diff options
Diffstat (limited to 'src/crypto/cipher/e_aes.c')
-rw-r--r-- | src/crypto/cipher/e_aes.c | 248 |
1 files changed, 115 insertions, 133 deletions
diff --git a/src/crypto/cipher/e_aes.c b/src/crypto/cipher/e_aes.c index 41d0aec..e5104b4 100644 --- a/src/crypto/cipher/e_aes.c +++ b/src/crypto/cipher/e_aes.c @@ -54,7 +54,6 @@ #include <openssl/cpu.h> #include <openssl/err.h> #include <openssl/mem.h> -#include <openssl/modes.h> #include <openssl/obj.h> #include <openssl/rand.h> #include <openssl/sha.h> @@ -64,7 +63,7 @@ #include "../modes/internal.h" #if defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64) -#include "../arm_arch.h" +#include <openssl/arm_arch.h> #endif @@ -98,8 +97,6 @@ typedef struct { #if !defined(OPENSSL_NO_ASM) && \ (defined(OPENSSL_X86_64) || defined(OPENSSL_X86)) #define VPAES -extern unsigned int OPENSSL_ia32cap_P[]; - static char vpaes_capable(void) { return (OPENSSL_ia32cap_P[1] & (1 << (41 - 32))) != 0; } @@ -113,7 +110,6 @@ static char bsaes_capable(void) { #elif !defined(OPENSSL_NO_ASM) && \ (defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)) -#include "../arm_arch.h" #if defined(OPENSSL_ARM) && __ARM_MAX_ARCH__ >= 7 #define BSAES @@ -123,8 +119,8 @@ static char bsaes_capable(void) { #endif #define HWAES -static char hwaes_capable(void) { - return (OPENSSL_armcap_P & ARMV8_AES) != 0; +static int hwaes_capable(void) { + return CRYPTO_is_ARMv8_AES_capable(); } int aes_v8_set_encrypt_key(const uint8_t *user_key, const int bits, @@ -154,13 +150,14 @@ static char bsaes_capable(void) { /* On other platforms, bsaes_capable() will always return false and so the * following will never be called. */ -void bsaes_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length, - const AES_KEY *key, uint8_t ivec[16], int enc) { +static void bsaes_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length, + const AES_KEY *key, uint8_t ivec[16], int enc) { abort(); } -void bsaes_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out, size_t len, - const AES_KEY *key, const uint8_t ivec[16]) { +static void bsaes_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out, + size_t len, const AES_KEY *key, + const uint8_t ivec[16]) { abort(); } #endif @@ -183,20 +180,22 @@ static char vpaes_capable(void) { /* On other platforms, vpaes_capable() will always return false and so the * following will never be called. */ -int vpaes_set_encrypt_key(const uint8_t *userKey, int bits, AES_KEY *key) { +static int vpaes_set_encrypt_key(const uint8_t *userKey, int bits, + AES_KEY *key) { abort(); } -int vpaes_set_decrypt_key(const uint8_t *userKey, int bits, AES_KEY *key) { +static int vpaes_set_decrypt_key(const uint8_t *userKey, int bits, + AES_KEY *key) { abort(); } -void vpaes_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) { +static void vpaes_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) { abort(); } -void vpaes_decrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) { +static void vpaes_decrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) { abort(); } -void vpaes_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length, - const AES_KEY *key, uint8_t *ivec, int enc) { +static void vpaes_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length, + const AES_KEY *key, uint8_t *ivec, int enc) { abort(); } #endif @@ -204,34 +203,38 @@ void vpaes_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length, #if !defined(HWAES) /* If HWAES isn't defined then we provide dummy functions for each of the hwaes * functions. */ -int hwaes_capable(void) { +static int hwaes_capable(void) { return 0; } -int aes_v8_set_encrypt_key(const uint8_t *user_key, int bits, - AES_KEY *key) { +static int aes_v8_set_encrypt_key(const uint8_t *user_key, int bits, + AES_KEY *key) { abort(); } -int aes_v8_set_decrypt_key(const uint8_t *user_key, int bits, AES_KEY *key) { +static int aes_v8_set_decrypt_key(const uint8_t *user_key, int bits, + AES_KEY *key) { abort(); } -void aes_v8_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) { +static void aes_v8_encrypt(const uint8_t *in, uint8_t *out, + const AES_KEY *key) { abort(); } -void aes_v8_decrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) { +static void aes_v8_decrypt(const uint8_t *in, uint8_t *out, + const AES_KEY *key) { abort(); } -void aes_v8_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length, - const AES_KEY *key, uint8_t *ivec, int enc) { +static void aes_v8_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length, + const AES_KEY *key, uint8_t *ivec, int enc) { abort(); } -void aes_v8_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out, size_t len, - const AES_KEY *key, const uint8_t ivec[16]) { +static void aes_v8_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out, + size_t len, const AES_KEY *key, + const uint8_t ivec[16]) { abort(); } #endif @@ -269,14 +272,16 @@ void gcm_ghash_avx(uint64_t Xi[2], const u128 Htable[16], const uint8_t *in, /* On other platforms, aesni_capable() will always return false and so the * following will never be called. */ -void aesni_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) { +static void aesni_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) { abort(); } -int aesni_set_encrypt_key(const uint8_t *userKey, int bits, AES_KEY *key) { +static int aesni_set_encrypt_key(const uint8_t *userKey, int bits, + AES_KEY *key) { abort(); } -void aesni_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out, size_t blocks, - const void *key, const uint8_t *ivec) { +static void aesni_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out, + size_t blocks, const void *key, + const uint8_t *ivec) { abort(); } @@ -338,7 +343,7 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key, } if (ret < 0) { - OPENSSL_PUT_ERROR(CIPHER, aes_init_key, CIPHER_R_AES_KEY_SETUP_FAILED); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_AES_KEY_SETUP_FAILED); return 0; } @@ -475,14 +480,14 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key, iv = gctx->iv; } if (iv) { - CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); + CRYPTO_gcm128_setiv(&gctx->gcm, &gctx->ks.ks, iv, gctx->ivlen); gctx->iv_set = 1; } gctx->key_set = 1; } else { /* If key set use IV, otherwise copy */ if (gctx->key_set) { - CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); + CRYPTO_gcm128_setiv(&gctx->gcm, &gctx->ks.ks, iv, gctx->ivlen); } else { memcpy(gctx->iv, iv, gctx->ivlen); } @@ -586,7 +591,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { if (gctx->iv_gen == 0 || gctx->key_set == 0) { return 0; } - CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen); + CRYPTO_gcm128_setiv(&gctx->gcm, &gctx->ks.ks, gctx->iv, gctx->ivlen); if (arg <= 0 || arg > gctx->ivlen) { arg = gctx->ivlen; } @@ -603,19 +608,13 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { return 0; } memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg); - CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen); + CRYPTO_gcm128_setiv(&gctx->gcm, &gctx->ks.ks, gctx->iv, gctx->ivlen); gctx->iv_set = 1; return 1; case EVP_CTRL_COPY: { EVP_CIPHER_CTX *out = ptr; EVP_AES_GCM_CTX *gctx_out = out->cipher_data; - if (gctx->gcm.key) { - if (gctx->gcm.key != &gctx->ks) { - return 0; - } - gctx_out->gcm.key = &gctx_out->ks; - } if (gctx->iv == c->iv) { gctx_out->iv = out->iv; } else { @@ -657,24 +656,24 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, if (len >= 32 && AES_GCM_ASM(gctx)) { size_t res = (16 - gctx->gcm.mres) % 16; - if (!CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, res)) { + if (!CRYPTO_gcm128_encrypt(&gctx->gcm, &gctx->ks.ks, in, out, res)) { return -1; } - bulk = AES_gcm_encrypt(in + res, out + res, len - res, gctx->gcm.key, + bulk = AES_gcm_encrypt(in + res, out + res, len - res, &gctx->ks.ks, gctx->gcm.Yi.c, gctx->gcm.Xi.u); gctx->gcm.len.u[1] += bulk; bulk += res; } #endif - if (!CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm, in + bulk, out + bulk, - len - bulk, gctx->ctr)) { + if (!CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm, &gctx->ks.ks, in + bulk, + out + bulk, len - bulk, gctx->ctr)) { return -1; } } else { size_t bulk = 0; - if (!CRYPTO_gcm128_encrypt(&gctx->gcm, in + bulk, out + bulk, - len - bulk)) { + if (!CRYPTO_gcm128_encrypt(&gctx->gcm, &gctx->ks.ks, in + bulk, + out + bulk, len - bulk)) { return -1; } } @@ -685,24 +684,24 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, if (len >= 16 && AES_GCM_ASM(gctx)) { size_t res = (16 - gctx->gcm.mres) % 16; - if (!CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, res)) { + if (!CRYPTO_gcm128_decrypt(&gctx->gcm, &gctx->ks.ks, in, out, res)) { return -1; } - bulk = AES_gcm_decrypt(in + res, out + res, len - res, gctx->gcm.key, + bulk = AES_gcm_decrypt(in + res, out + res, len - res, &gctx->ks.ks, gctx->gcm.Yi.c, gctx->gcm.Xi.u); gctx->gcm.len.u[1] += bulk; bulk += res; } #endif - if (!CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm, in + bulk, out + bulk, - len - bulk, gctx->ctr)) { + if (!CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm, &gctx->ks.ks, in + bulk, + out + bulk, len - bulk, gctx->ctr)) { return -1; } } else { size_t bulk = 0; - if (!CRYPTO_gcm128_decrypt(&gctx->gcm, in + bulk, out + bulk, - len - bulk)) { + if (!CRYPTO_gcm128_decrypt(&gctx->gcm, &gctx->ks.ks, in + bulk, + out + bulk, len - bulk)) { return -1; } } @@ -711,7 +710,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, } else { if (!ctx->encrypt) { if (gctx->taglen < 0 || - !CRYPTO_gcm128_finish(&gctx->gcm, ctx->buf, gctx->taglen) != 0) { + !CRYPTO_gcm128_finish(&gctx->gcm, ctx->buf, gctx->taglen)) { return -1; } gctx->iv_set = 0; @@ -853,7 +852,7 @@ static int aesni_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key, } if (ret < 0) { - OPENSSL_PUT_ERROR(CIPHER, aesni_init_key, CIPHER_R_AES_KEY_SETUP_FAILED); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_AES_KEY_SETUP_FAILED); return 0; } @@ -896,14 +895,14 @@ static int aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key, iv = gctx->iv; } if (iv) { - CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); + CRYPTO_gcm128_setiv(&gctx->gcm, &gctx->ks.ks, iv, gctx->ivlen); gctx->iv_set = 1; } gctx->key_set = 1; } else { /* If key set use IV, otherwise copy */ if (gctx->key_set) { - CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); + CRYPTO_gcm128_setiv(&gctx->gcm, &gctx->ks.ks, iv, gctx->ivlen); } else { memcpy(gctx->iv, iv, gctx->ivlen); } @@ -1066,7 +1065,7 @@ static int aead_aes_gcm_init(EVP_AEAD_CTX *ctx, const uint8_t *key, const size_t key_bits = key_len * 8; if (key_bits != 128 && key_bits != 256) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_init, CIPHER_R_BAD_KEY_LENGTH); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_KEY_LENGTH); return 0; /* EVP_AEAD_CTX_init should catch this. */ } @@ -1075,7 +1074,7 @@ static int aead_aes_gcm_init(EVP_AEAD_CTX *ctx, const uint8_t *key, } if (tag_len > EVP_AEAD_AES_GCM_TAG_LEN) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_init, CIPHER_R_TAG_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TAG_TOO_LARGE); return 0; } @@ -1103,34 +1102,35 @@ static int aead_aes_gcm_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, const uint8_t *nonce, size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *ad, size_t ad_len) { - size_t bulk = 0; const struct aead_aes_gcm_ctx *gcm_ctx = ctx->aead_state; GCM128_CONTEXT gcm; if (in_len + gcm_ctx->tag_len < in_len) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_seal, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); return 0; } if (max_out_len < in_len + gcm_ctx->tag_len) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_seal, CIPHER_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); return 0; } + const AES_KEY *key = &gcm_ctx->ks.ks; + memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm)); - CRYPTO_gcm128_setiv(&gcm, nonce, nonce_len); + CRYPTO_gcm128_setiv(&gcm, key, nonce, nonce_len); if (ad_len > 0 && !CRYPTO_gcm128_aad(&gcm, ad, ad_len)) { return 0; } if (gcm_ctx->ctr) { - if (!CRYPTO_gcm128_encrypt_ctr32(&gcm, in + bulk, out + bulk, in_len - bulk, + if (!CRYPTO_gcm128_encrypt_ctr32(&gcm, key, in, out, in_len, gcm_ctx->ctr)) { return 0; } } else { - if (!CRYPTO_gcm128_encrypt(&gcm, in + bulk, out + bulk, in_len - bulk)) { + if (!CRYPTO_gcm128_encrypt(&gcm, key, in, out, in_len)) { return 0; } } @@ -1145,47 +1145,46 @@ static int aead_aes_gcm_open(const EVP_AEAD_CTX *ctx, uint8_t *out, const uint8_t *nonce, size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *ad, size_t ad_len) { - size_t bulk = 0; const struct aead_aes_gcm_ctx *gcm_ctx = ctx->aead_state; uint8_t tag[EVP_AEAD_AES_GCM_TAG_LEN]; size_t plaintext_len; GCM128_CONTEXT gcm; if (in_len < gcm_ctx->tag_len) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_open, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); return 0; } plaintext_len = in_len - gcm_ctx->tag_len; if (max_out_len < plaintext_len) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_open, CIPHER_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); return 0; } + const AES_KEY *key = &gcm_ctx->ks.ks; + memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm)); - CRYPTO_gcm128_setiv(&gcm, nonce, nonce_len); + CRYPTO_gcm128_setiv(&gcm, key, nonce, nonce_len); if (!CRYPTO_gcm128_aad(&gcm, ad, ad_len)) { return 0; } if (gcm_ctx->ctr) { - if (!CRYPTO_gcm128_decrypt_ctr32(&gcm, in + bulk, out + bulk, - in_len - bulk - gcm_ctx->tag_len, - gcm_ctx->ctr)) { + if (!CRYPTO_gcm128_decrypt_ctr32(&gcm, key, in, out, + in_len - gcm_ctx->tag_len, gcm_ctx->ctr)) { return 0; } } else { - if (!CRYPTO_gcm128_decrypt(&gcm, in + bulk, out + bulk, - in_len - bulk - gcm_ctx->tag_len)) { + if (!CRYPTO_gcm128_decrypt(&gcm, key, in, out, in_len - gcm_ctx->tag_len)) { return 0; } } CRYPTO_gcm128_tag(&gcm, tag, gcm_ctx->tag_len); if (CRYPTO_memcmp(tag, in + plaintext_len, gcm_ctx->tag_len) != 0) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_open, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); return 0; } @@ -1204,6 +1203,7 @@ static const EVP_AEAD aead_aes_128_gcm = { aead_aes_gcm_seal, aead_aes_gcm_open, NULL, /* get_rc4_state */ + NULL, /* get_iv */ }; static const EVP_AEAD aead_aes_256_gcm = { @@ -1217,6 +1217,7 @@ static const EVP_AEAD aead_aes_256_gcm = { aead_aes_gcm_seal, aead_aes_gcm_open, NULL, /* get_rc4_state */ + NULL, /* get_iv */ }; const EVP_AEAD *EVP_aead_aes_128_gcm(void) { return &aead_aes_128_gcm; } @@ -1239,7 +1240,7 @@ static int aead_aes_key_wrap_init(EVP_AEAD_CTX *ctx, const uint8_t *key, const size_t key_bits = key_len * 8; if (key_bits != 128 && key_bits != 256) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_init, CIPHER_R_BAD_KEY_LENGTH); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_KEY_LENGTH); return 0; /* EVP_AEAD_CTX_init should catch this. */ } @@ -1248,14 +1249,13 @@ static int aead_aes_key_wrap_init(EVP_AEAD_CTX *ctx, const uint8_t *key, } if (tag_len != 8) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_init, - CIPHER_R_UNSUPPORTED_TAG_SIZE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_TAG_SIZE); return 0; } kw_ctx = OPENSSL_malloc(sizeof(struct aead_aes_key_wrap_ctx)); if (kw_ctx == NULL) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_init, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(CIPHER, ERR_R_MALLOC_FAILURE); return 0; } @@ -1293,8 +1293,7 @@ static int aead_aes_key_wrap_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t A[AES_BLOCK_SIZE]; if (ad_len != 0) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal, - CIPHER_R_UNSUPPORTED_AD_SIZE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_AD_SIZE); return 0; } @@ -1304,14 +1303,12 @@ static int aead_aes_key_wrap_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, } if (nonce_len != 8) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal, - CIPHER_R_UNSUPPORTED_NONCE_SIZE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE); return 0; } if (in_len % 8 != 0) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal, - CIPHER_R_UNSUPPORTED_INPUT_SIZE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_INPUT_SIZE); return 0; } @@ -1320,32 +1317,29 @@ static int aead_aes_key_wrap_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, * conservatively cap it to 2^32-16 to stop 32-bit platforms complaining that * a comparison is always true. */ if (in_len > 0xfffffff0) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); return 0; } n = in_len / 8; if (n < 2) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal, - CIPHER_R_UNSUPPORTED_INPUT_SIZE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_INPUT_SIZE); return 0; } if (in_len + 8 < in_len) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); return 0; } if (max_out_len < in_len + 8) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal, - CIPHER_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); return 0; } if (AES_set_encrypt_key(kw_ctx->key, kw_ctx->key_bits, &ks.ks) < 0) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal, - CIPHER_R_AES_KEY_SETUP_FAILED); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_AES_KEY_SETUP_FAILED); return 0; } @@ -1388,8 +1382,7 @@ static int aead_aes_key_wrap_open(const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t A[AES_BLOCK_SIZE]; if (ad_len != 0) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open, - CIPHER_R_UNSUPPORTED_AD_SIZE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_AD_SIZE); return 0; } @@ -1399,14 +1392,12 @@ static int aead_aes_key_wrap_open(const EVP_AEAD_CTX *ctx, uint8_t *out, } if (nonce_len != 8) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open, - CIPHER_R_UNSUPPORTED_NONCE_SIZE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE); return 0; } if (in_len % 8 != 0) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open, - CIPHER_R_UNSUPPORTED_INPUT_SIZE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_INPUT_SIZE); return 0; } @@ -1415,26 +1406,24 @@ static int aead_aes_key_wrap_open(const EVP_AEAD_CTX *ctx, uint8_t *out, * conservatively cap it to 2^32-8 to stop 32-bit platforms complaining that * a comparison is always true. */ if (in_len > 0xfffffff8) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); return 0; } if (in_len < 24) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); return 0; } n = (in_len / 8) - 1; if (max_out_len < in_len - 8) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open, - CIPHER_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); return 0; } if (AES_set_decrypt_key(kw_ctx->key, kw_ctx->key_bits, &ks.ks) < 0) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open, - CIPHER_R_AES_KEY_SETUP_FAILED); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_AES_KEY_SETUP_FAILED); return 0; } @@ -1457,7 +1446,7 @@ static int aead_aes_key_wrap_open(const EVP_AEAD_CTX *ctx, uint8_t *out, } if (CRYPTO_memcmp(A, nonce, 8) != 0) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); return 0; } @@ -1475,7 +1464,8 @@ static const EVP_AEAD aead_aes_128_key_wrap = { aead_aes_key_wrap_cleanup, aead_aes_key_wrap_seal, aead_aes_key_wrap_open, - NULL, /* get_rc4_state */ + NULL, /* get_rc4_state */ + NULL, /* get_iv */ }; static const EVP_AEAD aead_aes_256_key_wrap = { @@ -1488,7 +1478,8 @@ static const EVP_AEAD aead_aes_256_key_wrap = { aead_aes_key_wrap_cleanup, aead_aes_key_wrap_seal, aead_aes_key_wrap_open, - NULL, /* get_rc4_state */ + NULL, /* get_rc4_state */ + NULL, /* get_iv */ }; const EVP_AEAD *EVP_aead_aes_128_key_wrap(void) { return &aead_aes_128_key_wrap; } @@ -1541,15 +1532,13 @@ static int aead_aes_ctr_hmac_sha256_init(EVP_AEAD_CTX *ctx, const uint8_t *key, static const size_t hmac_key_len = 32; if (key_len < hmac_key_len) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_init, - CIPHER_R_BAD_KEY_LENGTH); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_KEY_LENGTH); return 0; /* EVP_AEAD_CTX_init should catch this. */ } const size_t aes_key_len = key_len - hmac_key_len; if (aes_key_len != 16 && aes_key_len != 32) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_init, - CIPHER_R_BAD_KEY_LENGTH); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_KEY_LENGTH); return 0; /* EVP_AEAD_CTX_init should catch this. */ } @@ -1558,15 +1547,13 @@ static int aead_aes_ctr_hmac_sha256_init(EVP_AEAD_CTX *ctx, const uint8_t *key, } if (tag_len > EVP_AEAD_AES_CTR_HMAC_SHA256_TAG_LEN) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_init, - CIPHER_R_TAG_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TAG_TOO_LARGE); return 0; } aes_ctx = OPENSSL_malloc(sizeof(struct aead_aes_ctr_hmac_sha256_ctx)); if (aes_ctx == NULL) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_init, - ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(CIPHER, ERR_R_MALLOC_FAILURE); return 0; } @@ -1665,21 +1652,18 @@ static int aead_aes_ctr_hmac_sha256_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, if (in_len + aes_ctx->tag_len < in_len || /* This input is so large it would overflow the 32-bit block counter. */ - in_len_64 >= (OPENSSL_U64(1) << 32) * AES_BLOCK_SIZE) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_seal, - CIPHER_R_TOO_LARGE); + in_len_64 >= (UINT64_C(1) << 32) * AES_BLOCK_SIZE) { + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); return 0; } if (max_out_len < in_len + aes_ctx->tag_len) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_seal, - CIPHER_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); return 0; } if (nonce_len != EVP_AEAD_AES_CTR_HMAC_SHA256_NONCE_LEN) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_seal, - CIPHER_R_UNSUPPORTED_NONCE_SIZE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE); return 0; } @@ -1703,22 +1687,19 @@ static int aead_aes_ctr_hmac_sha256_open(const EVP_AEAD_CTX *ctx, uint8_t *out, size_t plaintext_len; if (in_len < aes_ctx->tag_len) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_open, - CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); return 0; } plaintext_len = in_len - aes_ctx->tag_len; if (max_out_len < plaintext_len) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_open, - CIPHER_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); return 0; } if (nonce_len != EVP_AEAD_AES_CTR_HMAC_SHA256_NONCE_LEN) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_open, - CIPHER_R_UNSUPPORTED_NONCE_SIZE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE); return 0; } @@ -1727,8 +1708,7 @@ static int aead_aes_ctr_hmac_sha256_open(const EVP_AEAD_CTX *ctx, uint8_t *out, &aes_ctx->outer_init_state, ad, ad_len, nonce, in, plaintext_len); if (CRYPTO_memcmp(hmac_result, in + plaintext_len, aes_ctx->tag_len) != 0) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_open, - CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); return 0; } @@ -1750,6 +1730,7 @@ static const EVP_AEAD aead_aes_128_ctr_hmac_sha256 = { aead_aes_ctr_hmac_sha256_seal, aead_aes_ctr_hmac_sha256_open, NULL /* get_rc4_state */, + NULL /* get_iv */, }; static const EVP_AEAD aead_aes_256_ctr_hmac_sha256 = { @@ -1764,6 +1745,7 @@ static const EVP_AEAD aead_aes_256_ctr_hmac_sha256 = { aead_aes_ctr_hmac_sha256_seal, aead_aes_ctr_hmac_sha256_open, NULL /* get_rc4_state */, + NULL /* get_iv */, }; const EVP_AEAD *EVP_aead_aes_128_ctr_hmac_sha256(void) { @@ -1778,7 +1760,7 @@ int EVP_has_aes_hardware(void) { #if defined(OPENSSL_X86) || defined(OPENSSL_X86_64) return aesni_capable() && crypto_gcm_clmul_enabled(); #elif defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64) - return hwaes_capable() && (OPENSSL_armcap_P & ARMV8_PMULL); + return hwaes_capable() && CRYPTO_is_ARMv8_PMULL_capable(); #else return 0; #endif |