| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
CID 621601 621602
ok djm jsg jsing miod
|
| |
|
|
|
|
|
| |
This avoids leaving previous round keys around on failure, or leaving parts
of previous round keys behind if reused with a smaller key size.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
| |
Every aes_set_{encrypt,decrypt}_key_internal() implementation is currently
required to check the inputs and return appropriate error codes. Pull the
input validation up to the API boundary, setting key->rounds at the same
time. Additionally, call aes_set_encrypt_key_internal() directly from
aes_set_decrypt_key_internal(), rather than going back through the public
API.
ok tb@
|
| |
|
|
|
|
|
|
|
|
| |
Make aes_ecb_encrypt_internal() replaceable and provide machine dependent
versions for amd64 and i386, which dispatch to AES-NI if appropriate.
Remove the AES-NI specific EVP methods for ECB.
This removes the last of the machine dependent code from EVP AES.
ok bcook@ joshua@ tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The mode implementation for CCM has two variants - one takes the block
function, while the other takes a "ccm64" function. The latter is expected
to handle the lower 64 bits of the IV/counter but only for 16 byte blocks.
The AES-NI implementation for CCM currently uses the second variant.
Provide aes_ccm64_encrypt_internal() as a function that can be replaced on
a machine dependent basis, along with an aes_ccm64_encrypt_generic()
function that provides the default implementation and can be used as a
fallback. Wire up the AES-NI version for amd64 and i386, change EVP's
aes_ccm_cipher() to use CRYPTO_ctr128_{en,de}crypt_ccm64() with
aes_ccm64_encrypt_internal()) and remove the various AES-NI specific
EVP_CIPHER methods for CCM.
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
|
|
| |
Provide aes_xts_encrypt_internal() and call that from aes_xts_cipher().
Have amd64 and i386 provide their own versions that dispatch to
aesni_xts_encrypt()/aesni_xts_decrypt() as appropriate. The
AESNI_CAPABLE code and methods can then be removed.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The mode implementation for CTR has two variants - one takes the block
function, while the other takes a "ctr32" function. The latter is expected
to handle the lower 32 bits of the IV/counter, but is not expected to
handle overflow. The AES-NI implementation for CTR currently uses the
second variant.
Provide aes_ctr32_encrypt_internal() as a function that can be replaced on
a machine dependent basis, along with an aes_ctr32_encrypt_generic()
function that provides the default implementation and can be used as a
fallback. Wire up the AES-NI version for amd64 and i386, change
AES_ctr128_encrypt() to use CRYPTO_ctr128_encrypt_ctr32() (which calls
aes_ctr32_encrypt_internal()) and remove the various AES-NI specific
EVP_CIPHER methods for CTR.
Callers of AES_ctr128_encrypt() will now use AES-NI, if available.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
| |
Replace memcmp() with timingsafe_memcmp() for authentication tag
comparison in AES-CCM, GCM, PKCS12 and AES key unwrap code paths
to ensure constant-time behavior and avoid potential timing side
channels.
This aligns with OpenSSL 1e4a355.
ok tb@
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
AES_ecb_encrypt() does not really do ECB - provide an
aes_ecb_encrypt_internal that actually does multiple blocks and call this
from aes_ecb_cipher(). Provide ECB with its own key initialisation
function, which allows aes_init_key() to be simplified considerably.
The block function pointer is now unused, so mop this up.
ok joshua@ tb@
|
| |
|
|
|
|
|
| |
Provide aes_{en,de}crypt_block128() which have correct function signatures
and use these when calling the various mode functions.
ok joshua@ tb@
|
| |
|
|
|
|
| |
This is where almost all of the public functions exist.
ok beck@ tb@
|
| |
|
|
|
|
|
|
| |
Provide a per architecture crypto_arch.h - this will be used in a similar
manner to bn_arch.h and will allow for architecture specific #defines and
static inline functions. Move the HAVE_AES_* and HAVE_RC4_* defines here.
ok tb@
|
| |
|
|
| |
ok jsing
|
| | |
|
|
|
Discussed with tb@
|
