Move the public SIV mode functions from public headers to internal ones

SIV mode is accessible via EVP. There should be no reason to make the low
level SIV functions from the modes directory part of the public API. Since
these functions do not exist in 1.1.1 we are still able to make this change.

This also reduces the list of newly added undocumented symbols from
issue #9095.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9232)

diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index 697b5a542d9851c7d0b9b3a63fa76f46ca178eef..6f58e27004dd752fadfdd0cf9890aa2c0b11c702 100644 (file)
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -7,18 +7,19 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include <string.h>
+#include <assert.h>
 #include <openssl/opensslconf.h>
 #include <openssl/crypto.h>
 #include <openssl/evp.h>
 #include <openssl/err.h>
-#include <string.h>
-#include <assert.h>
 #include <openssl/aes.h>
+#include <openssl/rand.h>
+#include <openssl/cmac.h>
 #include "internal/evp_int.h"
 #include "internal/cryptlib.h"
+#include "internal/modes_int.h"
 #include "modes_lcl.h"
-#include <openssl/rand.h>
-#include <openssl/cmac.h>
 #include "evp_locl.h"
 
 typedef struct {

diff --git a/crypto/include/internal/modes_int.h b/crypto/include/internal/modes_int.h
new file mode 100644 (file)
index 0000000..8a8ef6e
--- /dev/null
+++ b/crypto/include/internal/modes_int.h
@@ -0,0 +1,34 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_NO_SIV
+
+typedef struct siv128_context SIV128_CONTEXT;
+
+SIV128_CONTEXT *CRYPTO_siv128_new(const unsigned char *key, int klen,
+                                  EVP_CIPHER* cbc, EVP_CIPHER* ctr);
+int CRYPTO_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen,
+                       const EVP_CIPHER* cbc, const EVP_CIPHER* ctr);
+int CRYPTO_siv128_copy_ctx(SIV128_CONTEXT *dest, SIV128_CONTEXT *src);
+int CRYPTO_siv128_aad(SIV128_CONTEXT *ctx, const unsigned char *aad,
+                      size_t len);
+int CRYPTO_siv128_encrypt(SIV128_CONTEXT *ctx,
+                          const unsigned char *in, unsigned char *out,
+                          size_t len);
+int CRYPTO_siv128_decrypt(SIV128_CONTEXT *ctx,
+                          const unsigned char *in, unsigned char *out,
+                          size_t len);
+int CRYPTO_siv128_finish(SIV128_CONTEXT *ctx);
+int CRYPTO_siv128_set_tag(SIV128_CONTEXT *ctx, const unsigned char *tag,
+                          size_t len);
+int CRYPTO_siv128_get_tag(SIV128_CONTEXT *ctx, unsigned char *tag, size_t len);
+int CRYPTO_siv128_cleanup(SIV128_CONTEXT *ctx);
+int CRYPTO_siv128_speed(SIV128_CONTEXT *ctx, int arg);
+
+#endif /* OPENSSL_NO_SIV */

diff --git a/crypto/modes/siv128.c b/crypto/modes/siv128.c
index 9bb5eea6e1e5fe4162e78b224a8d0400b9ff5849..4445cf369ac186d536c2318f79defb49dd82aa12 100644 (file)
--- a/crypto/modes/siv128.c
+++ b/crypto/modes/siv128.c
@@ -10,6 +10,7 @@
 #include <string.h>
 #include <stdlib.h>
 #include <openssl/crypto.h>
+#include "internal/modes_int.h"
 #include "modes_lcl.h"
 
 #ifndef OPENSSL_NO_SIV

diff --git a/include/openssl/modes.h b/include/openssl/modes.h
index 0934482c5682cac606cdb1c77acf40e6f8b94ce2..212c846fd8a39ea536de3eafcd692fafaaaaf741 100644 (file)
--- a/include/openssl/modes.h
+++ b/include/openssl/modes.h
@@ -202,32 +202,6 @@ int CRYPTO_ocb128_tag(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len);
 void CRYPTO_ocb128_cleanup(OCB128_CONTEXT *ctx);
 # endif                          /* OPENSSL_NO_OCB */
 
-# ifndef OPENSSL_NO_SIV
-
-typedef struct siv128_context SIV128_CONTEXT;
-
-#  define SIV_LEN 16
-
-SIV128_CONTEXT *CRYPTO_siv128_new(const unsigned char *key, int klen, EVP_CIPHER* cbc, EVP_CIPHER* ctr);
-int CRYPTO_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen,
-                       const EVP_CIPHER* cbc, const EVP_CIPHER* ctr);
-int CRYPTO_siv128_copy_ctx(SIV128_CONTEXT *dest, SIV128_CONTEXT *src);
-int CRYPTO_siv128_aad(SIV128_CONTEXT *ctx, const unsigned char *aad,
-                      size_t len);
-int CRYPTO_siv128_encrypt(SIV128_CONTEXT *ctx,
-                          const unsigned char *in, unsigned char *out,
-                          size_t len);
-int CRYPTO_siv128_decrypt(SIV128_CONTEXT *ctx,
-                          const unsigned char *in, unsigned char *out,
-                          size_t len);
-int CRYPTO_siv128_finish(SIV128_CONTEXT *ctx);
-int CRYPTO_siv128_set_tag(SIV128_CONTEXT *ctx, const unsigned char *tag, size_t len);
-int CRYPTO_siv128_get_tag(SIV128_CONTEXT *ctx, unsigned char *tag, size_t len);
-int CRYPTO_siv128_cleanup(SIV128_CONTEXT *ctx);
-int CRYPTO_siv128_speed(SIV128_CONTEXT *ctx, int arg);
-
-# endif                          /* OPENSSL_NO_SIV */
-
 # ifdef  __cplusplus
 }
 # endif

diff --git a/util/libcrypto.num b/util/libcrypto.num
index 766c735b2fac727a8a28519da07412d89053142e..40e80ffd5578f913d95e32ae4a8f86a30fa434ed 100644 (file)
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4609,17 +4609,17 @@ OPENSSL_version_build_metadata          4564    3_0_0   EXIST::FUNCTION:
 EVP_aes_128_siv                         4565   3_0_0   EXIST::FUNCTION:SIV
 EVP_aes_192_siv                         4566   3_0_0   EXIST::FUNCTION:SIV
 EVP_aes_256_siv                         4567   3_0_0   EXIST::FUNCTION:SIV
-CRYPTO_siv128_new                       4568   3_0_0   EXIST::FUNCTION:SIV
-CRYPTO_siv128_init                      4569   3_0_0   EXIST::FUNCTION:SIV
-CRYPTO_siv128_copy_ctx                  4570   3_0_0   EXIST::FUNCTION:SIV
-CRYPTO_siv128_aad                       4571   3_0_0   EXIST::FUNCTION:SIV
-CRYPTO_siv128_encrypt                   4572   3_0_0   EXIST::FUNCTION:SIV
-CRYPTO_siv128_decrypt                   4573   3_0_0   EXIST::FUNCTION:SIV
-CRYPTO_siv128_finish                    4574   3_0_0   EXIST::FUNCTION:SIV
-CRYPTO_siv128_set_tag                   4575   3_0_0   EXIST::FUNCTION:SIV
-CRYPTO_siv128_get_tag                   4576   3_0_0   EXIST::FUNCTION:SIV
-CRYPTO_siv128_cleanup                   4577   3_0_0   EXIST::FUNCTION:SIV
-CRYPTO_siv128_speed                     4578   3_0_0   EXIST::FUNCTION:SIV
+CRYPTO_siv128_new                       4568   3_0_0   NOEXIST::FUNCTION:SIV
+CRYPTO_siv128_init                      4569   3_0_0   NOEXIST::FUNCTION:SIV
+CRYPTO_siv128_copy_ctx                  4570   3_0_0   NOEXIST::FUNCTION:SIV
+CRYPTO_siv128_aad                       4571   3_0_0   NOEXIST::FUNCTION:SIV
+CRYPTO_siv128_encrypt                   4572   3_0_0   NOEXIST::FUNCTION:SIV
+CRYPTO_siv128_decrypt                   4573   3_0_0   NOEXIST::FUNCTION:SIV
+CRYPTO_siv128_finish                    4574   3_0_0   NOEXIST::FUNCTION:SIV
+CRYPTO_siv128_set_tag                   4575   3_0_0   NOEXIST::FUNCTION:SIV
+CRYPTO_siv128_get_tag                   4576   3_0_0   NOEXIST::FUNCTION:SIV
+CRYPTO_siv128_cleanup                   4577   3_0_0   NOEXIST::FUNCTION:SIV
+CRYPTO_siv128_speed                     4578   3_0_0   NOEXIST::FUNCTION:SIV
 OPENSSL_INIT_set_config_filename        4579   3_0_0   EXIST::FUNCTION:STDIO
 OPENSSL_INIT_set_config_file_flags      4580   3_0_0   EXIST::FUNCTION:STDIO
 ASYNC_WAIT_CTX_get_callback             4581   3_0_0   EXIST::FUNCTION: