Add Common shared code needed to move aes ciphers to providers
authorShane Lontis <shane.lontis@oracle.com>
Mon, 15 Jul 2019 23:46:14 +0000 (09:46 +1000)
committerShane Lontis <shane.lontis@oracle.com>
Mon, 15 Jul 2019 23:46:14 +0000 (09:46 +1000)
Custom aes ciphers will be placed into multiple new files
(instead of the monolithic setup used in the e_aes.c legacy code)
so it makes sense to have a header for the platform specific
code that needs to be shared between files.
modes_lcl.h has also moved to modes_int.h to allow sharing with the
provider source.
Code that will be common to AEAD ciphers has also been added. These
will be used by seperate PR's for GCM, CCM & OCB.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9301)

28 files changed:
crypto/evp/e_aes.c
crypto/evp/e_aes_cbc_hmac_sha1.c
crypto/evp/e_aes_cbc_hmac_sha256.c
crypto/evp/e_aria.c
crypto/evp/e_camellia.c
crypto/evp/evp_enc.c
crypto/evp/evp_lib.c
crypto/evp/evp_locl.h
crypto/evp/evp_utils.c
crypto/include/internal/aes_platform.h [new file with mode: 0644]
crypto/include/internal/modes_int.h
crypto/include/internal/siv_int.h [new file with mode: 0644]
crypto/modes/cbc128.c
crypto/modes/ccm128.c
crypto/modes/cfb128.c
crypto/modes/ctr128.c
crypto/modes/cts128.c
crypto/modes/gcm128.c
crypto/modes/modes_lcl.h [deleted file]
crypto/modes/ocb128.c
crypto/modes/ofb128.c
crypto/modes/siv128.c
crypto/modes/xts128.c
include/openssl/core_names.h
include/openssl/core_numbers.h
providers/common/ciphers/aes_basic.c
test/build.info
test/modes_internal_test.c

index 6f58e27004dd752fadfdd0cf9890aa2c0b11c702..f93ba613183e4d25b6e0aba4762e3ba762452703 100644 (file)
@@ -19,7 +19,8 @@
 #include "internal/evp_int.h"
 #include "internal/cryptlib.h"
 #include "internal/modes_int.h"
-#include "modes_lcl.h"
+#include "internal/siv_int.h"
+#include "internal/aes_platform.h"
 #include "evp_locl.h"
 
 typedef struct {
@@ -111,50 +112,6 @@ typedef struct {
 
 #define MAXBITCHUNK     ((size_t)1<<(sizeof(size_t)*8-4))
 
-#ifdef VPAES_ASM
-int vpaes_set_encrypt_key(const unsigned char *userKey, int bits,
-                          AES_KEY *key);
-int vpaes_set_decrypt_key(const unsigned char *userKey, int bits,
-                          AES_KEY *key);
-
-void vpaes_encrypt(const unsigned char *in, unsigned char *out,
-                   const AES_KEY *key);
-void vpaes_decrypt(const unsigned char *in, unsigned char *out,
-                   const AES_KEY *key);
-
-void vpaes_cbc_encrypt(const unsigned char *in,
-                       unsigned char *out,
-                       size_t length,
-                       const AES_KEY *key, unsigned char *ivec, int enc);
-#endif
-#ifdef BSAES_ASM
-void bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out,
-                       size_t length, const AES_KEY *key,
-                       unsigned char ivec[16], int enc);
-void bsaes_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
-                                size_t len, const AES_KEY *key,
-                                const unsigned char ivec[16]);
-void bsaes_xts_encrypt(const unsigned char *inp, unsigned char *out,
-                       size_t len, const AES_KEY *key1,
-                       const AES_KEY *key2, const unsigned char iv[16]);
-void bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out,
-                       size_t len, const AES_KEY *key1,
-                       const AES_KEY *key2, const unsigned char iv[16]);
-#endif
-#ifdef AES_CTR_ASM
-void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
-                       size_t blocks, const AES_KEY *key,
-                       const unsigned char ivec[AES_BLOCK_SIZE]);
-#endif
-#ifdef AES_XTS_ASM
-void AES_xts_encrypt(const unsigned char *inp, unsigned char *out, size_t len,
-                     const AES_KEY *key1, const AES_KEY *key2,
-                     const unsigned char iv[16]);
-void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len,
-                     const AES_KEY *key1, const AES_KEY *key2,
-                     const unsigned char iv[16]);
-#endif
-
 /* increment counter (64-bit int) by 1 */
 static void ctr64_inc(unsigned char *counter)
 {
@@ -171,105 +128,10 @@ static void ctr64_inc(unsigned char *counter)
     } while (n);
 }
 
-#if defined(OPENSSL_CPUID_OBJ) && (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC))
-# include "ppc_arch.h"
-# ifdef VPAES_ASM
-#  define VPAES_CAPABLE (OPENSSL_ppccap_P & PPC_ALTIVEC)
-# endif
-# define HWAES_CAPABLE  (OPENSSL_ppccap_P & PPC_CRYPTO207)
-# define HWAES_set_encrypt_key aes_p8_set_encrypt_key
-# define HWAES_set_decrypt_key aes_p8_set_decrypt_key
-# define HWAES_encrypt aes_p8_encrypt
-# define HWAES_decrypt aes_p8_decrypt
-# define HWAES_cbc_encrypt aes_p8_cbc_encrypt
-# define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks
-# define HWAES_xts_encrypt aes_p8_xts_encrypt
-# define HWAES_xts_decrypt aes_p8_xts_decrypt
-#endif
-
-#if     defined(AES_ASM) && !defined(I386_ONLY) &&      (  \
-        ((defined(__i386)       || defined(__i386__)    || \
-          defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \
-        defined(__x86_64)       || defined(__x86_64__)  || \
-        defined(_M_AMD64)       || defined(_M_X64)      )
-
-extern unsigned int OPENSSL_ia32cap_P[];
-
-# ifdef VPAES_ASM
-#  define VPAES_CAPABLE   (OPENSSL_ia32cap_P[1]&(1<<(41-32)))
-# endif
-# ifdef BSAES_ASM
-#  define BSAES_CAPABLE   (OPENSSL_ia32cap_P[1]&(1<<(41-32)))
-# endif
-/*
- * AES-NI section
- */
-# define AESNI_CAPABLE   (OPENSSL_ia32cap_P[1]&(1<<(57-32)))
-
-int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
-                          AES_KEY *key);
-int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
-                          AES_KEY *key);
-
-void aesni_encrypt(const unsigned char *in, unsigned char *out,
-                   const AES_KEY *key);
-void aesni_decrypt(const unsigned char *in, unsigned char *out,
-                   const AES_KEY *key);
-
-void aesni_ecb_encrypt(const unsigned char *in,
-                       unsigned char *out,
-                       size_t length, const AES_KEY *key, int enc);
-void aesni_cbc_encrypt(const unsigned char *in,
-                       unsigned char *out,
-                       size_t length,
-                       const AES_KEY *key, unsigned char *ivec, int enc);
-
-void aesni_ctr32_encrypt_blocks(const unsigned char *in,
-                                unsigned char *out,
-                                size_t blocks,
-                                const void *key, const unsigned char *ivec);
-
-void aesni_xts_encrypt(const unsigned char *in,
-                       unsigned char *out,
-                       size_t length,
-                       const AES_KEY *key1, const AES_KEY *key2,
-                       const unsigned char iv[16]);
-
-void aesni_xts_decrypt(const unsigned char *in,
-                       unsigned char *out,
-                       size_t length,
-                       const AES_KEY *key1, const AES_KEY *key2,
-                       const unsigned char iv[16]);
-
-void aesni_ccm64_encrypt_blocks(const unsigned char *in,
-                                unsigned char *out,
-                                size_t blocks,
-                                const void *key,
-                                const unsigned char ivec[16],
-                                unsigned char cmac[16]);
-
-void aesni_ccm64_decrypt_blocks(const unsigned char *in,
-                                unsigned char *out,
-                                size_t blocks,
-                                const void *key,
-                                const unsigned char ivec[16],
-                                unsigned char cmac[16]);
-
+#if defined(AESNI_CAPABLE)
 # if defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
-size_t aesni_gcm_encrypt(const unsigned char *in,
-                         unsigned char *out,
-                         size_t len,
-                         const void *key, unsigned char ivec[16], u64 *Xi);
 #  define AES_gcm_encrypt aesni_gcm_encrypt
-size_t aesni_gcm_decrypt(const unsigned char *in,
-                         unsigned char *out,
-                         size_t len,
-                         const void *key, unsigned char ivec[16], u64 *Xi);
 #  define AES_gcm_decrypt aesni_gcm_decrypt
-void gcm_ghash_avx(u64 Xi[2], const u128 Htable[16], const u8 *in,
-                   size_t len);
-#  define AES_GCM_ASM(gctx)       (gctx->ctr==aesni_ctr32_encrypt_blocks && \
-                                 gctx->gcm.ghash==gcm_ghash_avx)
 #  define AES_GCM_ASM2(gctx)      (gctx->gcm.block==(block128_f)aesni_encrypt && \
                                  gctx->gcm.ghash==gcm_ghash_avx)
 #  undef AES_GCM_ASM2          /* minor size optimization */
@@ -471,19 +333,6 @@ static int aesni_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                             const unsigned char *in, size_t len);
 
 # ifndef OPENSSL_NO_OCB
-void aesni_ocb_encrypt(const unsigned char *in, unsigned char *out,
-                       size_t blocks, const void *key,
-                       size_t start_block_num,
-                       unsigned char offset_i[16],
-                       const unsigned char L_[][16],
-                       unsigned char checksum[16]);
-void aesni_ocb_decrypt(const unsigned char *in, unsigned char *out,
-                       size_t blocks, const void *key,
-                       size_t start_block_num,
-                       unsigned char offset_i[16],
-                       const unsigned char L_[][16],
-                       unsigned char checksum[16]);
-
 static int aesni_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                               const unsigned char *iv, int enc)
 {
@@ -584,81 +433,7 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \
 const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
 { return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; }
 
-#elif   defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
-
-# include "sparc_arch.h"
-
-extern unsigned int OPENSSL_sparcv9cap_P[];
-
-/*
- * Initial Fujitsu SPARC64 X support
- */
-# define HWAES_CAPABLE           (OPENSSL_sparcv9cap_P[0] & SPARCV9_FJAESX)
-# define HWAES_set_encrypt_key aes_fx_set_encrypt_key
-# define HWAES_set_decrypt_key aes_fx_set_decrypt_key
-# define HWAES_encrypt aes_fx_encrypt
-# define HWAES_decrypt aes_fx_decrypt
-# define HWAES_cbc_encrypt aes_fx_cbc_encrypt
-# define HWAES_ctr32_encrypt_blocks aes_fx_ctr32_encrypt_blocks
-
-# define SPARC_AES_CAPABLE       (OPENSSL_sparcv9cap_P[1] & CFR_AES)
-
-void aes_t4_set_encrypt_key(const unsigned char *key, int bits, AES_KEY *ks);
-void aes_t4_set_decrypt_key(const unsigned char *key, int bits, AES_KEY *ks);
-void aes_t4_encrypt(const unsigned char *in, unsigned char *out,
-                    const AES_KEY *key);
-void aes_t4_decrypt(const unsigned char *in, unsigned char *out,
-                    const AES_KEY *key);
-/*
- * Key-length specific subroutines were chosen for following reason.
- * Each SPARC T4 core can execute up to 8 threads which share core's
- * resources. Loading as much key material to registers allows to
- * minimize references to shared memory interface, as well as amount
- * of instructions in inner loops [much needed on T4]. But then having
- * non-key-length specific routines would require conditional branches
- * either in inner loops or on subroutines' entries. Former is hardly
- * acceptable, while latter means code size increase to size occupied
- * by multiple key-length specific subroutines, so why fight?
- */
-void aes128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
-                           size_t len, const AES_KEY *key,
-                           unsigned char *ivec);
-void aes128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
-                           size_t len, const AES_KEY *key,
-                           unsigned char *ivec);
-void aes192_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
-                           size_t len, const AES_KEY *key,
-                           unsigned char *ivec);
-void aes192_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
-                           size_t len, const AES_KEY *key,
-                           unsigned char *ivec);
-void aes256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
-                           size_t len, const AES_KEY *key,
-                           unsigned char *ivec);
-void aes256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
-                           size_t len, const AES_KEY *key,
-                           unsigned char *ivec);
-void aes128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
-                             size_t blocks, const AES_KEY *key,
-                             unsigned char *ivec);
-void aes192_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
-                             size_t blocks, const AES_KEY *key,
-                             unsigned char *ivec);
-void aes256_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
-                             size_t blocks, const AES_KEY *key,
-                             unsigned char *ivec);
-void aes128_t4_xts_encrypt(const unsigned char *in, unsigned char *out,
-                           size_t blocks, const AES_KEY *key1,
-                           const AES_KEY *key2, const unsigned char *ivec);
-void aes128_t4_xts_decrypt(const unsigned char *in, unsigned char *out,
-                           size_t blocks, const AES_KEY *key1,
-                           const AES_KEY *key2, const unsigned char *ivec);
-void aes256_t4_xts_encrypt(const unsigned char *in, unsigned char *out,
-                           size_t blocks, const AES_KEY *key1,
-                           const AES_KEY *key2, const unsigned char *ivec);
-void aes256_t4_xts_decrypt(const unsigned char *in, unsigned char *out,
-                           size_t blocks, const AES_KEY *key1,
-                           const AES_KEY *key2, const unsigned char *ivec);
+#elif defined(SPARC_AES_CAPABLE)
 
 static int aes_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                            const unsigned char *iv, int enc)
@@ -1012,12 +787,8 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \
 const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
 { return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; }
 
-#elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
-/*
- * IBM S390X support
- */
-# include "s390x_arch.h"
-
+#elif defined(S390X_aes_128_CAPABLE)
+/* IBM S390X support */
 typedef struct {
     union {
         OSSL_UNION_ALIGN;
@@ -1170,24 +941,10 @@ typedef struct {
     } aes;
 } S390X_AES_CCM_CTX;
 
-/* Convert key size to function code: [16,24,32] -> [18,19,20]. */
-# define S390X_AES_FC(keylen)  (S390X_AES_128 + ((((keylen) << 3) - 128) >> 6))
-
-/* Most modes of operation need km for partial block processing. */
-# define S390X_aes_128_CAPABLE (OPENSSL_s390xcap_P.km[0] &     \
-                                S390X_CAPBIT(S390X_AES_128))
-# define S390X_aes_192_CAPABLE (OPENSSL_s390xcap_P.km[0] &     \
-                                S390X_CAPBIT(S390X_AES_192))
-# define S390X_aes_256_CAPABLE (OPENSSL_s390xcap_P.km[0] &     \
-                                S390X_CAPBIT(S390X_AES_256))
-
 # define s390x_aes_init_key aes_init_key
 static int s390x_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                               const unsigned char *iv, int enc);
 
-# define S390X_aes_128_cbc_CAPABLE     1       /* checked by callee */
-# define S390X_aes_192_cbc_CAPABLE     1
-# define S390X_aes_256_cbc_CAPABLE     1
 # define S390X_AES_CBC_CTX             EVP_AES_KEY
 
 # define s390x_aes_cbc_init_key aes_init_key
@@ -1196,10 +953,6 @@ static int s390x_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 static int s390x_aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                 const unsigned char *in, size_t len);
 
-# define S390X_aes_128_ecb_CAPABLE     S390X_aes_128_CAPABLE
-# define S390X_aes_192_ecb_CAPABLE     S390X_aes_192_CAPABLE
-# define S390X_aes_256_ecb_CAPABLE     S390X_aes_256_CAPABLE
-
 static int s390x_aes_ecb_init_key(EVP_CIPHER_CTX *ctx,
                                   const unsigned char *key,
                                   const unsigned char *iv, int enc)
@@ -1224,16 +977,6 @@ static int s390x_aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     return 1;
 }
 
-# define S390X_aes_128_ofb_CAPABLE (S390X_aes_128_CAPABLE &&           \
-                                    (OPENSSL_s390xcap_P.kmo[0] &       \
-                                     S390X_CAPBIT(S390X_AES_128)))
-# define S390X_aes_192_ofb_CAPABLE (S390X_aes_192_CAPABLE &&           \
-                                    (OPENSSL_s390xcap_P.kmo[0] &       \
-                                     S390X_CAPBIT(S390X_AES_192)))
-# define S390X_aes_256_ofb_CAPABLE (S390X_aes_256_CAPABLE &&           \
-                                    (OPENSSL_s390xcap_P.kmo[0] &       \
-                                     S390X_CAPBIT(S390X_AES_256)))
-
 static int s390x_aes_ofb_init_key(EVP_CIPHER_CTX *ctx,
                                   const unsigned char *key,
                                   const unsigned char *ivec, int enc)
@@ -1289,16 +1032,6 @@ static int s390x_aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     return 1;
 }
 
-# define S390X_aes_128_cfb_CAPABLE (S390X_aes_128_CAPABLE &&           \
-                                    (OPENSSL_s390xcap_P.kmf[0] &       \
-                                     S390X_CAPBIT(S390X_AES_128)))
-# define S390X_aes_192_cfb_CAPABLE (S390X_aes_192_CAPABLE &&           \
-                                    (OPENSSL_s390xcap_P.kmf[0] &       \
-                                     S390X_CAPBIT(S390X_AES_192)))
-# define S390X_aes_256_cfb_CAPABLE (S390X_aes_256_CAPABLE &&           \
-                                    (OPENSSL_s390xcap_P.kmf[0] &       \
-                                     S390X_CAPBIT(S390X_AES_256)))
-
 static int s390x_aes_cfb_init_key(EVP_CIPHER_CTX *ctx,
                                   const unsigned char *key,
                                   const unsigned char *ivec, int enc)
@@ -1365,13 +1098,6 @@ static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     return 1;
 }
 
-# define S390X_aes_128_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] &       \
-                                     S390X_CAPBIT(S390X_AES_128))
-# define S390X_aes_192_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] &       \
-                                     S390X_CAPBIT(S390X_AES_192))
-# define S390X_aes_256_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] &       \
-                                     S390X_CAPBIT(S390X_AES_256))
-
 static int s390x_aes_cfb8_init_key(EVP_CIPHER_CTX *ctx,
                                    const unsigned char *key,
                                    const unsigned char *ivec, int enc)
@@ -1400,19 +1126,12 @@ static int s390x_aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     return 1;
 }
 
-# define S390X_aes_128_cfb1_CAPABLE    0
-# define S390X_aes_192_cfb1_CAPABLE    0
-# define S390X_aes_256_cfb1_CAPABLE    0
-
 # define s390x_aes_cfb1_init_key aes_init_key
 
 # define s390x_aes_cfb1_cipher aes_cfb1_cipher
 static int s390x_aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                  const unsigned char *in, size_t len);
 
-# define S390X_aes_128_ctr_CAPABLE     1       /* checked by callee */
-# define S390X_aes_192_ctr_CAPABLE     1
-# define S390X_aes_256_ctr_CAPABLE     1
 # define S390X_AES_CTR_CTX             EVP_AES_KEY
 
 # define s390x_aes_ctr_init_key aes_init_key
@@ -1421,16 +1140,6 @@ static int s390x_aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 static int s390x_aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                 const unsigned char *in, size_t len);
 
-# define S390X_aes_128_gcm_CAPABLE (S390X_aes_128_CAPABLE &&           \
-                                    (OPENSSL_s390xcap_P.kma[0] &       \
-                                     S390X_CAPBIT(S390X_AES_128)))
-# define S390X_aes_192_gcm_CAPABLE (S390X_aes_192_CAPABLE &&           \
-                                    (OPENSSL_s390xcap_P.kma[0] &       \
-                                     S390X_CAPBIT(S390X_AES_192)))
-# define S390X_aes_256_gcm_CAPABLE (S390X_aes_256_CAPABLE &&           \
-                                    (OPENSSL_s390xcap_P.kma[0] &       \
-                                     S390X_CAPBIT(S390X_AES_256)))
-
 /* iv + padding length for iv lengths != 12 */
 # define S390X_gcm_ivpadlen(i) ((((i) + 15) >> 4 << 4) + 16)
 
@@ -1954,8 +1663,6 @@ static int s390x_aes_gcm_cleanup(EVP_CIPHER_CTX *c)
 }
 
 # define S390X_AES_XTS_CTX             EVP_AES_XTS_CTX
-# define S390X_aes_128_xts_CAPABLE     1       /* checked by callee */
-# define S390X_aes_256_xts_CAPABLE     1
 
 # define s390x_aes_xts_init_key aes_xts_init_key
 static int s390x_aes_xts_init_key(EVP_CIPHER_CTX *ctx,
@@ -1968,18 +1675,6 @@ static int s390x_aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 static int s390x_aes_xts_ctrl(EVP_CIPHER_CTX *, int type, int arg, void *ptr);
 # define s390x_aes_xts_cleanup aes_xts_cleanup
 
-# define S390X_aes_128_ccm_CAPABLE (S390X_aes_128_CAPABLE &&           \
-                                    (OPENSSL_s390xcap_P.kmac[0] &      \
-                                     S390X_CAPBIT(S390X_AES_128)))
-# define S390X_aes_192_ccm_CAPABLE (S390X_aes_192_CAPABLE &&           \
-                                    (OPENSSL_s390xcap_P.kmac[0] &      \
-                                     S390X_CAPBIT(S390X_AES_192)))
-# define S390X_aes_256_ccm_CAPABLE (S390X_aes_256_CAPABLE &&           \
-                                    (OPENSSL_s390xcap_P.kmac[0] &      \
-                                     S390X_CAPBIT(S390X_AES_256)))
-
-# define S390X_CCM_AAD_FLAG    0x40
-
 /*-
  * Set nonce and length fields. Code is big-endian.
  */
@@ -2452,9 +2147,6 @@ static int s390x_aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
 
 # ifndef OPENSSL_NO_OCB
 #  define S390X_AES_OCB_CTX            EVP_AES_OCB_CTX
-#  define S390X_aes_128_ocb_CAPABLE    0
-#  define S390X_aes_192_ocb_CAPABLE    0
-#  define S390X_aes_256_ocb_CAPABLE    0
 
 #  define s390x_aes_ocb_init_key aes_ocb_init_key
 static int s390x_aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@@ -2470,9 +2162,6 @@ static int s390x_aes_ocb_ctrl(EVP_CIPHER_CTX *, int type, int arg, void *ptr);
 
 # ifndef OPENSSL_NO_SIV
 #  define S390X_AES_SIV_CTX             EVP_AES_SIV_CTX
-#  define S390X_aes_128_siv_CAPABLE     0
-#  define S390X_aes_192_siv_CAPABLE     0
-#  define S390X_aes_256_siv_CAPABLE     0
 
 #  define s390x_aes_siv_init_key aes_siv_init_key
 #  define s390x_aes_siv_cipher aes_siv_cipher
@@ -2583,48 +2272,6 @@ const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
 
 #endif
 
-#if defined(OPENSSL_CPUID_OBJ) && (defined(__arm__) || defined(__arm) || defined(__aarch64__))
-# include "arm_arch.h"
-# if __ARM_MAX_ARCH__>=7
-#  if defined(BSAES_ASM)
-#   define BSAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON)
-#  endif
-#  if defined(VPAES_ASM)
-#   define VPAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON)
-#  endif
-#  define HWAES_CAPABLE (OPENSSL_armcap_P & ARMV8_AES)
-#  define HWAES_set_encrypt_key aes_v8_set_encrypt_key
-#  define HWAES_set_decrypt_key aes_v8_set_decrypt_key
-#  define HWAES_encrypt aes_v8_encrypt
-#  define HWAES_decrypt aes_v8_decrypt
-#  define HWAES_cbc_encrypt aes_v8_cbc_encrypt
-#  define HWAES_ctr32_encrypt_blocks aes_v8_ctr32_encrypt_blocks
-# endif
-#endif
-
-#if defined(HWAES_CAPABLE)
-int HWAES_set_encrypt_key(const unsigned char *userKey, const int bits,
-                          AES_KEY *key);
-int HWAES_set_decrypt_key(const unsigned char *userKey, const int bits,
-                          AES_KEY *key);
-void HWAES_encrypt(const unsigned char *in, unsigned char *out,
-                   const AES_KEY *key);
-void HWAES_decrypt(const unsigned char *in, unsigned char *out,
-                   const AES_KEY *key);
-void HWAES_cbc_encrypt(const unsigned char *in, unsigned char *out,
-                       size_t length, const AES_KEY *key,
-                       unsigned char *ivec, const int enc);
-void HWAES_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
-                                size_t len, const AES_KEY *key,
-                                const unsigned char ivec[16]);
-void HWAES_xts_encrypt(const unsigned char *inp, unsigned char *out,
-                       size_t len, const AES_KEY *key1,
-                       const AES_KEY *key2, const unsigned char iv[16]);
-void HWAES_xts_decrypt(const unsigned char *inp, unsigned char *out,
-                       size_t len, const AES_KEY *key1,
-                       const AES_KEY *key2, const unsigned char iv[16]);
-#endif
-
 #define BLOCK_CIPHER_generic_pack(nid,keylen,flags)             \
         BLOCK_CIPHER_generic(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)     \
         BLOCK_CIPHER_generic(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)      \
@@ -4110,29 +3757,6 @@ static int aes_ocb_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
     }
 }
 
-# ifdef HWAES_CAPABLE
-#  ifdef HWAES_ocb_encrypt
-void HWAES_ocb_encrypt(const unsigned char *in, unsigned char *out,
-                       size_t blocks, const void *key,
-                       size_t start_block_num,
-                       unsigned char offset_i[16],
-                       const unsigned char L_[][16],
-                       unsigned char checksum[16]);
-#  else
-#    define HWAES_ocb_encrypt ((ocb128_f)NULL)
-#  endif
-#  ifdef HWAES_ocb_decrypt
-void HWAES_ocb_decrypt(const unsigned char *in, unsigned char *out,
-                       size_t blocks, const void *key,
-                       size_t start_block_num,
-                       unsigned char offset_i[16],
-                       const unsigned char L_[][16],
-                       unsigned char checksum[16]);
-#  else
-#    define HWAES_ocb_decrypt ((ocb128_f)NULL)
-#  endif
-# endif
-
 static int aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                             const unsigned char *iv, int enc)
 {
index f6450f399601c51a50ed149f117267d8322ad7ab..8d557e512e76cb899a114001201d1b9ff7487225 100644 (file)
@@ -7,17 +7,15 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <openssl/opensslconf.h>
-
 #include <stdio.h>
 #include <string.h>
-
+#include <openssl/opensslconf.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/aes.h>
 #include <openssl/sha.h>
 #include <openssl/rand.h>
-#include "modes_lcl.h"
+#include "internal/modes_int.h"
 #include "internal/evp_int.h"
 #include "internal/constant_time_locl.h"
 
index cd51e93cc15df92bbe77df012bb6023b36ac18e9..6efd3000b8663c417dc117c3e19d2e825b259aca 100644 (file)
@@ -7,18 +7,15 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <openssl/opensslconf.h>
-
 #include <stdio.h>
 #include <string.h>
-
-
+#include <openssl/opensslconf.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/aes.h>
 #include <openssl/sha.h>
 #include <openssl/rand.h>
-#include "modes_lcl.h"
+#include "internal/modes_int.h"
 #include "internal/constant_time_locl.h"
 #include "internal/evp_int.h"
 
index 5404dd480f71263fb6f27091d5eba1a81af46814..f2588f141ae98fe6610fbf080db995aa2010b15c 100644 (file)
@@ -16,7 +16,7 @@
 # include <openssl/rand_drbg.h>
 # include "internal/aria.h"
 # include "internal/evp_int.h"
-# include "modes_lcl.h"
+# include "internal/modes_int.h"
 # include "evp_locl.h"
 
 /* ARIA subkey Structure */
index e018ba48f35ec28cabc8124008fbd8b4520c3da4..9def167bfa25461e3b7035db1432392b2a98b4a9 100644 (file)
@@ -18,7 +18,7 @@ NON_EMPTY_TRANSLATION_UNIT
 # include <assert.h>
 # include <openssl/camellia.h>
 # include "internal/evp_int.h"
-# include "modes_lcl.h"
+# include "internal/modes_int.h"
 
 static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                              const unsigned char *iv, int enc);
index 3b83d1173c0e70975da1f0d4465ee50b28739883..c1f7e77eb17c9245456930f16c49960e6b759ad0 100644 (file)
@@ -920,9 +920,11 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 
 int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
 {
-    int ok = evp_do_param(c->cipher, &keylen, sizeof(keylen),
-                          OSSL_CIPHER_PARAM_KEYLEN, OSSL_PARAM_INTEGER,
-                          evp_do_ciph_ctx_setparams, c->provctx);
+    int ok;
+    OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
+
+    params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_KEYLEN, &keylen);
+    ok = evp_do_ciph_ctx_setparams(c->cipher, c->provctx, params);
 
     if (ok != -2)
         return ok;
@@ -943,23 +945,27 @@ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
 int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
 {
     int ok;
+    OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
 
     if (pad)
         ctx->flags &= ~EVP_CIPH_NO_PADDING;
     else
         ctx->flags |= EVP_CIPH_NO_PADDING;
 
-    ok = evp_do_param(ctx->cipher, &pad, sizeof(pad),
-                      OSSL_CIPHER_PARAM_PADDING, OSSL_PARAM_INTEGER,
-                      evp_do_ciph_ctx_setparams, ctx->provctx);
+    params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_PADDING, &pad);
+    ok = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->provctx, params);
+
     return ok != 0;
 }
 
 int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
 {
     int ret = -2;                /* Unsupported */
+    int set_params = 1;
+    size_t sz;
+    OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
 
-    if (!ctx->cipher) {
+    if (ctx == NULL || ctx->cipher == NULL) {
         EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
         return 0;
     }
@@ -969,25 +975,65 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
 
     switch (type) {
     case EVP_CTRL_SET_KEY_LENGTH:
-        ret = evp_do_param(ctx->cipher, &arg, sizeof(arg),
-                           OSSL_CIPHER_PARAM_KEYLEN, OSSL_PARAM_INTEGER,
-                           evp_do_ciph_ctx_setparams, ctx->provctx);
-        break;
-    case EVP_CTRL_GET_IV:
-        ret = evp_do_param(ctx->cipher, ptr, arg,
-                           OSSL_CIPHER_PARAM_IV, OSSL_PARAM_OCTET_STRING,
-                           evp_do_ciph_ctx_getparams, ctx->provctx);
+        params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_KEYLEN, &arg);
         break;
     case EVP_CTRL_RAND_KEY:      /* Used by DES */
     case EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS: /* Used by DASYNC */
     case EVP_CTRL_INIT: /* TODO(3.0) Purely legacy, no provider counterpart */
-        ret = -2;                /* Unsupported */
+    default:
+        return -2;      /* Unsupported */
+    case EVP_CTRL_GET_IV:
+        set_params = 0;
+        params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV,
+                                                      ptr, (size_t)arg);
+        break;
+    case EVP_CTRL_AEAD_SET_IVLEN:
+        if (arg < 0)
+            return 0;
+        sz = (size_t)arg;
+        params[0] =
+            OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, &sz);
         break;
+    case EVP_CTRL_GCM_SET_IV_FIXED:
+        params[0] =
+            OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED,
+                                              ptr, (size_t)arg);
+        break;
+    case EVP_CTRL_AEAD_SET_TAG:
+        params[0] =
+            OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
+                                              ptr, (size_t)arg);
+        break;
+    case EVP_CTRL_AEAD_GET_TAG:
+        set_params = 0;
+        params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
+                                                      ptr, (size_t)arg);
+        break;
+    case EVP_CTRL_AEAD_TLS1_AAD:
+        /* This one does a set and a get - since it returns a padding size */
+        params[0] =
+            OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD,
+                                              ptr, (size_t)arg);
+        ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->provctx, params);
+        if (ret <= 0)
+            return ret;
+        params[0] =
+            OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, &sz);
+        ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
+        if (ret <= 0)
+            return 0;
+        return sz;
     }
+
+    if (set_params)
+        ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->provctx, params);
+    else
+        ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
     return ret;
 
- legacy:
-    if (!ctx->cipher->ctrl) {
+/* TODO(3.0): Remove legacy code below */
+legacy:
+    if (ctx->cipher->ctrl == NULL) {
         EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
         return 0;
     }
index 9d1d197c2a872a0a0e69f81ca1cadd72cbcc4245..615206bdd03e7cb1cd4c07ace465cb0414100d21 100644 (file)
@@ -217,10 +217,11 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx)
 
 int EVP_CIPHER_block_size(const EVP_CIPHER *cipher)
 {
-    int v = cipher->block_size;
-    int ok = evp_do_param(cipher, &v, sizeof(v),
-                          OSSL_CIPHER_PARAM_BLOCK_SIZE, OSSL_PARAM_INTEGER,
-                          evp_do_ciph_getparams, NULL);
+    int ok, v = cipher->block_size;
+    OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
+
+    params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_BLOCK_SIZE, &v);
+    ok = evp_do_ciph_getparams(cipher, params);
 
     return ok != 0 ? v : -1;
 }
@@ -265,10 +266,12 @@ int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx)
 
 unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher)
 {
+    int ok;
     unsigned long v = cipher->flags;
-    int ok = evp_do_param(cipher, &v, sizeof(v),
-                          OSSL_CIPHER_PARAM_FLAGS, OSSL_PARAM_UNSIGNED_INTEGER,
-                          evp_do_ciph_getparams, NULL);
+    OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
+
+    params[0] = OSSL_PARAM_construct_ulong(OSSL_CIPHER_PARAM_FLAGS, &v);
+    ok = evp_do_ciph_getparams(cipher, params);
 
     return ok != 0 ? v : 0;
 }
@@ -300,12 +303,13 @@ void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data)
 
 int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher)
 {
-    int v = cipher->iv_len;
-    int ok = evp_do_param(cipher, &v, sizeof(v),
-                          OSSL_CIPHER_PARAM_IVLEN, OSSL_PARAM_UNSIGNED_INTEGER,
-                          evp_do_ciph_getparams, NULL);
+    int ok, v = cipher->iv_len;
+    OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
 
-    return ok != 0 ? v: -1;
+    params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_IVLEN, &v);
+    ok = evp_do_ciph_getparams(cipher, params);
+
+    return ok != 0 ? v : -1;
 }
 
 int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
@@ -323,22 +327,30 @@ const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx)
  */
 const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx)
 {
+    int ok;
     const unsigned char *v = ctx->iv;
-    int ok = evp_do_param(ctx->cipher, &v, sizeof(ctx->iv),
-                          OSSL_CIPHER_PARAM_IV, OSSL_PARAM_OCTET_PTR,
-                          evp_do_ciph_ctx_getparams, ctx->provctx);
+    OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
 
-    return ok != 0 ? v: NULL;
+    params[0] =
+        OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_IV, (void **)&v,
+                                       sizeof(ctx->iv));
+    ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
+
+    return ok != 0 ? v : NULL;
 }
 
 unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx)
 {
+    int ok;
     unsigned char *v = ctx->iv;
-    int ok = evp_do_param(ctx->cipher, &v, sizeof(ctx->iv),
-                          OSSL_CIPHER_PARAM_IV, OSSL_PARAM_OCTET_PTR,
-                          evp_do_ciph_ctx_getparams, ctx->provctx);
+    OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
+
+    params[0] =
+        OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_IV, (void **)&v,
+                                       sizeof(ctx->iv));
+    ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
 
-    return ok != 0 ? v: NULL;
+    return ok != 0 ? v : NULL;
 }
 
 unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx)
@@ -348,42 +360,48 @@ unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx)
 
 int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx)
 {
-    int v = ctx->num;
-    int ok = evp_do_param(ctx->cipher, &v, sizeof(v),
-                          OSSL_CIPHER_PARAM_NUM, OSSL_PARAM_INTEGER,
-                          evp_do_ciph_ctx_getparams, ctx->provctx);
+    int ok, v = ctx->num;
+    OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
 
-    return ok != 0 ? v: -1;
+    params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_NUM, &v);
+    ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
+
+    return ok != 0 ? v : -1;
 }
 
 int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num)
 {
-    int ok = evp_do_param(ctx->cipher, &num, sizeof(num),
-                          OSSL_CIPHER_PARAM_NUM, OSSL_PARAM_INTEGER,
-                          evp_do_ciph_ctx_setparams, ctx->provctx);
+    int ok;
+    OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
 
-    ctx->num = num;
+    params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_NUM, &num);
+    ok = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->provctx, params);
+
+    if (ok != 0)
+        ctx->num = num;
     return ok != 0;
 }
 
 int EVP_CIPHER_key_length(const EVP_CIPHER *cipher)
 {
-    int v = cipher->key_len;
-    int ok = evp_do_param(cipher, &v, sizeof(v),
-                          OSSL_CIPHER_PARAM_KEYLEN, OSSL_PARAM_INTEGER,
-                          evp_do_ciph_getparams, NULL);
+    int ok, v = cipher->key_len;
+    OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
+
+    params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_KEYLEN, &v);
+    ok = evp_do_ciph_getparams(cipher, params);
 
-    return ok != 0 ? v: -1;
+    return ok != 0 ? v : -1;
 }
 
 int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
 {
-    int v = ctx->key_len;
-    int ok = evp_do_param(ctx->cipher, &v, sizeof(v),
-                          OSSL_CIPHER_PARAM_KEYLEN, OSSL_PARAM_INTEGER,
-                          evp_do_ciph_ctx_getparams, ctx->provctx);
+    int ok, v = ctx->key_len;
+    OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
+
+    params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_KEYLEN, &v);
+    ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
 
-    return ok != 0 ? v: -1;
+    return ok != 0 ? v : -1;
 }
 
 int EVP_CIPHER_nid(const EVP_CIPHER *cipher)
@@ -398,14 +416,14 @@ int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx)
 
 int EVP_CIPHER_mode(const EVP_CIPHER *cipher)
 {
-    int v = EVP_CIPHER_flags(cipher) & EVP_CIPH_MODE;
-    int ok = evp_do_param(cipher, &v, sizeof(v),
-                          OSSL_CIPHER_PARAM_MODE, OSSL_PARAM_INTEGER,
-                          evp_do_ciph_getparams, NULL);
+    int ok, v = EVP_CIPHER_flags(cipher) & EVP_CIPH_MODE;
+    OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
 
-    return ok != 0 ? v: 0;
-}
+    params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_MODE, &v);
+    ok = evp_do_ciph_getparams(cipher, params);
 
+    return ok != 0 ? v : 0;
+}
 
 int EVP_MD_block_size(const EVP_MD *md)
 {
index 54f9e0814bb58913948d72554a1f1d9db14c6c0f..b62f1e3bc4cedd26c8fc65d911476033825fece9 100644 (file)
@@ -99,7 +99,7 @@ void *evp_generic_fetch(OPENSSL_CTX *ctx, int operation_id,
 /* Helper functions to avoid duplicating code */
 
 /*
- * The callbacks implement different ways to pass a params array to the
+ * These methods implement different ways to pass a params array to the
  * provider.  They will return one of these values:
  *
  * -2 if the method doesn't come from a provider
@@ -109,26 +109,8 @@ void *evp_generic_fetch(OPENSSL_CTX *ctx, int operation_id,
  * or the return value from the desired function
  *    (evp_do_param will return it to the caller)
  */
-int evp_do_ciph_getparams(const void *vciph, void *ignored,
-                          OSSL_PARAM params[]);
-int evp_do_ciph_ctx_getparams(const void *vciph, void *provctx,
+int evp_do_ciph_getparams(const EVP_CIPHER *ciph, OSSL_PARAM params[]);
+int evp_do_ciph_ctx_getparams(const EVP_CIPHER *ciph, void *provctx,
                               OSSL_PARAM params[]);
-int evp_do_ciph_ctx_setparams(const void *vciph, void *provctx,
+int evp_do_ciph_ctx_setparams(const EVP_CIPHER *ciph, void *provctx,
                               OSSL_PARAM params[]);
-
-/*-
- * prepares a singular parameter, then calls the callback to execute.
- *
- * |method|   points to the method used by the callback.
- *            EVP_CIPHER, EVP_MD, ...
- * |ptr|      points at the data to transfer.
- * |sz|       is the size of the data to transfer.
- * |key|      is the name of the parameter to pass.
- * |datatype| is the data type of the parameter to pass.
- * |cb|       is the callback that actually performs the parameter passing
- * |cb_ctx|   is the cipher context
- */
-int evp_do_param(const void *method, void *ptr, size_t sz, const char *key,
-                 int datatype,
-                 int (*cb)(const void *method, void *ctx, OSSL_PARAM params[]),
-                 void *cb_ctx);
index 48f548c7b6c1a1e064f3f15be17d3e0fc682cd20..c3b5520593ff4e97f02dc1d734509967bbaf17f7 100644 (file)
 #include "internal/evp_int.h"    /* evp_locl.h needs it */
 #include "evp_locl.h"
 
-int evp_do_ciph_getparams(const void *vciph, void *ignored,
-                          OSSL_PARAM params[])
+int evp_do_ciph_getparams(const EVP_CIPHER *ciph, OSSL_PARAM params[])
 {
-    const EVP_CIPHER *ciph = vciph;
-
     if (ciph->prov == NULL)
         return -2;
     if (ciph->get_params == NULL)
@@ -29,11 +26,9 @@ int evp_do_ciph_getparams(const void *vciph, void *ignored,
     return ciph->get_params(params);
 }
 
-int evp_do_ciph_ctx_getparams(const void *vciph, void *provctx,
+int evp_do_ciph_ctx_getparams(const EVP_CIPHER *ciph, void *provctx,
                               OSSL_PARAM params[])
 {
-    const EVP_CIPHER *ciph = vciph;
-
     if (ciph->prov == NULL)
         return -2;
     if (ciph->ctx_get_params == NULL)
@@ -41,38 +36,12 @@ int evp_do_ciph_ctx_getparams(const void *vciph, void *provctx,
     return ciph->ctx_get_params(provctx, params);
 }
 
-int evp_do_ciph_ctx_setparams(const void *vciph, void *provctx,
+int evp_do_ciph_ctx_setparams(const EVP_CIPHER *ciph, void *provctx,
                               OSSL_PARAM params[])
 {
-    const EVP_CIPHER *ciph = vciph;
-
     if (ciph->prov == NULL)
         return -2;
     if (ciph->ctx_set_params == NULL)
         return -1;
     return ciph->ctx_set_params(provctx, params);
 }
-
-int evp_do_param(const void *method, void *ptr, size_t sz, const char *key,
-                 int datatype,
-                 int (*cb)(const void *method, void *ctx, OSSL_PARAM params[]),
-                 void *cb_ctx)
-{
-    OSSL_PARAM params[2] = {
-        OSSL_PARAM_END,
-        OSSL_PARAM_END
-    };
-    int ret;
-
-    params[0].key = key;
-    params[0].data_type = datatype;
-    params[0].data = ptr;
-    params[0].data_size = sz;
-
-    ret = cb(method, cb_ctx, params);
-    if (ret == -1) {
-        EVPerr(0, EVP_R_CTRL_NOT_IMPLEMENTED);
-        ret = 0;
-    }
-    return ret;
-}
diff --git a/crypto/include/internal/aes_platform.h b/crypto/include/internal/aes_platform.h
new file mode 100644 (file)
index 0000000..115264e
--- /dev/null
@@ -0,0 +1,391 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_INTERNAL_AES_PLATFORM_H
+# define HEADER_INTERNAL_AES_PLATFORM_H
+
+# ifdef VPAES_ASM
+int vpaes_set_encrypt_key(const unsigned char *userKey, int bits,
+                          AES_KEY *key);
+int vpaes_set_decrypt_key(const unsigned char *userKey, int bits,
+                          AES_KEY *key);
+void vpaes_encrypt(const unsigned char *in, unsigned char *out,
+                   const AES_KEY *key);
+void vpaes_decrypt(const unsigned char *in, unsigned char *out,
+                   const AES_KEY *key);
+void vpaes_cbc_encrypt(const unsigned char *in,
+                       unsigned char *out,
+                       size_t length,
+                       const AES_KEY *key, unsigned char *ivec, int enc);
+# endif /* VPAES_ASM */
+
+# ifdef BSAES_ASM
+void bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                       size_t length, const AES_KEY *key,
+                       unsigned char ivec[16], int enc);
+void bsaes_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
+                                size_t len, const AES_KEY *key,
+                                const unsigned char ivec[16]);
+void bsaes_xts_encrypt(const unsigned char *inp, unsigned char *out,
+                       size_t len, const AES_KEY *key1,
+                       const AES_KEY *key2, const unsigned char iv[16]);
+void bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out,
+                       size_t len, const AES_KEY *key1,
+                       const AES_KEY *key2, const unsigned char iv[16]);
+# endif /* BSAES_ASM */
+
+# ifdef AES_CTR_ASM
+void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
+                       size_t blocks, const AES_KEY *key,
+                       const unsigned char ivec[AES_BLOCK_SIZE]);
+# endif /*  AES_CTR_ASM */
+
+# ifdef AES_XTS_ASM
+void AES_xts_encrypt(const unsigned char *inp, unsigned char *out, size_t len,
+                     const AES_KEY *key1, const AES_KEY *key2,
+                     const unsigned char iv[16]);
+void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len,
+                     const AES_KEY *key1, const AES_KEY *key2,
+                     const unsigned char iv[16]);
+# endif /* AES_XTS_ASM */
+
+# if defined(OPENSSL_CPUID_OBJ)
+#  if (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC))
+#   include "ppc_arch.h"
+#   ifdef VPAES_ASM
+#    define VPAES_CAPABLE (OPENSSL_ppccap_P & PPC_ALTIVEC)
+#   endif
+#   define HWAES_CAPABLE  (OPENSSL_ppccap_P & PPC_CRYPTO207)
+#   define HWAES_set_encrypt_key aes_p8_set_encrypt_key
+#   define HWAES_set_decrypt_key aes_p8_set_decrypt_key
+#   define HWAES_encrypt aes_p8_encrypt
+#   define HWAES_decrypt aes_p8_decrypt
+#   define HWAES_cbc_encrypt aes_p8_cbc_encrypt
+#   define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks
+#   define HWAES_xts_encrypt aes_p8_xts_encrypt
+#   define HWAES_xts_decrypt aes_p8_xts_decrypt
+#  endif /* PPC */
+
+#  if (defined(__arm__) || defined(__arm) || defined(__aarch64__))
+#   include "arm_arch.h"
+#   if __ARM_MAX_ARCH__>=7
+#    if defined(BSAES_ASM)
+#     define BSAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON)
+#    endif
+#    if defined(VPAES_ASM)
+#     define VPAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON)
+#    endif
+#    define HWAES_CAPABLE (OPENSSL_armcap_P & ARMV8_AES)
+#    define HWAES_set_encrypt_key aes_v8_set_encrypt_key
+#    define HWAES_set_decrypt_key aes_v8_set_decrypt_key
+#    define HWAES_encrypt aes_v8_encrypt
+#    define HWAES_decrypt aes_v8_decrypt
+#    define HWAES_cbc_encrypt aes_v8_cbc_encrypt
+#    define HWAES_ctr32_encrypt_blocks aes_v8_ctr32_encrypt_blocks
+#   endif
+#  endif
+# endif /* OPENSSL_CPUID_OBJ */
+
+# if     defined(AES_ASM) && !defined(I386_ONLY) &&      (  \
+         ((defined(__i386)       || defined(__i386__)    || \
+           defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \
+         defined(__x86_64)       || defined(__x86_64__)  || \
+         defined(_M_AMD64)       || defined(_M_X64)      )
+
+/* AES-NI section */
+extern unsigned int OPENSSL_ia32cap_P[];
+
+#  define AESNI_CAPABLE   (OPENSSL_ia32cap_P[1]&(1<<(57-32)))
+#  ifdef VPAES_ASM
+#   define VPAES_CAPABLE   (OPENSSL_ia32cap_P[1]&(1<<(41-32)))
+#  endif
+#  ifdef BSAES_ASM
+#   define BSAES_CAPABLE   (OPENSSL_ia32cap_P[1]&(1<<(41-32)))
+#  endif
+
+int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
+                          AES_KEY *key);
+int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
+                          AES_KEY *key);
+
+void aesni_encrypt(const unsigned char *in, unsigned char *out,
+                   const AES_KEY *key);
+void aesni_decrypt(const unsigned char *in, unsigned char *out,
+                   const AES_KEY *key);
+
+void aesni_ecb_encrypt(const unsigned char *in,
+                       unsigned char *out,
+                       size_t length, const AES_KEY *key, int enc);
+void aesni_cbc_encrypt(const unsigned char *in,
+                       unsigned char *out,
+                       size_t length,
+                       const AES_KEY *key, unsigned char *ivec, int enc);
+#  ifndef OPENSSL_NO_OCB
+void aesni_ocb_encrypt(const unsigned char *in, unsigned char *out,
+                       size_t blocks, const void *key,
+                       size_t start_block_num,
+                       unsigned char offset_i[16],
+                       const unsigned char L_[][16],
+                       unsigned char checksum[16]);
+void aesni_ocb_decrypt(const unsigned char *in, unsigned char *out,
+                       size_t blocks, const void *key,
+                       size_t start_block_num,
+                       unsigned char offset_i[16],
+                       const unsigned char L_[][16],
+                       unsigned char checksum[16]);
+#  endif /* OPENSSL_NO_OCB */
+
+void aesni_ctr32_encrypt_blocks(const unsigned char *in,
+                                unsigned char *out,
+                                size_t blocks,
+                                const void *key, const unsigned char *ivec);
+
+void aesni_xts_encrypt(const unsigned char *in,
+                       unsigned char *out,
+                       size_t length,
+                       const AES_KEY *key1, const AES_KEY *key2,
+                       const unsigned char iv[16]);
+
+void aesni_xts_decrypt(const unsigned char *in,
+                       unsigned char *out,
+                       size_t length,
+                       const AES_KEY *key1, const AES_KEY *key2,
+                       const unsigned char iv[16]);
+
+void aesni_ccm64_encrypt_blocks(const unsigned char *in,
+                                unsigned char *out,
+                                size_t blocks,
+                                const void *key,
+                                const unsigned char ivec[16],
+                                unsigned char cmac[16]);
+
+void aesni_ccm64_decrypt_blocks(const unsigned char *in,
+                                unsigned char *out,
+                                size_t blocks,
+                                const void *key,
+                                const unsigned char ivec[16],
+                                unsigned char cmac[16]);
+
+#  if defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
+size_t aesni_gcm_encrypt(const unsigned char *in, unsigned char *out, size_t len,
+                         const void *key, unsigned char ivec[16], u64 *Xi);
+size_t aesni_gcm_decrypt(const unsigned char *in, unsigned char *out, size_t len,
+                         const void *key, unsigned char ivec[16], u64 *Xi);
+void gcm_ghash_avx(u64 Xi[2], const u128 Htable[16], const u8 *in, size_t len);
+
+#   define AES_GCM_ASM(ctx)    (ctx->ctr == aesni_ctr32_encrypt_blocks && \
+                                ctx->gcm.ghash == gcm_ghash_avx)
+#  endif
+
+
+# elif defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
+
+/* Fujitsu SPARC64 X support */
+extern unsigned int OPENSSL_sparcv9cap_P[];
+#  include "sparc_arch.h"
+#  define SPARC_AES_CAPABLE       (OPENSSL_sparcv9cap_P[1] & CFR_AES)
+#  define HWAES_CAPABLE           (OPENSSL_sparcv9cap_P[0] & SPARCV9_FJAESX)
+#  define HWAES_set_encrypt_key aes_fx_set_encrypt_key
+#  define HWAES_set_decrypt_key aes_fx_set_decrypt_key
+#  define HWAES_encrypt aes_fx_encrypt
+#  define HWAES_decrypt aes_fx_decrypt
+#  define HWAES_cbc_encrypt aes_fx_cbc_encrypt
+#  define HWAES_ctr32_encrypt_blocks aes_fx_ctr32_encrypt_blocks
+
+void aes_t4_set_encrypt_key(const unsigned char *key, int bits, AES_KEY *ks);
+void aes_t4_set_decrypt_key(const unsigned char *key, int bits, AES_KEY *ks);
+void aes_t4_encrypt(const unsigned char *in, unsigned char *out,
+                    const AES_KEY *key);
+void aes_t4_decrypt(const unsigned char *in, unsigned char *out,
+                    const AES_KEY *key);
+/*
+ * Key-length specific subroutines were chosen for following reason.
+ * Each SPARC T4 core can execute up to 8 threads which share core's
+ * resources. Loading as much key material to registers allows to
+ * minimize references to shared memory interface, as well as amount
+ * of instructions in inner loops [much needed on T4]. But then having
+ * non-key-length specific routines would require conditional branches
+ * either in inner loops or on subroutines' entries. Former is hardly
+ * acceptable, while latter means code size increase to size occupied
+ * by multiple key-length specific subroutines, so why fight?
+ */
+void aes128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const AES_KEY *key,
+                           unsigned char *ivec);
+void aes128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const AES_KEY *key,
+                           unsigned char *ivec);
+void aes192_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const AES_KEY *key,
+                           unsigned char *ivec);
+void aes192_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const AES_KEY *key,
+                           unsigned char *ivec);
+void aes256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const AES_KEY *key,
+                           unsigned char *ivec);
+void aes256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const AES_KEY *key,
+                           unsigned char *ivec);
+void aes128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t blocks, const AES_KEY *key,
+                             unsigned char *ivec);
+void aes192_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t blocks, const AES_KEY *key,
+                             unsigned char *ivec);
+void aes256_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t blocks, const AES_KEY *key,
+                             unsigned char *ivec);
+void aes128_t4_xts_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t blocks, const AES_KEY *key1,
+                           const AES_KEY *key2, const unsigned char *ivec);
+void aes128_t4_xts_decrypt(const unsigned char *in, unsigned char *out,
+                           size_t blocks, const AES_KEY *key1,
+                           const AES_KEY *key2, const unsigned char *ivec);
+void aes256_t4_xts_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t blocks, const AES_KEY *key1,
+                           const AES_KEY *key2, const unsigned char *ivec);
+void aes256_t4_xts_decrypt(const unsigned char *in, unsigned char *out,
+                           size_t blocks, const AES_KEY *key1,
+                           const AES_KEY *key2, const unsigned char *ivec);
+
+# elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
+/* IBM S390X support */
+#  include "s390x_arch.h"
+
+
+/* Convert key size to function code: [16,24,32] -> [18,19,20]. */
+#  define S390X_AES_FC(keylen)  (S390X_AES_128 + ((((keylen) << 3) - 128) >> 6))
+
+/* Most modes of operation need km for partial block processing. */
+#  define S390X_aes_128_CAPABLE (OPENSSL_s390xcap_P.km[0] &  \
+                                S390X_CAPBIT(S390X_AES_128))
+#  define S390X_aes_192_CAPABLE (OPENSSL_s390xcap_P.km[0] &  \
+                                S390X_CAPBIT(S390X_AES_192))
+#  define S390X_aes_256_CAPABLE (OPENSSL_s390xcap_P.km[0] &  \
+                                S390X_CAPBIT(S390X_AES_256))
+
+#  define S390X_aes_128_cbc_CAPABLE    1       /* checked by callee */
+#  define S390X_aes_192_cbc_CAPABLE    1
+#  define S390X_aes_256_cbc_CAPABLE    1
+
+#  define S390X_aes_128_ecb_CAPABLE    S390X_aes_128_CAPABLE
+#  define S390X_aes_192_ecb_CAPABLE    S390X_aes_192_CAPABLE
+#  define S390X_aes_256_ecb_CAPABLE    S390X_aes_256_CAPABLE
+
+#  define S390X_aes_128_ofb_CAPABLE (S390X_aes_128_CAPABLE &&          \
+                                    (OPENSSL_s390xcap_P.kmo[0] &       \
+                                     S390X_CAPBIT(S390X_AES_128)))
+#  define S390X_aes_192_ofb_CAPABLE (S390X_aes_192_CAPABLE &&          \
+                                    (OPENSSL_s390xcap_P.kmo[0] &       \
+                                     S390X_CAPBIT(S390X_AES_192)))
+#  define S390X_aes_256_ofb_CAPABLE (S390X_aes_256_CAPABLE &&          \
+                                    (OPENSSL_s390xcap_P.kmo[0] &       \
+                                     S390X_CAPBIT(S390X_AES_256)))
+
+#  define S390X_aes_128_cfb_CAPABLE (S390X_aes_128_CAPABLE &&          \
+                                    (OPENSSL_s390xcap_P.kmf[0] &       \
+                                     S390X_CAPBIT(S390X_AES_128)))
+#  define S390X_aes_192_cfb_CAPABLE (S390X_aes_192_CAPABLE &&          \
+                                    (OPENSSL_s390xcap_P.kmf[0] &       \
+                                     S390X_CAPBIT(S390X_AES_192)))
+#  define S390X_aes_256_cfb_CAPABLE (S390X_aes_256_CAPABLE &&          \
+                                    (OPENSSL_s390xcap_P.kmf[0] &       \
+                                     S390X_CAPBIT(S390X_AES_256)))
+#  define S390X_aes_128_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] &      \
+                                     S390X_CAPBIT(S390X_AES_128))
+#  define S390X_aes_192_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] &      \
+                                     S390X_CAPBIT(S390X_AES_192))
+#  define S390X_aes_256_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] &      \
+                                     S390X_CAPBIT(S390X_AES_256))
+#  define S390X_aes_128_cfb1_CAPABLE   0
+#  define S390X_aes_192_cfb1_CAPABLE   0
+#  define S390X_aes_256_cfb1_CAPABLE   0
+
+#  define S390X_aes_128_ctr_CAPABLE    1       /* checked by callee */
+#  define S390X_aes_192_ctr_CAPABLE    1
+#  define S390X_aes_256_ctr_CAPABLE    1
+
+#  define S390X_aes_128_xts_CAPABLE    1       /* checked by callee */
+#  define S390X_aes_256_xts_CAPABLE    1
+
+#  define S390X_aes_128_ccm_CAPABLE (S390X_aes_128_CAPABLE &&          \
+                                    (OPENSSL_s390xcap_P.kmac[0] &      \
+                                     S390X_CAPBIT(S390X_AES_128)))
+#  define S390X_aes_192_ccm_CAPABLE (S390X_aes_192_CAPABLE &&          \
+                                    (OPENSSL_s390xcap_P.kmac[0] &      \
+                                     S390X_CAPBIT(S390X_AES_192)))
+#  define S390X_aes_256_ccm_CAPABLE (S390X_aes_256_CAPABLE &&          \
+                                    (OPENSSL_s390xcap_P.kmac[0] &      \
+                                     S390X_CAPBIT(S390X_AES_256)))
+#  define S390X_CCM_AAD_FLAG   0x40
+
+#  ifndef OPENSSL_NO_OCB
+#   define S390X_aes_128_ocb_CAPABLE   0
+#   define S390X_aes_192_ocb_CAPABLE   0
+#   define S390X_aes_256_ocb_CAPABLE   0
+#  endif /* OPENSSL_NO_OCB */
+
+#  ifndef OPENSSL_NO_SIV
+#   define S390X_aes_128_siv_CAPABLE    0
+#   define S390X_aes_192_siv_CAPABLE    0
+#   define S390X_aes_256_siv_CAPABLE    0
+#  endif /* OPENSSL_NO_SIV */
+
+/* Convert key size to function code: [16,24,32] -> [18,19,20]. */
+#  define S390X_AES_FC(keylen)  (S390X_AES_128 + ((((keylen) << 3) - 128) >> 6))
+# endif
+
+# if defined(HWAES_CAPABLE)
+int HWAES_set_encrypt_key(const unsigned char *userKey, const int bits,
+                          AES_KEY *key);
+int HWAES_set_decrypt_key(const unsigned char *userKey, const int bits,
+                          AES_KEY *key);
+void HWAES_encrypt(const unsigned char *in, unsigned char *out,
+                   const AES_KEY *key);
+void HWAES_decrypt(const unsigned char *in, unsigned char *out,
+                   const AES_KEY *key);
+void HWAES_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                       size_t length, const AES_KEY *key,
+                       unsigned char *ivec, const int enc);
+void HWAES_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
+                                size_t len, const AES_KEY *key,
+                                const unsigned char ivec[16]);
+void HWAES_xts_encrypt(const unsigned char *inp, unsigned char *out,
+                       size_t len, const AES_KEY *key1,
+                       const AES_KEY *key2, const unsigned char iv[16]);
+void HWAES_xts_decrypt(const unsigned char *inp, unsigned char *out,
+                       size_t len, const AES_KEY *key1,
+                       const AES_KEY *key2, const unsigned char iv[16]);
+#  ifndef OPENSSL_NO_OCB
+#   ifdef HWAES_ocb_encrypt
+void HWAES_ocb_encrypt(const unsigned char *in, unsigned char *out,
+                       size_t blocks, const void *key,
+                       size_t start_block_num,
+                       unsigned char offset_i[16],
+                       const unsigned char L_[][16],
+                       unsigned char checksum[16]);
+#   else
+#     define HWAES_ocb_encrypt ((ocb128_f)NULL)
+#   endif
+#   ifdef HWAES_ocb_decrypt
+void HWAES_ocb_decrypt(const unsigned char *in, unsigned char *out,
+                       size_t blocks, const void *key,
+                       size_t start_block_num,
+                       unsigned char offset_i[16],
+                       const unsigned char L_[][16],
+                       unsigned char checksum[16]);
+#   else
+#     define HWAES_ocb_decrypt ((ocb128_f)NULL)
+#   endif
+#  endif /* OPENSSL_NO_OCB */
+
+# endif /* HWAES_CAPABLE */
+
+#endif /* HEADER_INTERNAL_AES_PLATFORM_H */
index 8a8ef6e15f2d5c6fea89faf633b308c2b430fc0e..5230f08966dc6161f5d0c61eed73e96ebae96f5e 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2010-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * https://www.openssl.org/source/license.html
  */
 
+/* TODO(3.0) Move this header into provider when dependencies are removed */
+#include <openssl/modes.h>
+
+#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
+typedef __int64 i64;
+typedef unsigned __int64 u64;
+# define U64(C) C##UI64
+#elif defined(__arch64__)
+typedef long i64;
+typedef unsigned long u64;
+# define U64(C) C##UL
+#else
+typedef long long i64;
+typedef unsigned long long u64;
+# define U64(C) C##ULL
+#endif
+
+typedef unsigned int u32;
+typedef unsigned char u8;
+
+#define STRICT_ALIGNMENT 1
+#ifndef PEDANTIC
+# if defined(__i386)    || defined(__i386__)    || \
+     defined(__x86_64)  || defined(__x86_64__)  || \
+     defined(_M_IX86)   || defined(_M_AMD64)    || defined(_M_X64) || \
+     defined(__aarch64__)                       || \
+     defined(__s390__)  || defined(__s390x__)
+#  undef STRICT_ALIGNMENT
+# endif
+#endif
+
+#if !defined(PEDANTIC) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+# if defined(__GNUC__) && __GNUC__>=2
+#  if defined(__x86_64) || defined(__x86_64__)
+#   define BSWAP8(x) ({ u64 ret_=(x);                   \
+                        asm ("bswapq %0"                \
+                        : "+r"(ret_));   ret_;          })
+#   define BSWAP4(x) ({ u32 ret_=(x);                   \
+                        asm ("bswapl %0"                \
+                        : "+r"(ret_));   ret_;          })
+#  elif (defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)
+#   define BSWAP8(x) ({ u32 lo_=(u64)(x)>>32,hi_=(x);   \
+                        asm ("bswapl %0; bswapl %1"     \
+                        : "+r"(hi_),"+r"(lo_));         \
+                        (u64)hi_<<32|lo_;               })
+#   define BSWAP4(x) ({ u32 ret_=(x);                   \
+                        asm ("bswapl %0"                \
+                        : "+r"(ret_));   ret_;          })
+#  elif defined(__aarch64__)
+#   define BSWAP8(x) ({ u64 ret_;                       \
+                        asm ("rev %0,%1"                \
+                        : "=r"(ret_) : "r"(x)); ret_;   })
+#   define BSWAP4(x) ({ u32 ret_;                       \
+                        asm ("rev %w0,%w1"              \
+                        : "=r"(ret_) : "r"(x)); ret_;   })
+#  elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT)
+#   define BSWAP8(x) ({ u32 lo_=(u64)(x)>>32,hi_=(x);   \
+                        asm ("rev %0,%0; rev %1,%1"     \
+                        : "+r"(hi_),"+r"(lo_));         \
+                        (u64)hi_<<32|lo_;               })
+#   define BSWAP4(x) ({ u32 ret_;                       \
+                        asm ("rev %0,%1"                \
+                        : "=r"(ret_) : "r"((u32)(x)));  \
+                        ret_;                           })
+#  endif
+# elif defined(_MSC_VER)
+#  if _MSC_VER>=1300
+#   include <stdlib.h>
+#   pragma intrinsic(_byteswap_uint64,_byteswap_ulong)
+#   define BSWAP8(x)    _byteswap_uint64((u64)(x))
+#   define BSWAP4(x)    _byteswap_ulong((u32)(x))
+#  elif defined(_M_IX86)
+__inline u32 _bswap4(u32 val)
+{
+_asm mov eax, val _asm bswap eax}
+#   define BSWAP4(x)    _bswap4(x)
+#  endif
+# endif
+#endif
+#if defined(BSWAP4) && !defined(STRICT_ALIGNMENT)
+# define GETU32(p)       BSWAP4(*(const u32 *)(p))
+# define PUTU32(p,v)     *(u32 *)(p) = BSWAP4(v)
+#else
+# define GETU32(p)       ((u32)(p)[0]<<24|(u32)(p)[1]<<16|(u32)(p)[2]<<8|(u32)(p)[3])
+# define PUTU32(p,v)     ((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v))
+#endif
+/*- GCM definitions */ typedef struct {
+    u64 hi, lo;
+} u128;
+
+#ifdef  TABLE_BITS
+# undef  TABLE_BITS
+#endif
+/*
+ * Even though permitted values for TABLE_BITS are 8, 4 and 1, it should
+ * never be set to 8 [or 1]. For further information see gcm128.c.
+ */
+#define TABLE_BITS 4
+
+struct gcm128_context {
+    /* Following 6 names follow names in GCM specification */
+    union {
+        u64 u[2];
+        u32 d[4];
+        u8 c[16];
+        size_t t[16 / sizeof(size_t)];
+    } Yi, EKi, EK0, len, Xi, H;
+    /*
+     * Relative position of Xi, H and pre-computed Htable is used in some
+     * assembler modules, i.e. don't change the order!
+     */
+#if TABLE_BITS==8
+    u128 Htable[256];
+#else
+    u128 Htable[16];
+    void (*gmult) (u64 Xi[2], const u128 Htable[16]);
+    void (*ghash) (u64 Xi[2], const u128 Htable[16], const u8 *inp,
+                   size_t len);
+#endif
+    unsigned int mres, ares;
+    block128_f block;
+    void *key;
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+    unsigned char Xn[48];
+#endif
+};
+
+/*
+ * The maximum permitted number of cipher blocks per data unit in XTS mode.
+ * Reference IEEE Std 1619-2018.
+ */
+#define XTS_MAX_BLOCKS_PER_DATA_UNIT            (1<<20)
+
+struct xts128_context {
+    void *key1, *key2;
+    block128_f block1, block2;
+};
+
+struct ccm128_context {
+    union {
+        u64 u[2];
+        u8 c[16];
+    } nonce, cmac;
+    u64 blocks;
+    block128_f block;
+    void *key;
+};
+
+#ifndef OPENSSL_NO_OCB
+
+typedef union {
+    u64 a[2];
+    unsigned char c[16];
+} OCB_BLOCK;
+# define ocb_block16_xor(in1,in2,out) \
+    ( (out)->a[0]=(in1)->a[0]^(in2)->a[0], \
+      (out)->a[1]=(in1)->a[1]^(in2)->a[1] )
+# if STRICT_ALIGNMENT
+#  define ocb_block16_xor_misaligned(in1,in2,out) \
+    ocb_block_xor((in1)->c,(in2)->c,16,(out)->c)
+# else
+#  define ocb_block16_xor_misaligned ocb_block16_xor
+# endif
+
+struct ocb128_context {
+    /* Need both encrypt and decrypt key schedules for decryption */
+    block128_f encrypt;
+    block128_f decrypt;
+    void *keyenc;
+    void *keydec;
+    ocb128_f stream;    /* direction dependent */
+    /* Key dependent variables. Can be reused if key remains the same */
+    size_t l_index;
+    size_t max_l_index;
+    OCB_BLOCK l_star;
+    OCB_BLOCK l_dollar;
+    OCB_BLOCK *l;
+    /* Must be reset for each session */
+    struct {
+        u64 blocks_hashed;
+        u64 blocks_processed;
+        OCB_BLOCK offset_aad;
+        OCB_BLOCK sum;
+        OCB_BLOCK offset;
+        OCB_BLOCK checksum;
+    } sess;
+};
+#endif                          /* OPENSSL_NO_OCB */
+
 #ifndef OPENSSL_NO_SIV
 
-typedef struct siv128_context SIV128_CONTEXT;
-
-SIV128_CONTEXT *CRYPTO_siv128_new(const unsigned char *key, int klen,
-                                  EVP_CIPHER* cbc, EVP_CIPHER* ctr);
-int CRYPTO_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen,
-                       const EVP_CIPHER* cbc, const EVP_CIPHER* ctr);
-int CRYPTO_siv128_copy_ctx(SIV128_CONTEXT *dest, SIV128_CONTEXT *src);
-int CRYPTO_siv128_aad(SIV128_CONTEXT *ctx, const unsigned char *aad,
-                      size_t len);
-int CRYPTO_siv128_encrypt(SIV128_CONTEXT *ctx,
-                          const unsigned char *in, unsigned char *out,
-                          size_t len);
-int CRYPTO_siv128_decrypt(SIV128_CONTEXT *ctx,
-                          const unsigned char *in, unsigned char *out,
-                          size_t len);
-int CRYPTO_siv128_finish(SIV128_CONTEXT *ctx);
-int CRYPTO_siv128_set_tag(SIV128_CONTEXT *ctx, const unsigned char *tag,
-                          size_t len);
-int CRYPTO_siv128_get_tag(SIV128_CONTEXT *ctx, unsigned char *tag, size_t len);
-int CRYPTO_siv128_cleanup(SIV128_CONTEXT *ctx);
-int CRYPTO_siv128_speed(SIV128_CONTEXT *ctx, int arg);
+#define SIV_LEN 16
+
+typedef union siv_block_u {
+    uint64_t word[SIV_LEN/sizeof(uint64_t)];
+    unsigned char byte[SIV_LEN];
+} SIV_BLOCK;
+
+struct siv128_context {
+    /* d stores intermediate results of S2V; it corresponds to D from the
+       pseudocode in section 2.4 of RFC 5297. */
+    SIV_BLOCK d;
+    SIV_BLOCK tag;
+    EVP_CIPHER_CTX *cipher_ctx;
+    EVP_MAC_CTX *mac_ctx_init;
+    int final_ret;
+    int crypto_ok;
+};
 
 #endif /* OPENSSL_NO_SIV */
diff --git a/crypto/include/internal/siv_int.h b/crypto/include/internal/siv_int.h
new file mode 100644 (file)
index 0000000..8a8ef6e
--- /dev/null
@@ -0,0 +1,34 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_NO_SIV
+
+typedef struct siv128_context SIV128_CONTEXT;
+
+SIV128_CONTEXT *CRYPTO_siv128_new(const unsigned char *key, int klen,
+                                  EVP_CIPHER* cbc, EVP_CIPHER* ctr);
+int CRYPTO_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen,
+                       const EVP_CIPHER* cbc, const EVP_CIPHER* ctr);
+int CRYPTO_siv128_copy_ctx(SIV128_CONTEXT *dest, SIV128_CONTEXT *src);
+int CRYPTO_siv128_aad(SIV128_CONTEXT *ctx, const unsigned char *aad,
+                      size_t len);
+int CRYPTO_siv128_encrypt(SIV128_CONTEXT *ctx,
+                          const unsigned char *in, unsigned char *out,
+                          size_t len);
+int CRYPTO_siv128_decrypt(SIV128_CONTEXT *ctx,
+                          const unsigned char *in, unsigned char *out,
+                          size_t len);
+int CRYPTO_siv128_finish(SIV128_CONTEXT *ctx);
+int CRYPTO_siv128_set_tag(SIV128_CONTEXT *ctx, const unsigned char *tag,
+                          size_t len);
+int CRYPTO_siv128_get_tag(SIV128_CONTEXT *ctx, unsigned char *tag, size_t len);
+int CRYPTO_siv128_cleanup(SIV128_CONTEXT *ctx);
+int CRYPTO_siv128_speed(SIV128_CONTEXT *ctx, int arg);
+
+#endif /* OPENSSL_NO_SIV */
index c510d96fe98354b8a96be68ef1de92f7c8608a47..eb8e06c11de1c74be1746160a4c990d590a613f2 100644 (file)
@@ -7,9 +7,9 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <openssl/crypto.h>
-#include "modes_lcl.h"
 #include <string.h>
+#include <openssl/crypto.h>
+#include "internal/modes_int.h"
 
 #if !defined(STRICT_ALIGNMENT) && !defined(PEDANTIC)
 # define STRICT_ALIGNMENT 0
index bfa2d4604caf4ed8eb6f7981fc0470966897ad0d..e97158a11962f5a192fb79323cd2020076cf60d1 100644 (file)
@@ -7,9 +7,9 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <openssl/crypto.h>
-#include "modes_lcl.h"
 #include <string.h>
+#include <openssl/crypto.h>
+#include "internal/modes_int.h"
 
 /*
  * First you setup M and L parameters and pass the key schedule. This is
index 53522406d0f80dae1513735b0f38fa515294e07e..39644a237ee034da7c426368b8a10709adfe055e 100644 (file)
@@ -7,9 +7,9 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <openssl/crypto.h>
-#include "modes_lcl.h"
 #include <string.h>
+#include <openssl/crypto.h>
+#include "internal/modes_int.h"
 
 /*
  * The input and output encrypted as though 128bit cfb mode is being used.
index 177c9556dcd038ff7095c2c7f504306b312ad126..1755b8500efb53e98947b46af6c96021739ded09 100644 (file)
@@ -7,9 +7,9 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <openssl/crypto.h>
-#include "modes_lcl.h"
 #include <string.h>
+#include <openssl/crypto.h>
+#include "internal/modes_int.h"
 
 /*
  * NOTE: the IV/counter CTR mode is big-endian.  The code itself is
index aca4ea877baf3b493cdb3ead9ad3459f9232c16d..b4f2f37775cb49150df409aa5d02e5e16e804201 100644 (file)
@@ -7,9 +7,9 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <openssl/crypto.h>
-#include "modes_lcl.h"
 #include <string.h>
+#include <openssl/crypto.h>
+#include "internal/modes_int.h"
 
 /*
  * Trouble with Ciphertext Stealing, CTS, mode is that there is no
index b4d7215fe6af7a6996f201b25de4fbcdd74f9dc8..371bf7637d8aad0e35289e582d2eebb21467b760 100644 (file)
@@ -7,9 +7,9 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <openssl/crypto.h>
-#include "modes_lcl.h"
 #include <string.h>
+#include <openssl/crypto.h>
+#include "internal/modes_int.h"
 
 #if defined(BSWAP4) && defined(STRICT_ALIGNMENT)
 /* redefine, because alignment is ensured */
diff --git a/crypto/modes/modes_lcl.h b/crypto/modes/modes_lcl.h
deleted file mode 100644 (file)
index d4ce462..0000000
+++ /dev/null
@@ -1,220 +0,0 @@
-/*
- * Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <openssl/modes.h>
-
-#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
-typedef __int64 i64;
-typedef unsigned __int64 u64;
-# define U64(C) C##UI64
-#elif defined(__arch64__)
-typedef long i64;
-typedef unsigned long u64;
-# define U64(C) C##UL
-#else
-typedef long long i64;
-typedef unsigned long long u64;
-# define U64(C) C##ULL
-#endif
-
-typedef unsigned int u32;
-typedef unsigned char u8;
-
-#define STRICT_ALIGNMENT 1
-#ifndef PEDANTIC
-# if defined(__i386)    || defined(__i386__)    || \
-     defined(__x86_64)  || defined(__x86_64__)  || \
-     defined(_M_IX86)   || defined(_M_AMD64)    || defined(_M_X64) || \
-     defined(__aarch64__)                       || \
-     defined(__s390__)  || defined(__s390x__)
-#  undef STRICT_ALIGNMENT
-# endif
-#endif
-
-#if !defined(PEDANTIC) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-# if defined(__GNUC__) && __GNUC__>=2
-#  if defined(__x86_64) || defined(__x86_64__)
-#   define BSWAP8(x) ({ u64 ret_=(x);                   \
-                        asm ("bswapq %0"                \
-                        : "+r"(ret_));   ret_;          })
-#   define BSWAP4(x) ({ u32 ret_=(x);                   \
-                        asm ("bswapl %0"                \
-                        : "+r"(ret_));   ret_;          })
-#  elif (defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)
-#   define BSWAP8(x) ({ u32 lo_=(u64)(x)>>32,hi_=(x);   \
-                        asm ("bswapl %0; bswapl %1"     \
-                        : "+r"(hi_),"+r"(lo_));         \
-                        (u64)hi_<<32|lo_;               })
-#   define BSWAP4(x) ({ u32 ret_=(x);                   \
-                        asm ("bswapl %0"                \
-                        : "+r"(ret_));   ret_;          })
-#  elif defined(__aarch64__)
-#   define BSWAP8(x) ({ u64 ret_;                       \
-                        asm ("rev %0,%1"                \
-                        : "=r"(ret_) : "r"(x)); ret_;   })
-#   define BSWAP4(x) ({ u32 ret_;                       \
-                        asm ("rev %w0,%w1"              \
-                        : "=r"(ret_) : "r"(x)); ret_;   })
-#  elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT)
-#   define BSWAP8(x) ({ u32 lo_=(u64)(x)>>32,hi_=(x);   \
-                        asm ("rev %0,%0; rev %1,%1"     \
-                        : "+r"(hi_),"+r"(lo_));         \
-                        (u64)hi_<<32|lo_;               })
-#   define BSWAP4(x) ({ u32 ret_;                       \
-                        asm ("rev %0,%1"                \
-                        : "=r"(ret_) : "r"((u32)(x)));  \
-                        ret_;                           })
-#  endif
-# elif defined(_MSC_VER)
-#  if _MSC_VER>=1300
-#   include <stdlib.h>
-#   pragma intrinsic(_byteswap_uint64,_byteswap_ulong)
-#   define BSWAP8(x)    _byteswap_uint64((u64)(x))
-#   define BSWAP4(x)    _byteswap_ulong((u32)(x))
-#  elif defined(_M_IX86)
-__inline u32 _bswap4(u32 val)
-{
-_asm mov eax, val _asm bswap eax}
-#   define BSWAP4(x)    _bswap4(x)
-#  endif
-# endif
-#endif
-#if defined(BSWAP4) && !defined(STRICT_ALIGNMENT)
-# define GETU32(p)       BSWAP4(*(const u32 *)(p))
-# define PUTU32(p,v)     *(u32 *)(p) = BSWAP4(v)
-#else
-# define GETU32(p)       ((u32)(p)[0]<<24|(u32)(p)[1]<<16|(u32)(p)[2]<<8|(u32)(p)[3])
-# define PUTU32(p,v)     ((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v))
-#endif
-/*- GCM definitions */ typedef struct {
-    u64 hi, lo;
-} u128;
-
-#ifdef  TABLE_BITS
-# undef  TABLE_BITS
-#endif
-/*
- * Even though permitted values for TABLE_BITS are 8, 4 and 1, it should
- * never be set to 8 [or 1]. For further information see gcm128.c.
- */
-#define TABLE_BITS 4
-
-struct gcm128_context {
-    /* Following 6 names follow names in GCM specification */
-    union {
-        u64 u[2];
-        u32 d[4];
-        u8 c[16];
-        size_t t[16 / sizeof(size_t)];
-    } Yi, EKi, EK0, len, Xi, H;
-    /*
-     * Relative position of Xi, H and pre-computed Htable is used in some
-     * assembler modules, i.e. don't change the order!
-     */
-#if TABLE_BITS==8
-    u128 Htable[256];
-#else
-    u128 Htable[16];
-    void (*gmult) (u64 Xi[2], const u128 Htable[16]);
-    void (*ghash) (u64 Xi[2], const u128 Htable[16], const u8 *inp,
-                   size_t len);
-#endif
-    unsigned int mres, ares;
-    block128_f block;
-    void *key;
-#if !defined(OPENSSL_SMALL_FOOTPRINT)
-    unsigned char Xn[48];
-#endif
-};
-
-/*
- * The maximum permitted number of cipher blocks per data unit in XTS mode.
- * Reference IEEE Std 1619-2018.
- */
-#define XTS_MAX_BLOCKS_PER_DATA_UNIT            (1<<20)
-
-struct xts128_context {
-    void *key1, *key2;
-    block128_f block1, block2;
-};
-
-struct ccm128_context {
-    union {
-        u64 u[2];
-        u8 c[16];
-    } nonce, cmac;
-    u64 blocks;
-    block128_f block;
-    void *key;
-};
-
-#ifndef OPENSSL_NO_OCB
-
-typedef union {
-    u64 a[2];
-    unsigned char c[16];
-} OCB_BLOCK;
-# define ocb_block16_xor(in1,in2,out) \
-    ( (out)->a[0]=(in1)->a[0]^(in2)->a[0], \
-      (out)->a[1]=(in1)->a[1]^(in2)->a[1] )
-# if STRICT_ALIGNMENT
-#  define ocb_block16_xor_misaligned(in1,in2,out) \
-    ocb_block_xor((in1)->c,(in2)->c,16,(out)->c)
-# else
-#  define ocb_block16_xor_misaligned ocb_block16_xor
-# endif
-
-struct ocb128_context {
-    /* Need both encrypt and decrypt key schedules for decryption */
-    block128_f encrypt;
-    block128_f decrypt;
-    void *keyenc;
-    void *keydec;
-    ocb128_f stream;    /* direction dependent */
-    /* Key dependent variables. Can be reused if key remains the same */
-    size_t l_index;
-    size_t max_l_index;
-    OCB_BLOCK l_star;
-    OCB_BLOCK l_dollar;
-    OCB_BLOCK *l;
-    /* Must be reset for each session */
-    struct {
-        u64 blocks_hashed;
-        u64 blocks_processed;
-        OCB_BLOCK offset_aad;
-        OCB_BLOCK sum;
-        OCB_BLOCK offset;
-        OCB_BLOCK checksum;
-    } sess;
-};
-#endif                          /* OPENSSL_NO_OCB */
-
-#ifndef OPENSSL_NO_SIV
-
-#include <openssl/cmac.h>
-
-#define SIV_LEN 16
-
-typedef union siv_block_u {
-    uint64_t word[SIV_LEN/sizeof(uint64_t)];
-    unsigned char byte[SIV_LEN];
-} SIV_BLOCK;
-
-struct siv128_context {
-    /* d stores intermediate results of S2V; it corresponds to D from the
-       pseudocode in section 2.4 of RFC 5297. */
-    SIV_BLOCK d;
-    SIV_BLOCK tag;
-    EVP_CIPHER_CTX *cipher_ctx;
-    EVP_MAC_CTX *mac_ctx_init;
-    int final_ret;
-    int crypto_ok;
-};
-
-#endif /* OPENSSL_NO_SIV */
index 7511101a9372d5a4e2773ac30b426957a9452e50..9e7af6074ff6497e10ef7d21fae9d3299833e350 100644 (file)
@@ -10,7 +10,7 @@
 #include <string.h>
 #include <openssl/crypto.h>
 #include <openssl/err.h>
-#include "modes_lcl.h"
+#include "internal/modes_int.h"
 
 #ifndef OPENSSL_NO_OCB
 
index 96b15c712c398393d2f73e896ef26eb97054c35b..b894cbb5c18e431f56103c4c08615977d133d527 100644 (file)
@@ -7,9 +7,9 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <openssl/crypto.h>
-#include "modes_lcl.h"
 #include <string.h>
+#include <openssl/crypto.h>
+#include "internal/modes_int.h"
 
 /*
  * The input and output encrypted as though 128bit ofb mode is being used.
index 4445cf369ac186d536c2318f79defb49dd82aa12..359252f196e22c2e122d98479e041526042e45d8 100644 (file)
@@ -10,8 +10,9 @@
 #include <string.h>
 #include <stdlib.h>
 #include <openssl/crypto.h>
+#include <openssl/evp.h>
 #include "internal/modes_int.h"
-#include "modes_lcl.h"
+#include "internal/siv_int.h"
 
 #ifndef OPENSSL_NO_SIV
 
index 6c17fdc58f7c74276b852d40c8403c1407090d9a..03b83aa0ed9508bcd5a298778c3a7cca448e7e0f 100644 (file)
@@ -7,9 +7,9 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <openssl/crypto.h>
-#include "modes_lcl.h"
 #include <string.h>
+#include <openssl/crypto.h>
+#include "internal/modes_int.h"
 
 int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx,
                           const unsigned char iv[16],
index e4dd7330178ed6736a5c37b5a957ff49c9b0ca94..4addceaea7058128b6081198f053e04e28a97d03 100644 (file)
@@ -35,16 +35,20 @@ extern "C" {
 #define OSSL_PROV_PARAM_BUILDINFO   "buildinfo"
 
 
-/* Well known cipher parameters */
-
-#define OSSL_CIPHER_PARAM_PADDING   "padding"
-#define OSSL_CIPHER_PARAM_MODE      "mode"
-#define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize" /* OSSL_PARAM_INTEGER */
-#define OSSL_CIPHER_PARAM_FLAGS     "flags" /* OSSL_PARAM_UNSIGNED_INTEGER */
-#define OSSL_CIPHER_PARAM_KEYLEN    "keylen" /* OSSL_PARAM_INTEGER */
-#define OSSL_CIPHER_PARAM_IVLEN     "ivlen"  /* OSSL_PARAM_INTEGER */
-#define OSSL_CIPHER_PARAM_IV        "iv"  /* OSSL_PARAM_OCTET_PTR */
-#define OSSL_CIPHER_PARAM_NUM       "num" /* OSSL_PARAM_INTEGER */
+/* cipher parameters */
+#define OSSL_CIPHER_PARAM_PADDING   "padding"    /* int */
+#define OSSL_CIPHER_PARAM_MODE      "mode"       /* int */
+#define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize" /* int */
+#define OSSL_CIPHER_PARAM_FLAGS     "flags"      /* ulong */
+#define OSSL_CIPHER_PARAM_KEYLEN    "keylen"     /* int */
+#define OSSL_CIPHER_PARAM_IVLEN     "ivlen"      /* int */
+#define OSSL_CIPHER_PARAM_IV        "iv"         /* octet_string OR octet_ptr */
+#define OSSL_CIPHER_PARAM_NUM       "num"        /* int */
+#define OSSL_CIPHER_PARAM_AEAD_TAG           "tag"        /* octet_string */
+#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD      "tlsaad"     /* octet_string */
+#define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD  "tlsaadpad"  /* size_t */
+#define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed" /* octet_string */
+#define OSSL_CIPHER_PARAM_AEAD_IVLEN         "aeadivlen"  /* size_t */
 
 /* digest parameters */
 #define OSSL_DIGEST_PARAM_XOFLEN    "xoflen"
index 0542732704d27363ee676fb5963caf380719e77b..37a31709d4382b25a97d3ae7cb76633e94d1fe98 100644 (file)
@@ -181,6 +181,7 @@ OSSL_CORE_MAKE_FUNC(int, OP_digest_set_params,
                     (void *vctx, const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, OP_digest_get_params,
                     (void *vctx, OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(unsigned long, OP_cipher_get_flags, (void))
 
 /* Symmetric Ciphers */
 
index 619386ca5aecf31d2c118688ea40c9783be1a390..a1ca5a9be2fd9bc7747cbb0465cbeea2f7d778da 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
 #include <string.h>
 #include <assert.h>
 #include <openssl/aes.h>
+#include "internal/modes_int.h"
 #include "internal/evp_int.h"
 #include <openssl/rand.h>
 #include <openssl/cmac.h>
 #include "ciphers_locl.h"
 #include "internal/providercommonerr.h"
+#include "internal/aes_platform.h"
 
 #define MAXBITCHUNK     ((size_t)1 << (sizeof(size_t) * 8 - 4))
 
-#ifdef VPAES_ASM
-int vpaes_set_encrypt_key(const unsigned char *userKey, int bits,
-                          AES_KEY *key);
-int vpaes_set_decrypt_key(const unsigned char *userKey, int bits,
-                          AES_KEY *key);
-
-void vpaes_encrypt(const unsigned char *in, unsigned char *out,
-                   const AES_KEY *key);
-void vpaes_decrypt(const unsigned char *in, unsigned char *out,
-                   const AES_KEY *key);
-
-void vpaes_cbc_encrypt(const unsigned char *in,
-                       unsigned char *out,
-                       size_t length,
-                       const AES_KEY *key, unsigned char *ivec, int enc);
-#endif
-#ifdef BSAES_ASM
-void bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out,
-                       size_t length, const AES_KEY *key,
-                       unsigned char ivec[16], int enc);
-void bsaes_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
-                                size_t len, const AES_KEY *key,
-                                const unsigned char ivec[16]);
-#endif
-#ifdef AES_CTR_ASM
-void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
-                       size_t blocks, const AES_KEY *key,
-                       const unsigned char ivec[AES_BLOCK_SIZE]);
-#endif
-
-
-#if defined(OPENSSL_CPUID_OBJ) && (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC))
-# include "ppc_arch.h"
-# ifdef VPAES_ASM
-#  define VPAES_CAPABLE (OPENSSL_ppccap_P & PPC_ALTIVEC)
-# endif
-# define HWAES_CAPABLE  (OPENSSL_ppccap_P & PPC_CRYPTO207)
-# define HWAES_set_encrypt_key aes_p8_set_encrypt_key
-# define HWAES_set_decrypt_key aes_p8_set_decrypt_key
-# define HWAES_encrypt aes_p8_encrypt
-# define HWAES_decrypt aes_p8_decrypt
-# define HWAES_cbc_encrypt aes_p8_cbc_encrypt
-# define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks
-# define HWAES_xts_encrypt aes_p8_xts_encrypt
-# define HWAES_xts_decrypt aes_p8_xts_decrypt
-#endif
-
-#if     defined(AES_ASM) && !defined(I386_ONLY) &&      (  \
-        ((defined(__i386)       || defined(__i386__)    || \
-          defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \
-        defined(__x86_64)       || defined(__x86_64__)  || \
-        defined(_M_AMD64)       || defined(_M_X64)      )
+#if defined(AESNI_CAPABLE)
 
-extern unsigned int OPENSSL_ia32cap_P[];
-
-# ifdef VPAES_ASM
-#  define VPAES_CAPABLE   (OPENSSL_ia32cap_P[1]&(1<<(41-32)))
-# endif
-# ifdef BSAES_ASM
-#  define BSAES_CAPABLE   (OPENSSL_ia32cap_P[1]&(1<<(41-32)))
-# endif
-/*
- * AES-NI section
- */
-# define AESNI_CAPABLE   (OPENSSL_ia32cap_P[1]&(1<<(57-32)))
-
-int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
-                          AES_KEY *key);
-int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
-                          AES_KEY *key);
-
-void aesni_encrypt(const unsigned char *in, unsigned char *out,
-                   const AES_KEY *key);
-void aesni_decrypt(const unsigned char *in, unsigned char *out,
-                   const AES_KEY *key);
-
-void aesni_ecb_encrypt(const unsigned char *in,
-                       unsigned char *out,
-                       size_t length, const AES_KEY *key, int enc);
-void aesni_cbc_encrypt(const unsigned char *in,
-                       unsigned char *out,
-                       size_t length,
-                       const AES_KEY *key, unsigned char *ivec, int enc);
-
-void aesni_ctr32_encrypt_blocks(const unsigned char *in,
-                                unsigned char *out,
-                                size_t blocks,
-                                const void *key, const unsigned char *ivec);
+/* AES-NI section. */
 
 static int aesni_init_key(PROV_AES_KEY *dat, const unsigned char *key,
                           size_t keylen)
@@ -190,69 +107,7 @@ const PROV_AES_CIPHER *PROV_AES_CIPHER_##mode(size_t keylen) \
 { return AESNI_CAPABLE?&aesni_##mode:&aes_##mode; }
 
 
-#elif   defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
-
-# include "sparc_arch.h"
-
-extern unsigned int OPENSSL_sparcv9cap_P[];
-
-/*
- * Fujitsu SPARC64 X support
- */
-# define HWAES_CAPABLE           (OPENSSL_sparcv9cap_P[0] & SPARCV9_FJAESX)
-# define HWAES_set_encrypt_key aes_fx_set_encrypt_key
-# define HWAES_set_decrypt_key aes_fx_set_decrypt_key
-# define HWAES_encrypt aes_fx_encrypt
-# define HWAES_decrypt aes_fx_decrypt
-# define HWAES_cbc_encrypt aes_fx_cbc_encrypt
-# define HWAES_ctr32_encrypt_blocks aes_fx_ctr32_encrypt_blocks
-
-# define SPARC_AES_CAPABLE       (OPENSSL_sparcv9cap_P[1] & CFR_AES)
-
-void aes_t4_set_encrypt_key(const unsigned char *key, int bits, AES_KEY *ks);
-void aes_t4_set_decrypt_key(const unsigned char *key, int bits, AES_KEY *ks);
-void aes_t4_encrypt(const unsigned char *in, unsigned char *out,
-                    const AES_KEY *key);
-void aes_t4_decrypt(const unsigned char *in, unsigned char *out,
-                    const AES_KEY *key);
-/*
- * Key-length specific subroutines were chosen for following reason.
- * Each SPARC T4 core can execute up to 8 threads which share core's
- * resources. Loading as much key material to registers allows to
- * minimize references to shared memory interface, as well as amount
- * of instructions in inner loops [much needed on T4]. But then having
- * non-key-length specific routines would require conditional branches
- * either in inner loops or on subroutines' entries. Former is hardly
- * acceptable, while latter means code size increase to size occupied
- * by multiple key-length specific subroutines, so why fight?
- */
-void aes128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
-                           size_t len, const AES_KEY *key,
-                           unsigned char *ivec);
-void aes128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
-                           size_t len, const AES_KEY *key,
-                           unsigned char *ivec);
-void aes192_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
-                           size_t len, const AES_KEY *key,
-                           unsigned char *ivec);
-void aes192_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
-                           size_t len, const AES_KEY *key,
-                           unsigned char *ivec);
-void aes256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
-                           size_t len, const AES_KEY *key,
-                           unsigned char *ivec);
-void aes256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
-                           size_t len, const AES_KEY *key,
-                           unsigned char *ivec);
-void aes128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
-                             size_t blocks, const AES_KEY *key,
-                             unsigned char *ivec);
-void aes192_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
-                             size_t blocks, const AES_KEY *key,
-                             unsigned char *ivec);
-void aes256_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
-                             size_t blocks, const AES_KEY *key,
-                             unsigned char *ivec);
+#elif defined(SPARC_AES_CAPABLE)
 
 static int aes_t4_init_key(PROV_AES_KEY *dat, const unsigned char *key,
                            size_t keylen)
@@ -362,30 +217,15 @@ const PROV_AES_CIPHER *PROV_AES_CIPHER_##mode(size_t keylen) \
 { return SPARC_AES_CAPABLE?&aes_t4_##mode:&aes_##mode; }
 
 
-#elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
+#elif defined(S390X_aes_128_CAPABLE)
 /*
  * IBM S390X support
  */
 # include "s390x_arch.h"
 
-/* Convert key size to function code: [16,24,32] -> [18,19,20]. */
-# define S390X_AES_FC(keylen)  (S390X_AES_128 + ((((keylen) << 3) - 128) >> 6))
-
-/* Most modes of operation need km for partial block processing. */
-# define S390X_aes_128_CAPABLE (OPENSSL_s390xcap_P.km[0] &     \
-                                S390X_CAPBIT(S390X_AES_128))
-# define S390X_aes_192_CAPABLE (OPENSSL_s390xcap_P.km[0] &     \
-                                S390X_CAPBIT(S390X_AES_192))
-# define S390X_aes_256_CAPABLE (OPENSSL_s390xcap_P.km[0] &     \
-                                S390X_CAPBIT(S390X_AES_256))
-
 # define s390x_aes_init_key aes_init_key
 static int s390x_aes_init_key(PROV_AES_KEY *dat, const unsigned char *key,
                               size_t keylen);
-
-# define S390X_aes_128_cbc_CAPABLE  1  /* checked by callee */
-# define S390X_aes_192_cbc_CAPABLE  1
-# define S390X_aes_256_cbc_CAPABLE  1
 # define S390X_AES_CBC_CTX          PROV_AES_KEY
 
 # define s390x_aes_cbc_init_key aes_init_key
@@ -394,10 +234,6 @@ static int s390x_aes_init_key(PROV_AES_KEY *dat, const unsigned char *key,
 static int s390x_aes_cbc_cipher(PROV_AES_KEY *dat, unsigned char *out,
                                 const unsigned char *in, size_t len);
 
-# define S390X_aes_128_ecb_CAPABLE  S390X_aes_128_CAPABLE
-# define S390X_aes_192_ecb_CAPABLE  S390X_aes_192_CAPABLE
-# define S390X_aes_256_ecb_CAPABLE  S390X_aes_256_CAPABLE
-
 static int s390x_aes_ecb_init_key(PROV_AES_KEY *dat, const unsigned char *key,
                                   size_t keylen)
 {
@@ -417,16 +253,6 @@ static int s390x_aes_ecb_cipher(PROV_AES_KEY *dat, unsigned char *out,
     return 1;
 }
 
-# define S390X_aes_128_ofb_CAPABLE (S390X_aes_128_CAPABLE &&        \
-                                    (OPENSSL_s390xcap_P.kmo[0] &    \
-                                     S390X_CAPBIT(S390X_AES_128)))
-# define S390X_aes_192_ofb_CAPABLE (S390X_aes_192_CAPABLE &&        \
-                                    (OPENSSL_s390xcap_P.kmo[0] &    \
-                                     S390X_CAPBIT(S390X_AES_192)))
-# define S390X_aes_256_ofb_CAPABLE (S390X_aes_256_CAPABLE &&        \
-                                    (OPENSSL_s390xcap_P.kmo[0] &    \
-                                     S390X_CAPBIT(S390X_AES_256)))
-
 static int s390x_aes_ofb_init_key(PROV_AES_KEY *dat, const unsigned char *key,
                                   size_t keylen)
 {
@@ -477,16 +303,6 @@ static int s390x_aes_ofb_cipher(PROV_AES_KEY *dat, unsigned char *out,
     return 1;
 }
 
-# define S390X_aes_128_cfb_CAPABLE (S390X_aes_128_CAPABLE &&        \
-                                    (OPENSSL_s390xcap_P.kmf[0] &    \
-                                     S390X_CAPBIT(S390X_AES_128)))
-# define S390X_aes_192_cfb_CAPABLE (S390X_aes_192_CAPABLE &&        \
-                                    (OPENSSL_s390xcap_P.kmf[0] &    \
-                                     S390X_CAPBIT(S390X_AES_192)))
-# define S390X_aes_256_cfb_CAPABLE (S390X_aes_256_CAPABLE &&        \
-                                    (OPENSSL_s390xcap_P.kmf[0] &    \
-                                     S390X_CAPBIT(S390X_AES_256)))
-
 static int s390x_aes_cfb_init_key(PROV_AES_KEY *dat, const unsigned char *key,
                                   size_t keylen)
 {
@@ -546,13 +362,6 @@ static int s390x_aes_cfb_cipher(PROV_AES_KEY *dat, unsigned char *out,
     return 1;
 }
 
-# define S390X_aes_128_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] &    \
-                                     S390X_CAPBIT(S390X_AES_128))
-# define S390X_aes_192_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] &    \
-                                     S390X_CAPBIT(S390X_AES_192))
-# define S390X_aes_256_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] &    \
-                                     S390X_CAPBIT(S390X_AES_256))
-
 static int s390x_aes_cfb8_init_key(PROV_AES_KEY *dat, const unsigned char *key,
                                   size_t keylen)
 {
@@ -574,19 +383,11 @@ static int s390x_aes_cfb8_cipher(PROV_AES_KEY *dat, unsigned char *out,
     return 1;
 }
 
-# define S390X_aes_128_cfb1_CAPABLE 0
-# define S390X_aes_192_cfb1_CAPABLE 0
-# define S390X_aes_256_cfb1_CAPABLE 0
-
 # define s390x_aes_cfb1_init_key aes_init_key
 
 # define s390x_aes_cfb1_cipher aes_cfb1_cipher
 static int s390x_aes_cfb1_cipher(PROV_AES_KEY *dat, unsigned char *out,
                                  const unsigned char *in, size_t len);
-
-# define S390X_aes_128_ctr_CAPABLE  1  /* checked by callee */
-# define S390X_aes_192_ctr_CAPABLE  1
-# define S390X_aes_256_ctr_CAPABLE  1
 # define S390X_AES_CTR_CTX          PROV_AES_KEY
 
 # define s390x_aes_ctr_init_key aes_init_key
@@ -615,7 +416,7 @@ const PROV_AES_CIPHER *PROV_AES_CIPHER_##mode(size_t keylen) \
 }
 
 #else
-
+/* The generic case */
 # define BLOCK_CIPHER_generic_prov(mode) \
 static const PROV_AES_CIPHER aes_##mode = { \
         aes_init_key,                   \
@@ -625,42 +426,6 @@ const PROV_AES_CIPHER *PROV_AES_CIPHER_##mode(size_t keylen) \
 
 #endif
 
-#if defined(OPENSSL_CPUID_OBJ) && (defined(__arm__) || defined(__arm) || defined(__aarch64__))
-# include "arm_arch.h"
-# if __ARM_MAX_ARCH__>=7
-#  if defined(BSAES_ASM)
-#   define BSAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON)
-#  endif
-#  if defined(VPAES_ASM)
-#   define VPAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON)
-#  endif
-#  define HWAES_CAPABLE (OPENSSL_armcap_P & ARMV8_AES)
-#  define HWAES_set_encrypt_key aes_v8_set_encrypt_key
-#  define HWAES_set_decrypt_key aes_v8_set_decrypt_key
-#  define HWAES_encrypt aes_v8_encrypt
-#  define HWAES_decrypt aes_v8_decrypt
-#  define HWAES_cbc_encrypt aes_v8_cbc_encrypt
-#  define HWAES_ctr32_encrypt_blocks aes_v8_ctr32_encrypt_blocks
-# endif
-#endif
-
-#if defined(HWAES_CAPABLE)
-int HWAES_set_encrypt_key(const unsigned char *userKey, const int bits,
-                          AES_KEY *key);
-int HWAES_set_decrypt_key(const unsigned char *userKey, const int bits,
-                          AES_KEY *key);
-void HWAES_encrypt(const unsigned char *in, unsigned char *out,
-                   const AES_KEY *key);
-void HWAES_decrypt(const unsigned char *in, unsigned char *out,
-                   const AES_KEY *key);
-void HWAES_cbc_encrypt(const unsigned char *in, unsigned char *out,
-                       size_t length, const AES_KEY *key,
-                       unsigned char *ivec, const int enc);
-void HWAES_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
-                                size_t len, const AES_KEY *key,
-                                const unsigned char ivec[16]);
-#endif
-
 static int aes_init_key(PROV_AES_KEY *dat, const unsigned char *key,
                         size_t keylen)
 {
index e38f1422591b9634cd96b3fd3a69be2bf180ec8c..6966149811a0cffcc602bba44e59d058eadb7936 100644 (file)
@@ -504,7 +504,7 @@ IF[{- !$disabled{tests} -}]
     DEPEND[asn1_internal_test]=../libcrypto.a libtestutil.a
 
     SOURCE[modes_internal_test]=modes_internal_test.c
-    INCLUDE[modes_internal_test]=.. ../include ../apps/include
+    INCLUDE[modes_internal_test]=.. ../include ../apps/include ../crypto/include
     DEPEND[modes_internal_test]=../libcrypto.a libtestutil.a
 
     SOURCE[x509_internal_test]=x509_internal_test.c
index 656dfab4c5412d90fbbd2d1ae4f20200d25a5a0c..02e5c8d0a8c93666db0beed314b10387eecc45dd 100644 (file)
@@ -14,8 +14,8 @@
 
 #include <openssl/aes.h>
 #include <openssl/modes.h>
-#include "../crypto/modes/modes_lcl.h"
 #include "testutil.h"
+#include "internal/modes_int.h"
 #include "internal/nelem.h"
 
 typedef struct {