363{ 140{
364 int ret, mode; 141 EVP_AES_KEY *eak = ctx->cipher_data;
365 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
366
367 mode = ctx->cipher->flags & EVP_CIPH_MODE;
368 if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) &&
369 !enc)
370#ifdef BSAES_CAPABLE
371 if (BSAES_CAPABLE && mode == EVP_CIPH_CBC_MODE) {
372 ret = AES_set_decrypt_key(key, ctx->key_len * 8,
373 &dat->ks);
374 dat->block = (block128_f)AES_decrypt;
375 dat->stream.cbc = (cbc128_f)bsaes_cbc_encrypt;
376 } else
377#endif
378#ifdef VPAES_CAPABLE
379 if (VPAES_CAPABLE) {
380 ret = vpaes_set_decrypt_key(key, ctx->key_len * 8,
381 &dat->ks);
382 dat->block = (block128_f)vpaes_decrypt;
383 dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
384 (cbc128_f)vpaes_cbc_encrypt : NULL;
385 } else
386#endif
387 {
388 ret = AES_set_decrypt_key(key, ctx->key_len * 8,
389 &dat->ks);
390 dat->block = (block128_f)AES_decrypt;
391 dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
392 (cbc128_f)AES_cbc_encrypt : NULL;
393 } else
394#ifdef BSAES_CAPABLE
395 if (BSAES_CAPABLE && mode == EVP_CIPH_CTR_MODE) {
396 ret = AES_set_encrypt_key(key, ctx->key_len * 8,
397 &dat->ks);
398 dat->block = (block128_f)AES_encrypt;
399 dat->stream.ctr = (ctr128_f)bsaes_ctr32_encrypt_blocks;
400 } else
401#endif
402#ifdef VPAES_CAPABLE
403 if (VPAES_CAPABLE) {
404 ret = vpaes_set_encrypt_key(key, ctx->key_len * 8,
405 &dat->ks);
406 dat->block = (block128_f)vpaes_encrypt;
407 dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
408 (cbc128_f)vpaes_cbc_encrypt : NULL;
409 } else
410#endif
411 {
412 ret = AES_set_encrypt_key(key, ctx->key_len * 8,
413 &dat->ks);
414 dat->block = (block128_f)AES_encrypt;
415 dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
416 (cbc128_f)AES_cbc_encrypt : NULL;
417#ifdef AES_CTR_ASM
418 if (mode == EVP_CIPH_CTR_MODE)
419 dat->stream.ctr = (ctr128_f)AES_ctr32_encrypt;
420#endif
421 }
422 142
423 if (ret < 0) { 143 AES_cbc_encrypt(in, out, len, &eak->ks, ctx->iv, ctx->encrypt);
424 EVPerror(EVP_R_AES_KEY_SETUP_FAILED);
425 return 0;
426 }
427 144
428 return 1; 145 return 1;
429} 146}
430 147
431static int 148static int
432aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 149aes_ecb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
433 const unsigned char *in, size_t len) 150 const unsigned char *iv, int encrypt)
434{ 151{
435 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; 152 EVP_AES_KEY *eak = ctx->cipher_data;
436 153
437 if (dat->stream.cbc) 154 if (encrypt) {
438 (*dat->stream.cbc)(in, out, len, &dat->ks, ctx->iv, 155 if (AES_set_encrypt_key(key, ctx->key_len * 8, &eak->ks) < 0) {
439 ctx->encrypt); 156 EVPerror(EVP_R_AES_KEY_SETUP_FAILED);
440 else if (ctx->encrypt) 157 return 0;
441 CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, ctx->iv, 158 }
442 dat->block); 159 } else {
443 else 160 if (AES_set_decrypt_key(key, ctx->key_len * 8, &eak->ks) < 0) {
444 CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, ctx->iv, 161 EVPerror(EVP_R_AES_KEY_SETUP_FAILED);
445 dat->block); 162 return 0;
163 }
164 }
446 165
447 return 1; 166 return 1;
448} 167}
@@ -451,15 +170,9 @@ static int
451aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 170aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
452 const unsigned char *in, size_t len) 171 const unsigned char *in, size_t len)
453{ 172{
454 size_t bl = ctx->cipher->block_size; 173 EVP_AES_KEY *eak = ctx->cipher_data;
455 size_t i;
456 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
457
458 if (len < bl)
459 return 1;
460 174
461 for (i = 0, len -= bl; i <= len; i += bl) 175 aes_ecb_encrypt_internal(in, out, len, &eak->ks, ctx->encrypt);
462 (*dat->block)(in + i, out + i, &dat->ks);
463 176
464 return 1; 177 return 1;
465} 178}
@@ -468,10 +181,10 @@ static int
468aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 181aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
469 const unsigned char *in, size_t len) 182 const unsigned char *in, size_t len)
470{ 183{
471 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; 184 EVP_AES_KEY *eak = ctx->cipher_data;
185
186 AES_ofb128_encrypt(in, out, len, &eak->ks, ctx->iv, &ctx->num);
472 187
473 CRYPTO_ofb128_encrypt(in, out, len, &dat->ks, ctx->iv, &ctx->num,
474 dat->block);
475 return 1; 188 return 1;
476} 189}
477 190
@@ -479,10 +192,11 @@ static int
479aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 192aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
480 const unsigned char *in, size_t len) 193 const unsigned char *in, size_t len)
481{ 194{
482 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; 195 EVP_AES_KEY *eak = ctx->cipher_data;
196
197 AES_cfb128_encrypt(in, out, len, &eak->ks, ctx->iv, &ctx->num,
198 ctx->encrypt);
483 199
484 CRYPTO_cfb128_encrypt(in, out, len, &dat->ks, ctx->iv, &ctx->num,
485 ctx->encrypt, dat->block);
486 return 1; 200 return 1;
487} 201}
488 202
@@ -490,10 +204,11 @@ static int
490aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 204aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
491 const unsigned char *in, size_t len) 205 const unsigned char *in, size_t len)
492{ 206{
493 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; 207 EVP_AES_KEY *eak = ctx->cipher_data;
208
209 AES_cfb8_encrypt(in, out, len, &eak->ks, ctx->iv, &ctx->num,
210 ctx->encrypt);
494 211
495 CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks, ctx->iv, &ctx->num,
496 ctx->encrypt, dat->block);
497 return 1; 212 return 1;
498} 213}
499 214
@@ -501,24 +216,25 @@ static int
501aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 216aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
502 const unsigned char *in, size_t len) 217 const unsigned char *in, size_t len)
503{ 218{
504 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; 219 EVP_AES_KEY *eak = ctx->cipher_data;
505 220
506 if (ctx->flags&EVP_CIPH_FLAG_LENGTH_BITS) { 221 if ((ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) != 0) {
507 CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks, ctx->iv, 222 AES_cfb1_encrypt(in, out, len, &eak->ks, ctx->iv, &ctx->num,
508 &ctx->num, ctx->encrypt, dat->block); 223 ctx->encrypt);
509 return 1; 224 return 1;
510 } 225 }
511 226
512 while (len >= MAXBITCHUNK) { 227 while (len >= MAXBITCHUNK) {
513 CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK*8, &dat->ks, 228 AES_cfb1_encrypt(in, out, MAXBITCHUNK * 8, &eak->ks, ctx->iv,
514 ctx->iv, &ctx->num, ctx->encrypt, dat->block); 229 &ctx->num, ctx->encrypt);
515 len -= MAXBITCHUNK; 230 len -= MAXBITCHUNK;
516 in += MAXBITCHUNK; 231 in += MAXBITCHUNK;
517 out += MAXBITCHUNK; 232 out += MAXBITCHUNK;
518 } 233 }
519 if (len) 234 if (len > 0) {
520 CRYPTO_cfb128_1_encrypt(in, out, len*8, &dat->ks, 235 AES_cfb1_encrypt(in, out, len * 8, &eak->ks, ctx->iv, &ctx->num,
521 ctx->iv, &ctx->num, ctx->encrypt, dat->block); 236 ctx->encrypt);
237 }
522 238
523 return 1; 239 return 1;
524} 240}
@@ -527,40 +243,23 @@ static int
527aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 243aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
528 const unsigned char *in, size_t len) 244 const unsigned char *in, size_t len)
529{ 245{
246 EVP_AES_KEY *eak = ctx->cipher_data;
530 unsigned int num = ctx->num; 247 unsigned int num = ctx->num;
531 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
532 248
533 if (dat->stream.ctr) 249 AES_ctr128_encrypt(in, out, len, &eak->ks, ctx->iv, ctx->buf, &num);
534 CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks, 250
535 ctx->iv, ctx->buf, &num, dat->stream.ctr);
536 else
537 CRYPTO_ctr128_encrypt(in, out, len, &dat->ks,
538 ctx->iv, ctx->buf, &num, dat->block);
539 ctx->num = (size_t)num; 251 ctx->num = (size_t)num;
252
540 return 1; 253 return 1;
541} 254}
542 255
543
544#ifdef AESNI_CAPABLE
545static const EVP_CIPHER aesni_128_cbc = {
546 .nid = NID_aes_128_cbc,
547 .block_size = 16,
548 .key_len = 16,
549 .iv_len = 16,
550 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE,
551 .init = aesni_init_key,
552 .do_cipher = aesni_cbc_cipher,
553 .ctx_size = sizeof(EVP_AES_KEY),
554};
555#endif
556
557static const EVP_CIPHER aes_128_cbc = { 256static const EVP_CIPHER aes_128_cbc = {
558 .nid = NID_aes_128_cbc, 257 .nid = NID_aes_128_cbc,
559 .block_size = 16, 258 .block_size = 16,
560 .key_len = 16, 259 .key_len = 16,
561 .iv_len = 16, 260 .iv_len = 16,
562 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE, 261 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE,
563 .init = aes_init_key, 262 .init = aes_cbc_init_key,
564 .do_cipher = aes_cbc_cipher, 263 .do_cipher = aes_cbc_cipher,
565 .ctx_size = sizeof(EVP_AES_KEY), 264 .ctx_size = sizeof(EVP_AES_KEY),
566}; 265};
@@ -568,34 +267,17 @@ static const EVP_CIPHER aes_128_cbc = {
568const EVP_CIPHER * 267const EVP_CIPHER *
569EVP_aes_128_cbc(void) 268EVP_aes_128_cbc(void)
570{ 269{
571#ifdef AESNI_CAPABLE
572 return AESNI_CAPABLE ? &aesni_128_cbc : &aes_128_cbc;
573#else
574 return &aes_128_cbc; 270 return &aes_128_cbc;
575#endif
576} 271}
577LCRYPTO_ALIAS(EVP_aes_128_cbc); 272LCRYPTO_ALIAS(EVP_aes_128_cbc);
578 273
579#ifdef AESNI_CAPABLE
580static const EVP_CIPHER aesni_128_ecb = {
581 .nid = NID_aes_128_ecb,
582 .block_size = 16,
583 .key_len = 16,
584 .iv_len = 0,
585 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE,
586 .init = aesni_init_key,
587 .do_cipher = aesni_ecb_cipher,
588 .ctx_size = sizeof(EVP_AES_KEY),
589};
590#endif
591
592static const EVP_CIPHER aes_128_ecb = { 274static const EVP_CIPHER aes_128_ecb = {
593 .nid = NID_aes_128_ecb, 275 .nid = NID_aes_128_ecb,
594 .block_size = 16, 276 .block_size = 16,
595 .key_len = 16, 277 .key_len = 16,
596 .iv_len = 0, 278 .iv_len = 0,
597 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE, 279 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE,
598 .init = aes_init_key, 280 .init = aes_ecb_init_key,
599 .do_cipher = aes_ecb_cipher, 281 .do_cipher = aes_ecb_cipher,
600 .ctx_size = sizeof(EVP_AES_KEY), 282 .ctx_size = sizeof(EVP_AES_KEY),
601}; 283};
@@ -603,27 +285,10 @@ static const EVP_CIPHER aes_128_ecb = {
603const EVP_CIPHER * 285const EVP_CIPHER *
604EVP_aes_128_ecb(void) 286EVP_aes_128_ecb(void)
605{ 287{
606#ifdef AESNI_CAPABLE
607 return AESNI_CAPABLE ? &aesni_128_ecb : &aes_128_ecb;
608#else
609 return &aes_128_ecb; 288 return &aes_128_ecb;
610#endif
611} 289}
612LCRYPTO_ALIAS(EVP_aes_128_ecb); 290LCRYPTO_ALIAS(EVP_aes_128_ecb);
613 291
614#ifdef AESNI_CAPABLE
615static const EVP_CIPHER aesni_128_ofb = {
616 .nid = NID_aes_128_ofb128,
617 .block_size = 1,
618 .key_len = 16,
619 .iv_len = 16,
620 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_OFB_MODE,
621 .init = aesni_init_key,
622 .do_cipher = aes_ofb_cipher,
623 .ctx_size = sizeof(EVP_AES_KEY),
624};
625#endif
626
627static const EVP_CIPHER aes_128_ofb = { 292static const EVP_CIPHER aes_128_ofb = {
628 .nid = NID_aes_128_ofb128, 293 .nid = NID_aes_128_ofb128,
629 .block_size = 1, 294 .block_size = 1,
@@ -638,27 +303,10 @@ static const EVP_CIPHER aes_128_ofb = {
638const EVP_CIPHER * 303const EVP_CIPHER *
639EVP_aes_128_ofb(void) 304EVP_aes_128_ofb(void)
640{ 305{
641#ifdef AESNI_CAPABLE
642 return AESNI_CAPABLE ? &aesni_128_ofb : &aes_128_ofb;
643#else
644 return &aes_128_ofb; 306 return &aes_128_ofb;
645#endif
646} 307}
647LCRYPTO_ALIAS(EVP_aes_128_ofb); 308LCRYPTO_ALIAS(EVP_aes_128_ofb);
648 309
649#ifdef AESNI_CAPABLE
650static const EVP_CIPHER aesni_128_cfb = {
651 .nid = NID_aes_128_cfb128,
652 .block_size = 1,
653 .key_len = 16,
654 .iv_len = 16,
655 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CFB_MODE,
656 .init = aesni_init_key,
657 .do_cipher = aes_cfb_cipher,
658 .ctx_size = sizeof(EVP_AES_KEY),
659};
660#endif
661
662static const EVP_CIPHER aes_128_cfb = { 310static const EVP_CIPHER aes_128_cfb = {
663 .nid = NID_aes_128_cfb128, 311 .nid = NID_aes_128_cfb128,
664 .block_size = 1, 312 .block_size = 1,
@@ -673,27 +321,10 @@ static const EVP_CIPHER aes_128_cfb = {
673const EVP_CIPHER * 321const EVP_CIPHER *
674EVP_aes_128_cfb128(void) 322EVP_aes_128_cfb128(void)
675{ 323{
676#ifdef AESNI_CAPABLE
677 return AESNI_CAPABLE ? &aesni_128_cfb : &aes_128_cfb;
678#else
679 return &aes_128_cfb; 324 return &aes_128_cfb;
680#endif
681} 325}
682LCRYPTO_ALIAS(EVP_aes_128_cfb128); 326LCRYPTO_ALIAS(EVP_aes_128_cfb128);
683 327
684#ifdef AESNI_CAPABLE
685static const EVP_CIPHER aesni_128_cfb1 = {
686 .nid = NID_aes_128_cfb1,
687 .block_size = 1,
688 .key_len = 16,
689 .iv_len = 16,
690 .flags = EVP_CIPH_CFB_MODE,
691 .init = aesni_init_key,
692 .do_cipher = aes_cfb1_cipher,
693 .ctx_size = sizeof(EVP_AES_KEY),
694};
695#endif
696
697static const EVP_CIPHER aes_128_cfb1 = { 328static const EVP_CIPHER aes_128_cfb1 = {
698 .nid = NID_aes_128_cfb1, 329 .nid = NID_aes_128_cfb1,
699 .block_size = 1, 330 .block_size = 1,
@@ -708,27 +339,10 @@ static const EVP_CIPHER aes_128_cfb1 = {
708const EVP_CIPHER * 339const EVP_CIPHER *
709EVP_aes_128_cfb1(void) 340EVP_aes_128_cfb1(void)
710{ 341{
711#ifdef AESNI_CAPABLE
712 return AESNI_CAPABLE ? &aesni_128_cfb1 : &aes_128_cfb1;
713#else
714 return &aes_128_cfb1; 342 return &aes_128_cfb1;
715#endif
716} 343}
717LCRYPTO_ALIAS(EVP_aes_128_cfb1); 344LCRYPTO_ALIAS(EVP_aes_128_cfb1);
718 345
719#ifdef AESNI_CAPABLE
720static const EVP_CIPHER aesni_128_cfb8 = {
721 .nid = NID_aes_128_cfb8,
722 .block_size = 1,
723 .key_len = 16,
724 .iv_len = 16,
725 .flags = EVP_CIPH_CFB_MODE,
726 .init = aesni_init_key,
727 .do_cipher = aes_cfb8_cipher,
728 .ctx_size = sizeof(EVP_AES_KEY),
729};
730#endif
731
732static const EVP_CIPHER aes_128_cfb8 = { 346static const EVP_CIPHER aes_128_cfb8 = {
733 .nid = NID_aes_128_cfb8, 347 .nid = NID_aes_128_cfb8,
734 .block_size = 1, 348 .block_size = 1,
@@ -743,27 +357,10 @@ static const EVP_CIPHER aes_128_cfb8 = {
743const EVP_CIPHER * 357const EVP_CIPHER *
744EVP_aes_128_cfb8(void) 358EVP_aes_128_cfb8(void)
745{ 359{
746#ifdef AESNI_CAPABLE
747 return AESNI_CAPABLE ? &aesni_128_cfb8 : &aes_128_cfb8;
748#else
749 return &aes_128_cfb8; 360 return &aes_128_cfb8;
750#endif
751} 361}
752LCRYPTO_ALIAS(EVP_aes_128_cfb8); 362LCRYPTO_ALIAS(EVP_aes_128_cfb8);
753 363
754#ifdef AESNI_CAPABLE
755static const EVP_CIPHER aesni_128_ctr = {
756 .nid = NID_aes_128_ctr,
757 .block_size = 1,
758 .key_len = 16,
759 .iv_len = 16,
760 .flags = EVP_CIPH_CTR_MODE,
761 .init = aesni_init_key,
762 .do_cipher = aes_ctr_cipher,
763 .ctx_size = sizeof(EVP_AES_KEY),
764};
765#endif
766
767static const EVP_CIPHER aes_128_ctr = { 364static const EVP_CIPHER aes_128_ctr = {
768 .nid = NID_aes_128_ctr, 365 .nid = NID_aes_128_ctr,
769 .block_size = 1, 366 .block_size = 1,
@@ -778,35 +375,17 @@ static const EVP_CIPHER aes_128_ctr = {
778const EVP_CIPHER * 375const EVP_CIPHER *
779EVP_aes_128_ctr(void) 376EVP_aes_128_ctr(void)
780{ 377{
781#ifdef AESNI_CAPABLE
782 return AESNI_CAPABLE ? &aesni_128_ctr : &aes_128_ctr;
783#else
784 return &aes_128_ctr; 378 return &aes_128_ctr;
785#endif
786} 379}
787LCRYPTO_ALIAS(EVP_aes_128_ctr); 380LCRYPTO_ALIAS(EVP_aes_128_ctr);
788 381
789
790#ifdef AESNI_CAPABLE
791static const EVP_CIPHER aesni_192_cbc = {
792 .nid = NID_aes_192_cbc,
793 .block_size = 16,
794 .key_len = 24,
795 .iv_len = 16,
796 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE,
797 .init = aesni_init_key,
798 .do_cipher = aesni_cbc_cipher,
799 .ctx_size = sizeof(EVP_AES_KEY),
800};
801#endif
802
803static const EVP_CIPHER aes_192_cbc = { 382static const EVP_CIPHER aes_192_cbc = {
804 .nid = NID_aes_192_cbc, 383 .nid = NID_aes_192_cbc,
805 .block_size = 16, 384 .block_size = 16,
806 .key_len = 24, 385 .key_len = 24,
807 .iv_len = 16, 386 .iv_len = 16,
808 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE, 387 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE,
809 .init = aes_init_key, 388 .init = aes_cbc_init_key,
810 .do_cipher = aes_cbc_cipher, 389 .do_cipher = aes_cbc_cipher,
811 .ctx_size = sizeof(EVP_AES_KEY), 390 .ctx_size = sizeof(EVP_AES_KEY),
812}; 391};
@@ -814,34 +393,17 @@ static const EVP_CIPHER aes_192_cbc = {
814const EVP_CIPHER * 393const EVP_CIPHER *
815EVP_aes_192_cbc(void) 394EVP_aes_192_cbc(void)
816{ 395{
817#ifdef AESNI_CAPABLE
818 return AESNI_CAPABLE ? &aesni_192_cbc : &aes_192_cbc;
819#else
820 return &aes_192_cbc; 396 return &aes_192_cbc;
821#endif
822} 397}
823LCRYPTO_ALIAS(EVP_aes_192_cbc); 398LCRYPTO_ALIAS(EVP_aes_192_cbc);
824 399
825#ifdef AESNI_CAPABLE
826static const EVP_CIPHER aesni_192_ecb = {
827 .nid = NID_aes_192_ecb,
828 .block_size = 16,
829 .key_len = 24,
830 .iv_len = 0,
831 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE,
832 .init = aesni_init_key,
833 .do_cipher = aesni_ecb_cipher,
834 .ctx_size = sizeof(EVP_AES_KEY),
835};
836#endif
837
838static const EVP_CIPHER aes_192_ecb = { 400static const EVP_CIPHER aes_192_ecb = {
839 .nid = NID_aes_192_ecb, 401 .nid = NID_aes_192_ecb,
840 .block_size = 16, 402 .block_size = 16,
841 .key_len = 24, 403 .key_len = 24,
842 .iv_len = 0, 404 .iv_len = 0,
843 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE, 405 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE,
844 .init = aes_init_key, 406 .init = aes_ecb_init_key,
845 .do_cipher = aes_ecb_cipher, 407 .do_cipher = aes_ecb_cipher,
846 .ctx_size = sizeof(EVP_AES_KEY), 408 .ctx_size = sizeof(EVP_AES_KEY),
847}; 409};
@@ -849,27 +411,10 @@ static const EVP_CIPHER aes_192_ecb = {
849const EVP_CIPHER * 411const EVP_CIPHER *
850EVP_aes_192_ecb(void) 412EVP_aes_192_ecb(void)
851{ 413{
852#ifdef AESNI_CAPABLE
853 return AESNI_CAPABLE ? &aesni_192_ecb : &aes_192_ecb;
854#else
855 return &aes_192_ecb; 414 return &aes_192_ecb;
856#endif
857} 415}
858LCRYPTO_ALIAS(EVP_aes_192_ecb); 416LCRYPTO_ALIAS(EVP_aes_192_ecb);
859 417
860#ifdef AESNI_CAPABLE
861static const EVP_CIPHER aesni_192_ofb = {
862 .nid = NID_aes_192_ofb128,
863 .block_size = 1,
864 .key_len = 24,
865 .iv_len = 16,
866 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_OFB_MODE,
867 .init = aesni_init_key,
868 .do_cipher = aes_ofb_cipher,
869 .ctx_size = sizeof(EVP_AES_KEY),
870};
871#endif
872
873static const EVP_CIPHER aes_192_ofb = { 418static const EVP_CIPHER aes_192_ofb = {
874 .nid = NID_aes_192_ofb128, 419 .nid = NID_aes_192_ofb128,
875 .block_size = 1, 420 .block_size = 1,
@@ -884,27 +429,10 @@ static const EVP_CIPHER aes_192_ofb = {
884const EVP_CIPHER * 429const EVP_CIPHER *
885EVP_aes_192_ofb(void) 430EVP_aes_192_ofb(void)
886{ 431{
887#ifdef AESNI_CAPABLE
888 return AESNI_CAPABLE ? &aesni_192_ofb : &aes_192_ofb;
889#else
890 return &aes_192_ofb; 432 return &aes_192_ofb;
891#endif
892} 433}
893LCRYPTO_ALIAS(EVP_aes_192_ofb); 434LCRYPTO_ALIAS(EVP_aes_192_ofb);
894 435
895#ifdef AESNI_CAPABLE
896static const EVP_CIPHER aesni_192_cfb = {
897 .nid = NID_aes_192_cfb128,
898 .block_size = 1,
899 .key_len = 24,
900 .iv_len = 16,
901 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CFB_MODE,
902 .init = aesni_init_key,
903 .do_cipher = aes_cfb_cipher,
904 .ctx_size = sizeof(EVP_AES_KEY),
905};
906#endif
907
908static const EVP_CIPHER aes_192_cfb = { 436static const EVP_CIPHER aes_192_cfb = {
909 .nid = NID_aes_192_cfb128, 437 .nid = NID_aes_192_cfb128,
910 .block_size = 1, 438 .block_size = 1,
@@ -919,27 +447,10 @@ static const EVP_CIPHER aes_192_cfb = {
919const EVP_CIPHER * 447const EVP_CIPHER *
920EVP_aes_192_cfb128(void) 448EVP_aes_192_cfb128(void)
921{ 449{
922#ifdef AESNI_CAPABLE
923 return AESNI_CAPABLE ? &aesni_192_cfb : &aes_192_cfb;
924#else
925 return &aes_192_cfb; 450 return &aes_192_cfb;
926#endif
927} 451}
928LCRYPTO_ALIAS(EVP_aes_192_cfb128); 452LCRYPTO_ALIAS(EVP_aes_192_cfb128);
929 453
930#ifdef AESNI_CAPABLE
931static const EVP_CIPHER aesni_192_cfb1 = {
932 .nid = NID_aes_192_cfb1,
933 .block_size = 1,
934 .key_len = 24,
935 .iv_len = 16,
936 .flags = EVP_CIPH_CFB_MODE,
937 .init = aesni_init_key,
938 .do_cipher = aes_cfb1_cipher,
939 .ctx_size = sizeof(EVP_AES_KEY),
940};
941#endif
942
943static const EVP_CIPHER aes_192_cfb1 = { 454static const EVP_CIPHER aes_192_cfb1 = {
944 .nid = NID_aes_192_cfb1, 455 .nid = NID_aes_192_cfb1,
945 .block_size = 1, 456 .block_size = 1,
@@ -954,27 +465,10 @@ static const EVP_CIPHER aes_192_cfb1 = {
954const EVP_CIPHER * 465const EVP_CIPHER *
955EVP_aes_192_cfb1(void) 466EVP_aes_192_cfb1(void)
956{ 467{
957#ifdef AESNI_CAPABLE
958 return AESNI_CAPABLE ? &aesni_192_cfb1 : &aes_192_cfb1;
959#else
960 return &aes_192_cfb1; 468 return &aes_192_cfb1;
961#endif
962} 469}
963LCRYPTO_ALIAS(EVP_aes_192_cfb1); 470LCRYPTO_ALIAS(EVP_aes_192_cfb1);
964 471
965#ifdef AESNI_CAPABLE
966static const EVP_CIPHER aesni_192_cfb8 = {
967 .nid = NID_aes_192_cfb8,
968 .block_size = 1,
969 .key_len = 24,
970 .iv_len = 16,
971 .flags = EVP_CIPH_CFB_MODE,
972 .init = aesni_init_key,
973 .do_cipher = aes_cfb8_cipher,
974 .ctx_size = sizeof(EVP_AES_KEY),
975};
976#endif
977
978static const EVP_CIPHER aes_192_cfb8 = { 472static const EVP_CIPHER aes_192_cfb8 = {
979 .nid = NID_aes_192_cfb8, 473 .nid = NID_aes_192_cfb8,
980 .block_size = 1, 474 .block_size = 1,
@@ -989,27 +483,10 @@ static const EVP_CIPHER aes_192_cfb8 = {
989const EVP_CIPHER * 483const EVP_CIPHER *
990EVP_aes_192_cfb8(void) 484EVP_aes_192_cfb8(void)
991{ 485{
992#ifdef AESNI_CAPABLE
993 return AESNI_CAPABLE ? &aesni_192_cfb8 : &aes_192_cfb8;
994#else
995 return &aes_192_cfb8; 486 return &aes_192_cfb8;
996#endif
997} 487}
998LCRYPTO_ALIAS(EVP_aes_192_cfb8); 488LCRYPTO_ALIAS(EVP_aes_192_cfb8);
999 489
1000#ifdef AESNI_CAPABLE
1001static const EVP_CIPHER aesni_192_ctr = {
1002 .nid = NID_aes_192_ctr,
1003 .block_size = 1,
1004 .key_len = 24,
1005 .iv_len = 16,
1006 .flags = EVP_CIPH_CTR_MODE,
1007 .init = aesni_init_key,
1008 .do_cipher = aes_ctr_cipher,
1009 .ctx_size = sizeof(EVP_AES_KEY),
1010};
1011#endif
1012
1013static const EVP_CIPHER aes_192_ctr = { 490static const EVP_CIPHER aes_192_ctr = {
1014 .nid = NID_aes_192_ctr, 491 .nid = NID_aes_192_ctr,
1015 .block_size = 1, 492 .block_size = 1,
@@ -1024,35 +501,17 @@ static const EVP_CIPHER aes_192_ctr = {
1024const EVP_CIPHER * 501const EVP_CIPHER *
1025EVP_aes_192_ctr(void) 502EVP_aes_192_ctr(void)
1026{ 503{
1027#ifdef AESNI_CAPABLE
1028 return AESNI_CAPABLE ? &aesni_192_ctr : &aes_192_ctr;
1029#else
1030 return &aes_192_ctr; 504 return &aes_192_ctr;
1031#endif
1032} 505}
1033LCRYPTO_ALIAS(EVP_aes_192_ctr); 506LCRYPTO_ALIAS(EVP_aes_192_ctr);
1034 507
1035
1036#ifdef AESNI_CAPABLE
1037static const EVP_CIPHER aesni_256_cbc = {
1038 .nid = NID_aes_256_cbc,
1039 .block_size = 16,
1040 .key_len = 32,
1041 .iv_len = 16,
1042 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE,
1043 .init = aesni_init_key,
1044 .do_cipher = aesni_cbc_cipher,
1045 .ctx_size = sizeof(EVP_AES_KEY),
1046};
1047#endif
1048
1049static const EVP_CIPHER aes_256_cbc = { 508static const EVP_CIPHER aes_256_cbc = {
1050 .nid = NID_aes_256_cbc, 509 .nid = NID_aes_256_cbc,
1051 .block_size = 16, 510 .block_size = 16,
1052 .key_len = 32, 511 .key_len = 32,
1053 .iv_len = 16, 512 .iv_len = 16,
1054 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE, 513 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE,
1055 .init = aes_init_key, 514 .init = aes_cbc_init_key,
1056 .do_cipher = aes_cbc_cipher, 515 .do_cipher = aes_cbc_cipher,
1057 .ctx_size = sizeof(EVP_AES_KEY), 516 .ctx_size = sizeof(EVP_AES_KEY),
1058}; 517};
@@ -1060,34 +519,17 @@ static const EVP_CIPHER aes_256_cbc = {
1060const EVP_CIPHER * 519const EVP_CIPHER *
1061EVP_aes_256_cbc(void) 520EVP_aes_256_cbc(void)
1062{ 521{
1063#ifdef AESNI_CAPABLE
1064 return AESNI_CAPABLE ? &aesni_256_cbc : &aes_256_cbc;
1065#else
1066 return &aes_256_cbc; 522 return &aes_256_cbc;
1067#endif
1068} 523}
1069LCRYPTO_ALIAS(EVP_aes_256_cbc); 524LCRYPTO_ALIAS(EVP_aes_256_cbc);
1070 525
1071#ifdef AESNI_CAPABLE
1072static const EVP_CIPHER aesni_256_ecb = {
1073 .nid = NID_aes_256_ecb,
1074 .block_size = 16,
1075 .key_len = 32,
1076 .iv_len = 0,
1077 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE,
1078 .init = aesni_init_key,
1079 .do_cipher = aesni_ecb_cipher,
1080 .ctx_size = sizeof(EVP_AES_KEY),
1081};
1082#endif
1083
1084static const EVP_CIPHER aes_256_ecb = { 526static const EVP_CIPHER aes_256_ecb = {
1085 .nid = NID_aes_256_ecb, 527 .nid = NID_aes_256_ecb,
1086 .block_size = 16, 528 .block_size = 16,
1087 .key_len = 32, 529 .key_len = 32,
1088 .iv_len = 0, 530 .iv_len = 0,
1089 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE, 531 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE,
1090 .init = aes_init_key, 532 .init = aes_ecb_init_key,
1091 .do_cipher = aes_ecb_cipher, 533 .do_cipher = aes_ecb_cipher,
1092 .ctx_size = sizeof(EVP_AES_KEY), 534 .ctx_size = sizeof(EVP_AES_KEY),
1093}; 535};
@@ -1095,27 +537,10 @@ static const EVP_CIPHER aes_256_ecb = {
1095const EVP_CIPHER * 537const EVP_CIPHER *
1096EVP_aes_256_ecb(void) 538EVP_aes_256_ecb(void)
1097{ 539{
1098#ifdef AESNI_CAPABLE
1099 return AESNI_CAPABLE ? &aesni_256_ecb : &aes_256_ecb;
1100#else
1101 return &aes_256_ecb; 540 return &aes_256_ecb;
1102#endif
1103} 541}
1104LCRYPTO_ALIAS(EVP_aes_256_ecb); 542LCRYPTO_ALIAS(EVP_aes_256_ecb);
1105 543
1106#ifdef AESNI_CAPABLE
1107static const EVP_CIPHER aesni_256_ofb = {
1108 .nid = NID_aes_256_ofb128,
1109 .block_size = 1,
1110 .key_len = 32,
1111 .iv_len = 16,
1112 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_OFB_MODE,
1113 .init = aesni_init_key,
1114 .do_cipher = aes_ofb_cipher,
1115 .ctx_size = sizeof(EVP_AES_KEY),
1116};
1117#endif
1118
1119static const EVP_CIPHER aes_256_ofb = { 544static const EVP_CIPHER aes_256_ofb = {
1120 .nid = NID_aes_256_ofb128, 545 .nid = NID_aes_256_ofb128,
1121 .block_size = 1, 546 .block_size = 1,
@@ -1130,27 +555,10 @@ static const EVP_CIPHER aes_256_ofb = {
1130const EVP_CIPHER * 555const EVP_CIPHER *
1131EVP_aes_256_ofb(void) 556EVP_aes_256_ofb(void)
1132{ 557{
1133#ifdef AESNI_CAPABLE
1134 return AESNI_CAPABLE ? &aesni_256_ofb : &aes_256_ofb;
1135#else
1136 return &aes_256_ofb; 558 return &aes_256_ofb;
1137#endif
1138} 559}
1139LCRYPTO_ALIAS(EVP_aes_256_ofb); 560LCRYPTO_ALIAS(EVP_aes_256_ofb);
1140 561
1141#ifdef AESNI_CAPABLE
1142static const EVP_CIPHER aesni_256_cfb = {
1143 .nid = NID_aes_256_cfb128,
1144 .block_size = 1,
1145 .key_len = 32,
1146 .iv_len = 16,
1147 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CFB_MODE,
1148 .init = aesni_init_key,
1149 .do_cipher = aes_cfb_cipher,
1150 .ctx_size = sizeof(EVP_AES_KEY),
1151};
1152#endif
1153
1154static const EVP_CIPHER aes_256_cfb = { 562static const EVP_CIPHER aes_256_cfb = {
1155 .nid = NID_aes_256_cfb128, 563 .nid = NID_aes_256_cfb128,
1156 .block_size = 1, 564 .block_size = 1,
@@ -1165,27 +573,10 @@ static const EVP_CIPHER aes_256_cfb = {
1165const EVP_CIPHER * 573const EVP_CIPHER *
1166EVP_aes_256_cfb128(void) 574EVP_aes_256_cfb128(void)
1167{ 575{
1168#ifdef AESNI_CAPABLE
1169 return AESNI_CAPABLE ? &aesni_256_cfb : &aes_256_cfb;
1170#else
1171 return &aes_256_cfb; 576 return &aes_256_cfb;
1172#endif
1173} 577}
1174LCRYPTO_ALIAS(EVP_aes_256_cfb128); 578LCRYPTO_ALIAS(EVP_aes_256_cfb128);
1175 579
1176#ifdef AESNI_CAPABLE
1177static const EVP_CIPHER aesni_256_cfb1 = {
1178 .nid = NID_aes_256_cfb1,
1179 .block_size = 1,
1180 .key_len = 32,
1181 .iv_len = 16,
1182 .flags = EVP_CIPH_CFB_MODE,
1183 .init = aesni_init_key,
1184 .do_cipher = aes_cfb1_cipher,
1185 .ctx_size = sizeof(EVP_AES_KEY),
1186};
1187#endif
1188
1189static const EVP_CIPHER aes_256_cfb1 = { 580static const EVP_CIPHER aes_256_cfb1 = {
1190 .nid = NID_aes_256_cfb1, 581 .nid = NID_aes_256_cfb1,
1191 .block_size = 1, 582 .block_size = 1,
@@ -1200,27 +591,10 @@ static const EVP_CIPHER aes_256_cfb1 = {
1200const EVP_CIPHER * 591const EVP_CIPHER *
1201EVP_aes_256_cfb1(void) 592EVP_aes_256_cfb1(void)
1202{ 593{
1203#ifdef AESNI_CAPABLE
1204 return AESNI_CAPABLE ? &aesni_256_cfb1 : &aes_256_cfb1;
1205#else
1206 return &aes_256_cfb1; 594 return &aes_256_cfb1;
1207#endif
1208} 595}
1209LCRYPTO_ALIAS(EVP_aes_256_cfb1); 596LCRYPTO_ALIAS(EVP_aes_256_cfb1);
1210 597
1211#ifdef AESNI_CAPABLE
1212static const EVP_CIPHER aesni_256_cfb8 = {
1213 .nid = NID_aes_256_cfb8,
1214 .block_size = 1,
1215 .key_len = 32,
1216 .iv_len = 16,
1217 .flags = EVP_CIPH_CFB_MODE,
1218 .init = aesni_init_key,
1219 .do_cipher = aes_cfb8_cipher,
1220 .ctx_size = sizeof(EVP_AES_KEY),
1221};
1222#endif
1223
1224static const EVP_CIPHER aes_256_cfb8 = { 598static const EVP_CIPHER aes_256_cfb8 = {
1225 .nid = NID_aes_256_cfb8, 599 .nid = NID_aes_256_cfb8,
1226 .block_size = 1, 600 .block_size = 1,
@@ -1235,27 +609,10 @@ static const EVP_CIPHER aes_256_cfb8 = {
1235const EVP_CIPHER * 609const EVP_CIPHER *
1236EVP_aes_256_cfb8(void) 610EVP_aes_256_cfb8(void)
1237{ 611{
1238#ifdef AESNI_CAPABLE
1239 return AESNI_CAPABLE ? &aesni_256_cfb8 : &aes_256_cfb8;
1240#else
1241 return &aes_256_cfb8; 612 return &aes_256_cfb8;
1242#endif
1243} 613}
1244LCRYPTO_ALIAS(EVP_aes_256_cfb8); 614LCRYPTO_ALIAS(EVP_aes_256_cfb8);
1245 615
1246#ifdef AESNI_CAPABLE
1247static const EVP_CIPHER aesni_256_ctr = {
1248 .nid = NID_aes_256_ctr,
1249 .block_size = 1,
1250 .key_len = 32,
1251 .iv_len = 16,
1252 .flags = EVP_CIPH_CTR_MODE,
1253 .init = aesni_init_key,
1254 .do_cipher = aes_ctr_cipher,
1255 .ctx_size = sizeof(EVP_AES_KEY),
1256};
1257#endif
1258
1259static const EVP_CIPHER aes_256_ctr = { 616static const EVP_CIPHER aes_256_ctr = {
1260 .nid = NID_aes_256_ctr, 617 .nid = NID_aes_256_ctr,
1261 .block_size = 1, 618 .block_size = 1,
@@ -1270,11 +627,7 @@ static const EVP_CIPHER aes_256_ctr = {
1270const EVP_CIPHER * 627const EVP_CIPHER *
1271EVP_aes_256_ctr(void) 628EVP_aes_256_ctr(void)
1272{ 629{
1273#ifdef AESNI_CAPABLE
1274 return AESNI_CAPABLE ? &aesni_256_ctr : &aes_256_ctr;
1275#else
1276 return &aes_256_ctr; 630 return &aes_256_ctr;
1277#endif
1278} 631}
1279LCRYPTO_ALIAS(EVP_aes_256_ctr); 632LCRYPTO_ALIAS(EVP_aes_256_ctr);
1280 633
@@ -1455,35 +808,6 @@ aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
1455 } 808 }
1456} 809}
1457 810
1458static ctr128_f
1459aes_gcm_set_key(AES_KEY *aes_key, GCM128_CONTEXT *gcm_ctx,
1460 const unsigned char *key, size_t key_len)
1461{
1462#ifdef BSAES_CAPABLE
1463 if (BSAES_CAPABLE) {
1464 AES_set_encrypt_key(key, key_len * 8, aes_key);
1465 CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)AES_encrypt);
1466 return (ctr128_f)bsaes_ctr32_encrypt_blocks;
1467 } else
1468#endif
1469#ifdef VPAES_CAPABLE
1470 if (VPAES_CAPABLE) {
1471 vpaes_set_encrypt_key(key, key_len * 8, aes_key);
1472 CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)vpaes_encrypt);
1473 return NULL;
1474 } else
1475#endif
1476 (void)0; /* terminate potentially open 'else' */
1477
1478 AES_set_encrypt_key(key, key_len * 8, aes_key);
1479 CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)AES_encrypt);
1480#ifdef AES_CTR_ASM
1481 return (ctr128_f)AES_ctr32_encrypt;
1482#else
1483 return NULL;
1484#endif
1485}
1486
1487static int 811static int
1488aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 812aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
1489 const unsigned char *iv, int enc) 813 const unsigned char *iv, int enc)
@@ -1493,8 +817,8 @@ aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
1493 if (!iv && !key) 817 if (!iv && !key)
1494 return 1; 818 return 1;
1495 if (key) { 819 if (key) {
1496 gctx->ctr = aes_gcm_set_key(&gctx->ks, &gctx->gcm, 820 AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
1497 key, ctx->key_len); 821 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, aes_encrypt_block128);
1498 822
1499 /* If we have an iv can set it directly, otherwise use 823 /* If we have an iv can set it directly, otherwise use
1500 * saved IV. 824 * saved IV.
@@ -1554,14 +878,9 @@ aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1554 len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; 878 len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
1555 if (ctx->encrypt) { 879 if (ctx->encrypt) {
1556 /* Encrypt payload */ 880 /* Encrypt payload */
1557 if (gctx->ctr) { 881 if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm, in, out, len,
1558 if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm, in, out, 882 aes_ctr32_encrypt_ctr128f))
1559 len, gctx->ctr)) 883 goto err;
1560 goto err;
1561 } else {
1562 if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len))
1563 goto err;
1564 }
1565 out += len; 884 out += len;
1566 885
1567 /* Finally write tag */ 886 /* Finally write tag */
@@ -1569,19 +888,15 @@ aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1569 rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; 888 rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
1570 } else { 889 } else {
1571 /* Decrypt */ 890 /* Decrypt */
1572 if (gctx->ctr) { 891 if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm, in, out, len,
1573 if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm, in, out, 892 aes_ctr32_encrypt_ctr128f))
1574 len, gctx->ctr)) 893 goto err;
1575 goto err; 894
1576 } else {
1577 if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len))
1578 goto err;
1579 }
1580 /* Retrieve tag */ 895 /* Retrieve tag */
1581 CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, EVP_GCM_TLS_TAG_LEN); 896 CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, EVP_GCM_TLS_TAG_LEN);
1582 897
1583 /* If tag mismatch wipe buffer */ 898 /* If tag mismatch wipe buffer */
1584 if (memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) { 899 if (timingsafe_memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN) != 0) {
1585 explicit_bzero(out, len); 900 explicit_bzero(out, len);
1586 goto err; 901 goto err;
1587 } 902 }
@@ -1615,25 +930,13 @@ aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1615 if (CRYPTO_gcm128_aad(&gctx->gcm, in, len)) 930 if (CRYPTO_gcm128_aad(&gctx->gcm, in, len))
1616 return -1; 931 return -1;
1617 } else if (ctx->encrypt) { 932 } else if (ctx->encrypt) {
1618 if (gctx->ctr) { 933 if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm,
1619 if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm, 934 in, out, len, aes_ctr32_encrypt_ctr128f))
1620 in, out, len, gctx->ctr)) 935 return -1;
1621 return -1;
1622 } else {
1623 if (CRYPTO_gcm128_encrypt(&gctx->gcm,
1624 in, out, len))
1625 return -1;
1626 }
1627 } else { 936 } else {
1628 if (gctx->ctr) { 937 if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm,
1629 if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm, 938 in, out, len, aes_ctr32_encrypt_ctr128f))
1630 in, out, len, gctx->ctr)) 939 return -1;
1631 return -1;
1632 } else {
1633 if (CRYPTO_gcm128_decrypt(&gctx->gcm,
1634 in, out, len))
1635 return -1;
1636 }
1637 } 940 }
1638 return len; 941 return len;
1639 } else { 942 } else {
@@ -1662,22 +965,6 @@ aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1662 EVP_CIPH_FLAG_CUSTOM_CIPHER | EVP_CIPH_ALWAYS_CALL_INIT | \ 965 EVP_CIPH_FLAG_CUSTOM_CIPHER | EVP_CIPH_ALWAYS_CALL_INIT | \
1663 EVP_CIPH_CTRL_INIT | EVP_CIPH_CUSTOM_COPY ) 966 EVP_CIPH_CTRL_INIT | EVP_CIPH_CUSTOM_COPY )
1664 967
1665
1666#ifdef AESNI_CAPABLE
1667static const EVP_CIPHER aesni_128_gcm = {
1668 .nid = NID_aes_128_gcm,
1669 .block_size = 1,
1670 .key_len = 16,
1671 .iv_len = 12,
1672 .flags = EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS | EVP_CIPH_GCM_MODE,
1673 .init = aesni_gcm_init_key,
1674 .do_cipher = aes_gcm_cipher,
1675 .cleanup = aes_gcm_cleanup,
1676 .ctx_size = sizeof(EVP_AES_GCM_CTX),
1677 .ctrl = aes_gcm_ctrl,
1678};
1679#endif
1680
1681static const EVP_CIPHER aes_128_gcm = { 968static const EVP_CIPHER aes_128_gcm = {
1682 .nid = NID_aes_128_gcm, 969 .nid = NID_aes_128_gcm,
1683 .block_size = 1, 970 .block_size = 1,
@@ -1694,29 +981,10 @@ static const EVP_CIPHER aes_128_gcm = {
1694const EVP_CIPHER * 981const EVP_CIPHER *
1695EVP_aes_128_gcm(void) 982EVP_aes_128_gcm(void)
1696{ 983{
1697#ifdef AESNI_CAPABLE
1698 return AESNI_CAPABLE ? &aesni_128_gcm : &aes_128_gcm;
1699#else
1700 return &aes_128_gcm; 984 return &aes_128_gcm;
1701#endif
1702} 985}
1703LCRYPTO_ALIAS(EVP_aes_128_gcm); 986LCRYPTO_ALIAS(EVP_aes_128_gcm);
1704 987
1705#ifdef AESNI_CAPABLE
1706static const EVP_CIPHER aesni_192_gcm = {
1707 .nid = NID_aes_192_gcm,
1708 .block_size = 1,
1709 .key_len = 24,
1710 .iv_len = 12,
1711 .flags = EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS | EVP_CIPH_GCM_MODE,
1712 .init = aesni_gcm_init_key,
1713 .do_cipher = aes_gcm_cipher,
1714 .cleanup = aes_gcm_cleanup,
1715 .ctx_size = sizeof(EVP_AES_GCM_CTX),
1716 .ctrl = aes_gcm_ctrl,
1717};
1718#endif
1719
1720static const EVP_CIPHER aes_192_gcm = { 988static const EVP_CIPHER aes_192_gcm = {
1721 .nid = NID_aes_192_gcm, 989 .nid = NID_aes_192_gcm,
1722 .block_size = 1, 990 .block_size = 1,
@@ -1733,29 +1001,10 @@ static const EVP_CIPHER aes_192_gcm = {
1733const EVP_CIPHER * 1001const EVP_CIPHER *
1734EVP_aes_192_gcm(void) 1002EVP_aes_192_gcm(void)
1735{ 1003{
1736#ifdef AESNI_CAPABLE
1737 return AESNI_CAPABLE ? &aesni_192_gcm : &aes_192_gcm;
1738#else
1739 return &aes_192_gcm; 1004 return &aes_192_gcm;
1740#endif
1741} 1005}
1742LCRYPTO_ALIAS(EVP_aes_192_gcm); 1006LCRYPTO_ALIAS(EVP_aes_192_gcm);
1743 1007
1744#ifdef AESNI_CAPABLE
1745static const EVP_CIPHER aesni_256_gcm = {
1746 .nid = NID_aes_256_gcm,
1747 .block_size = 1,
1748 .key_len = 32,
1749 .iv_len = 12,
1750 .flags = EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS | EVP_CIPH_GCM_MODE,
1751 .init = aesni_gcm_init_key,
1752 .do_cipher = aes_gcm_cipher,
1753 .cleanup = aes_gcm_cleanup,
1754 .ctx_size = sizeof(EVP_AES_GCM_CTX),
1755 .ctrl = aes_gcm_ctrl,
1756};
1757#endif
1758
1759static const EVP_CIPHER aes_256_gcm = { 1008static const EVP_CIPHER aes_256_gcm = {
1760 .nid = NID_aes_256_gcm, 1009 .nid = NID_aes_256_gcm,
1761 .block_size = 1, 1010 .block_size = 1,
@@ -1772,11 +1021,7 @@ static const EVP_CIPHER aes_256_gcm = {
1772const EVP_CIPHER * 1021const EVP_CIPHER *
1773EVP_aes_256_gcm(void) 1022EVP_aes_256_gcm(void)
1774{ 1023{
1775#ifdef AESNI_CAPABLE
1776 return AESNI_CAPABLE ? &aesni_256_gcm : &aes_256_gcm;
1777#else
1778 return &aes_256_gcm; 1024 return &aes_256_gcm;
1779#endif
1780} 1025}
1781LCRYPTO_ALIAS(EVP_aes_256_gcm); 1026LCRYPTO_ALIAS(EVP_aes_256_gcm);
1782 1027
@@ -1818,64 +1063,24 @@ aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
1818 1063
1819static int 1064static int
1820aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 1065aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
1821 const unsigned char *iv, int enc) 1066 const unsigned char *iv, int encrypt)
1822{ 1067{
1823 EVP_AES_XTS_CTX *xctx = ctx->cipher_data; 1068 EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
1824 1069
1825 if (!iv && !key) 1070 if (key != NULL) {
1826 return 1;
1827
1828 if (key) do {
1829#ifdef AES_XTS_ASM
1830 xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt;
1831#else
1832 xctx->stream = NULL;
1833#endif
1834 /* key_len is two AES keys */ 1071 /* key_len is two AES keys */
1835#ifdef BSAES_CAPABLE 1072 if (encrypt)
1836 if (BSAES_CAPABLE)
1837 xctx->stream = enc ? bsaes_xts_encrypt :
1838 bsaes_xts_decrypt;
1839 else
1840#endif
1841#ifdef VPAES_CAPABLE
1842 if (VPAES_CAPABLE) {
1843 if (enc) {
1844 vpaes_set_encrypt_key(key, ctx->key_len * 4,
1845 &xctx->ks1);
1846 xctx->xts.block1 = (block128_f)vpaes_encrypt;
1847 } else {
1848 vpaes_set_decrypt_key(key, ctx->key_len * 4,
1849 &xctx->ks1);
1850 xctx->xts.block1 = (block128_f)vpaes_decrypt;
1851 }
1852
1853 vpaes_set_encrypt_key(key + ctx->key_len / 2,
1854 ctx->key_len * 4, &xctx->ks2);
1855 xctx->xts.block2 = (block128_f)vpaes_encrypt;
1856
1857 xctx->xts.key1 = &xctx->ks1;
1858 break;
1859 } else
1860#endif
1861 (void)0; /* terminate potentially open 'else' */
1862
1863 if (enc) {
1864 AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1); 1073 AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);
1865 xctx->xts.block1 = (block128_f)AES_encrypt; 1074 else
1866 } else {
1867 AES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1); 1075 AES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1);
1868 xctx->xts.block1 = (block128_f)AES_decrypt;
1869 }
1870 1076
1871 AES_set_encrypt_key(key + ctx->key_len / 2, 1077 AES_set_encrypt_key(key + ctx->key_len / 2, ctx->key_len * 4,
1872 ctx->key_len * 4, &xctx->ks2); 1078 &xctx->ks2);
1873 xctx->xts.block2 = (block128_f)AES_encrypt;
1874 1079
1875 xctx->xts.key1 = &xctx->ks1; 1080 xctx->xts.key1 = &xctx->ks1;
1876 } while (0); 1081 }
1877 1082
1878 if (iv) { 1083 if (iv != NULL) {
1879 xctx->xts.key2 = &xctx->ks2; 1084 xctx->xts.key2 = &xctx->ks2;
1880 memcpy(ctx->iv, iv, 16); 1085 memcpy(ctx->iv, iv, 16);
1881 } 1086 }
@@ -1889,17 +1094,15 @@ aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1889{ 1094{
1890 EVP_AES_XTS_CTX *xctx = ctx->cipher_data; 1095 EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
1891 1096
1892 if (!xctx->xts.key1 || !xctx->xts.key2) 1097 if (xctx->xts.key1 == NULL || xctx->xts.key2 == NULL)
1893 return 0;
1894 if (!out || !in || len < AES_BLOCK_SIZE)
1895 return 0; 1098 return 0;
1896 1099
1897 if (xctx->stream) 1100 if (out == NULL || in == NULL || len < AES_BLOCK_SIZE)
1898 (*xctx->stream)(in, out, len, xctx->xts.key1, xctx->xts.key2,
1899 ctx->iv);
1900 else if (CRYPTO_xts128_encrypt(&xctx->xts, ctx->iv, in, out, len,
1901 ctx->encrypt))
1902 return 0; 1101 return 0;
1102
1103 aes_xts_encrypt_internal(in, out, len, xctx->xts.key1, xctx->xts.key2,
1104 ctx->iv, ctx->encrypt);
1105
1903 return 1; 1106 return 1;
1904} 1107}
1905 1108
@@ -1907,22 +1110,6 @@ aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1907 ( EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV | \ 1110 ( EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV | \
1908 EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT | EVP_CIPH_CUSTOM_COPY ) 1111 EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT | EVP_CIPH_CUSTOM_COPY )
1909 1112
1910
1911#ifdef AESNI_CAPABLE
1912static const EVP_CIPHER aesni_128_xts = {
1913 .nid = NID_aes_128_xts,
1914 .block_size = 1,
1915 .key_len = 2 * 16,
1916 .iv_len = 16,
1917 .flags = XTS_FLAGS | EVP_CIPH_XTS_MODE,
1918 .init = aesni_xts_init_key,
1919 .do_cipher = aes_xts_cipher,
1920 .cleanup = NULL,
1921 .ctx_size = sizeof(EVP_AES_XTS_CTX),
1922 .ctrl = aes_xts_ctrl,
1923};
1924#endif
1925
1926static const EVP_CIPHER aes_128_xts = { 1113static const EVP_CIPHER aes_128_xts = {
1927 .nid = NID_aes_128_xts, 1114 .nid = NID_aes_128_xts,
1928 .block_size = 1, 1115 .block_size = 1,
@@ -1939,29 +1126,10 @@ static const EVP_CIPHER aes_128_xts = {
1939const EVP_CIPHER * 1126const EVP_CIPHER *
1940EVP_aes_128_xts(void) 1127EVP_aes_128_xts(void)
1941{ 1128{
1942#ifdef AESNI_CAPABLE
1943 return AESNI_CAPABLE ? &aesni_128_xts : &aes_128_xts;
1944#else
1945 return &aes_128_xts; 1129 return &aes_128_xts;
1946#endif
1947} 1130}
1948LCRYPTO_ALIAS(EVP_aes_128_xts); 1131LCRYPTO_ALIAS(EVP_aes_128_xts);
1949 1132
1950#ifdef AESNI_CAPABLE
1951static const EVP_CIPHER aesni_256_xts = {
1952 .nid = NID_aes_256_xts,
1953 .block_size = 1,
1954 .key_len = 2 * 32,
1955 .iv_len = 16,
1956 .flags = XTS_FLAGS | EVP_CIPH_XTS_MODE,
1957 .init = aesni_xts_init_key,
1958 .do_cipher = aes_xts_cipher,
1959 .cleanup = NULL,
1960 .ctx_size = sizeof(EVP_AES_XTS_CTX),
1961 .ctrl = aes_xts_ctrl,
1962};
1963#endif
1964
1965static const EVP_CIPHER aes_256_xts = { 1133static const EVP_CIPHER aes_256_xts = {
1966 .nid = NID_aes_256_xts, 1134 .nid = NID_aes_256_xts,
1967 .block_size = 1, 1135 .block_size = 1,
@@ -1978,11 +1146,7 @@ static const EVP_CIPHER aes_256_xts = {
1978const EVP_CIPHER * 1146const EVP_CIPHER *
1979EVP_aes_256_xts(void) 1147EVP_aes_256_xts(void)
1980{ 1148{
1981#ifdef AESNI_CAPABLE
1982 return AESNI_CAPABLE ? &aesni_256_xts : &aes_256_xts;
1983#else
1984 return &aes_256_xts; 1149 return &aes_256_xts;
1985#endif
1986} 1150}
1987LCRYPTO_ALIAS(EVP_aes_256_xts); 1151LCRYPTO_ALIAS(EVP_aes_256_xts);
1988 1152
@@ -2062,23 +1226,12 @@ aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
2062 1226
2063 if (!iv && !key) 1227 if (!iv && !key)
2064 return 1; 1228 return 1;
2065 if (key) do { 1229 if (key) {
2066#ifdef VPAES_CAPABLE
2067 if (VPAES_CAPABLE) {
2068 vpaes_set_encrypt_key(key, ctx->key_len*8, &cctx->ks);
2069 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
2070 &cctx->ks, (block128_f)vpaes_encrypt);
2071 cctx->str = NULL;
2072 cctx->key_set = 1;
2073 break;
2074 }
2075#endif
2076 AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks); 1230 AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks);
2077 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, 1231 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
2078 &cctx->ks, (block128_f)AES_encrypt); 1232 &cctx->ks, aes_encrypt_block128);
2079 cctx->str = NULL;
2080 cctx->key_set = 1; 1233 cctx->key_set = 1;
2081 } while (0); 1234 }
2082 if (iv) { 1235 if (iv) {
2083 memcpy(ctx->iv, iv, 15 - cctx->L); 1236 memcpy(ctx->iv, iv, 15 - cctx->L);
2084 cctx->iv_set = 1; 1237 cctx->iv_set = 1;
@@ -2094,7 +1247,14 @@ aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
2094 CCM128_CONTEXT *ccm = &cctx->ccm; 1247 CCM128_CONTEXT *ccm = &cctx->ccm;
2095 1248
2096 /* If not set up, return error */ 1249 /* If not set up, return error */
2097 if (!cctx->iv_set && !cctx->key_set) 1250 if (!cctx->key_set)
1251 return -1;
1252
1253 /* EVP_*Final() doesn't return any data */
1254 if (in == NULL && out != NULL)
1255 return 0;
1256
1257 if (!cctx->iv_set)
2098 return -1; 1258 return -1;
2099 if (!ctx->encrypt && !cctx->tag_set) 1259 if (!ctx->encrypt && !cctx->tag_set)
2100 return -1; 1260 return -1;
@@ -2113,9 +1273,7 @@ aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
2113 CRYPTO_ccm128_aad(ccm, in, len); 1273 CRYPTO_ccm128_aad(ccm, in, len);
2114 return len; 1274 return len;
2115 } 1275 }
2116 /* EVP_*Final() doesn't return any data */ 1276
2117 if (!in)
2118 return 0;
2119 /* If not set length yet do it */ 1277 /* If not set length yet do it */
2120 if (!cctx->len_set) { 1278 if (!cctx->len_set) {
2121 if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len)) 1279 if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len))
@@ -2123,18 +1281,18 @@ aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
2123 cctx->len_set = 1; 1281 cctx->len_set = 1;
2124 } 1282 }
2125 if (ctx->encrypt) { 1283 if (ctx->encrypt) {
2126 if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, 1284 if (CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len,
2127 cctx->str) : CRYPTO_ccm128_encrypt(ccm, in, out, len)) 1285 aes_ccm64_encrypt_ccm128f) != 0)
2128 return -1; 1286 return -1;
2129 cctx->tag_set = 1; 1287 cctx->tag_set = 1;
2130 return len; 1288 return len;
2131 } else { 1289 } else {
2132 int rv = -1; 1290 int rv = -1;
2133 if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, 1291 if (CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len,
2134 cctx->str) : !CRYPTO_ccm128_decrypt(ccm, in, out, len)) { 1292 aes_ccm64_decrypt_ccm128f) == 0) {
2135 unsigned char tag[16]; 1293 unsigned char tag[16];
2136 if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { 1294 if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
2137 if (!memcmp(tag, ctx->buf, cctx->M)) 1295 if (timingsafe_memcmp(tag, ctx->buf, cctx->M) == 0)
2138 rv = len; 1296 rv = len;
2139 } 1297 }
2140 } 1298 }
@@ -2145,24 +1303,8 @@ aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
2145 cctx->len_set = 0; 1303 cctx->len_set = 0;
2146 return rv; 1304 return rv;
2147 } 1305 }
2148
2149} 1306}
2150 1307
2151#ifdef AESNI_CAPABLE
2152static const EVP_CIPHER aesni_128_ccm = {
2153 .nid = NID_aes_128_ccm,
2154 .block_size = 1,
2155 .key_len = 16,
2156 .iv_len = 12,
2157 .flags = CUSTOM_FLAGS | EVP_CIPH_CCM_MODE,
2158 .init = aesni_ccm_init_key,
2159 .do_cipher = aes_ccm_cipher,
2160 .cleanup = NULL,
2161 .ctx_size = sizeof(EVP_AES_CCM_CTX),
2162 .ctrl = aes_ccm_ctrl,
2163};
2164#endif
2165
2166static const EVP_CIPHER aes_128_ccm = { 1308static const EVP_CIPHER aes_128_ccm = {
2167 .nid = NID_aes_128_ccm, 1309 .nid = NID_aes_128_ccm,
2168 .block_size = 1, 1310 .block_size = 1,
@@ -2179,29 +1321,10 @@ static const EVP_CIPHER aes_128_ccm = {
2179const EVP_CIPHER * 1321const EVP_CIPHER *
2180EVP_aes_128_ccm(void) 1322EVP_aes_128_ccm(void)
2181{ 1323{
2182#ifdef AESNI_CAPABLE
2183 return AESNI_CAPABLE ? &aesni_128_ccm : &aes_128_ccm;
2184#else
2185 return &aes_128_ccm; 1324 return &aes_128_ccm;
2186#endif
2187} 1325}
2188LCRYPTO_ALIAS(EVP_aes_128_ccm); 1326LCRYPTO_ALIAS(EVP_aes_128_ccm);
2189 1327
2190#ifdef AESNI_CAPABLE
2191static const EVP_CIPHER aesni_192_ccm = {
2192 .nid = NID_aes_192_ccm,
2193 .block_size = 1,
2194 .key_len = 24,
2195 .iv_len = 12,
2196 .flags = CUSTOM_FLAGS | EVP_CIPH_CCM_MODE,
2197 .init = aesni_ccm_init_key,
2198 .do_cipher = aes_ccm_cipher,
2199 .cleanup = NULL,
2200 .ctx_size = sizeof(EVP_AES_CCM_CTX),
2201 .ctrl = aes_ccm_ctrl,
2202};
2203#endif
2204
2205static const EVP_CIPHER aes_192_ccm = { 1328static const EVP_CIPHER aes_192_ccm = {
2206 .nid = NID_aes_192_ccm, 1329 .nid = NID_aes_192_ccm,
2207 .block_size = 1, 1330 .block_size = 1,
@@ -2218,29 +1341,10 @@ static const EVP_CIPHER aes_192_ccm = {
2218const EVP_CIPHER * 1341const EVP_CIPHER *
2219EVP_aes_192_ccm(void) 1342EVP_aes_192_ccm(void)
2220{ 1343{
2221#ifdef AESNI_CAPABLE
2222 return AESNI_CAPABLE ? &aesni_192_ccm : &aes_192_ccm;
2223#else
2224 return &aes_192_ccm; 1344 return &aes_192_ccm;
2225#endif
2226} 1345}
2227LCRYPTO_ALIAS(EVP_aes_192_ccm); 1346LCRYPTO_ALIAS(EVP_aes_192_ccm);
2228 1347
2229#ifdef AESNI_CAPABLE
2230static const EVP_CIPHER aesni_256_ccm = {
2231 .nid = NID_aes_256_ccm,
2232 .block_size = 1,
2233 .key_len = 32,
2234 .iv_len = 12,
2235 .flags = CUSTOM_FLAGS | EVP_CIPH_CCM_MODE,
2236 .init = aesni_ccm_init_key,
2237 .do_cipher = aes_ccm_cipher,
2238 .cleanup = NULL,
2239 .ctx_size = sizeof(EVP_AES_CCM_CTX),
2240 .ctrl = aes_ccm_ctrl,
2241};
2242#endif
2243
2244static const EVP_CIPHER aes_256_ccm = { 1348static const EVP_CIPHER aes_256_ccm = {
2245 .nid = NID_aes_256_ccm, 1349 .nid = NID_aes_256_ccm,
2246 .block_size = 1, 1350 .block_size = 1,
@@ -2257,11 +1361,7 @@ static const EVP_CIPHER aes_256_ccm = {
2257const EVP_CIPHER * 1361const EVP_CIPHER *
2258EVP_aes_256_ccm(void) 1362EVP_aes_256_ccm(void)
2259{ 1363{
2260#ifdef AESNI_CAPABLE
2261 return AESNI_CAPABLE ? &aesni_256_ccm : &aes_256_ccm;
2262#else
2263 return &aes_256_ccm; 1364 return &aes_256_ccm;
2264#endif
2265} 1365}
2266LCRYPTO_ALIAS(EVP_aes_256_ccm); 1366LCRYPTO_ALIAS(EVP_aes_256_ccm);
2267 1367
@@ -2273,7 +1373,6 @@ struct aead_aes_gcm_ctx {
2273 AES_KEY ks; 1373 AES_KEY ks;
2274 } ks; 1374 } ks;
2275 GCM128_CONTEXT gcm; 1375 GCM128_CONTEXT gcm;
2276 ctr128_f ctr;
2277 unsigned char tag_len; 1376 unsigned char tag_len;
2278}; 1377};
2279 1378
@@ -2301,18 +1400,8 @@ aead_aes_gcm_init(EVP_AEAD_CTX *ctx, const unsigned char *key, size_t key_len,
2301 if ((gcm_ctx = calloc(1, sizeof(struct aead_aes_gcm_ctx))) == NULL) 1400 if ((gcm_ctx = calloc(1, sizeof(struct aead_aes_gcm_ctx))) == NULL)
2302 return 0; 1401 return 0;
2303 1402
2304#ifdef AESNI_CAPABLE 1403 AES_set_encrypt_key(key, key_bits, &gcm_ctx->ks.ks);
2305 if (AESNI_CAPABLE) { 1404 CRYPTO_gcm128_init(&gcm_ctx->gcm, &gcm_ctx->ks.ks, aes_encrypt_block128);
2306 aesni_set_encrypt_key(key, key_bits, &gcm_ctx->ks.ks);
2307 CRYPTO_gcm128_init(&gcm_ctx->gcm, &gcm_ctx->ks.ks,
2308 (block128_f)aesni_encrypt);
2309 gcm_ctx->ctr = (ctr128_f) aesni_ctr32_encrypt_blocks;
2310 } else
2311#endif
2312 {
2313 gcm_ctx->ctr = aes_gcm_set_key(&gcm_ctx->ks.ks, &gcm_ctx->gcm,
2314 key, key_len);
2315 }
2316 gcm_ctx->tag_len = tag_len; 1405 gcm_ctx->tag_len = tag_len;
2317 ctx->aead_state = gcm_ctx; 1406 ctx->aead_state = gcm_ctx;
2318 1407
@@ -2353,15 +1442,9 @@ aead_aes_gcm_seal(const EVP_AEAD_CTX *ctx, unsigned char *out, size_t *out_len,
2353 if (ad_len > 0 && CRYPTO_gcm128_aad(&gcm, ad, ad_len)) 1442 if (ad_len > 0 && CRYPTO_gcm128_aad(&gcm, ad, ad_len))
2354 return 0; 1443 return 0;
2355 1444
2356 if (gcm_ctx->ctr) { 1445 if (CRYPTO_gcm128_encrypt_ctr32(&gcm, in + bulk, out + bulk,
2357 if (CRYPTO_gcm128_encrypt_ctr32(&gcm, in + bulk, out + bulk, 1446 in_len - bulk, aes_ctr32_encrypt_ctr128f))
2358 in_len - bulk, gcm_ctx->ctr)) 1447 return 0;
2359 return 0;
2360 } else {
2361 if (CRYPTO_gcm128_encrypt(&gcm, in + bulk, out + bulk,
2362 in_len - bulk))
2363 return 0;
2364 }
2365 1448
2366 CRYPTO_gcm128_tag(&gcm, out + in_len, gcm_ctx->tag_len); 1449 CRYPTO_gcm128_tag(&gcm, out + in_len, gcm_ctx->tag_len);
2367 *out_len = in_len + gcm_ctx->tag_len; 1450 *out_len = in_len + gcm_ctx->tag_len;
@@ -2404,15 +1487,9 @@ aead_aes_gcm_open(const EVP_AEAD_CTX *ctx, unsigned char *out, size_t *out_len,
2404 if (CRYPTO_gcm128_aad(&gcm, ad, ad_len)) 1487 if (CRYPTO_gcm128_aad(&gcm, ad, ad_len))
2405 return 0; 1488 return 0;
2406 1489
2407 if (gcm_ctx->ctr) { 1490 if (CRYPTO_gcm128_decrypt_ctr32(&gcm, in + bulk, out + bulk,
2408 if (CRYPTO_gcm128_decrypt_ctr32(&gcm, in + bulk, out + bulk, 1491 in_len - bulk - gcm_ctx->tag_len, aes_ctr32_encrypt_ctr128f))
2409 in_len - bulk - gcm_ctx->tag_len, gcm_ctx->ctr)) 1492 return 0;
2410 return 0;
2411 } else {
2412 if (CRYPTO_gcm128_decrypt(&gcm, in + bulk, out + bulk,
2413 in_len - bulk - gcm_ctx->tag_len))
2414 return 0;
2415 }
2416 1493
2417 CRYPTO_gcm128_tag(&gcm, tag, gcm_ctx->tag_len); 1494 CRYPTO_gcm128_tag(&gcm, tag, gcm_ctx->tag_len);
2418 if (timingsafe_memcmp(tag, in + plaintext_len, gcm_ctx->tag_len) != 0) { 1495 if (timingsafe_memcmp(tag, in + plaintext_len, gcm_ctx->tag_len) != 0) {
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-14 02:37:47 +0000