From 743694a6c29e5a6387819523fad5e3b7e613f1ee Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Mon, 24 Jun 2019 16:07:30 +0100
Subject: [PATCH 1/1] Move the public SIV mode functions from public headers to
 internal ones

SIV mode is accessible via EVP. There should be no reason to make the low
level SIV functions from the modes directory part of the public API. Since
these functions do not exist in 1.1.1 we are still able to make this change.

This also reduces the list of newly added undocumented symbols from
issue #9095.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9232)
---
 crypto/evp/e_aes.c                  |  9 ++++----
 crypto/include/internal/modes_int.h | 34 +++++++++++++++++++++++++++++
 crypto/modes/siv128.c               |  1 +
 include/openssl/modes.h             | 26 ----------------------
 util/libcrypto.num                  | 22 +++++++++----------
 5 files changed, 51 insertions(+), 41 deletions(-)
 create mode 100644 crypto/include/internal/modes_int.h

diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index 697b5a542d..6f58e27004 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -7,18 +7,19 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include <string.h>
+#include <assert.h>
 #include <openssl/opensslconf.h>
 #include <openssl/crypto.h>
 #include <openssl/evp.h>
 #include <openssl/err.h>
-#include <string.h>
-#include <assert.h>
 #include <openssl/aes.h>
+#include <openssl/rand.h>
+#include <openssl/cmac.h>
 #include "internal/evp_int.h"
 #include "internal/cryptlib.h"
+#include "internal/modes_int.h"
 #include "modes_lcl.h"
-#include <openssl/rand.h>
-#include <openssl/cmac.h>
 #include "evp_locl.h"
 
 typedef struct {
diff --git a/crypto/include/internal/modes_int.h b/crypto/include/internal/modes_int.h
new file mode 100644
index 0000000000..8a8ef6e15f
--- /dev/null
+++ b/crypto/include/internal/modes_int.h
@@ -0,0 +1,34 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_NO_SIV
+
+typedef struct siv128_context SIV128_CONTEXT;
+
+SIV128_CONTEXT *CRYPTO_siv128_new(const unsigned char *key, int klen,
+                                  EVP_CIPHER* cbc, EVP_CIPHER* ctr);
+int CRYPTO_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen,
+                       const EVP_CIPHER* cbc, const EVP_CIPHER* ctr);
+int CRYPTO_siv128_copy_ctx(SIV128_CONTEXT *dest, SIV128_CONTEXT *src);
+int CRYPTO_siv128_aad(SIV128_CONTEXT *ctx, const unsigned char *aad,
+                      size_t len);
+int CRYPTO_siv128_encrypt(SIV128_CONTEXT *ctx,
+                          const unsigned char *in, unsigned char *out,
+                          size_t len);
+int CRYPTO_siv128_decrypt(SIV128_CONTEXT *ctx,
+                          const unsigned char *in, unsigned char *out,
+                          size_t len);
+int CRYPTO_siv128_finish(SIV128_CONTEXT *ctx);
+int CRYPTO_siv128_set_tag(SIV128_CONTEXT *ctx, const unsigned char *tag,
+                          size_t len);
+int CRYPTO_siv128_get_tag(SIV128_CONTEXT *ctx, unsigned char *tag, size_t len);
+int CRYPTO_siv128_cleanup(SIV128_CONTEXT *ctx);
+int CRYPTO_siv128_speed(SIV128_CONTEXT *ctx, int arg);
+
+#endif /* OPENSSL_NO_SIV */
diff --git a/crypto/modes/siv128.c b/crypto/modes/siv128.c
index 9bb5eea6e1..4445cf369a 100644
--- a/crypto/modes/siv128.c
+++ b/crypto/modes/siv128.c
@@ -10,6 +10,7 @@
 #include <string.h>
 #include <stdlib.h>
 #include <openssl/crypto.h>
+#include "internal/modes_int.h"
 #include "modes_lcl.h"
 
 #ifndef OPENSSL_NO_SIV
diff --git a/include/openssl/modes.h b/include/openssl/modes.h
index 0934482c56..212c846fd8 100644
--- a/include/openssl/modes.h
+++ b/include/openssl/modes.h
@@ -202,32 +202,6 @@ int CRYPTO_ocb128_tag(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len);
 void CRYPTO_ocb128_cleanup(OCB128_CONTEXT *ctx);
 # endif                          /* OPENSSL_NO_OCB */
 
-# ifndef OPENSSL_NO_SIV
-
-typedef struct siv128_context SIV128_CONTEXT;
-
-#  define SIV_LEN 16
-
-SIV128_CONTEXT *CRYPTO_siv128_new(const unsigned char *key, int klen, EVP_CIPHER* cbc, EVP_CIPHER* ctr);
-int CRYPTO_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen,
-                       const EVP_CIPHER* cbc, const EVP_CIPHER* ctr);
-int CRYPTO_siv128_copy_ctx(SIV128_CONTEXT *dest, SIV128_CONTEXT *src);
-int CRYPTO_siv128_aad(SIV128_CONTEXT *ctx, const unsigned char *aad,
-                      size_t len);
-int CRYPTO_siv128_encrypt(SIV128_CONTEXT *ctx,
-                          const unsigned char *in, unsigned char *out,
-                          size_t len);
-int CRYPTO_siv128_decrypt(SIV128_CONTEXT *ctx,
-                          const unsigned char *in, unsigned char *out,
-                          size_t len);
-int CRYPTO_siv128_finish(SIV128_CONTEXT *ctx);
-int CRYPTO_siv128_set_tag(SIV128_CONTEXT *ctx, const unsigned char *tag, size_t len);
-int CRYPTO_siv128_get_tag(SIV128_CONTEXT *ctx, unsigned char *tag, size_t len);
-int CRYPTO_siv128_cleanup(SIV128_CONTEXT *ctx);
-int CRYPTO_siv128_speed(SIV128_CONTEXT *ctx, int arg);
-
-# endif                          /* OPENSSL_NO_SIV */
-
 # ifdef  __cplusplus
 }
 # endif
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 766c735b2f..40e80ffd55 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4609,17 +4609,17 @@ OPENSSL_version_build_metadata          4564	3_0_0	EXIST::FUNCTION:
 EVP_aes_128_siv                         4565	3_0_0	EXIST::FUNCTION:SIV
 EVP_aes_192_siv                         4566	3_0_0	EXIST::FUNCTION:SIV
 EVP_aes_256_siv                         4567	3_0_0	EXIST::FUNCTION:SIV
-CRYPTO_siv128_new                       4568	3_0_0	EXIST::FUNCTION:SIV
-CRYPTO_siv128_init                      4569	3_0_0	EXIST::FUNCTION:SIV
-CRYPTO_siv128_copy_ctx                  4570	3_0_0	EXIST::FUNCTION:SIV
-CRYPTO_siv128_aad                       4571	3_0_0	EXIST::FUNCTION:SIV
-CRYPTO_siv128_encrypt                   4572	3_0_0	EXIST::FUNCTION:SIV
-CRYPTO_siv128_decrypt                   4573	3_0_0	EXIST::FUNCTION:SIV
-CRYPTO_siv128_finish                    4574	3_0_0	EXIST::FUNCTION:SIV
-CRYPTO_siv128_set_tag                   4575	3_0_0	EXIST::FUNCTION:SIV
-CRYPTO_siv128_get_tag                   4576	3_0_0	EXIST::FUNCTION:SIV
-CRYPTO_siv128_cleanup                   4577	3_0_0	EXIST::FUNCTION:SIV
-CRYPTO_siv128_speed                     4578	3_0_0	EXIST::FUNCTION:SIV
+CRYPTO_siv128_new                       4568	3_0_0	NOEXIST::FUNCTION:SIV
+CRYPTO_siv128_init                      4569	3_0_0	NOEXIST::FUNCTION:SIV
+CRYPTO_siv128_copy_ctx                  4570	3_0_0	NOEXIST::FUNCTION:SIV
+CRYPTO_siv128_aad                       4571	3_0_0	NOEXIST::FUNCTION:SIV
+CRYPTO_siv128_encrypt                   4572	3_0_0	NOEXIST::FUNCTION:SIV
+CRYPTO_siv128_decrypt                   4573	3_0_0	NOEXIST::FUNCTION:SIV
+CRYPTO_siv128_finish                    4574	3_0_0	NOEXIST::FUNCTION:SIV
+CRYPTO_siv128_set_tag                   4575	3_0_0	NOEXIST::FUNCTION:SIV
+CRYPTO_siv128_get_tag                   4576	3_0_0	NOEXIST::FUNCTION:SIV
+CRYPTO_siv128_cleanup                   4577	3_0_0	NOEXIST::FUNCTION:SIV
+CRYPTO_siv128_speed                     4578	3_0_0	NOEXIST::FUNCTION:SIV
 OPENSSL_INIT_set_config_filename        4579	3_0_0	EXIST::FUNCTION:STDIO
 OPENSSL_INIT_set_config_file_flags      4580	3_0_0	EXIST::FUNCTION:STDIO
 ASYNC_WAIT_CTX_get_callback             4581	3_0_0	EXIST::FUNCTION:
-- 
2.34.1