From da7a63b669ad2a502ae120afede3fd850082e8b6 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Tue, 22 Jul 2025 09:13:49 +0000 Subject: Move AES-NI for ECB out of EVP. Make aes_ecb_encrypt_internal() replaceable and provide machine dependent versions for amd64 and i386, which dispatch to AES-NI if appropriate. Remove the AES-NI specific EVP methods for ECB. This removes the last of the machine dependent code from EVP AES. ok bcook@ joshua@ tb@ --- src/lib/libcrypto/aes/aes.c | 4 +- src/lib/libcrypto/aes/aes_amd64.c | 26 +++++++++- src/lib/libcrypto/aes/aes_i386.c | 26 +++++++++- src/lib/libcrypto/arch/amd64/crypto_arch.h | 3 +- src/lib/libcrypto/arch/i386/crypto_arch.h | 3 +- src/lib/libcrypto/evp/e_aes.c | 83 +----------------------------- 6 files changed, 58 insertions(+), 87 deletions(-) (limited to 'src/lib/libcrypto') diff --git a/src/lib/libcrypto/aes/aes.c b/src/lib/libcrypto/aes/aes.c index 33e6273268..693badcd66 100644 --- a/src/lib/libcrypto/aes/aes.c +++ b/src/lib/libcrypto/aes/aes.c @@ -1,4 +1,4 @@ -/* $OpenBSD: aes.c,v 1.13 2025/07/21 10:24:23 jsing Exp $ */ +/* $OpenBSD: aes.c,v 1.14 2025/07/22 09:13:49 jsing Exp $ */ /* ==================================================================== * Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved. * @@ -310,6 +310,7 @@ AES_ecb_encrypt(const unsigned char *in, unsigned char *out, } LCRYPTO_ALIAS(AES_ecb_encrypt); +#ifndef HAVE_AES_ECB_ENCRYPT_INTERNAL void aes_ecb_encrypt_internal(const unsigned char *in, unsigned char *out, size_t len, const AES_KEY *key, int encrypt) @@ -321,6 +322,7 @@ aes_ecb_encrypt_internal(const unsigned char *in, unsigned char *out, len -= AES_BLOCK_SIZE; } } +#endif #define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long)) typedef struct { diff --git a/src/lib/libcrypto/aes/aes_amd64.c b/src/lib/libcrypto/aes/aes_amd64.c index 436983d872..183a5cce14 100644 --- a/src/lib/libcrypto/aes/aes_amd64.c +++ b/src/lib/libcrypto/aes/aes_amd64.c @@ -1,4 +1,4 @@ -/* $OpenBSD: aes_amd64.c,v 1.4 2025/07/21 10:24:23 jsing Exp $ */ +/* $OpenBSD: aes_amd64.c,v 1.5 2025/07/22 09:13:49 jsing Exp $ */ /* * Copyright (c) 2025 Joel Sing * @@ -68,6 +68,9 @@ void aesni_ccm64_decrypt_blocks(const unsigned char *in, unsigned char *out, void aesni_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, size_t blocks, const void *key, const unsigned char *ivec); +void aesni_ecb_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, int enc); + void aesni_xts_encrypt(const unsigned char *in, unsigned char *out, size_t length, const AES_KEY *key1, const AES_KEY *key2, const unsigned char iv[16]); @@ -160,6 +163,27 @@ aes_ctr32_encrypt_internal(const unsigned char *in, unsigned char *out, aes_ctr32_encrypt_generic(in, out, blocks, key, ivec); } +void +aes_ecb_encrypt_internal(const unsigned char *in, unsigned char *out, + size_t len, const AES_KEY *key, int encrypt) +{ + if ((crypto_cpu_caps_amd64 & CRYPTO_CPU_CAPS_AMD64_AES) != 0) { + aesni_ecb_encrypt(in, out, len, key, encrypt); + return; + } + + while (len >= AES_BLOCK_SIZE) { + if (encrypt) + aes_encrypt_generic(in, out, key); + else + aes_decrypt_generic(in, out, key); + + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + len -= AES_BLOCK_SIZE; + } +} + void aes_xts_encrypt_internal(const unsigned char *in, unsigned char *out, size_t len, const AES_KEY *key1, const AES_KEY *key2, diff --git a/src/lib/libcrypto/aes/aes_i386.c b/src/lib/libcrypto/aes/aes_i386.c index 7f2241eaf5..85a14454da 100644 --- a/src/lib/libcrypto/aes/aes_i386.c +++ b/src/lib/libcrypto/aes/aes_i386.c @@ -1,4 +1,4 @@ -/* $OpenBSD: aes_i386.c,v 1.4 2025/07/21 10:24:23 jsing Exp $ */ +/* $OpenBSD: aes_i386.c,v 1.5 2025/07/22 09:13:49 jsing Exp $ */ /* * Copyright (c) 2025 Joel Sing * @@ -68,6 +68,9 @@ void aesni_ccm64_decrypt_blocks(const unsigned char *in, unsigned char *out, void aesni_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, size_t blocks, const void *key, const unsigned char *ivec); +void aesni_ecb_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, int enc); + void aesni_xts_encrypt(const unsigned char *in, unsigned char *out, size_t length, const AES_KEY *key1, const AES_KEY *key2, const unsigned char iv[16]); @@ -160,6 +163,27 @@ aes_ctr32_encrypt_internal(const unsigned char *in, unsigned char *out, aes_ctr32_encrypt_generic(in, out, blocks, key, ivec); } +void +aes_ecb_encrypt_internal(const unsigned char *in, unsigned char *out, + size_t len, const AES_KEY *key, int encrypt) +{ + if ((crypto_cpu_caps_i386 & CRYPTO_CPU_CAPS_I386_AES) != 0) { + aesni_ecb_encrypt(in, out, len, key, encrypt); + return; + } + + while (len >= AES_BLOCK_SIZE) { + if (encrypt) + aes_encrypt_generic(in, out, key); + else + aes_decrypt_generic(in, out, key); + + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + len -= AES_BLOCK_SIZE; + } +} + void aes_xts_encrypt_internal(const unsigned char *in, unsigned char *out, size_t len, const AES_KEY *key1, const AES_KEY *key2, diff --git a/src/lib/libcrypto/arch/amd64/crypto_arch.h b/src/lib/libcrypto/arch/amd64/crypto_arch.h index a51021a307..e8faf0bca1 100644 --- a/src/lib/libcrypto/arch/amd64/crypto_arch.h +++ b/src/lib/libcrypto/arch/amd64/crypto_arch.h @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto_arch.h,v 1.11 2025/07/21 10:24:23 jsing Exp $ */ +/* $OpenBSD: crypto_arch.h,v 1.12 2025/07/22 09:13:49 jsing Exp $ */ /* * Copyright (c) 2024 Joel Sing * @@ -40,6 +40,7 @@ extern uint64_t crypto_cpu_caps_amd64; #define HAVE_AES_CBC_ENCRYPT_INTERNAL #define HAVE_AES_CCM64_ENCRYPT_INTERNAL #define HAVE_AES_CTR32_ENCRYPT_INTERNAL +#define HAVE_AES_ECB_ENCRYPT_INTERNAL #define HAVE_AES_XTS_ENCRYPT_INTERNAL #define HAVE_GCM128_INIT diff --git a/src/lib/libcrypto/arch/i386/crypto_arch.h b/src/lib/libcrypto/arch/i386/crypto_arch.h index 34d041b382..ccaa3e8494 100644 --- a/src/lib/libcrypto/arch/i386/crypto_arch.h +++ b/src/lib/libcrypto/arch/i386/crypto_arch.h @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto_arch.h,v 1.10 2025/07/21 10:24:23 jsing Exp $ */ +/* $OpenBSD: crypto_arch.h,v 1.11 2025/07/22 09:13:49 jsing Exp $ */ /* * Copyright (c) 2024 Joel Sing * @@ -40,6 +40,7 @@ extern uint64_t crypto_cpu_caps_i386; #define HAVE_AES_CBC_ENCRYPT_INTERNAL #define HAVE_AES_CCM64_ENCRYPT_INTERNAL #define HAVE_AES_CTR32_ENCRYPT_INTERNAL +#define HAVE_AES_ECB_ENCRYPT_INTERNAL #define HAVE_AES_XTS_ENCRYPT_INTERNAL #define HAVE_GCM128_INIT diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c index 0949c8bdb4..005f1c49b2 100644 --- a/src/lib/libcrypto/evp/e_aes.c +++ b/src/lib/libcrypto/evp/e_aes.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_aes.c,v 1.80 2025/07/21 10:24:23 jsing Exp $ */ +/* $OpenBSD: e_aes.c,v 1.81 2025/07/22 09:13:49 jsing Exp $ */ /* ==================================================================== * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved. * @@ -99,36 +99,6 @@ typedef struct { #define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4)) -#if defined(AES_ASM) && ( \ - ((defined(__i386) || defined(__i386__) || \ - defined(_M_IX86)))|| \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64) || \ - defined(__INTEL__) ) - -#include "x86_arch.h" - -/* - * AES-NI section - */ -#define AESNI_CAPABLE (crypto_cpu_caps_ia32() & CPUCAP_MASK_AESNI) - -void aesni_ecb_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, int enc); - -static int -aesni_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - if (len < ctx->cipher->block_size) - return 1; - - aesni_ecb_encrypt(in, out, len, ctx->cipher_data, ctx->encrypt); - - return 1; -} -#endif - static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) @@ -301,19 +271,6 @@ EVP_aes_128_cbc(void) } LCRYPTO_ALIAS(EVP_aes_128_cbc); -#ifdef AESNI_CAPABLE -static const EVP_CIPHER aesni_128_ecb = { - .nid = NID_aes_128_ecb, - .block_size = 16, - .key_len = 16, - .iv_len = 0, - .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE, - .init = aes_ecb_init_key, - .do_cipher = aesni_ecb_cipher, - .ctx_size = sizeof(EVP_AES_KEY), -}; -#endif - static const EVP_CIPHER aes_128_ecb = { .nid = NID_aes_128_ecb, .block_size = 16, @@ -328,11 +285,7 @@ static const EVP_CIPHER aes_128_ecb = { const EVP_CIPHER * EVP_aes_128_ecb(void) { -#ifdef AESNI_CAPABLE - return AESNI_CAPABLE ? &aesni_128_ecb : &aes_128_ecb; -#else return &aes_128_ecb; -#endif } LCRYPTO_ALIAS(EVP_aes_128_ecb); @@ -444,19 +397,6 @@ EVP_aes_192_cbc(void) } LCRYPTO_ALIAS(EVP_aes_192_cbc); -#ifdef AESNI_CAPABLE -static const EVP_CIPHER aesni_192_ecb = { - .nid = NID_aes_192_ecb, - .block_size = 16, - .key_len = 24, - .iv_len = 0, - .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE, - .init = aes_ecb_init_key, - .do_cipher = aesni_ecb_cipher, - .ctx_size = sizeof(EVP_AES_KEY), -}; -#endif - static const EVP_CIPHER aes_192_ecb = { .nid = NID_aes_192_ecb, .block_size = 16, @@ -471,11 +411,7 @@ static const EVP_CIPHER aes_192_ecb = { const EVP_CIPHER * EVP_aes_192_ecb(void) { -#ifdef AESNI_CAPABLE - return AESNI_CAPABLE ? &aesni_192_ecb : &aes_192_ecb; -#else return &aes_192_ecb; -#endif } LCRYPTO_ALIAS(EVP_aes_192_ecb); @@ -587,19 +523,6 @@ EVP_aes_256_cbc(void) } LCRYPTO_ALIAS(EVP_aes_256_cbc); -#ifdef AESNI_CAPABLE -static const EVP_CIPHER aesni_256_ecb = { - .nid = NID_aes_256_ecb, - .block_size = 16, - .key_len = 32, - .iv_len = 0, - .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE, - .init = aes_ecb_init_key, - .do_cipher = aesni_ecb_cipher, - .ctx_size = sizeof(EVP_AES_KEY), -}; -#endif - static const EVP_CIPHER aes_256_ecb = { .nid = NID_aes_256_ecb, .block_size = 16, @@ -614,11 +537,7 @@ static const EVP_CIPHER aes_256_ecb = { const EVP_CIPHER * EVP_aes_256_ecb(void) { -#ifdef AESNI_CAPABLE - return AESNI_CAPABLE ? &aesni_256_ecb : &aes_256_ecb; -#else return &aes_256_ecb; -#endif } LCRYPTO_ALIAS(EVP_aes_256_ecb); -- cgit v1.2.3-55-g6feb