From b73facdeca098be7e538e556c1a293942db3110c Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Mon, 21 Jul 2025 10:24:23 +0000
Subject: Move AES-NI from EVP to AES for CCM mode.

The mode implementation for CCM has two variants - one takes the block
function, while the other takes a "ccm64" function. The latter is expected
to handle the lower 64 bits of the IV/counter but only for 16 byte blocks.
The AES-NI implementation for CCM currently uses the second variant.

Provide aes_ccm64_encrypt_internal() as a function that can be replaced on
a machine dependent basis, along with an aes_ccm64_encrypt_generic()
function that provides the default implementation and can be used as a
fallback. Wire up the AES-NI version for amd64 and i386, change EVP's
aes_ccm_cipher() to use CRYPTO_ctr128_{en,de}crypt_ccm64() with
aes_ccm64_encrypt_internal()) and remove the various AES-NI specific
EVP_CIPHER methods for CCM.

ok tb@
---
 src/lib/libcrypto/arch/amd64/crypto_arch.h | 3 ++-
 src/lib/libcrypto/arch/i386/crypto_arch.h  | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

(limited to 'src/lib/libcrypto/arch')

diff --git a/src/lib/libcrypto/arch/amd64/crypto_arch.h b/src/lib/libcrypto/arch/amd64/crypto_arch.h
index 7c3c89a088..a51021a307 100644
--- a/src/lib/libcrypto/arch/amd64/crypto_arch.h
+++ b/src/lib/libcrypto/arch/amd64/crypto_arch.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: crypto_arch.h,v 1.10 2025/07/13 06:01:33 jsing Exp $ */
+/*	$OpenBSD: crypto_arch.h,v 1.11 2025/07/21 10:24:23 jsing Exp $ */
 /*
  * Copyright (c) 2024 Joel Sing <jsing@openbsd.org>
  *
@@ -38,6 +38,7 @@ extern uint64_t crypto_cpu_caps_amd64;
 #define HAVE_AES_ENCRYPT_INTERNAL
 #define HAVE_AES_DECRYPT_INTERNAL
 #define HAVE_AES_CBC_ENCRYPT_INTERNAL
+#define HAVE_AES_CCM64_ENCRYPT_INTERNAL
 #define HAVE_AES_CTR32_ENCRYPT_INTERNAL
 #define HAVE_AES_XTS_ENCRYPT_INTERNAL
 
diff --git a/src/lib/libcrypto/arch/i386/crypto_arch.h b/src/lib/libcrypto/arch/i386/crypto_arch.h
index 8b292165fb..34d041b382 100644
--- a/src/lib/libcrypto/arch/i386/crypto_arch.h
+++ b/src/lib/libcrypto/arch/i386/crypto_arch.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: crypto_arch.h,v 1.9 2025/07/13 06:01:33 jsing Exp $ */
+/*	$OpenBSD: crypto_arch.h,v 1.10 2025/07/21 10:24:23 jsing Exp $ */
 /*
  * Copyright (c) 2024 Joel Sing <jsing@openbsd.org>
  *
@@ -38,6 +38,7 @@ extern uint64_t crypto_cpu_caps_i386;
 #define HAVE_AES_ENCRYPT_INTERNAL
 #define HAVE_AES_DECRYPT_INTERNAL
 #define HAVE_AES_CBC_ENCRYPT_INTERNAL
+#define HAVE_AES_CCM64_ENCRYPT_INTERNAL
 #define HAVE_AES_CTR32_ENCRYPT_INTERNAL
 #define HAVE_AES_XTS_ENCRYPT_INTERNAL
 
-- 
cgit v1.2.3-55-g6feb