diff options
| author |   miod <miod@openbsd.org> | 2014-07-09 09:10:07 +0000 |
|---|---|---|
| committer | miod <miod@openbsd.org> | 2014-07-09 09:10:07 +0000 |
| commit | edf0542be2a949413a5b974a5243adcdde336d23 (patch) | |
| tree | 884f9767aa6ac4925e8d8e91ec6b9437ede8fb90 /lib | |
| parent | Be more strict in RSA_padding_check_X931(), and thus avoid a possible (diff) | |
| download | wireguard-openbsd-edf0542be2a949413a5b974a5243adcdde336d23.tar.xz wireguard-openbsd-edf0542be2a949413a5b974a5243adcdde336d23.zip | |
Kill more FIPS tentacles by removing the private_AES_set_{enc,dec}rypt_key()
internal interfaces, and promoting them to being the public
AES_set_{enc,dec}rypt_key() interfaces. In non-FIPS mode, these public
interfaces were directly calling the private ones.
ok guenther@ jsing@
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libcrypto/aes/aes.h | 7 | ||||
| -rw-r--r-- | lib/libcrypto/aes/aes_core.c | 17 | ||||
| -rw-r--r-- | lib/libcrypto/aes/aes_misc.c | 18 | ||||
| -rw-r--r-- | lib/libcrypto/aes/asm/aes-586.pl | 14 | ||||
| -rw-r--r-- | lib/libcrypto/aes/asm/aes-armv4.pl | 16 | ||||
| -rw-r--r-- | lib/libcrypto/aes/asm/aes-mips.pl | 20 | ||||
| -rw-r--r-- | lib/libcrypto/aes/asm/aes-s390x.pl | 16 | ||||
| -rwxr-xr-x | lib/libcrypto/aes/asm/aes-x86_64.pl | 36 | ||||
| -rw-r--r-- | lib/libssl/src/crypto/aes/aes.h | 7 | ||||
| -rw-r--r-- | lib/libssl/src/crypto/aes/aes_core.c | 17 | ||||
| -rw-r--r-- | lib/libssl/src/crypto/aes/aes_misc.c | 18 | ||||
| -rw-r--r-- | lib/libssl/src/crypto/aes/asm/aes-586.pl | 14 | ||||
| -rw-r--r-- | lib/libssl/src/crypto/aes/asm/aes-armv4.pl | 16 | ||||
| -rw-r--r-- | lib/libssl/src/crypto/aes/asm/aes-mips.pl | 20 | ||||
| -rw-r--r-- | lib/libssl/src/crypto/aes/asm/aes-s390x.pl | 16 | ||||
| -rwxr-xr-x | lib/libssl/src/crypto/aes/asm/aes-x86_64.pl | 36 |
16 files changed, 120 insertions, 168 deletions
diff --git a/lib/libcrypto/aes/aes.h b/lib/libcrypto/aes/aes.h index 10a87e7f0de..c904485d8f5 100644 --- a/lib/libcrypto/aes/aes.h +++ b/lib/libcrypto/aes/aes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: aes.h,v 1.13 2014/06/12 15:49:27 deraadt Exp $ */ +/* $OpenBSD: aes.h,v 1.14 2014/07/09 09:10:07 miod Exp $ */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * @@ -86,11 +86,6 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, int AES_set_decrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key); -int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key); -int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key); - void AES_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key); void AES_decrypt(const unsigned char *in, unsigned char *out, diff --git a/lib/libcrypto/aes/aes_core.c b/lib/libcrypto/aes/aes_core.c index 301a207ce83..ee21057392c 100644 --- a/lib/libcrypto/aes/aes_core.c +++ b/lib/libcrypto/aes/aes_core.c @@ -1,4 +1,4 @@ -/* $OpenBSD: aes_core.c,v 1.10 2014/06/12 15:49:27 deraadt Exp $ */ +/* $OpenBSD: aes_core.c,v 1.11 2014/07/09 09:10:07 miod Exp $ */ /** * rijndael-alg-fst.c * @@ -626,8 +626,7 @@ static const u32 rcon[] = { * Expand the cipher key into the encryption key schedule. */ int -private_AES_set_encrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key) +AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) { u32 *rk; int i = 0; @@ -728,15 +727,14 @@ private_AES_set_encrypt_key(const unsigned char *userKey, const int bits, * Expand the cipher key into the decryption key schedule. */ int -private_AES_set_decrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key) +AES_set_decrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) { u32 *rk; int i, j, status; u32 temp; /* first, start with an encryption schedule */ - status = private_AES_set_encrypt_key(userKey, bits, key); + status = AES_set_encrypt_key(userKey, bits, key); if (status < 0) return status; @@ -1213,8 +1211,7 @@ static const u32 rcon[] = { * Expand the cipher key into the encryption key schedule. */ int -private_AES_set_encrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key) +AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) { u32 *rk; int i = 0; @@ -1315,7 +1312,7 @@ private_AES_set_encrypt_key(const unsigned char *userKey, const int bits, * Expand the cipher key into the decryption key schedule. */ int -private_AES_set_decrypt_key(const unsigned char *userKey, const int bits, +AES_set_decrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) { u32 *rk; @@ -1323,7 +1320,7 @@ private_AES_set_decrypt_key(const unsigned char *userKey, const int bits, u32 temp; /* first, start with an encryption schedule */ - status = private_AES_set_encrypt_key(userKey, bits, key); + status = AES_set_encrypt_key(userKey, bits, key); if (status < 0) return status; diff --git a/lib/libcrypto/aes/aes_misc.c b/lib/libcrypto/aes/aes_misc.c index 213e87537f8..343fc33c702 100644 --- a/lib/libcrypto/aes/aes_misc.c +++ b/lib/libcrypto/aes/aes_misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: aes_misc.c,v 1.8 2014/06/12 15:49:27 deraadt Exp $ */ +/* $OpenBSD: aes_misc.c,v 1.9 2014/07/09 09:10:07 miod Exp $ */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * @@ -65,19 +65,3 @@ AES_options(void) return "aes(partial)"; #endif } - -/* FIPS wrapper functions to block low level AES calls in FIPS mode */ - -int -AES_set_encrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key) -{ - return private_AES_set_encrypt_key(userKey, bits, key); -} - -int -AES_set_decrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key) -{ - return private_AES_set_decrypt_key(userKey, bits, key); -} diff --git a/lib/libcrypto/aes/asm/aes-586.pl b/lib/libcrypto/aes/asm/aes-586.pl index 687ed811be4..aab40e6f1cf 100644 --- a/lib/libcrypto/aes/asm/aes-586.pl +++ b/lib/libcrypto/aes/asm/aes-586.pl @@ -39,7 +39,7 @@ # but exhibits up to 10% improvement on other cores. # # Second version is "monolithic" replacement for aes_core.c, which in -# addition to AES_[de|en]crypt implements private_AES_set_[de|en]cryption_key. +# addition to AES_[de|en]crypt implements AES_set_[de|en]cryption_key. # This made it possible to implement little-endian variant of the # algorithm without modifying the base C code. Motivating factor for # the undertaken effort was that it appeared that in tight IA-32 @@ -2854,12 +2854,12 @@ sub enckey() &set_label("exit"); &function_end("_x86_AES_set_encrypt_key"); -# int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits, +# int AES_set_encrypt_key(const unsigned char *userKey, const int bits, # AES_KEY *key) -&function_begin_B("private_AES_set_encrypt_key"); +&function_begin_B("AES_set_encrypt_key"); &call ("_x86_AES_set_encrypt_key"); &ret (); -&function_end_B("private_AES_set_encrypt_key"); +&function_end_B("AES_set_encrypt_key"); sub deckey() { my ($i,$key,$tp1,$tp2,$tp4,$tp8) = @_; @@ -2916,9 +2916,9 @@ sub deckey() &mov (&DWP(4*$i,$key),$tp1); } -# int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits, +# int AES_set_decrypt_key(const unsigned char *userKey, const int bits, # AES_KEY *key) -&function_begin_B("private_AES_set_decrypt_key"); +&function_begin_B("AES_set_decrypt_key"); &call ("_x86_AES_set_encrypt_key"); &cmp ("eax",0); &je (&label("proceed")); @@ -2974,7 +2974,7 @@ sub deckey() &jb (&label("permute")); &xor ("eax","eax"); # return success -&function_end("private_AES_set_decrypt_key"); +&function_end("AES_set_decrypt_key"); &asciz("AES for x86, CRYPTOGAMS by <appro\@openssl.org>"); &asm_finish(); diff --git a/lib/libcrypto/aes/asm/aes-armv4.pl b/lib/libcrypto/aes/asm/aes-armv4.pl index 86b86c4a0fb..717cc1ed7f0 100644 --- a/lib/libcrypto/aes/asm/aes-armv4.pl +++ b/lib/libcrypto/aes/asm/aes-armv4.pl @@ -404,10 +404,10 @@ _armv4_AES_encrypt: ldr pc,[sp],#4 @ pop and return .size _armv4_AES_encrypt,.-_armv4_AES_encrypt -.global private_AES_set_encrypt_key -.type private_AES_set_encrypt_key,%function +.global AES_set_encrypt_key +.type AES_set_encrypt_key,%function .align 5 -private_AES_set_encrypt_key: +AES_set_encrypt_key: _armv4_AES_set_encrypt_key: sub r3,pc,#8 @ AES_set_encrypt_key teq r0,#0 @@ -679,12 +679,12 @@ _armv4_AES_set_encrypt_key: .Labrt: tst lr,#1 moveq pc,lr @ be binary compatible with V4, yet bx lr @ interoperable with Thumb ISA:-) -.size private_AES_set_encrypt_key,.-private_AES_set_encrypt_key +.size AES_set_encrypt_key,.-AES_set_encrypt_key -.global private_AES_set_decrypt_key -.type private_AES_set_decrypt_key,%function +.global AES_set_decrypt_key +.type AES_set_decrypt_key,%function .align 5 -private_AES_set_decrypt_key: +AES_set_decrypt_key: str lr,[sp,#-4]! @ push lr bl _armv4_AES_set_encrypt_key teq r0,#0 @@ -773,7 +773,7 @@ $code.=<<___; moveq pc,lr @ be binary compatible with V4, yet bx lr @ interoperable with Thumb ISA:-) #endif -.size private_AES_set_decrypt_key,.-private_AES_set_decrypt_key +.size AES_set_decrypt_key,.-AES_set_decrypt_key .type AES_Td,%object .align 5 diff --git a/lib/libcrypto/aes/asm/aes-mips.pl b/lib/libcrypto/aes/asm/aes-mips.pl index e52395421b3..2ce6deffc88 100644 --- a/lib/libcrypto/aes/asm/aes-mips.pl +++ b/lib/libcrypto/aes/asm/aes-mips.pl @@ -1036,9 +1036,9 @@ _mips_AES_set_encrypt_key: nop .end _mips_AES_set_encrypt_key -.globl private_AES_set_encrypt_key -.ent private_AES_set_encrypt_key -private_AES_set_encrypt_key: +.globl AES_set_encrypt_key +.ent AES_set_encrypt_key +AES_set_encrypt_key: .frame $sp,$FRAMESIZE,$ra .mask $SAVED_REGS_MASK,-$SZREG .set noreorder @@ -1060,7 +1060,7 @@ $code.=<<___ if ($flavour =~ /nubi/i); # optimize non-nubi prologue ___ $code.=<<___ if ($flavour !~ /o32/i); # non-o32 PIC-ification .cplocal $Tbl - .cpsetup $pf,$zero,private_AES_set_encrypt_key + .cpsetup $pf,$zero,AES_set_encrypt_key ___ $code.=<<___; .set reorder @@ -1083,7 +1083,7 @@ ___ $code.=<<___; jr $ra $PTR_ADD $sp,$FRAMESIZE -.end private_AES_set_encrypt_key +.end AES_set_encrypt_key ___ my ($head,$tail)=($inp,$bits); @@ -1091,9 +1091,9 @@ my ($tp1,$tp2,$tp4,$tp8,$tp9,$tpb,$tpd,$tpe)=($a4,$a5,$a6,$a7,$s0,$s1,$s2,$s3); my ($m,$x80808080,$x7f7f7f7f,$x1b1b1b1b)=($at,$t0,$t1,$t2); $code.=<<___; .align 5 -.globl private_AES_set_decrypt_key -.ent private_AES_set_decrypt_key -private_AES_set_decrypt_key: +.globl AES_set_decrypt_key +.ent AES_set_decrypt_key +AES_set_decrypt_key: .frame $sp,$FRAMESIZE,$ra .mask $SAVED_REGS_MASK,-$SZREG .set noreorder @@ -1115,7 +1115,7 @@ $code.=<<___ if ($flavour =~ /nubi/i); # optimize non-nubi prologue ___ $code.=<<___ if ($flavour !~ /o32/i); # non-o32 PIC-ification .cplocal $Tbl - .cpsetup $pf,$zero,private_AES_set_decrypt_key + .cpsetup $pf,$zero,AES_set_decrypt_key ___ $code.=<<___; .set reorder @@ -1226,7 +1226,7 @@ ___ $code.=<<___; jr $ra $PTR_ADD $sp,$FRAMESIZE -.end private_AES_set_decrypt_key +.end AES_set_decrypt_key ___ }}} diff --git a/lib/libcrypto/aes/asm/aes-s390x.pl b/lib/libcrypto/aes/asm/aes-s390x.pl index e75dcd0315e..71d5b55077f 100644 --- a/lib/libcrypto/aes/asm/aes-s390x.pl +++ b/lib/libcrypto/aes/asm/aes-s390x.pl @@ -779,10 +779,10 @@ ___ $code.=<<___; # void AES_set_encrypt_key(const unsigned char *in, int bits, # AES_KEY *key) { -.globl private_AES_set_encrypt_key -.type private_AES_set_encrypt_key,\@function +.globl AES_set_encrypt_key +.type AES_set_encrypt_key,\@function .align 16 -private_AES_set_encrypt_key: +AES_set_encrypt_key: _s390x_AES_set_encrypt_key: lghi $t0,0 cl${g}r $inp,$t0 @@ -1063,14 +1063,14 @@ $code.=<<___; .Lminus1: lghi %r2,-1 br $ra -.size private_AES_set_encrypt_key,.-private_AES_set_encrypt_key +.size AES_set_encrypt_key,.-AES_set_encrypt_key # void AES_set_decrypt_key(const unsigned char *in, int bits, # AES_KEY *key) { -.globl private_AES_set_decrypt_key -.type private_AES_set_decrypt_key,\@function +.globl AES_set_decrypt_key +.type AES_set_decrypt_key,\@function .align 16 -private_AES_set_decrypt_key: +AES_set_decrypt_key: #st${g} $key,4*$SIZE_T($sp) # I rely on AES_set_encrypt_key to st${g} $ra,14*$SIZE_T($sp) # save non-volatile registers and $key! bras $ra,_s390x_AES_set_encrypt_key @@ -1170,7 +1170,7 @@ $code.=<<___; lm${g} %r6,%r13,6*$SIZE_T($sp)# as was saved by AES_set_encrypt_key! lghi %r2,0 br $ra -.size private_AES_set_decrypt_key,.-private_AES_set_decrypt_key +.size AES_set_decrypt_key,.-AES_set_decrypt_key ___ ######################################################################## diff --git a/lib/libcrypto/aes/asm/aes-x86_64.pl b/lib/libcrypto/aes/asm/aes-x86_64.pl index 34cbb5d8442..f75e90ba87d 100755 --- a/lib/libcrypto/aes/asm/aes-x86_64.pl +++ b/lib/libcrypto/aes/asm/aes-x86_64.pl @@ -1284,13 +1284,13 @@ $code.=<<___; ___ } -# int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits, +# int AES_set_encrypt_key(const unsigned char *userKey, const int bits, # AES_KEY *key) $code.=<<___; -.globl private_AES_set_encrypt_key -.type private_AES_set_encrypt_key,\@function,3 +.globl AES_set_encrypt_key +.type AES_set_encrypt_key,\@function,3 .align 16 -private_AES_set_encrypt_key: +AES_set_encrypt_key: push %rbx push %rbp push %r12 # redundant, but allows to share @@ -1311,7 +1311,7 @@ private_AES_set_encrypt_key: add \$56,%rsp .Lenc_key_epilogue: ret -.size private_AES_set_encrypt_key,.-private_AES_set_encrypt_key +.size AES_set_encrypt_key,.-AES_set_encrypt_key .type _x86_64_AES_set_encrypt_key,\@abi-omnipotent .align 16 @@ -1554,13 +1554,13 @@ $code.=<<___; ___ } -# int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits, +# int AES_set_decrypt_key(const unsigned char *userKey, const int bits, # AES_KEY *key) $code.=<<___; -.globl private_AES_set_decrypt_key -.type private_AES_set_decrypt_key,\@function,3 +.globl AES_set_decrypt_key +.type AES_set_decrypt_key,\@function,3 .align 16 -private_AES_set_decrypt_key: +AES_set_decrypt_key: push %rbx push %rbp push %r12 @@ -1629,7 +1629,7 @@ $code.=<<___; add \$56,%rsp .Ldec_key_epilogue: ret -.size private_AES_set_decrypt_key,.-private_AES_set_decrypt_key +.size AES_set_decrypt_key,.-AES_set_decrypt_key ___ # void AES_cbc_encrypt (const void char *inp, unsigned char *out, @@ -2776,13 +2776,13 @@ cbc_se_handler: .rva .LSEH_end_AES_decrypt .rva .LSEH_info_AES_decrypt - .rva .LSEH_begin_private_AES_set_encrypt_key - .rva .LSEH_end_private_AES_set_encrypt_key - .rva .LSEH_info_private_AES_set_encrypt_key + .rva .LSEH_begin_AES_set_encrypt_key + .rva .LSEH_end_AES_set_encrypt_key + .rva .LSEH_info_AES_set_encrypt_key - .rva .LSEH_begin_private_AES_set_decrypt_key - .rva .LSEH_end_private_AES_set_decrypt_key - .rva .LSEH_info_private_AES_set_decrypt_key + .rva .LSEH_begin_AES_set_decrypt_key + .rva .LSEH_end_AES_set_decrypt_key + .rva .LSEH_info_AES_set_decrypt_key .rva .LSEH_begin_AES_cbc_encrypt .rva .LSEH_end_AES_cbc_encrypt @@ -2798,11 +2798,11 @@ cbc_se_handler: .byte 9,0,0,0 .rva block_se_handler .rva .Ldec_prologue,.Ldec_epilogue # HandlerData[] -.LSEH_info_private_AES_set_encrypt_key: +.LSEH_info_AES_set_encrypt_key: .byte 9,0,0,0 .rva key_se_handler .rva .Lenc_key_prologue,.Lenc_key_epilogue # HandlerData[] -.LSEH_info_private_AES_set_decrypt_key: +.LSEH_info_AES_set_decrypt_key: .byte 9,0,0,0 .rva key_se_handler .rva .Ldec_key_prologue,.Ldec_key_epilogue # HandlerData[] diff --git a/lib/libssl/src/crypto/aes/aes.h b/lib/libssl/src/crypto/aes/aes.h index 10a87e7f0de..c904485d8f5 100644 --- a/lib/libssl/src/crypto/aes/aes.h +++ b/lib/libssl/src/crypto/aes/aes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: aes.h,v 1.13 2014/06/12 15:49:27 deraadt Exp $ */ +/* $OpenBSD: aes.h,v 1.14 2014/07/09 09:10:07 miod Exp $ */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * @@ -86,11 +86,6 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, int AES_set_decrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key); -int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key); -int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key); - void AES_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key); void AES_decrypt(const unsigned char *in, unsigned char *out, diff --git a/lib/libssl/src/crypto/aes/aes_core.c b/lib/libssl/src/crypto/aes/aes_core.c index 301a207ce83..ee21057392c 100644 --- a/lib/libssl/src/crypto/aes/aes_core.c +++ b/lib/libssl/src/crypto/aes/aes_core.c @@ -1,4 +1,4 @@ -/* $OpenBSD: aes_core.c,v 1.10 2014/06/12 15:49:27 deraadt Exp $ */ +/* $OpenBSD: aes_core.c,v 1.11 2014/07/09 09:10:07 miod Exp $ */ /** * rijndael-alg-fst.c * @@ -626,8 +626,7 @@ static const u32 rcon[] = { * Expand the cipher key into the encryption key schedule. */ int -private_AES_set_encrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key) +AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) { u32 *rk; int i = 0; @@ -728,15 +727,14 @@ private_AES_set_encrypt_key(const unsigned char *userKey, const int bits, * Expand the cipher key into the decryption key schedule. */ int -private_AES_set_decrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key) +AES_set_decrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) { u32 *rk; int i, j, status; u32 temp; /* first, start with an encryption schedule */ - status = private_AES_set_encrypt_key(userKey, bits, key); + status = AES_set_encrypt_key(userKey, bits, key); if (status < 0) return status; @@ -1213,8 +1211,7 @@ static const u32 rcon[] = { * Expand the cipher key into the encryption key schedule. */ int -private_AES_set_encrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key) +AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) { u32 *rk; int i = 0; @@ -1315,7 +1312,7 @@ private_AES_set_encrypt_key(const unsigned char *userKey, const int bits, * Expand the cipher key into the decryption key schedule. */ int -private_AES_set_decrypt_key(const unsigned char *userKey, const int bits, +AES_set_decrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) { u32 *rk; @@ -1323,7 +1320,7 @@ private_AES_set_decrypt_key(const unsigned char *userKey, const int bits, u32 temp; /* first, start with an encryption schedule */ - status = private_AES_set_encrypt_key(userKey, bits, key); + status = AES_set_encrypt_key(userKey, bits, key); if (status < 0) return status; diff --git a/lib/libssl/src/crypto/aes/aes_misc.c b/lib/libssl/src/crypto/aes/aes_misc.c index 213e87537f8..343fc33c702 100644 --- a/lib/libssl/src/crypto/aes/aes_misc.c +++ b/lib/libssl/src/crypto/aes/aes_misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: aes_misc.c,v 1.8 2014/06/12 15:49:27 deraadt Exp $ */ +/* $OpenBSD: aes_misc.c,v 1.9 2014/07/09 09:10:07 miod Exp $ */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * @@ -65,19 +65,3 @@ AES_options(void) return "aes(partial)"; #endif } - -/* FIPS wrapper functions to block low level AES calls in FIPS mode */ - -int -AES_set_encrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key) -{ - return private_AES_set_encrypt_key(userKey, bits, key); -} - -int -AES_set_decrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key) -{ - return private_AES_set_decrypt_key(userKey, bits, key); -} diff --git a/lib/libssl/src/crypto/aes/asm/aes-586.pl b/lib/libssl/src/crypto/aes/asm/aes-586.pl index 687ed811be4..aab40e6f1cf 100644 --- a/lib/libssl/src/crypto/aes/asm/aes-586.pl +++ b/lib/libssl/src/crypto/aes/asm/aes-586.pl @@ -39,7 +39,7 @@ # but exhibits up to 10% improvement on other cores. # # Second version is "monolithic" replacement for aes_core.c, which in -# addition to AES_[de|en]crypt implements private_AES_set_[de|en]cryption_key. +# addition to AES_[de|en]crypt implements AES_set_[de|en]cryption_key. # This made it possible to implement little-endian variant of the # algorithm without modifying the base C code. Motivating factor for # the undertaken effort was that it appeared that in tight IA-32 @@ -2854,12 +2854,12 @@ sub enckey() &set_label("exit"); &function_end("_x86_AES_set_encrypt_key"); -# int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits, +# int AES_set_encrypt_key(const unsigned char *userKey, const int bits, # AES_KEY *key) -&function_begin_B("private_AES_set_encrypt_key"); +&function_begin_B("AES_set_encrypt_key"); &call ("_x86_AES_set_encrypt_key"); &ret (); -&function_end_B("private_AES_set_encrypt_key"); +&function_end_B("AES_set_encrypt_key"); sub deckey() { my ($i,$key,$tp1,$tp2,$tp4,$tp8) = @_; @@ -2916,9 +2916,9 @@ sub deckey() &mov (&DWP(4*$i,$key),$tp1); } -# int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits, +# int AES_set_decrypt_key(const unsigned char *userKey, const int bits, # AES_KEY *key) -&function_begin_B("private_AES_set_decrypt_key"); +&function_begin_B("AES_set_decrypt_key"); &call ("_x86_AES_set_encrypt_key"); &cmp ("eax",0); &je (&label("proceed")); @@ -2974,7 +2974,7 @@ sub deckey() &jb (&label("permute")); &xor ("eax","eax"); # return success -&function_end("private_AES_set_decrypt_key"); +&function_end("AES_set_decrypt_key"); &asciz("AES for x86, CRYPTOGAMS by <appro\@openssl.org>"); &asm_finish(); diff --git a/lib/libssl/src/crypto/aes/asm/aes-armv4.pl b/lib/libssl/src/crypto/aes/asm/aes-armv4.pl index 86b86c4a0fb..717cc1ed7f0 100644 --- a/lib/libssl/src/crypto/aes/asm/aes-armv4.pl +++ b/lib/libssl/src/crypto/aes/asm/aes-armv4.pl @@ -404,10 +404,10 @@ _armv4_AES_encrypt: ldr pc,[sp],#4 @ pop and return .size _armv4_AES_encrypt,.-_armv4_AES_encrypt -.global private_AES_set_encrypt_key -.type private_AES_set_encrypt_key,%function +.global AES_set_encrypt_key +.type AES_set_encrypt_key,%function .align 5 -private_AES_set_encrypt_key: +AES_set_encrypt_key: _armv4_AES_set_encrypt_key: sub r3,pc,#8 @ AES_set_encrypt_key teq r0,#0 @@ -679,12 +679,12 @@ _armv4_AES_set_encrypt_key: .Labrt: tst lr,#1 moveq pc,lr @ be binary compatible with V4, yet bx lr @ interoperable with Thumb ISA:-) -.size private_AES_set_encrypt_key,.-private_AES_set_encrypt_key +.size AES_set_encrypt_key,.-AES_set_encrypt_key -.global private_AES_set_decrypt_key -.type private_AES_set_decrypt_key,%function +.global AES_set_decrypt_key +.type AES_set_decrypt_key,%function .align 5 -private_AES_set_decrypt_key: +AES_set_decrypt_key: str lr,[sp,#-4]! @ push lr bl _armv4_AES_set_encrypt_key teq r0,#0 @@ -773,7 +773,7 @@ $code.=<<___; moveq pc,lr @ be binary compatible with V4, yet bx lr @ interoperable with Thumb ISA:-) #endif -.size private_AES_set_decrypt_key,.-private_AES_set_decrypt_key +.size AES_set_decrypt_key,.-AES_set_decrypt_key .type AES_Td,%object .align 5 diff --git a/lib/libssl/src/crypto/aes/asm/aes-mips.pl b/lib/libssl/src/crypto/aes/asm/aes-mips.pl index e52395421b3..2ce6deffc88 100644 --- a/lib/libssl/src/crypto/aes/asm/aes-mips.pl +++ b/lib/libssl/src/crypto/aes/asm/aes-mips.pl @@ -1036,9 +1036,9 @@ _mips_AES_set_encrypt_key: nop .end _mips_AES_set_encrypt_key -.globl private_AES_set_encrypt_key -.ent private_AES_set_encrypt_key -private_AES_set_encrypt_key: +.globl AES_set_encrypt_key +.ent AES_set_encrypt_key +AES_set_encrypt_key: .frame $sp,$FRAMESIZE,$ra .mask $SAVED_REGS_MASK,-$SZREG .set noreorder @@ -1060,7 +1060,7 @@ $code.=<<___ if ($flavour =~ /nubi/i); # optimize non-nubi prologue ___ $code.=<<___ if ($flavour !~ /o32/i); # non-o32 PIC-ification .cplocal $Tbl - .cpsetup $pf,$zero,private_AES_set_encrypt_key + .cpsetup $pf,$zero,AES_set_encrypt_key ___ $code.=<<___; .set reorder @@ -1083,7 +1083,7 @@ ___ $code.=<<___; jr $ra $PTR_ADD $sp,$FRAMESIZE -.end private_AES_set_encrypt_key +.end AES_set_encrypt_key ___ my ($head,$tail)=($inp,$bits); @@ -1091,9 +1091,9 @@ my ($tp1,$tp2,$tp4,$tp8,$tp9,$tpb,$tpd,$tpe)=($a4,$a5,$a6,$a7,$s0,$s1,$s2,$s3); my ($m,$x80808080,$x7f7f7f7f,$x1b1b1b1b)=($at,$t0,$t1,$t2); $code.=<<___; .align 5 -.globl private_AES_set_decrypt_key -.ent private_AES_set_decrypt_key -private_AES_set_decrypt_key: +.globl AES_set_decrypt_key +.ent AES_set_decrypt_key +AES_set_decrypt_key: .frame $sp,$FRAMESIZE,$ra .mask $SAVED_REGS_MASK,-$SZREG .set noreorder @@ -1115,7 +1115,7 @@ $code.=<<___ if ($flavour =~ /nubi/i); # optimize non-nubi prologue ___ $code.=<<___ if ($flavour !~ /o32/i); # non-o32 PIC-ification .cplocal $Tbl - .cpsetup $pf,$zero,private_AES_set_decrypt_key + .cpsetup $pf,$zero,AES_set_decrypt_key ___ $code.=<<___; .set reorder @@ -1226,7 +1226,7 @@ ___ $code.=<<___; jr $ra $PTR_ADD $sp,$FRAMESIZE -.end private_AES_set_decrypt_key +.end AES_set_decrypt_key ___ }}} diff --git a/lib/libssl/src/crypto/aes/asm/aes-s390x.pl b/lib/libssl/src/crypto/aes/asm/aes-s390x.pl index e75dcd0315e..71d5b55077f 100644 --- a/lib/libssl/src/crypto/aes/asm/aes-s390x.pl +++ b/lib/libssl/src/crypto/aes/asm/aes-s390x.pl @@ -779,10 +779,10 @@ ___ $code.=<<___; # void AES_set_encrypt_key(const unsigned char *in, int bits, # AES_KEY *key) { -.globl private_AES_set_encrypt_key -.type private_AES_set_encrypt_key,\@function +.globl AES_set_encrypt_key +.type AES_set_encrypt_key,\@function .align 16 -private_AES_set_encrypt_key: +AES_set_encrypt_key: _s390x_AES_set_encrypt_key: lghi $t0,0 cl${g}r $inp,$t0 @@ -1063,14 +1063,14 @@ $code.=<<___; .Lminus1: lghi %r2,-1 br $ra -.size private_AES_set_encrypt_key,.-private_AES_set_encrypt_key +.size AES_set_encrypt_key,.-AES_set_encrypt_key # void AES_set_decrypt_key(const unsigned char *in, int bits, # AES_KEY *key) { -.globl private_AES_set_decrypt_key -.type private_AES_set_decrypt_key,\@function +.globl AES_set_decrypt_key +.type AES_set_decrypt_key,\@function .align 16 -private_AES_set_decrypt_key: +AES_set_decrypt_key: #st${g} $key,4*$SIZE_T($sp) # I rely on AES_set_encrypt_key to st${g} $ra,14*$SIZE_T($sp) # save non-volatile registers and $key! bras $ra,_s390x_AES_set_encrypt_key @@ -1170,7 +1170,7 @@ $code.=<<___; lm${g} %r6,%r13,6*$SIZE_T($sp)# as was saved by AES_set_encrypt_key! lghi %r2,0 br $ra -.size private_AES_set_decrypt_key,.-private_AES_set_decrypt_key +.size AES_set_decrypt_key,.-AES_set_decrypt_key ___ ######################################################################## diff --git a/lib/libssl/src/crypto/aes/asm/aes-x86_64.pl b/lib/libssl/src/crypto/aes/asm/aes-x86_64.pl index 34cbb5d8442..f75e90ba87d 100755 --- a/lib/libssl/src/crypto/aes/asm/aes-x86_64.pl +++ b/lib/libssl/src/crypto/aes/asm/aes-x86_64.pl @@ -1284,13 +1284,13 @@ $code.=<<___; ___ } -# int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits, +# int AES_set_encrypt_key(const unsigned char *userKey, const int bits, # AES_KEY *key) $code.=<<___; -.globl private_AES_set_encrypt_key -.type private_AES_set_encrypt_key,\@function,3 +.globl AES_set_encrypt_key +.type AES_set_encrypt_key,\@function,3 .align 16 -private_AES_set_encrypt_key: +AES_set_encrypt_key: push %rbx push %rbp push %r12 # redundant, but allows to share @@ -1311,7 +1311,7 @@ private_AES_set_encrypt_key: add \$56,%rsp .Lenc_key_epilogue: ret -.size private_AES_set_encrypt_key,.-private_AES_set_encrypt_key +.size AES_set_encrypt_key,.-AES_set_encrypt_key .type _x86_64_AES_set_encrypt_key,\@abi-omnipotent .align 16 @@ -1554,13 +1554,13 @@ $code.=<<___; ___ } -# int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits, +# int AES_set_decrypt_key(const unsigned char *userKey, const int bits, # AES_KEY *key) $code.=<<___; -.globl private_AES_set_decrypt_key -.type private_AES_set_decrypt_key,\@function,3 +.globl AES_set_decrypt_key +.type AES_set_decrypt_key,\@function,3 .align 16 -private_AES_set_decrypt_key: +AES_set_decrypt_key: push %rbx push %rbp push %r12 @@ -1629,7 +1629,7 @@ $code.=<<___; add \$56,%rsp .Ldec_key_epilogue: ret -.size private_AES_set_decrypt_key,.-private_AES_set_decrypt_key +.size AES_set_decrypt_key,.-AES_set_decrypt_key ___ # void AES_cbc_encrypt (const void char *inp, unsigned char *out, @@ -2776,13 +2776,13 @@ cbc_se_handler: .rva .LSEH_end_AES_decrypt .rva .LSEH_info_AES_decrypt - .rva .LSEH_begin_private_AES_set_encrypt_key - .rva .LSEH_end_private_AES_set_encrypt_key - .rva .LSEH_info_private_AES_set_encrypt_key + .rva .LSEH_begin_AES_set_encrypt_key + .rva .LSEH_end_AES_set_encrypt_key + .rva .LSEH_info_AES_set_encrypt_key - .rva .LSEH_begin_private_AES_set_decrypt_key - .rva .LSEH_end_private_AES_set_decrypt_key - .rva .LSEH_info_private_AES_set_decrypt_key + .rva .LSEH_begin_AES_set_decrypt_key + .rva .LSEH_end_AES_set_decrypt_key + .rva .LSEH_info_AES_set_decrypt_key .rva .LSEH_begin_AES_cbc_encrypt .rva .LSEH_end_AES_cbc_encrypt @@ -2798,11 +2798,11 @@ cbc_se_handler: .byte 9,0,0,0 .rva block_se_handler .rva .Ldec_prologue,.Ldec_epilogue # HandlerData[] -.LSEH_info_private_AES_set_encrypt_key: +.LSEH_info_AES_set_encrypt_key: .byte 9,0,0,0 .rva key_se_handler .rva .Lenc_key_prologue,.Lenc_key_epilogue # HandlerData[] -.LSEH_info_private_AES_set_decrypt_key: +.LSEH_info_AES_set_decrypt_key: .byte 9,0,0,0 .rva key_se_handler .rva .Ldec_key_prologue,.Ldec_key_epilogue # HandlerData[] |