From: Andy Polyakov Date: Thu, 13 Oct 2011 19:46:44 +0000 (+0000) Subject: Remove eng_aesni.c as AES-NI support is integrated directly at EVP. X-Git-Tag: OpenSSL-fips-2_0-rc1~63 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=af9b610ceff61c7a5103f4d3ac33c1caa98e7b5f;p=oweals%2Fopenssl.git Remove eng_aesni.c as AES-NI support is integrated directly at EVP. --- diff --git a/crypto/engine/Makefile b/crypto/engine/Makefile index 1f4a7f76eb..94793ce5bd 100644 --- a/crypto/engine/Makefile +++ b/crypto/engine/Makefile @@ -22,13 +22,13 @@ LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \ tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \ tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c \ eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c \ - eng_aesni.c eng_rsax.c eng_rdrand.c + eng_rsax.c eng_rdrand.c LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \ eng_table.o eng_pkey.o eng_fat.o eng_all.o \ tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \ tb_cipher.o tb_digest.o tb_pkmeth.o tb_asnmth.o \ eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o \ - eng_aesni.o eng_rsax.o eng_rdrand.o + eng_rsax.o eng_rdrand.o SRC= $(LIBSRC) @@ -84,21 +84,6 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -eng_aesni.o: ../../e_os.h ../../include/openssl/aes.h -eng_aesni.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -eng_aesni.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -eng_aesni.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h -eng_aesni.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -eng_aesni.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -eng_aesni.o: ../../include/openssl/err.h ../../include/openssl/evp.h -eng_aesni.o: ../../include/openssl/lhash.h ../../include/openssl/modes.h -eng_aesni.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -eng_aesni.o: ../../include/openssl/opensslconf.h -eng_aesni.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_aesni.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -eng_aesni.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -eng_aesni.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -eng_aesni.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_aesni.c eng_all.o: ../../e_os.h ../../include/openssl/asn1.h eng_all.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h eng_all.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h diff --git a/crypto/engine/eng_aesni.c b/crypto/engine/eng_aesni.c deleted file mode 100644 index 1ea65e3f8f..0000000000 --- a/crypto/engine/eng_aesni.c +++ /dev/null @@ -1,515 +0,0 @@ -/* - * Support for Intel AES-NI intruction set - * Author: Huang Ying - * - * Intel AES-NI is a new set of Single Instruction Multiple Data - * (SIMD) instructions that are going to be introduced in the next - * generation of Intel processor, as of 2009. These instructions - * enable fast and secure data encryption and decryption, using the - * Advanced Encryption Standard (AES), defined by FIPS Publication - * number 197. The architecture introduces six instructions that - * offer full hardware support for AES. Four of them support high - * performance data encryption and decryption, and the other two - * instructions support the AES key expansion procedure. - * - * The white paper can be downloaded from: - * http://softwarecommunity.intel.com/isn/downloads/intelavx/AES-Instructions-Set_WP.pdf - * - * This file is based on engines/e_padlock.c - */ - -/* ==================================================================== - * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - - -#include - -#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AES_NI) && !defined(OPENSSL_NO_AES) - -#include -#include "cryptlib.h" -#include -#include -#include -#include -#include -#include - -/* AES-NI is available *ONLY* on some x86 CPUs. Not only that it - doesn't exist elsewhere, but it even can't be compiled on other - platforms! */ -#undef COMPILE_HW_AESNI -#if (defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64) || \ - defined(OPENSSL_IA32_SSE2)) && !defined(OPENSSL_NO_ASM) -#define COMPILE_HW_AESNI -static ENGINE *ENGINE_aesni (void); -#endif - -void ENGINE_load_aesni (void) -{ -/* On non-x86 CPUs it just returns. */ -#ifdef COMPILE_HW_AESNI - ENGINE *toadd = ENGINE_aesni(); - if (!toadd) - return; - ENGINE_add (toadd); - ENGINE_free (toadd); - ERR_clear_error (); -#endif -} - -#ifdef COMPILE_HW_AESNI - -typedef unsigned int u32; -typedef unsigned char u8; - -#if defined(__GNUC__) && __GNUC__>=2 && !defined(PEDANTIC) -# define BSWAP4(x) ({ u32 ret=(x); \ - asm volatile ("bswapl %0" \ - : "+r"(ret)); ret; }) -#elif defined(_MSC_VER) -# if _MSC_VER>=1300 -# pragma intrinsic(_byteswap_ulong) -# define BSWAP4(x) _byteswap_ulong((u32)(x)) -# elif defined(_M_IX86) - __inline u32 _bswap4(u32 val) { - _asm mov eax,val - _asm bswap eax - } -# define BSWAP4(x) _bswap4(x) -# endif -#endif - -#ifdef BSWAP4 -#define GETU32(p) BSWAP4(*(const u32 *)(p)) -#define PUTU32(p,v) *(u32 *)(p) = BSWAP4(v) -#else -#define GETU32(p) ((u32)(p)[0]<<24|(u32)(p)[1]<<16|(u32)(p)[2]<<8|(u32)(p)[3]) -#define PUTU32(p,v) ((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v)) -#endif - -int aesni_set_encrypt_key(const unsigned char *userKey, int bits, - AES_KEY *key); -int aesni_set_decrypt_key(const unsigned char *userKey, int bits, - AES_KEY *key); - -void aesni_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); -void aesni_decrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); - -void aesni_ecb_encrypt(const unsigned char *in, - unsigned char *out, - size_t length, - const AES_KEY *key, - int enc); -void aesni_cbc_encrypt(const unsigned char *in, - unsigned char *out, - size_t length, - const AES_KEY *key, - unsigned char *ivec, int enc); - -void aesni_ctr32_encrypt_blocks(const unsigned char *in, - unsigned char *out, - size_t blocks, - const void *key, - const unsigned char *ivec); - -/* Function for ENGINE detection and control */ -static int aesni_init(ENGINE *e); - -/* Cipher Stuff */ -static int aesni_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - const int **nids, int nid); - -#define AESNI_MIN_ALIGN 16 -#define AESNI_ALIGN(x) \ - ((void *)(((size_t)(x)+AESNI_MIN_ALIGN-1)&~(AESNI_MIN_ALIGN-1))) - -/* Engine names */ -static const char aesni_id[] = "aesni", - aesni_name[] = "Intel AES-NI engine", - no_aesni_name[] = "Intel AES-NI engine (no-aesni)"; - -/* ===== Engine "management" functions ===== */ - -/* Prepare the ENGINE structure for registration */ -static int -aesni_bind_helper(ENGINE *e) -{ - int engage = (OPENSSL_ia32cap_P[1] & (1 << (57-32))) != 0; - - /* Register everything or return with an error */ - if (!ENGINE_set_id(e, aesni_id) || - !ENGINE_set_name(e, engage ? aesni_name : no_aesni_name) || - - !ENGINE_set_init_function(e, aesni_init) || - (engage && !ENGINE_set_ciphers (e, aesni_ciphers)) - ) - return 0; - - /* Everything looks good */ - return 1; -} - -/* Constructor */ -static ENGINE * -ENGINE_aesni(void) -{ - ENGINE *eng = ENGINE_new(); - - if (!eng) { - return NULL; - } - - if (!aesni_bind_helper(eng)) { - ENGINE_free(eng); - return NULL; - } - - return eng; -} - -/* Check availability of the engine */ -static int -aesni_init(ENGINE *e) -{ - return 1; -} - -#if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb) -#define NID_aes_128_cfb NID_aes_128_cfb128 -#endif - -#if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb) -#define NID_aes_128_ofb NID_aes_128_ofb128 -#endif - -#if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb) -#define NID_aes_192_cfb NID_aes_192_cfb128 -#endif - -#if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb) -#define NID_aes_192_ofb NID_aes_192_ofb128 -#endif - -#if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb) -#define NID_aes_256_cfb NID_aes_256_cfb128 -#endif - -#if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb) -#define NID_aes_256_ofb NID_aes_256_ofb128 -#endif - -/* List of supported ciphers. */ -static int aesni_cipher_nids[] = { - NID_aes_128_ecb, - NID_aes_128_cbc, - NID_aes_128_cfb, - NID_aes_128_ofb, - NID_aes_128_ctr, - - NID_aes_192_ecb, - NID_aes_192_cbc, - NID_aes_192_cfb, - NID_aes_192_ofb, - NID_aes_192_ctr, - - NID_aes_256_ecb, - NID_aes_256_cbc, - NID_aes_256_cfb, - NID_aes_256_ofb, - NID_aes_256_ctr, -}; -static int aesni_cipher_nids_num = - (sizeof(aesni_cipher_nids)/sizeof(aesni_cipher_nids[0])); - -typedef struct -{ - AES_KEY ks; - unsigned int _pad1[3]; -} AESNI_KEY; - -static int -aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *user_key, - const unsigned char *iv, int enc) -{ - int ret; - AES_KEY *key = AESNI_ALIGN(ctx->cipher_data); - - if (((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_ECB_MODE - || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CBC_MODE) - && !enc) - ret=aesni_set_decrypt_key(user_key, ctx->key_len * 8, key); - else - ret=aesni_set_encrypt_key(user_key, ctx->key_len * 8, key); - - if(ret < 0) { - EVPerr(EVP_F_AESNI_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED); - return 0; - } - - return 1; -} - -static int aesni_cipher_ecb(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ AES_KEY *key = AESNI_ALIGN(ctx->cipher_data); - aesni_ecb_encrypt(in, out, inl, key, ctx->encrypt); - return 1; -} -static int aesni_cipher_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ AES_KEY *key = AESNI_ALIGN(ctx->cipher_data); - aesni_cbc_encrypt(in, out, inl, key, - ctx->iv, ctx->encrypt); - return 1; -} -static int aesni_cipher_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ AES_KEY *key = AESNI_ALIGN(ctx->cipher_data); - CRYPTO_cfb128_encrypt(in, out, inl, key, ctx->iv, - &ctx->num, ctx->encrypt, - (block128_f)aesni_encrypt); - return 1; -} -static int aesni_cipher_ofb(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ AES_KEY *key = AESNI_ALIGN(ctx->cipher_data); - CRYPTO_ofb128_encrypt(in, out, inl, key, ctx->iv, - &ctx->num, (block128_f)aesni_encrypt); - return 1; -} - -#define AES_BLOCK_SIZE 16 - -#define EVP_CIPHER_block_size_ECB AES_BLOCK_SIZE -#define EVP_CIPHER_block_size_CBC AES_BLOCK_SIZE -#define EVP_CIPHER_block_size_OFB 1 -#define EVP_CIPHER_block_size_CFB 1 - -/* Declaring so many ciphers by hand would be a pain. - Instead introduce a bit of preprocessor magic :-) */ -#define DECLARE_AES_EVP(ksize,lmode,umode) \ -static const EVP_CIPHER aesni_##ksize##_##lmode = { \ - NID_aes_##ksize##_##lmode, \ - EVP_CIPHER_block_size_##umode, \ - ksize / 8, \ - AES_BLOCK_SIZE, \ - 0 | EVP_CIPH_##umode##_MODE, \ - aesni_init_key, \ - aesni_cipher_##lmode, \ - NULL, \ - sizeof(AESNI_KEY), \ - EVP_CIPHER_set_asn1_iv, \ - EVP_CIPHER_get_asn1_iv, \ - NULL, \ - NULL \ -} - -DECLARE_AES_EVP(128,ecb,ECB); -DECLARE_AES_EVP(128,cbc,CBC); -DECLARE_AES_EVP(128,cfb,CFB); -DECLARE_AES_EVP(128,ofb,OFB); - -DECLARE_AES_EVP(192,ecb,ECB); -DECLARE_AES_EVP(192,cbc,CBC); -DECLARE_AES_EVP(192,cfb,CFB); -DECLARE_AES_EVP(192,ofb,OFB); - -DECLARE_AES_EVP(256,ecb,ECB); -DECLARE_AES_EVP(256,cbc,CBC); -DECLARE_AES_EVP(256,cfb,CFB); -DECLARE_AES_EVP(256,ofb,OFB); - -#if notused -static void ctr96_inc(unsigned char *counter) { - u32 n=12; - u8 c; - - do { - --n; - c = counter[n]; - ++c; - counter[n] = c; - if (c) return; - } while (n); -} -#endif - -static int aesni_counter(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - AES_KEY *key = AESNI_ALIGN(ctx->cipher_data); - - CRYPTO_ctr128_encrypt_ctr32(in,out,len,key, - ctx->iv,ctx->buf,(unsigned int *)&ctx->num, - aesni_ctr32_encrypt_blocks); - return 1; -} - -static const EVP_CIPHER aesni_128_ctr= - { - NID_aes_128_ctr,1,16,16, - EVP_CIPH_CTR_MODE, - aesni_init_key, - aesni_counter, - NULL, - sizeof(AESNI_KEY), - NULL, - NULL, - NULL, - NULL - }; - -static const EVP_CIPHER aesni_192_ctr= - { - NID_aes_192_ctr,1,24,16, - EVP_CIPH_CTR_MODE, - aesni_init_key, - aesni_counter, - NULL, - sizeof(AESNI_KEY), - NULL, - NULL, - NULL, - NULL - }; - -static const EVP_CIPHER aesni_256_ctr= - { - NID_aes_256_ctr,1,32,16, - EVP_CIPH_CTR_MODE, - aesni_init_key, - aesni_counter, - NULL, - sizeof(AESNI_KEY), - NULL, - NULL, - NULL, - NULL - }; - -static int -aesni_ciphers (ENGINE *e, const EVP_CIPHER **cipher, - const int **nids, int nid) -{ - /* No specific cipher => return a list of supported nids ... */ - if (!cipher) { - *nids = aesni_cipher_nids; - return aesni_cipher_nids_num; - } - - /* ... or the requested "cipher" otherwise */ - switch (nid) { - case NID_aes_128_ecb: - *cipher = &aesni_128_ecb; - break; - case NID_aes_128_cbc: - *cipher = &aesni_128_cbc; - break; - case NID_aes_128_cfb: - *cipher = &aesni_128_cfb; - break; - case NID_aes_128_ofb: - *cipher = &aesni_128_ofb; - break; - case NID_aes_128_ctr: - *cipher = &aesni_128_ctr; - break; - - case NID_aes_192_ecb: - *cipher = &aesni_192_ecb; - break; - case NID_aes_192_cbc: - *cipher = &aesni_192_cbc; - break; - case NID_aes_192_cfb: - *cipher = &aesni_192_cfb; - break; - case NID_aes_192_ofb: - *cipher = &aesni_192_ofb; - break; - case NID_aes_192_ctr: - *cipher = &aesni_192_ctr; - break; - - case NID_aes_256_ecb: - *cipher = &aesni_256_ecb; - break; - case NID_aes_256_cbc: - *cipher = &aesni_256_cbc; - break; - case NID_aes_256_cfb: - *cipher = &aesni_256_cfb; - break; - case NID_aes_256_ofb: - *cipher = &aesni_256_ofb; - break; - case NID_aes_256_ctr: - *cipher = &aesni_256_ctr; - break; - - default: - /* Sorry, we don't support this NID */ - *cipher = NULL; - return 0; - } - - return 1; -} - -#endif /* COMPILE_HW_AESNI */ -#endif /* !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AESNI) && !defined(OPENSSL_NO_AES) */ diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c index 81bc5ff933..7185eef1e6 100644 --- a/crypto/engine/eng_all.c +++ b/crypto/engine/eng_all.c @@ -73,9 +73,6 @@ void ENGINE_load_builtin_engines(void) #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) ENGINE_load_cryptodev(); #endif -#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AESNI) - ENGINE_load_aesni(); -#endif #ifndef OPENSSL_NO_RSAX ENGINE_load_rsax(); #endif diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h index 8a20ffc0a7..1d8ab738ef 100644 --- a/crypto/engine/engine.h +++ b/crypto/engine/engine.h @@ -351,7 +351,6 @@ void ENGINE_load_gost(void); #endif #endif void ENGINE_load_cryptodev(void); -void ENGINE_load_aesni(void); void ENGINE_load_rsax(void); void ENGINE_load_rdrand(void); void ENGINE_load_builtin_engines(void);