summaryrefslogtreecommitdiff
path: root/lib/libcrypto/aes
AgeCommit message (Collapse)Author
9 daysAES_{decrypt,encrypt}() don't return void internal functionTheo Buehler
"A return statement with an expression shall not appear in a function whose return type is void." ok deraadt miod
2024-08-11Provide and use crypto_arch.h.Joel Sing
Provide a per architecture crypto_arch.h - this will be used in a similar manner to bn_arch.h and will allow for architecture specific #defines and static inline functions. Move the HAVE_AES_* and HAVE_RC4_* defines here. ok tb@
2024-03-30Hide symbols in aesjoshua
ok jsing
2024-03-29Tweak defines since the Td4 table is only used for AES_{encrypt,decrypt}Joel Sing
2024-03-29Always use C functions for AES_{encrypt,decrypt}().Joel Sing
Always provide AES_{encrypt,decrypt}() via C functions, which then either use a C implementation or call the assembly implementation. ok tb@
2024-03-29Always use C functions for AES_set_{encrypt,decrypt}_key().Joel Sing
Always include aes_core.c and provide AES_set_{encrypt,decrypt}_key() via C functions, which then either use a C implementation or call the assembly implementation. ok tb@
2024-03-29Rename AES_cbc_encrypt to aes_cbc_encrypt_internal for the SEH handlers.Joel Sing
Should fix windows build.
2024-03-28Merge aes_cbc.c into aes.c now that aes_cbc.c is used on all platforms.Joel Sing
2024-03-28Make AES_cbc_encrypt() always be a C function.Joel Sing
Rename the assembly generated functions from AES_cbc_encrypt() to aes_cbc_encrypt_internal(). Always include aes_cbc.c and change it to use defines that are similar to those used in BN. ok tb@
2024-03-28Consolidate most of the AES modes into a single C file.Joel Sing
Discussed with tb@
2024-03-27Remove assembly for stitched modes.Joel Sing
The stitched modes have been removed, so having assembly for them is of little use.
2024-03-27Replace GETU32 and PUTU32.Joel Sing
Replace GETU32 with crypto_load_be32toh() and PUTU32 with crypto_store_htobe32(). Make the offset handling cleaner at the same time. ok beck@ joshua@ tb@
2024-03-27Remove near duplicate AES_set_{encrypt,decrypt}_key() functions.Joel Sing
There are currently three ways in which AES is implemented - all in assembly (amd64 et al), all in C (aarch64 et al) and, half in C and half in assembly (hppa and sparc64). The last of these cases currently makes use of a near duplicate AES_set_{encrypt,decrypt}_key() implementation that avoids using the AES tables. Remove the near duplicate version and if only a half assembly version is implemented, use the same C version of AES_set_{encrypt,decrypt}_key() as everyone else. This adds around 8KB of rodata to libcrypto on these two platforms. Discussed with beck and tb.
2024-03-27Use crypto_rol_u32() instead of an undefined ROTATE macro.Joel Sing
ok tb@
2024-03-27Remove unused NDEBUG define.Joel Sing
2024-03-27Tidy includes and a comment.Joel Sing
2024-03-27Remove rather scary unused experimental code.Joel Sing
ok tb@
2024-02-24Add a few missing endbr64 to libcryptoTheo Buehler
gcm_{gmult,ghash}_4bit(), aesni_ccm64_decrypt_blocks(), aes_cbc_encrypt(), and aesni_xts_{en,de}crypt() were overlooked in previous passes. Found with a diff for ld.lld by kettenis ok kettenis
2024-02-24Replace uses of endbr64 with _CET_ENDBR from cet.hTheo Buehler
cet.h is needed for other platforms to emit the relevant .gnu.properties sections that are necessary for them to enable IBT. It also avoids issues with older toolchains on macOS that explode on encountering endbr64. based on a diff by kettenis ok beck kettenis
2023-09-18aesni_ctr32_encrypt_blocks() is called indirectly from C code, so itTheo de Raadt
needs endbr64 ok kettenis tb
2023-07-31Remove more *_options() stuffTheo Buehler
The public symbols were removed. Some prototypes and in the case of DES even the implementation remained. ok jsing
2023-07-28Two files did not want to go away. Go!Theo Buehler
2023-07-28Remove various ${thing}_optionsTheo Buehler
Various, ancient ciphers exposed some of their innards via an _options() API. Apart from openssl version/speed, only some lua thingie in nmap ever looked at these. Go figure. hppa testing by miod, i386 testing by sthen. Thanks! ok jsing
2023-04-25Add endbr64 where needed by inspection. Passes regresson tests.Theo de Raadt
ok jsing, and kind of tb an earlier version
2023-04-17Drop two useless READMEsTheo Buehler
"go ahead" jsing
2023-02-23Use explicit .text instead of .previous to please Windows/MinGW on amd64Theo Buehler
ok miod
2023-02-09Use .section .rodata instead of a plain .rodataTheo Buehler
At least gcc 12 on Fedora is very unhappy about a plain .rodata and throws Error: unknown pseudo-op: `.rodata'. So add a .section in front of it to make it happy. ok deraadt miod
2023-02-02Remove AIX toc data after every function. NFCMiod Vallat
2023-02-02Unbreak vpaes-x86 implementation.Joel Sing
Remove remnants of previous PIC handling. ok miod@
2023-02-01Move all data blocks from .text to .rodata and cleanup up and homogeneize codeMiod Vallat
responsible from getting the proper address of those blocks. ok tb@ jsing@
2023-01-14Move constants out of text segment into rodata to prepare for xonly supportTheo de Raadt
on amd64. no pic handling is neccessary since amd64 has full reach. ok kettenis
2012-10-13import OpenSSL-1.0.1cDamien Miller
2023-01-13Move all data tables from .text section to .rodata, and update the code toMiod Vallat
fetch them correctly when building PIC. Also drop unused data, and remove --no-execute-only from linker flags. ok kettenis@
2023-01-13Move all data tables from .text section to .rodata, and update the code toMiod Vallat
fetch them correctly when building PIC. Also drop unused data, and remove --no-execute-only from linker flags. ok jsing@ kettenis@
2009-04-06import of OpenSSL 0.9.8kDamien Miller
2022-12-26spelling fixes; from paul tagliamonteJason McIntyre
i removed the arithmetics -> arithmetic changes, as i felt they were not clearly correct ok tb
2012-10-13import OpenSSL-1.0.1cDamien Miller
2009-04-06import of OpenSSL 0.9.8kDamien Miller
2022-11-26Make header guards of internal headers consistentTheo Buehler
Not all of them, only those that didn't leak into a public header... Yes.
2022-11-26Make internal header file names consistentTheo Buehler
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
2022-07-30Add stack frames to AES-NI x86_64 assembly.Joel Sing
The current AES-NI x86_64 assembly does some strange, although valid things, such as making internal function calls without creating stack frames. In this case, the return address lands in the red zone (which it allows for when making use of the stack) and everything works as expected. However, this trips a false positive in valgrind, which seems to think that any data saved on the stack prior to the internal function call is now "undefined" once the function returns. Avoid this by actually using stack frames - this brings in most of 6a40ebe86b4 from OpenSSL, omitting the unnecessary explicit stack alignment (which was apparently added so this code could be used in the Linux kernel with an incorrectly aligned stack). Valgrind issue reported by Steffen Jaeckel (@sjaeckel), found via libstrophe unit tests. ok tb@
2022-01-22Use memmove instead of memcpy for overlapping memoryKinichiro Inoguchi
CID 250936 251103 OK beck@ jsing@ millert@ tb@
2018-11-07Use memmove() instead of memcpy() to get rid of the need forTheo Buehler
non-overlapping *in and *out buffers as we're already implementing the "in place (un)wrapping" algorithms as given in RFC 3394. This removes a gratuitous API difference to OpenSSLin these undocumented functions. Found while working on wycheproof regress tests. ok beck jsing
2018-10-20RFC 3394 section 2 states that we need at least two 64 bit blocksTheo Buehler
for wrapping and, accordingly, three 64 bit blocks for unwrapping. That is: we need at least 16 bytes for wrapping and 24 bytes for unwrapping. This also matches the lower bounds that OpenSSL have in their CRYPTO_128_{un,}wrap() functions. In fact, if we pass an input with 'inlen < 8' to AES_unwrap_key(), this results in a segfault since then inlen -= 8 underflows. Found while playing with the Wycheproof keywrap test vectors. ok bcook
2018-04-03KNF: move two opening curly braces of function bodies to their own linesTheo Buehler
2018-01-07On OpenBSD/armv7 we deliberately trap unaligned access. UnfortunatelyMark Kettenis
the assembly code in libcrypto assumes unaligned access is allowed for ARMv7. Make these paths conditional on __STRICT_ALIGNMENT not being defined and define __STRICT_ALIGNMENT in arm_arch.h for OpenBSD. ok tom@
2017-12-11http://repzret.org/p/repzret/Theo de Raadt
My read of this: Long time ago (Think Conan, not dinasaurs) during the race to make speedier processors, a cpu vendor built a pipeline with a bad stall, and proposed a tremendously hasky workaround. A wizard adopted this into his perl scroll, and failed to reflect later when no compiler adopted the practice. This relic remains at the tail end of some functions in OpenSSL as ".byte 0xf3,0xc3". Banish it straight to hell. ok mlarkin, others also stared blankly
2016-12-21Explicitly export a list of symbols from libcrypto.Joel Sing
Move the "internal" BN functions from bn.h to bn_lcl.h and stop exporting the bn_* symbols. These are documented as only being intended for internal use, so why they were placed in a public header is beyond me... This hides 363 previously exported symbols, most of which exist in headers that are not installed and were never intended to be public. This also removes a few crusty old things that should have died long ago (like _ossl_old_des_read_pw). But don't worry... there are still 3451 symbols exported from the library. With input and testing from inoguchi@. ok beck@ inoguchi@
2016-11-04Replace all uses of magic numbers when operating on OPENSSL_ia32_P[] byMiod Vallat
meaningful constants in a private header file, so that reviewers can actually get a chance to figure out what the code is attempting to do without knowing all cpuid bits. While there, turn it from an array of two 32-bit ints into a properly aligned 64-bit int. Use of OPENSSL_ia32_P is now restricted to the assembler parts. C code will now always use OPENSSL_cpu_caps() and check for the proper bits in the whole 64-bit word it returns. i386 tests and ok jsing@
2016-09-04Less S390.Joel Sing
ok deraadt@