Always use C functions for AES_{encrypt,decrypt}().

Always provide AES_{encrypt,decrypt}() via C functions, which then either
use a C implementation or call the assembly implementation.

ok tb@

8 files changed, 107 insertions, 79 deletions

diff --git a/lib/libcrypto/aes/aes_core.c b/lib/libcrypto/aes/aes_core.c
index ee0bbb9f401..bf5149d8331 100644
--- a/lib/libcrypto/aes/aes_core.c
+++ b/lib/libcrypto/aes/aes_core.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: aes_core.c,v 1.20 2024/03/29 04:39:54 jsing Exp $ */
+/* $OpenBSD: aes_core.c,v 1.21 2024/03/29 11:00:57 jsing Exp $ */
 /**
  * rijndael-alg-fst.c
  *
@@ -37,8 +37,10 @@
 #include "aes_local.h"
 #include "crypto_internal.h"
 
-#if !defined(HAVE_AES_SET_ENCRYPT_KEY_INTERNAL) && \
-    !defined(HAVE_AES_SET_DECRYPT_KEY_INTERNAL)
+#if !defined(HAVE_AES_SET_ENCRYPT_KEY_INTERNAL) || \
+    !defined(HAVE_AES_SET_DECRYPT_KEY_INTERNAL) || \
+    !defined(HAVE_AES_ENCRYPT_INTERNAL) || \
+    !defined(HAVE_AES_DECRYPT_INTERNAL)
 
 /*
 Te0[x] = S [x].[02, 01, 01, 03];
@@ -616,6 +618,10 @@ static const u8 Td4[256] = {
 	0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U,
 	0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU,
 };
+#endif
+
+#if !defined(HAVE_AES_SET_ENCRYPT_KEY_INTERNAL) || \
+    !defined(HAVE_AES_SET_DECRYPT_KEY_INTERNAL)
 static const u32 rcon[] = {
 	0x01000000, 0x02000000, 0x04000000, 0x08000000,
 	0x10000000, 0x20000000, 0x40000000, 0x80000000,
@@ -810,13 +816,17 @@ AES_set_decrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key)
 	return aes_set_decrypt_key_internal(userKey, bits, key);
 }
 
-#ifndef AES_ASM
+#ifdef HAVE_AES_ENCRYPT_INTERNAL
+void aes_encrypt_internal(const unsigned char *in, unsigned char *out,
+    const AES_KEY *key);
+
+#else
 /*
- * Encrypt a single block
- * in and out can overlap
+ * Encrypt a single block - in and out can overlap.
  */
-void
-AES_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key)
+static inline void
+aes_encrypt_internal(const unsigned char *in, unsigned char *out,
+    const AES_KEY *key)
 {
 	const u32 *rk;
 	u32 s0, s1, s2, s3, t0, t1, t2, t3;
@@ -1000,13 +1010,25 @@ AES_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key)
 	    rk[3];
 	crypto_store_htobe32(&out[3 * 4], s3);
 }
+#endif
+
+void
+AES_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key)
+{
+	return aes_encrypt_internal(in, out, key);
+}
+
+#ifdef HAVE_AES_DECRYPT_INTERNAL
+void aes_decrypt_internal(const unsigned char *in, unsigned char *out,
+    const AES_KEY *key);
 
+#else
 /*
- * Decrypt a single block
- * in and out can overlap
+ * Decrypt a single block - in and out can overlap.
  */
-void
-AES_decrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key)
+static inline void
+aes_decrypt_internal(const unsigned char *in, unsigned char *out,
+    const AES_KEY *key)
 {
 	const u32 *rk;
 	u32 s0, s1, s2, s3, t0, t1, t2, t3;
@@ -1190,4 +1212,10 @@ AES_decrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key)
 	    rk[3];
 	crypto_store_htobe32(&out[3 * 4], s3);
 }
-#endif /* AES_ASM */
+#endif
+
+void
+AES_decrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key)
+{
+	return aes_decrypt_internal(in, out, key);
+}
diff --git a/lib/libcrypto/aes/asm/aes-586.pl b/lib/libcrypto/aes/asm/aes-586.pl
index a2d98009e8e..364099d4d3c 100644
--- a/lib/libcrypto/aes/asm/aes-586.pl
+++ b/lib/libcrypto/aes/asm/aes-586.pl
@@ -1158,8 +1158,8 @@ sub enclast()
 	&data_word(0x00000000, 0x00000000, 0x00000000, 0x00000000);
 	&previous();
 
-# void AES_encrypt (const void *inp,void *out,const AES_KEY *key);
-&function_begin("AES_encrypt");
+# void aes_encrypt_internal(const void *inp, void *out, const AES_KEY *key);
+&function_begin("aes_encrypt_internal");
 	&mov	($acc,&wparam(0));		# load inp
 	&mov	($key,&wparam(2));		# load key
 
@@ -1213,7 +1213,7 @@ sub enclast()
 	&mov	(&DWP(4,$acc),$s1);
 	&mov	(&DWP(8,$acc),$s2);
 	&mov	(&DWP(12,$acc),$s3);
-&function_end("AES_encrypt");
+&function_end("aes_encrypt_internal");
 
 #--------------------------------------------------------------------#
 
@@ -1947,8 +1947,8 @@ sub declast()
 	&data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
 	&previous();
 
-# void AES_decrypt (const void *inp,void *out,const AES_KEY *key);
-&function_begin("AES_decrypt");
+# void aes_decrypt_internal(const void *inp, void *out, const AES_KEY *key);
+&function_begin("aes_decrypt_internal");
 	&mov	($acc,&wparam(0));		# load inp
 	&mov	($key,&wparam(2));		# load key
 
@@ -2002,7 +2002,7 @@ sub declast()
 	&mov	(&DWP(4,$acc),$s1);
 	&mov	(&DWP(8,$acc),$s2);
 	&mov	(&DWP(12,$acc),$s3);
-&function_end("AES_decrypt");
+&function_end("aes_decrypt_internal");
 
 # void aes_cbc_encrypt_internal(const void char *inp, unsigned char *out,
 #     size_t length, const AES_KEY *key, unsigned char *ivp,const int enc);
diff --git a/lib/libcrypto/aes/asm/aes-armv4.pl b/lib/libcrypto/aes/asm/aes-armv4.pl
index 3d581c5d7c0..0048ee5b29f 100644
--- a/lib/libcrypto/aes/asm/aes-armv4.pl
+++ b/lib/libcrypto/aes/asm/aes-armv4.pl
@@ -161,17 +161,17 @@ AES_Te:
 .word	0x1B000000, 0x36000000, 0, 0, 0, 0, 0, 0
 .size	AES_Te,.-AES_Te
 
-@ void AES_encrypt(const unsigned char *in, unsigned char *out,
-@ 		 const AES_KEY *key) {
-.global AES_encrypt
-.type   AES_encrypt,%function
+@ void aes_encrypt_internal(const unsigned char *in, unsigned char *out,
+@     const AES_KEY *key) {
+.global aes_encrypt_internal
+.type   aes_encrypt_internal,%function
 .align	5
-AES_encrypt:
-	sub	r3,pc,#8		@ AES_encrypt
+aes_encrypt_internal:
+	sub	r3,pc,#8		@ aes_encrypt_internal
 	stmdb   sp!,{r1,r4-r12,lr}
 	mov	$rounds,r0		@ inp
 	mov	$key,r2
-	sub	$tbl,r3,#AES_encrypt-AES_Te	@ Te
+	sub	$tbl,r3,#aes_encrypt_internal-AES_Te	@ Te
 #if __ARM_ARCH__<7 || defined(__STRICT_ALIGNMENT)
 	ldrb	$s0,[$rounds,#3]	@ load input data in endian-neutral
 	ldrb	$t1,[$rounds,#2]	@ manner...
@@ -265,7 +265,7 @@ AES_encrypt:
 	moveq	pc,lr			@ be binary compatible with V4, yet
 	bx	lr			@ interoperable with Thumb ISA:-)
 #endif
-.size	AES_encrypt,.-AES_encrypt
+.size	aes_encrypt_internal,.-aes_encrypt_internal
 
 .type   _armv4_AES_encrypt,%function
 .align	2
@@ -877,17 +877,17 @@ AES_Td:
 .byte	0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
 .size	AES_Td,.-AES_Td
 
-@ void AES_decrypt(const unsigned char *in, unsigned char *out,
-@ 		 const AES_KEY *key) {
-.global AES_decrypt
-.type   AES_decrypt,%function
+@ void aes_decrypt_internal(const unsigned char *in, unsigned char *out,
+@     const AES_KEY *key) {
+.global aes_decrypt_internal
+.type   aes_decrypt_internal,%function
 .align	5
-AES_decrypt:
-	sub	r3,pc,#8		@ AES_decrypt
+aes_decrypt_internal:
+	sub	r3,pc,#8		@ aes_decrypt_internal
 	stmdb   sp!,{r1,r4-r12,lr}
 	mov	$rounds,r0		@ inp
 	mov	$key,r2
-	sub	$tbl,r3,#AES_decrypt-AES_Td		@ Td
+	sub	$tbl,r3,#aes_decrypt_internal-AES_Td		@ Td
 #if __ARM_ARCH__<7 || defined(__STRICT_ALIGNMENT)
 	ldrb	$s0,[$rounds,#3]	@ load input data in endian-neutral
 	ldrb	$t1,[$rounds,#2]	@ manner...
@@ -981,7 +981,7 @@ AES_decrypt:
 	moveq	pc,lr			@ be binary compatible with V4, yet
 	bx	lr			@ interoperable with Thumb ISA:-)
 #endif
-.size	AES_decrypt,.-AES_decrypt
+.size	aes_decrypt_internal,.-aes_decrypt_internal
 
 .type   _armv4_AES_decrypt,%function
 .align	2
diff --git a/lib/libcrypto/aes/asm/aes-mips.pl b/lib/libcrypto/aes/asm/aes-mips.pl
index b3649bc60f5..9a5df878f5b 100644
--- a/lib/libcrypto/aes/asm/aes-mips.pl
+++ b/lib/libcrypto/aes/asm/aes-mips.pl
@@ -355,9 +355,9 @@ _mips_AES_encrypt:
 .end	_mips_AES_encrypt
 
 .align	5
-.globl	AES_encrypt
-.ent	AES_encrypt
-AES_encrypt:
+.globl	aes_encrypt_internal
+.ent	aes_encrypt_internal
+aes_encrypt_internal:
 	.frame	$sp,$FRAMESIZE,$ra
 	.mask	$SAVED_REGS_MASK,-$SZREG
 	.set	noreorder
@@ -387,7 +387,7 @@ $code.=<<___ if ($flavour =~ /nubi/i);	# optimize non-nubi prologue
 ___
 $code.=<<___ if ($flavour !~ /o32/i);	# non-o32 PIC-ification
 	.cplocal	$Tbl
-	.cpsetup	$pf,$zero,AES_encrypt
+	.cpsetup	$pf,$zero,aes_encrypt_internal
 ___
 $code.=<<___;
 	.set	reorder
@@ -435,7 +435,7 @@ ___
 $code.=<<___;
 	jr	$ra
 	$PTR_ADD $sp,$FRAMESIZE
-.end	AES_encrypt
+.end	aes_encrypt_internal
 ___
 
 $code.=<<___;
@@ -691,9 +691,9 @@ _mips_AES_decrypt:
 .end	_mips_AES_decrypt
 
 .align	5
-.globl	AES_decrypt
-.ent	AES_decrypt
-AES_decrypt:
+.globl	aes_decrypt_internal
+.ent	aes_decrypt_internal
+aes_decrypt_internal:
 	.frame	$sp,$FRAMESIZE,$ra
 	.mask	$SAVED_REGS_MASK,-$SZREG
 	.set	noreorder
@@ -723,7 +723,7 @@ $code.=<<___ if ($flavour =~ /nubi/i);	# optimize non-nubi prologue
 ___
 $code.=<<___ if ($flavour !~ /o32/i);	# non-o32 PIC-ification
 	.cplocal	$Tbl
-	.cpsetup	$pf,$zero,AES_decrypt
+	.cpsetup	$pf,$zero,aes_decrypt_internal
 ___
 $code.=<<___;
 	.set	reorder
@@ -771,7 +771,7 @@ ___
 $code.=<<___;
 	jr	$ra
 	$PTR_ADD $sp,$FRAMESIZE
-.end	AES_decrypt
+.end	aes_decrypt_internal
 ___
 }}}
 
diff --git a/lib/libcrypto/aes/asm/aes-parisc.pl b/lib/libcrypto/aes/asm/aes-parisc.pl
index 43dbfc108da..4e4592b56b2 100644
--- a/lib/libcrypto/aes/asm/aes-parisc.pl
+++ b/lib/libcrypto/aes/asm/aes-parisc.pl
@@ -66,9 +66,9 @@ $code=<<___;
 	.LEVEL	$LEVEL
 	.text
 
-	.EXPORT	AES_encrypt,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR
+	.EXPORT	aes_encrypt_internal,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR
 	.ALIGN	64
-AES_encrypt
+aes_encrypt_internal
 	.PROC
 	.CALLINFO	FRAME=`$FRAME-16*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=18
 	.ENTRY
@@ -540,9 +540,9 @@ L\$AES_Te
 ___
 
 $code.=<<___;
-	.EXPORT	AES_decrypt,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR
+	.EXPORT	aes_decrypt_internal,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR
 	.ALIGN	16
-AES_decrypt
+aes_decrypt_internal
 	.PROC
 	.CALLINFO	FRAME=`$FRAME-16*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=18
 	.ENTRY
diff --git a/lib/libcrypto/aes/asm/aes-ppc.pl b/lib/libcrypto/aes/asm/aes-ppc.pl
index bc936036694..178ba56b3ee 100644
--- a/lib/libcrypto/aes/asm/aes-ppc.pl
+++ b/lib/libcrypto/aes/asm/aes-ppc.pl
@@ -327,9 +327,9 @@ $code.=<<___;
 .byte	0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
 
 
-.globl	.AES_encrypt
+.globl	.aes_encrypt_internal
 .align	7
-.AES_encrypt:
+.aes_encrypt_internal:
 	$STU	$sp,-$FRAME($sp)
 	mflr	r0
 
@@ -754,9 +754,9 @@ Lenc_compact_done:
 	xor	$s3,$s3,$t3
 	blr
 
-.globl	.AES_decrypt
+.globl	.aes_decrypt_internal
 .align	7
-.AES_decrypt:
+.aes_decrypt_internal:
 	$STU	$sp,-$FRAME($sp)
 	mflr	r0
 
diff --git a/lib/libcrypto/aes/asm/aes-sparcv9.pl b/lib/libcrypto/aes/asm/aes-sparcv9.pl
index 08ac9830f14..1348d09594d 100755
--- a/lib/libcrypto/aes/asm/aes-sparcv9.pl
+++ b/lib/libcrypto/aes/asm/aes-sparcv9.pl
@@ -511,8 +511,8 @@ _sparcv9_AES_encrypt:
 .size	_sparcv9_AES_encrypt,(.-_sparcv9_AES_encrypt)
 
 .align	32
-.globl	AES_encrypt
-AES_encrypt:
+.globl	aes_encrypt_internal
+aes_encrypt_internal:
 	save	%sp,-$frame,%sp
 #ifdef __PIC__
 	sethi	%hi(_GLOBAL_OFFSET_TABLE_-4), %o5
@@ -638,8 +638,8 @@ AES_encrypt:
 
 	ret
 	restore
-.type	AES_encrypt,#function
-.size	AES_encrypt,(.-AES_encrypt)
+.type	aes_encrypt_internal,#function
+.size	aes_encrypt_internal,(.-aes_encrypt_internal)
 
 ___
 
@@ -1075,8 +1075,8 @@ _sparcv9_AES_decrypt:
 .size	_sparcv9_AES_decrypt,(.-_sparcv9_AES_decrypt)
 
 .align	32
-.globl	AES_decrypt
-AES_decrypt:
+.globl	aes_decrypt_internal
+aes_decrypt_internal:
 	save	%sp,-$frame,%sp
 #ifdef __PIC__
 	sethi	%hi(_GLOBAL_OFFSET_TABLE_-4), %o5
@@ -1202,8 +1202,8 @@ AES_decrypt:
 
 	ret
 	restore
-.type	AES_decrypt,#function
-.size	AES_decrypt,(.-AES_decrypt)
+.type	aes_decrypt_internal,#function
+.size	aes_decrypt_internal,(.-aes_decrypt_internal)
 ___
 
 # fmovs instructions substituting for FP nops were originally added
diff --git a/lib/libcrypto/aes/asm/aes-x86_64.pl b/lib/libcrypto/aes/asm/aes-x86_64.pl
index 9b75a6f7a56..324c4a2be2b 100755
--- a/lib/libcrypto/aes/asm/aes-x86_64.pl
+++ b/lib/libcrypto/aes/asm/aes-x86_64.pl
@@ -586,15 +586,15 @@ $code.=<<___;
 .size	_x86_64_AES_encrypt_compact,.-_x86_64_AES_encrypt_compact
 ___
 
-# void AES_encrypt (const void *inp,void *out,const AES_KEY *key);
+# void aes_encrypt_internal(const void *inp, void *out, const AES_KEY *key);
 $code.=<<___;
-.globl	AES_encrypt
-.type	AES_encrypt,\@function,3
+.globl	aes_encrypt_internal
+.type	aes_encrypt_internal,\@function,3
 .align	16
 .globl	asm_AES_encrypt
 .hidden	asm_AES_encrypt
 asm_AES_encrypt:
-AES_encrypt:
+aes_encrypt_internal:
 	_CET_ENDBR
 	push	%rbx
 	push	%rbp
@@ -655,7 +655,7 @@ AES_encrypt:
 	lea	48(%rsi),%rsp
 .Lenc_epilogue:
 	ret
-.size	AES_encrypt,.-AES_encrypt
+.size	aes_encrypt_internal,.-aes_encrypt_internal
 ___
 
 #------------------------------------------------------------------#
@@ -1188,15 +1188,15 @@ $code.=<<___;
 .size	_x86_64_AES_decrypt_compact,.-_x86_64_AES_decrypt_compact
 ___
 
-# void AES_decrypt (const void *inp,void *out,const AES_KEY *key);
+# void aes_decrypt_internal(const void *inp, void *out, const AES_KEY *key);
 $code.=<<___;
-.globl	AES_decrypt
-.type	AES_decrypt,\@function,3
+.globl	aes_decrypt_internal
+.type	aes_decrypt_internal,\@function,3
 .align	16
 .globl	asm_AES_decrypt
 .hidden	asm_AES_decrypt
 asm_AES_decrypt:
-AES_decrypt:
+aes_decrypt_internal:
 	_CET_ENDBR
 	push	%rbx
 	push	%rbp
@@ -1259,7 +1259,7 @@ AES_decrypt:
 	lea	48(%rsi),%rsp
 .Ldec_epilogue:
 	ret
-.size	AES_decrypt,.-AES_decrypt
+.size	aes_decrypt_internal,.-aes_decrypt_internal
 ___
 #------------------------------------------------------------------#
 
@@ -2782,13 +2782,13 @@ cbc_se_handler:
 
 .section	.pdata
 .align	4
-	.rva	.LSEH_begin_AES_encrypt
-	.rva	.LSEH_end_AES_encrypt
-	.rva	.LSEH_info_AES_encrypt
+	.rva	.LSEH_begin_aes_encrypt_internal
+	.rva	.LSEH_end_aes_encrypt_internal
+	.rva	.LSEH_info_aes_encrypt_internal
 
-	.rva	.LSEH_begin_AES_decrypt
-	.rva	.LSEH_end_AES_decrypt
-	.rva	.LSEH_info_AES_decrypt
+	.rva	.LSEH_begin_aes_decrypt_internal
+	.rva	.LSEH_end_aes_decrypt_internal
+	.rva	.LSEH_info_aes_decrypt_internal
 
 	.rva	.LSEH_begin_aes_set_encrypt_key_internal
 	.rva	.LSEH_end_aes_set_encrypt_key_internal
@@ -2804,11 +2804,11 @@ cbc_se_handler:
 
 .section	.xdata
 .align	8
-.LSEH_info_AES_encrypt:
+.LSEH_info_aes_encrypt_internal:
 	.byte	9,0,0,0
 	.rva	block_se_handler
 	.rva	.Lenc_prologue,.Lenc_epilogue	# HandlerData[]
-.LSEH_info_AES_decrypt:
+.LSEH_info_aes_decrypt_internal:
 	.byte	9,0,0,0
 	.rva	block_se_handler
 	.rva	.Ldec_prologue,.Ldec_epilogue	# HandlerData[]