diff options
Diffstat (limited to 'src/lib/libcrypto/evp/e_aes.c')
| -rw-r--r-- | src/lib/libcrypto/evp/e_aes.c | 111 |
1 files changed, 5 insertions, 106 deletions
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c index 851da9ded6..0949c8bdb4 100644 --- a/src/lib/libcrypto/evp/e_aes.c +++ b/src/lib/libcrypto/evp/e_aes.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: e_aes.c,v 1.79 2025/07/13 06:01:33 jsing Exp $ */ | 1 | /* $OpenBSD: e_aes.c,v 1.80 2025/07/21 10:24:23 jsing Exp $ */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| @@ -95,7 +95,6 @@ typedef struct { | |||
| 95 | int len_set; /* Set if message length set */ | 95 | int len_set; /* Set if message length set */ |
| 96 | int L, M; /* L and M parameters from RFC3610 */ | 96 | int L, M; /* L and M parameters from RFC3610 */ |
| 97 | CCM128_CONTEXT ccm; | 97 | CCM128_CONTEXT ccm; |
| 98 | ccm128_f str; | ||
| 99 | } EVP_AES_CCM_CTX; | 98 | } EVP_AES_CCM_CTX; |
| 100 | 99 | ||
| 101 | #define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4)) | 100 | #define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4)) |
| @@ -114,27 +113,9 @@ typedef struct { | |||
| 114 | */ | 113 | */ |
| 115 | #define AESNI_CAPABLE (crypto_cpu_caps_ia32() & CPUCAP_MASK_AESNI) | 114 | #define AESNI_CAPABLE (crypto_cpu_caps_ia32() & CPUCAP_MASK_AESNI) |
| 116 | 115 | ||
| 117 | int aesni_set_encrypt_key(const unsigned char *userKey, int bits, | ||
| 118 | AES_KEY *key); | ||
| 119 | int aesni_set_decrypt_key(const unsigned char *userKey, int bits, | ||
| 120 | AES_KEY *key); | ||
| 121 | |||
| 122 | void aesni_encrypt(const unsigned char *in, unsigned char *out, | ||
| 123 | const AES_KEY *key); | ||
| 124 | void aesni_decrypt(const unsigned char *in, unsigned char *out, | ||
| 125 | const AES_KEY *key); | ||
| 126 | |||
| 127 | void aesni_ecb_encrypt(const unsigned char *in, unsigned char *out, | 116 | void aesni_ecb_encrypt(const unsigned char *in, unsigned char *out, |
| 128 | size_t length, const AES_KEY *key, int enc); | 117 | size_t length, const AES_KEY *key, int enc); |
| 129 | 118 | ||
| 130 | void aesni_ccm64_encrypt_blocks (const unsigned char *in, unsigned char *out, | ||
| 131 | size_t blocks, const void *key, const unsigned char ivec[16], | ||
| 132 | unsigned char cmac[16]); | ||
| 133 | |||
| 134 | void aesni_ccm64_decrypt_blocks (const unsigned char *in, unsigned char *out, | ||
| 135 | size_t blocks, const void *key, const unsigned char ivec[16], | ||
| 136 | unsigned char cmac[16]); | ||
| 137 | |||
| 138 | static int | 119 | static int |
| 139 | aesni_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | 120 | aesni_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, |
| 140 | const unsigned char *in, size_t len) | 121 | const unsigned char *in, size_t len) |
| @@ -146,29 +127,6 @@ aesni_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |||
| 146 | 127 | ||
| 147 | return 1; | 128 | return 1; |
| 148 | } | 129 | } |
| 149 | |||
| 150 | static int | ||
| 151 | aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | ||
| 152 | const unsigned char *iv, int enc) | ||
| 153 | { | ||
| 154 | EVP_AES_CCM_CTX *cctx = ctx->cipher_data; | ||
| 155 | |||
| 156 | if (!iv && !key) | ||
| 157 | return 1; | ||
| 158 | if (key) { | ||
| 159 | aesni_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks); | ||
| 160 | CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, | ||
| 161 | &cctx->ks, (block128_f)aesni_encrypt); | ||
| 162 | cctx->str = enc ? (ccm128_f)aesni_ccm64_encrypt_blocks : | ||
| 163 | (ccm128_f)aesni_ccm64_decrypt_blocks; | ||
| 164 | cctx->key_set = 1; | ||
| 165 | } | ||
| 166 | if (iv) { | ||
| 167 | memcpy(ctx->iv, iv, 15 - cctx->L); | ||
| 168 | cctx->iv_set = 1; | ||
| 169 | } | ||
| 170 | return 1; | ||
| 171 | } | ||
| 172 | #endif | 130 | #endif |
| 173 | 131 | ||
| 174 | static int | 132 | static int |
| @@ -1353,7 +1311,6 @@ aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | |||
| 1353 | AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks); | 1311 | AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks); |
| 1354 | CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, | 1312 | CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, |
| 1355 | &cctx->ks, (block128_f)AES_encrypt); | 1313 | &cctx->ks, (block128_f)AES_encrypt); |
| 1356 | cctx->str = NULL; | ||
| 1357 | cctx->key_set = 1; | 1314 | cctx->key_set = 1; |
| 1358 | } | 1315 | } |
| 1359 | if (iv) { | 1316 | if (iv) { |
| @@ -1405,15 +1362,15 @@ aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |||
| 1405 | cctx->len_set = 1; | 1362 | cctx->len_set = 1; |
| 1406 | } | 1363 | } |
| 1407 | if (ctx->encrypt) { | 1364 | if (ctx->encrypt) { |
| 1408 | if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, | 1365 | if (CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, |
| 1409 | cctx->str) : CRYPTO_ccm128_encrypt(ccm, in, out, len)) | 1366 | aes_ccm64_encrypt_ccm128f) != 0) |
| 1410 | return -1; | 1367 | return -1; |
| 1411 | cctx->tag_set = 1; | 1368 | cctx->tag_set = 1; |
| 1412 | return len; | 1369 | return len; |
| 1413 | } else { | 1370 | } else { |
| 1414 | int rv = -1; | 1371 | int rv = -1; |
| 1415 | if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, | 1372 | if (CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, |
| 1416 | cctx->str) : !CRYPTO_ccm128_decrypt(ccm, in, out, len)) { | 1373 | aes_ccm64_decrypt_ccm128f) == 0) { |
| 1417 | unsigned char tag[16]; | 1374 | unsigned char tag[16]; |
| 1418 | if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { | 1375 | if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { |
| 1419 | if (timingsafe_memcmp(tag, ctx->buf, cctx->M) == 0) | 1376 | if (timingsafe_memcmp(tag, ctx->buf, cctx->M) == 0) |
| @@ -1427,24 +1384,8 @@ aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |||
| 1427 | cctx->len_set = 0; | 1384 | cctx->len_set = 0; |
| 1428 | return rv; | 1385 | return rv; |
| 1429 | } | 1386 | } |
| 1430 | |||
| 1431 | } | 1387 | } |
| 1432 | 1388 | ||
| 1433 | #ifdef AESNI_CAPABLE | ||
| 1434 | static const EVP_CIPHER aesni_128_ccm = { | ||
| 1435 | .nid = NID_aes_128_ccm, | ||
| 1436 | .block_size = 1, | ||
| 1437 | .key_len = 16, | ||
| 1438 | .iv_len = 12, | ||
| 1439 | .flags = CUSTOM_FLAGS | EVP_CIPH_CCM_MODE, | ||
| 1440 | .init = aesni_ccm_init_key, | ||
| 1441 | .do_cipher = aes_ccm_cipher, | ||
| 1442 | .cleanup = NULL, | ||
| 1443 | .ctx_size = sizeof(EVP_AES_CCM_CTX), | ||
| 1444 | .ctrl = aes_ccm_ctrl, | ||
| 1445 | }; | ||
| 1446 | #endif | ||
| 1447 | |||
| 1448 | static const EVP_CIPHER aes_128_ccm = { | 1389 | static const EVP_CIPHER aes_128_ccm = { |
| 1449 | .nid = NID_aes_128_ccm, | 1390 | .nid = NID_aes_128_ccm, |
| 1450 | .block_size = 1, | 1391 | .block_size = 1, |
| @@ -1461,29 +1402,10 @@ static const EVP_CIPHER aes_128_ccm = { | |||
| 1461 | const EVP_CIPHER * | 1402 | const EVP_CIPHER * |
| 1462 | EVP_aes_128_ccm(void) | 1403 | EVP_aes_128_ccm(void) |
| 1463 | { | 1404 | { |
| 1464 | #ifdef AESNI_CAPABLE | ||
| 1465 | return AESNI_CAPABLE ? &aesni_128_ccm : &aes_128_ccm; | ||
| 1466 | #else | ||
| 1467 | return &aes_128_ccm; | 1405 | return &aes_128_ccm; |
| 1468 | #endif | ||
| 1469 | } | 1406 | } |
| 1470 | LCRYPTO_ALIAS(EVP_aes_128_ccm); | 1407 | LCRYPTO_ALIAS(EVP_aes_128_ccm); |
| 1471 | 1408 | ||
| 1472 | #ifdef AESNI_CAPABLE | ||
| 1473 | static const EVP_CIPHER aesni_192_ccm = { | ||
| 1474 | .nid = NID_aes_192_ccm, | ||
| 1475 | .block_size = 1, | ||
| 1476 | .key_len = 24, | ||
| 1477 | .iv_len = 12, | ||
| 1478 | .flags = CUSTOM_FLAGS | EVP_CIPH_CCM_MODE, | ||
| 1479 | .init = aesni_ccm_init_key, | ||
| 1480 | .do_cipher = aes_ccm_cipher, | ||
| 1481 | .cleanup = NULL, | ||
| 1482 | .ctx_size = sizeof(EVP_AES_CCM_CTX), | ||
| 1483 | .ctrl = aes_ccm_ctrl, | ||
| 1484 | }; | ||
| 1485 | #endif | ||
| 1486 | |||
| 1487 | static const EVP_CIPHER aes_192_ccm = { | 1409 | static const EVP_CIPHER aes_192_ccm = { |
| 1488 | .nid = NID_aes_192_ccm, | 1410 | .nid = NID_aes_192_ccm, |
| 1489 | .block_size = 1, | 1411 | .block_size = 1, |
| @@ -1500,29 +1422,10 @@ static const EVP_CIPHER aes_192_ccm = { | |||
| 1500 | const EVP_CIPHER * | 1422 | const EVP_CIPHER * |
| 1501 | EVP_aes_192_ccm(void) | 1423 | EVP_aes_192_ccm(void) |
| 1502 | { | 1424 | { |
| 1503 | #ifdef AESNI_CAPABLE | ||
| 1504 | return AESNI_CAPABLE ? &aesni_192_ccm : &aes_192_ccm; | ||
| 1505 | #else | ||
| 1506 | return &aes_192_ccm; | 1425 | return &aes_192_ccm; |
| 1507 | #endif | ||
| 1508 | } | 1426 | } |
| 1509 | LCRYPTO_ALIAS(EVP_aes_192_ccm); | 1427 | LCRYPTO_ALIAS(EVP_aes_192_ccm); |
| 1510 | 1428 | ||
| 1511 | #ifdef AESNI_CAPABLE | ||
| 1512 | static const EVP_CIPHER aesni_256_ccm = { | ||
| 1513 | .nid = NID_aes_256_ccm, | ||
| 1514 | .block_size = 1, | ||
| 1515 | .key_len = 32, | ||
| 1516 | .iv_len = 12, | ||
| 1517 | .flags = CUSTOM_FLAGS | EVP_CIPH_CCM_MODE, | ||
| 1518 | .init = aesni_ccm_init_key, | ||
| 1519 | .do_cipher = aes_ccm_cipher, | ||
| 1520 | .cleanup = NULL, | ||
| 1521 | .ctx_size = sizeof(EVP_AES_CCM_CTX), | ||
| 1522 | .ctrl = aes_ccm_ctrl, | ||
| 1523 | }; | ||
| 1524 | #endif | ||
| 1525 | |||
| 1526 | static const EVP_CIPHER aes_256_ccm = { | 1429 | static const EVP_CIPHER aes_256_ccm = { |
| 1527 | .nid = NID_aes_256_ccm, | 1430 | .nid = NID_aes_256_ccm, |
| 1528 | .block_size = 1, | 1431 | .block_size = 1, |
| @@ -1539,11 +1442,7 @@ static const EVP_CIPHER aes_256_ccm = { | |||
| 1539 | const EVP_CIPHER * | 1442 | const EVP_CIPHER * |
| 1540 | EVP_aes_256_ccm(void) | 1443 | EVP_aes_256_ccm(void) |
| 1541 | { | 1444 | { |
| 1542 | #ifdef AESNI_CAPABLE | ||
| 1543 | return AESNI_CAPABLE ? &aesni_256_ccm : &aes_256_ccm; | ||
| 1544 | #else | ||
| 1545 | return &aes_256_ccm; | 1445 | return &aes_256_ccm; |
| 1546 | #endif | ||
| 1547 | } | 1446 | } |
| 1548 | LCRYPTO_ALIAS(EVP_aes_256_ccm); | 1447 | LCRYPTO_ALIAS(EVP_aes_256_ccm); |
| 1549 | 1448 | ||