projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Rename FIPS_MODE to FIPS_MODULE
[openssl.git]
/
crypto
/
evp
/
e_aes.c
diff --git
a/crypto/evp/e_aes.c
b/crypto/evp/e_aes.c
index 17e445d8f2dfe6edc3fbe106eb5928268eddd6ac..05be21901db816731a7e5c87eadd2ef4f5528f1d 100644
(file)
--- a/
crypto/evp/e_aes.c
+++ b/
crypto/evp/e_aes.c
@@
-1,5
+1,5
@@
/*
/*
- * Copyright 2001-20
19
The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-20
20
The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@
-7,6
+7,12
@@
* https://www.openssl.org/source/license.html
*/
* https://www.openssl.org/source/license.html
*/
+/*
+ * This file uses the low level AES functions (which are deprecated for
+ * non-internal use) in order to implement the EVP AES ciphers.
+ */
+#include "internal/deprecated.h"
+
#include <string.h>
#include <assert.h>
#include <openssl/opensslconf.h>
#include <string.h>
#include <assert.h>
#include <openssl/opensslconf.h>
@@
-20,8
+26,8
@@
#include "internal/cryptlib.h"
#include "crypto/modes.h"
#include "crypto/siv.h"
#include "internal/cryptlib.h"
#include "crypto/modes.h"
#include "crypto/siv.h"
-#include "crypto/
ciphermode
_platform.h"
-#include "evp_locl.h"
+#include "crypto/
aes
_platform.h"
+#include "evp_loc
a
l.h"
typedef struct {
union {
typedef struct {
union {
@@
-65,7
+71,7
@@
typedef struct {
const unsigned char iv[16]);
} EVP_AES_XTS_CTX;
const unsigned char iv[16]);
} EVP_AES_XTS_CTX;
-#ifdef FIPS_MODE
+#ifdef FIPS_MOD
UL
E
static const int allow_insecure_decrypt = 0;
#else
static const int allow_insecure_decrypt = 1;
static const int allow_insecure_decrypt = 0;
#else
static const int allow_insecure_decrypt = 1;
@@
-130,8
+136,6
@@
static void ctr64_inc(unsigned char *counter)
#if defined(AESNI_CAPABLE)
# if defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
#if defined(AESNI_CAPABLE)
# if defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
-# define AES_gcm_encrypt aesni_gcm_encrypt
-# define AES_gcm_decrypt aesni_gcm_decrypt
# define AES_GCM_ASM2(gctx) (gctx->gcm.block==(block128_f)aesni_encrypt && \
gctx->gcm.ghash==gcm_ghash_avx)
# undef AES_GCM_ASM2 /* minor size optimization */
# define AES_GCM_ASM2(gctx) (gctx->gcm.block==(block128_f)aesni_encrypt && \
gctx->gcm.ghash==gcm_ghash_avx)
# undef AES_GCM_ASM2 /* minor size optimization */
@@
-915,7
+919,7
@@
typedef struct {
} icv;
unsigned char k[32];
} kmac_param;
} icv;
unsigned char k[32];
} kmac_param;
- /* KMAC-AES param
a
ter block - end */
+ /* KMAC-AES param
e
ter block - end */
union {
unsigned long long g[2];
union {
unsigned long long g[2];
@@
-2897,7
+2901,7
@@
static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
return rv;
}
return rv;
}
-#ifdef FIPS_MODE
+#ifdef FIPS_MOD
UL
E
/*
* See SP800-38D (GCM) Section 8 "Uniqueness requirement on IVS and keys"
*
/*
* See SP800-38D (GCM) Section 8 "Uniqueness requirement on IVS and keys"
*
@@
-2919,7
+2923,7
@@
static int aes_gcm_iv_generate(EVP_AES_GCM_CTX *gctx, int offset)
return 0;
return 1;
}
return 0;
return 1;
}
-#endif /* FIPS_MODE */
+#endif /* FIPS_MOD
UL
E */
static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
@@
-2933,7
+2937,7
@@
static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (gctx->tls_aad_len >= 0)
return aes_gcm_tls_cipher(ctx, out, in, len);
if (gctx->tls_aad_len >= 0)
return aes_gcm_tls_cipher(ctx, out, in, len);
-#ifdef FIPS_MODE
+#ifdef FIPS_MOD
UL
E
/*
* FIPS requires generation of AES-GCM IV's inside the FIPS module.
* The IV can still be set externally (the security policy will state that
/*
* FIPS requires generation of AES-GCM IV's inside the FIPS module.
* The IV can still be set externally (the security policy will state that
@@
-2950,7
+2954,7
@@
static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
#else
if (!gctx->iv_set)
return -1;
#else
if (!gctx->iv_set)
return -1;
-#endif /* FIPS_MODE */
+#endif /* FIPS_MOD
UL
E */
if (in) {
if (out == NULL) {
if (in) {
if (out == NULL) {
@@
-3228,7
+3232,7
@@
static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
return 0;
/*
return 0;
/*
- * Impose a limit of 2^20 blocks per data unit as specifed by
+ * Impose a limit of 2^20 blocks per data unit as specif
i
ed by
* IEEE Std 1619-2018. The earlier and obsolete IEEE Std 1619-2007
* indicated that this was a SHOULD NOT rather than a MUST NOT.
* NIST SP 800-38E mandates the same limit.
* IEEE Std 1619-2018. The earlier and obsolete IEEE Std 1619-2007
* indicated that this was a SHOULD NOT rather than a MUST NOT.
* NIST SP 800-38E mandates the same limit.
@@
-3744,7
+3748,7
@@
static int aes_ocb_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
return 1;
case EVP_CTRL_AEAD_SET_TAG:
return 1;
case EVP_CTRL_AEAD_SET_TAG:
- if (
!ptr
) {
+ if (
ptr == NULL
) {
/* Tag len must be 0 to 16 */
if (arg < 0 || arg > 16)
return 0;
/* Tag len must be 0 to 16 */
if (arg < 0 || arg > 16)
return 0;