src - OpenBSD base system

diff options


context:
space:
mode:

author	Joel Sing <jsing@cvs.openbsd.org>	2024-03-28 00:57:27 +0000
committer	Joel Sing <jsing@cvs.openbsd.org>	2024-03-28 00:57:27 +0000
commit	ce360b00f6b93e61e70b7b67ff117846296c0140 (patch)
tree	b396d7eeb2ed8db11698f0d4d5959e8a0f2ad78b /lib
parent	48ab0701a65eb5f39892983bf0c5a4c82ddb0175 (diff)

Consolidate most of the AES modes into a single C file.

Discussed with tb@

Diffstat (limited to 'lib')

-rw-r--r--

lib/libcrypto/Makefile

-rw-r--r--

lib/libcrypto/aes/aes.c (renamed from lib/libcrypto/aes/aes_wrap.c)

-rw-r--r--

lib/libcrypto/aes/aes_cfb.c

-rw-r--r--

lib/libcrypto/aes/aes_ctr.c

-rw-r--r--

lib/libcrypto/aes/aes_ecb.c

-rw-r--r--

lib/libcrypto/aes/aes_ofb.c

6 files changed, 70 insertions, 293 deletions

diff --git a/lib/libcrypto/Makefile b/lib/libcrypto/Makefile
index 86d8cbcad6e..63600aa9233 100644
--- a/lib/libcrypto/Makefile
+++ b/lib/libcrypto/Makefile

@@ -1,4 +1,4 @@

-# $OpenBSD: Makefile,v 1.179 2024/03/27 12:56:25 jsing Exp $

+# $OpenBSD: Makefile,v 1.180 2024/03/28 00:57:26 jsing Exp $

LIB= crypto

LIBREBUILD=y

@@ -72,12 +72,8 @@ SRCS+= o_fips.c

SRCS+= o_str.c

# aes/

-SRCS+= aes_cfb.c

-SRCS+= aes_ctr.c

-SRCS+= aes_ecb.c

+SRCS+= aes.c

SRCS+= aes_ige.c

-SRCS+= aes_ofb.c

-SRCS+= aes_wrap.c

# asn1/

SRCS+= a_bitstr.c

diff --git a/lib/libcrypto/aes/aes_wrap.c b/lib/libcrypto/aes/aes.c
index b30630fe479..d3bf85947d7 100644
--- a/lib/libcrypto/aes/aes_wrap.c
+++ b/lib/libcrypto/aes/aes.c

@@ -1,9 +1,6 @@

-/* $OpenBSD: aes_wrap.c,v 1.12 2018/11/07 18:31:16 tb Exp $ */

-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

- * project.

- */

+/* $OpenBSD: aes.c,v 1.1 2024/03/28 00:57:26 jsing Exp $ */

/* ====================================================================

* Redistribution and use in source and binary forms, with or without

* modification, are permitted provided that the following conditions

@@ -20,12 +17,12 @@

* 3. All advertising materials mentioning features or use of this

* software must display the following acknowledgment:

* "This product includes software developed by the OpenSSL Project

- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

* endorse or promote products derived from this software without

* prior written permission. For written permission, please contact

- * licensing@OpenSSL.org.

+ * openssl-core@openssl.org.

* 5. Products derived from this software may not be called "OpenSSL"

* nor may "OpenSSL" appear in their names without prior written

@@ -34,7 +31,7 @@

* 6. Redistributions of any form whatsoever must retain the following

* acknowledgment:

* "This product includes software developed by the OpenSSL Project

- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"

* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

@@ -49,17 +46,77 @@

* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

* OF THE POSSIBILITY OF SUCH DAMAGE.

* ====================================================================

+ *

#include <string.h>

#include <openssl/aes.h>

#include <openssl/bio.h>

+#include <openssl/modes.h>

-static const unsigned char default_iv[] = {

+static const unsigned char aes_wrap_default_iv[] = {

0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6,

};

+/*

+ * The input and output encrypted as though 128bit cfb mode is being

+ * used. The extra state information to record how much of the

+ * 128bit block we have used is contained in *num;

+ */

+void

+AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, size_t length,

+ const AES_KEY *key, unsigned char *ivec, int *num, const int enc)

+ CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc,

+ (block128_f)AES_encrypt);

+/* N.B. This expects the input to be packed, MS bit first */

+void

+AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, size_t length,

+ const AES_KEY *key, unsigned char *ivec, int *num, const int enc)

+ CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc,

+ (block128_f)AES_encrypt);

+void

+AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, size_t length,

+ const AES_KEY *key, unsigned char *ivec, int *num, const int enc)

+ CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc,

+ (block128_f)AES_encrypt);

+void

+AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,

+ size_t length, const AES_KEY *key, unsigned char ivec[AES_BLOCK_SIZE],

+ unsigned char ecount_buf[AES_BLOCK_SIZE], unsigned int *num)

+ CRYPTO_ctr128_encrypt(in, out, length, key, ivec, ecount_buf, num,

+ (block128_f)AES_encrypt);

+void

+AES_ecb_encrypt(const unsigned char *in, unsigned char *out,

+ const AES_KEY *key, const int enc)

+ if (AES_ENCRYPT == enc)

+ AES_encrypt(in, out, key);

+ else

+ AES_decrypt(in, out, key);

+void

+AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, size_t length,

+ const AES_KEY *key, unsigned char *ivec, int *num)

+ CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num,

+ (block128_f)AES_encrypt);

int

AES_wrap_key(AES_KEY *key, const unsigned char *iv, unsigned char *out,

const unsigned char *in, unsigned int inlen)

@@ -73,7 +130,7 @@ AES_wrap_key(AES_KEY *key, const unsigned char *iv, unsigned char *out,

t = 1;

memmove(out + 8, in, inlen);

if (!iv)

- iv = default_iv;

+ iv = aes_wrap_default_iv;

memcpy(A, iv, 8);

@@ -124,7 +181,7 @@ AES_unwrap_key(AES_KEY *key, const unsigned char *iv, unsigned char *out,

}

if (!iv)

- iv = default_iv;

+ iv = aes_wrap_default_iv;

if (memcmp(A, iv, 8)) {

explicit_bzero(out, inlen);

return 0;

diff --git a/lib/libcrypto/aes/aes_cfb.c b/lib/libcrypto/aes/aes_cfb.c
deleted file mode 100644
index a6384f944df..00000000000
--- a/lib/libcrypto/aes/aes_cfb.c
+++ /dev/null

@@ -1,84 +0,0 @@

-/* $OpenBSD: aes_cfb.c,v 1.8 2014/06/12 15:49:27 deraadt Exp $ */

-/* ====================================================================

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- *

- * 1. Redistributions of source code must retain the above copyright

- * notice, this list of conditions and the following disclaimer.

- *

- * 2. Redistributions in binary form must reproduce the above copyright

- * notice, this list of conditions and the following disclaimer in

- * the documentation and/or other materials provided with the

- * distribution.

- *

- * 3. All advertising materials mentioning features or use of this

- * software must display the following acknowledgment:

- * "This product includes software developed by the OpenSSL Project

- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

- *

- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

- * endorse or promote products derived from this software without

- * prior written permission. For written permission, please contact

- * openssl-core@openssl.org.

- *

- * 5. Products derived from this software may not be called "OpenSSL"

- * nor may "OpenSSL" appear in their names without prior written

- * permission of the OpenSSL Project.

- *

- * 6. Redistributions of any form whatsoever must retain the following

- * acknowledgment:

- * "This product includes software developed by the OpenSSL Project

- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"

- *

- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR

- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

- * OF THE POSSIBILITY OF SUCH DAMAGE.

- * ====================================================================

- *

- */

-#include <openssl/aes.h>

-#include <openssl/modes.h>

-/* The input and output encrypted as though 128bit cfb mode is being

- * used. The extra state information to record how much of the

- * 128bit block we have used is contained in *num;

- */

-void

-AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, size_t length,

- const AES_KEY *key, unsigned char *ivec, int *num, const int enc)

- CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc,

- (block128_f)AES_encrypt);

-/* N.B. This expects the input to be packed, MS bit first */

-void

-AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, size_t length,

- const AES_KEY *key, unsigned char *ivec, int *num, const int enc)

- CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc,

- (block128_f)AES_encrypt);

-void

-AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, size_t length,

- const AES_KEY *key, unsigned char *ivec, int *num, const int enc)

- CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc,

- (block128_f)AES_encrypt);

diff --git a/lib/libcrypto/aes/aes_ctr.c b/lib/libcrypto/aes/aes_ctr.c
deleted file mode 100644
index 607914599bd..00000000000
--- a/lib/libcrypto/aes/aes_ctr.c
+++ /dev/null

@@ -1,62 +0,0 @@

-/* $OpenBSD: aes_ctr.c,v 1.9 2014/06/12 15:49:27 deraadt Exp $ */