Commit e9cf01be98 for openssl.org
commit e9cf01be98d7dc9bec575b5af0b668f53896f2c2
Author: Simo Sorce <simo@redhat.com>
Date: Wed Jun 10 17:55:57 2026 -0400
Convert AES CCM .inc files to separate .c files
The hardware-specific AES CCM implementations were previously included
directly as `.inc` files into `cipher_aes_ccm_hw.c`. This commit renames them
to standalone `.c` files and updates the build configuration, improving
modularity by treating them as separate compilation units.
Additionally, the `AES_HW_CCM_SET_KEY_FN` macro is replaced with a new
`ossl_cipher_set_ccm_aes_initkey` helper function. This reduces code
duplication, removes unsafe macro logic, and introduces proper error handling
during provider key initialization.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
MergeDate: Sat Jun 27 09:05:42 2026
(Merged from https://github.com/openssl/openssl/pull/31472)
diff --git a/providers/fips.module.sources b/providers/fips.module.sources
index 6a9058e66b..7b404dbece 100644
--- a/providers/fips.module.sources
+++ b/providers/fips.module.sources
@@ -660,7 +660,6 @@ providers/implementations/ciphers/cipher_aes_cbc_hmac_sha_etm.h
providers/implementations/ciphers/cipher_aes_ccm.c
providers/implementations/ciphers/cipher_aes_ccm.h
providers/implementations/ciphers/cipher_aes_ccm_hw.c
-providers/implementations/ciphers/cipher_aes_ccm_hw_aesni.inc
providers/implementations/ciphers/cipher_aes_cts.inc
providers/implementations/ciphers/cipher_aes_gcm.c
providers/implementations/ciphers/cipher_aes_gcm.h
diff --git a/providers/implementations/ciphers/build.info b/providers/implementations/ciphers/build.info
index 6f12c208c3..54e1a11469 100644
--- a/providers/implementations/ciphers/build.info
+++ b/providers/implementations/ciphers/build.info
@@ -111,7 +111,9 @@ SOURCE[$AES_GOAL]=\
cipher_aes_gcm_hw_armv8.c cipher_aes_gcm_hw_ppc.c \
cipher_aes_gcm_hw_rv32i.c cipher_aes_gcm_hw_rv64i.c \
cipher_aes_gcm_hw_s390x.c cipher_aes_gcm_hw_t4.c \
- cipher_aes_ccm.c cipher_aes_ccm_hw.c \
+ cipher_aes_ccm.c cipher_aes_ccm_hw.c cipher_aes_ccm_hw_aesni.c \
+ cipher_aes_ccm_hw_rv32i.c cipher_aes_ccm_hw_rv64i.c \
+ cipher_aes_ccm_hw_s390x.c cipher_aes_ccm_hw_t4.c \
cipher_aes_wrp.c \
cipher_aes_cbc_hmac_sha.c \
cipher_aes_cbc_hmac_sha256_hw.c cipher_aes_cbc_hmac_sha1_hw.c \
diff --git a/providers/implementations/ciphers/cipher_aes_ccm.h b/providers/implementations/ciphers/cipher_aes_ccm.h
index 6e4599fdbf..91495015a8 100644
--- a/providers/implementations/ciphers/cipher_aes_ccm.h
+++ b/providers/implementations/ciphers/cipher_aes_ccm.h
@@ -48,6 +48,27 @@ typedef struct prov_aes_ccm_ctx_st {
} ccm;
} PROV_AES_CCM_CTX;
+int ossl_cipher_set_ccm_aes_initkey(PROV_CCM_CTX *ctx,
+ const unsigned char *key, size_t keylen,
+ aes_set_encrypt_key_fn fn_set_key, aes_block128_f fn_block,
+ ccm128_f fn_ccm_enc, ccm128_f fn_ccm_dec);
+
const PROV_CCM_HW *ossl_prov_aes_hw_ccm(size_t keylen);
+#if defined(AESNI_CAPABLE)
+const PROV_CCM_HW *ossl_prov_aes_hw_ccm_aesni(size_t keybits);
+#endif
+#if defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 32
+const PROV_CCM_HW *ossl_prov_aes_hw_ccm_rv32i(size_t keybits);
+#endif
+#if defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64
+const PROV_CCM_HW *ossl_prov_aes_hw_ccm_rv64i(size_t keybits);
+#endif
+#if defined(S390X_aes_128_CAPABLE)
+const PROV_CCM_HW *ossl_prov_aes_hw_ccm_s390x(size_t keybits);
+#endif
+#if defined(SPARC_AES_CAPABLE)
+const PROV_CCM_HW *ossl_prov_aes_hw_ccm_t4(size_t keybits);
+#endif
+
#endif /* !defined(OSSL_PROVIDERS_IMPLEMENTATIONS_CIPHERS_CIPHER_AES_CCM_H) */
diff --git a/providers/implementations/ciphers/cipher_aes_ccm_hw.c b/providers/implementations/ciphers/cipher_aes_ccm_hw.c
index 8bc7586adc..8ee89a1bd6 100644
--- a/providers/implementations/ciphers/cipher_aes_ccm_hw.c
+++ b/providers/implementations/ciphers/cipher_aes_ccm_hw.c
@@ -14,37 +14,50 @@
* non-internal use) in order to implement provider AES ciphers.
*/
#include "internal/deprecated.h"
-
+#include <openssl/proverr.h>
#include "cipher_aes_ccm.h"
-#define AES_HW_CCM_SET_KEY_FN(fn_set_enc_key, fn_blk, fn_ccm_enc, fn_ccm_dec) \
- fn_set_enc_key(key, (int)(keylen * 8), &actx->ccm.ks.ks); \
- CRYPTO_ccm128_init(&ctx->ccm_ctx, (unsigned int)ctx->m, \
- (unsigned int)ctx->l, &actx->ccm.ks.ks, \
- (block128_f)fn_blk); \
- ctx->str = ctx->enc ? (ccm128_f)fn_ccm_enc : (ccm128_f)fn_ccm_dec; \
+int ossl_cipher_set_ccm_aes_initkey(PROV_CCM_CTX *ctx,
+ const unsigned char *key, size_t keylen,
+ aes_set_encrypt_key_fn fn_set_key, aes_block128_f fn_block,
+ ccm128_f fn_ccm_enc, ccm128_f fn_ccm_dec)
+{
+ PROV_AES_CCM_CTX *actx = (PROV_AES_CCM_CTX *)ctx;
+ AES_KEY *ks = &actx->ccm.ks.ks;
+
+ int ret = fn_set_key(key, (int)(keylen * 8), ks);
+ if (ret < 0) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SETUP_FAILED);
+ return 0;
+ }
+ CRYPTO_ccm128_init(&ctx->ccm_ctx, (unsigned int)ctx->m,
+ (unsigned int)ctx->l, ks, (block128_f)fn_block);
+
+ ctx->str = ctx->enc ? fn_ccm_enc : fn_ccm_dec;
ctx->key_set = 1;
+ return 1;
+}
+
static int ccm_generic_aes_initkey(PROV_CCM_CTX *ctx, const unsigned char *key,
size_t keylen)
{
- PROV_AES_CCM_CTX *actx = (PROV_AES_CCM_CTX *)ctx;
-
#ifdef HWAES_CAPABLE
if (HWAES_CAPABLE) {
- AES_HW_CCM_SET_KEY_FN(HWAES_set_encrypt_key, HWAES_encrypt, NULL, NULL);
- } else
-#endif /* HWAES_CAPABLE */
+ return ossl_cipher_set_ccm_aes_initkey(ctx, key, keylen,
+ HWAES_set_encrypt_key, HWAES_encrypt, NULL, NULL);
+ }
+#endif
#ifdef VPAES_CAPABLE
- if (VPAES_CAPABLE) {
- AES_HW_CCM_SET_KEY_FN(vpaes_set_encrypt_key, vpaes_encrypt, NULL, NULL);
- } else
-#endif
- {
- AES_HW_CCM_SET_KEY_FN(AES_set_encrypt_key, AES_encrypt, NULL, NULL)
+ if (VPAES_CAPABLE) {
+ return ossl_cipher_set_ccm_aes_initkey(ctx, key, keylen,
+ vpaes_set_encrypt_key, vpaes_encrypt, NULL, NULL);
}
- return 1;
+#endif
+
+ return ossl_cipher_set_ccm_aes_initkey(ctx, key, keylen,
+ AES_set_encrypt_key, AES_encrypt, NULL, NULL);
}
static const PROV_CCM_HW aes_ccm = {
@@ -56,19 +69,21 @@ static const PROV_CCM_HW aes_ccm = {
ossl_ccm_generic_gettag
};
-#if defined(S390X_aes_128_CAPABLE)
-#include "cipher_aes_ccm_hw_s390x.inc"
-#elif defined(AESNI_CAPABLE)
-#include "cipher_aes_ccm_hw_aesni.inc"
-#elif defined(SPARC_AES_CAPABLE)
-#include "cipher_aes_ccm_hw_t4.inc"
-#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64
-#include "cipher_aes_ccm_hw_rv64i.inc"
-#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 32
-#include "cipher_aes_ccm_hw_rv32i.inc"
-#else
const PROV_CCM_HW *ossl_prov_aes_hw_ccm(size_t keybits)
{
+ const PROV_CCM_HW *aes_ccm_hw = NULL;
+#if defined(AESNI_CAPABLE)
+ aes_ccm_hw = ossl_prov_aes_hw_ccm_aesni(keybits);
+#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 32
+ aes_ccm_hw = ossl_prov_aes_hw_ccm_rv32i(keybits);
+#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64
+ aes_ccm_hw = ossl_prov_aes_hw_ccm_rv64i(keybits);
+#elif defined(S390X_aes_128_CAPABLE)
+ aes_ccm_hw = ossl_prov_aes_hw_ccm_s390x(keybits);
+#elif defined(SPARC_AES_CAPABLE)
+ aes_ccm_hw = ossl_prov_aes_hw_ccm_t4(keybits);
+#endif
+ if (aes_ccm_hw != NULL)
+ return aes_ccm_hw;
return &aes_ccm;
}
-#endif
diff --git a/providers/implementations/ciphers/cipher_aes_ccm_hw_aesni.inc b/providers/implementations/ciphers/cipher_aes_ccm_hw_aesni.c
similarity index 59%
rename from providers/implementations/ciphers/cipher_aes_ccm_hw_aesni.inc
rename to providers/implementations/ciphers/cipher_aes_ccm_hw_aesni.c
index 579e5a3d4f..67644b324a 100644
--- a/providers/implementations/ciphers/cipher_aes_ccm_hw_aesni.inc
+++ b/providers/implementations/ciphers/cipher_aes_ccm_hw_aesni.c
@@ -9,18 +9,20 @@
/*-
* AES-NI support for AES CCM.
- * This file is included by cipher_aes_ccm_hw.c
+ * This file is used by cipher_aes_ccm_hw.c
*/
+#include "internal/deprecated.h"
+#include "cipher_aes_ccm.h"
+
+#if defined(AESNI_CAPABLE)
+
static int ccm_aesni_initkey(PROV_CCM_CTX *ctx, const unsigned char *key,
- size_t keylen)
+ size_t keylen)
{
- PROV_AES_CCM_CTX *actx = (PROV_AES_CCM_CTX *)ctx;
-
- AES_HW_CCM_SET_KEY_FN(aesni_set_encrypt_key, aesni_encrypt,
- aesni_ccm64_encrypt_blocks,
- aesni_ccm64_decrypt_blocks);
- return 1;
+ return ossl_cipher_set_ccm_aes_initkey(ctx, key, keylen,
+ aesni_set_encrypt_key, aesni_encrypt, aesni_ccm64_encrypt_blocks,
+ aesni_ccm64_decrypt_blocks);
}
static const PROV_CCM_HW aesni_ccm = {
@@ -32,7 +34,11 @@ static const PROV_CCM_HW aesni_ccm = {
ossl_ccm_generic_gettag
};
-const PROV_CCM_HW *ossl_prov_aes_hw_ccm(size_t keybits)
+const PROV_CCM_HW *ossl_prov_aes_hw_ccm_aesni(size_t keybits)
{
- return AESNI_CAPABLE ? &aesni_ccm : &aes_ccm;
+ if (AESNI_CAPABLE)
+ return &aesni_ccm;
+ return NULL;
}
+
+#endif
diff --git a/providers/implementations/ciphers/cipher_aes_ccm_hw_rv32i.inc b/providers/implementations/ciphers/cipher_aes_ccm_hw_rv32i.c
similarity index 67%
rename from providers/implementations/ciphers/cipher_aes_ccm_hw_rv32i.inc
rename to providers/implementations/ciphers/cipher_aes_ccm_hw_rv32i.c
index 7cfe0fc4ce..b2dfee5650 100644
--- a/providers/implementations/ciphers/cipher_aes_ccm_hw_rv32i.inc
+++ b/providers/implementations/ciphers/cipher_aes_ccm_hw_rv32i.c
@@ -9,27 +9,26 @@
/*-
* RISC-V 32 ZKND ZKNE support for AES CCM.
- * This file is included by cipher_aes_ccm_hw.c
+ * This file is used by cipher_aes_ccm_hw.c
*/
+#include "internal/deprecated.h"
+#include "cipher_aes_ccm.h"
+
+#if defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64
+
static int ccm_rv32i_zknd_zkne_initkey(PROV_CCM_CTX *ctx, const unsigned char *key,
- size_t keylen)
+ size_t keylen)
{
- PROV_AES_CCM_CTX *actx = (PROV_AES_CCM_CTX *)ctx;
-
- AES_HW_CCM_SET_KEY_FN(rv32i_zkne_set_encrypt_key, rv32i_zkne_encrypt,
- NULL, NULL);
- return 1;
+ return ossl_cipher_set_ccm_aes_initkey(ctx, key, keylen,
+ rv32i_zkne_set_encrypt_key, rv32i_zkne_encrypt, NULL, NULL);
}
static int ccm_rv32i_zbkb_zknd_zkne_initkey(PROV_CCM_CTX *ctx, const unsigned char *key,
- size_t keylen)
+ size_t keylen)
{
- PROV_AES_CCM_CTX *actx = (PROV_AES_CCM_CTX *)ctx;
-
- AES_HW_CCM_SET_KEY_FN(rv32i_zbkb_zkne_set_encrypt_key, rv32i_zkne_encrypt,
- NULL, NULL);
- return 1;
+ return ossl_cipher_set_ccm_aes_initkey(ctx, key, keylen,
+ rv32i_zbkb_zkne_set_encrypt_key, rv32i_zkne_encrypt, NULL, NULL);
}
static const PROV_CCM_HW rv32i_zknd_zkne_ccm = {
@@ -50,11 +49,13 @@ static const PROV_CCM_HW rv32i_zbkb_zknd_zkne_ccm = {
ossl_ccm_generic_gettag
};
-const PROV_CCM_HW *ossl_prov_aes_hw_ccm(size_t keybits)
+const PROV_CCM_HW *ossl_prov_aes_hw_ccm_rv32i(size_t keybits)
{
if (RISCV_HAS_ZBKB_AND_ZKND_AND_ZKNE())
return &rv32i_zbkb_zknd_zkne_ccm;
if (RISCV_HAS_ZKND_AND_ZKNE())
return &rv32i_zknd_zkne_ccm;
- return &aes_ccm;
+ return NULL;
}
+
+#endif
diff --git a/providers/implementations/ciphers/cipher_aes_ccm_hw_rv64i.inc b/providers/implementations/ciphers/cipher_aes_ccm_hw_rv64i.c
similarity index 63%
rename from providers/implementations/ciphers/cipher_aes_ccm_hw_rv64i.inc
rename to providers/implementations/ciphers/cipher_aes_ccm_hw_rv64i.c
index f2353bb3b8..506e286e77 100644
--- a/providers/implementations/ciphers/cipher_aes_ccm_hw_rv64i.inc
+++ b/providers/implementations/ciphers/cipher_aes_ccm_hw_rv64i.c
@@ -9,17 +9,19 @@
/*-
* RISC-V 64 ZKND ZKNE support for AES CCM.
- * This file is included by cipher_aes_ccm_hw.c
+ * This file is used by cipher_aes_ccm_hw.c
*/
-static int ccm_rv64i_zknd_zkne_initkey(PROV_CCM_CTX *ctx, const unsigned char *key,
- size_t keylen)
-{
- PROV_AES_CCM_CTX *actx = (PROV_AES_CCM_CTX *)ctx;
+#include "internal/deprecated.h"
+#include "cipher_aes_ccm.h"
+
+#if defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64
- AES_HW_CCM_SET_KEY_FN(rv64i_zkne_set_encrypt_key, rv64i_zkne_encrypt,
- NULL, NULL);
- return 1;
+static int ccm_rv64i_zknd_zkne_initkey(PROV_CCM_CTX *ctx,
+ const unsigned char *key, size_t keylen)
+{
+ return ossl_cipher_set_ccm_aes_initkey(ctx, key, keylen,
+ rv64i_zkne_set_encrypt_key, rv64i_zkne_encrypt, NULL, NULL);
}
static const PROV_CCM_HW rv64i_zknd_zkne_ccm = {
@@ -37,18 +39,16 @@ static const PROV_CCM_HW rv64i_zknd_zkne_ccm = {
*/
static int ccm_rv64i_zvkned_initkey(PROV_CCM_CTX *ctx, const unsigned char *key,
- size_t keylen)
+ size_t keylen)
{
- PROV_AES_CCM_CTX *actx = (PROV_AES_CCM_CTX *)ctx;
-
/* Zvkned only supports 128 and 256 bit keys for key schedule generation. */
if (keylen * 8 == 128 || keylen * 8 == 256) {
- AES_HW_CCM_SET_KEY_FN(rv64i_zvkned_set_encrypt_key, rv64i_zvkned_encrypt,
- NULL, NULL);
+ return ossl_cipher_set_ccm_aes_initkey(ctx, key, keylen,
+ rv64i_zvkned_set_encrypt_key, rv64i_zvkned_encrypt, NULL, NULL);
} else {
- AES_HW_CCM_SET_KEY_FN(AES_set_encrypt_key, rv64i_zvkned_encrypt, NULL, NULL)
+ return ossl_cipher_set_ccm_aes_initkey(ctx, key, keylen,
+ AES_set_encrypt_key, rv64i_zvkned_encrypt, NULL, NULL);
}
- return 1;
}
static const PROV_CCM_HW rv64i_zvkned_ccm = {
@@ -60,12 +60,13 @@ static const PROV_CCM_HW rv64i_zvkned_ccm = {
ossl_ccm_generic_gettag
};
-const PROV_CCM_HW *ossl_prov_aes_hw_ccm(size_t keybits)
+const PROV_CCM_HW *ossl_prov_aes_hw_ccm_rv64i(size_t keybits)
{
if (RISCV_HAS_ZVKNED() && riscv_vlen() >= 128)
return &rv64i_zvkned_ccm;
else if (RISCV_HAS_ZKND_AND_ZKNE())
return &rv64i_zknd_zkne_ccm;
else
- return &aes_ccm;
+ return NULL;
}
+#endif
diff --git a/providers/implementations/ciphers/cipher_aes_ccm_hw_s390x.inc b/providers/implementations/ciphers/cipher_aes_ccm_hw_s390x.c
similarity index 72%
rename from providers/implementations/ciphers/cipher_aes_ccm_hw_s390x.inc
rename to providers/implementations/ciphers/cipher_aes_ccm_hw_s390x.c
index 7253f03a7e..d79e2766bc 100644
--- a/providers/implementations/ciphers/cipher_aes_ccm_hw_s390x.inc
+++ b/providers/implementations/ciphers/cipher_aes_ccm_hw_s390x.c
@@ -9,13 +9,18 @@
/*-
* S390X support for AES CCM.
- * This file is included by cipher_aes_ccm_hw.c
+ * This file is used by cipher_aes_ccm_hw.c
*/
+#include "internal/deprecated.h"
+#include "cipher_aes_ccm.h"
+
+#if defined(S390X_aes_128_CAPABLE)
+
#define S390X_CCM_AAD_FLAG 0x40
static int s390x_aes_ccm_initkey(PROV_CCM_CTX *ctx,
- const unsigned char *key, size_t keylen)
+ const unsigned char *key, size_t keylen)
{
PROV_AES_CCM_CTX *sctx = (PROV_AES_CCM_CTX *)ctx;
@@ -23,7 +28,7 @@ static int s390x_aes_ccm_initkey(PROV_CCM_CTX *ctx,
memcpy(&sctx->ccm.s390x.kmac.k, key, keylen);
/* Store encoded m and l. */
sctx->ccm.s390x.nonce.b[0] = ((ctx->l - 1) & 0x7)
- | (((ctx->m - 2) >> 1) & 0x7) << 3;
+ | (((ctx->m - 2) >> 1) & 0x7) << 3;
memset(sctx->ccm.s390x.nonce.b + 1, 0, sizeof(sctx->ccm.s390x.nonce.b));
sctx->ccm.s390x.blocks = 0;
ctx->key_set = 1;
@@ -31,8 +36,8 @@ static int s390x_aes_ccm_initkey(PROV_CCM_CTX *ctx,
}
static int s390x_aes_ccm_setiv(PROV_CCM_CTX *ctx,
- const unsigned char *nonce, size_t noncelen,
- size_t mlen)
+ const unsigned char *nonce, size_t noncelen,
+ size_t mlen)
{
PROV_AES_CCM_CTX *sctx = (PROV_AES_CCM_CTX *)ctx;
@@ -46,7 +51,7 @@ static int s390x_aes_ccm_setiv(PROV_CCM_CTX *ctx,
* Process additional authenticated data. Code is big-endian.
*/
static int s390x_aes_ccm_setaad(PROV_CCM_CTX *ctx,
- const unsigned char *aad, size_t alen)
+ const unsigned char *aad, size_t alen)
{
PROV_AES_CCM_CTX *sctx = (PROV_AES_CCM_CTX *)ctx;
unsigned char *ptr;
@@ -64,7 +69,7 @@ static int s390x_aes_ccm_setaad(PROV_CCM_CTX *ctx,
*(uint16_t *)ptr = alen;
i = 2;
} else if (sizeof(alen) == 8
- && alen >= (size_t)1 << (32 % (sizeof(alen) * 8))) {
+ && alen >= (size_t)1 << (32 % (sizeof(alen) * 8))) {
*(uint16_t *)ptr = 0xffff;
*(uint64_t *)(ptr + 2) = alen;
i = 10;
@@ -88,7 +93,7 @@ static int s390x_aes_ccm_setaad(PROV_CCM_CTX *ctx,
sctx->ccm.s390x.kmac.icv.g[0] = 0;
sctx->ccm.s390x.kmac.icv.g[1] = 0;
s390x_kmac(sctx->ccm.s390x.nonce.b, 32, sctx->ccm.s390x.fc,
- &sctx->ccm.s390x.kmac);
+ &sctx->ccm.s390x.kmac);
sctx->ccm.s390x.blocks += 2;
rem = alen & 0xf;
@@ -103,8 +108,8 @@ static int s390x_aes_ccm_setaad(PROV_CCM_CTX *ctx,
sctx->ccm.s390x.kmac.icv.b[i] ^= aad[i];
s390x_km(sctx->ccm.s390x.kmac.icv.b, 16,
- sctx->ccm.s390x.kmac.icv.b, sctx->ccm.s390x.fc,
- sctx->ccm.s390x.kmac.k);
+ sctx->ccm.s390x.kmac.icv.b, sctx->ccm.s390x.fc,
+ sctx->ccm.s390x.kmac.k);
sctx->ccm.s390x.blocks++;
}
return 1;
@@ -115,8 +120,8 @@ static int s390x_aes_ccm_setaad(PROV_CCM_CTX *ctx,
* success.
*/
static int s390x_aes_ccm_auth_encdec(PROV_CCM_CTX *ctx,
- const unsigned char *in,
- unsigned char *out, size_t len, int enc)
+ const unsigned char *in,
+ unsigned char *out, size_t len, int enc)
{
PROV_AES_CCM_CTX *sctx = (PROV_AES_CCM_CTX *)ctx;
size_t n, rem;
@@ -126,7 +131,7 @@ static int s390x_aes_ccm_auth_encdec(PROV_CCM_CTX *ctx,
flags = sctx->ccm.s390x.nonce.b[0];
if (!(flags & S390X_CCM_AAD_FLAG)) {
s390x_km(sctx->ccm.s390x.nonce.b, 16, sctx->ccm.s390x.kmac.icv.b,
- sctx->ccm.s390x.fc, sctx->ccm.s390x.kmac.k);
+ sctx->ccm.s390x.fc, sctx->ccm.s390x.kmac.k);
sctx->ccm.s390x.blocks++;
}
l = flags & 0x7;
@@ -146,13 +151,13 @@ static int s390x_aes_ccm_auth_encdec(PROV_CCM_CTX *ctx,
sctx->ccm.s390x.nonce.b[15] = 1;
if (n != len)
- return 0; /* length mismatch */
+ return 0; /* length mismatch */
if (enc) {
/* Two operations per block plus one for tag encryption */
sctx->ccm.s390x.blocks += (((len + 15) >> 4) << 1) + 1;
if (sctx->ccm.s390x.blocks > (1ULL << 61))
- return 0; /* too much data */
+ return 0; /* too much data */
}
num = 0;
@@ -168,18 +173,18 @@ static int s390x_aes_ccm_auth_encdec(PROV_CCM_CTX *ctx,
sctx->ccm.s390x.kmac.icv.b[i] ^= in[len + i];
s390x_km(sctx->ccm.s390x.kmac.icv.b, 16,
- sctx->ccm.s390x.kmac.icv.b,
- sctx->ccm.s390x.fc, sctx->ccm.s390x.kmac.k);
+ sctx->ccm.s390x.kmac.icv.b,
+ sctx->ccm.s390x.fc, sctx->ccm.s390x.kmac.k);
}
CRYPTO_ctr128_encrypt_ctr32(in, out, len + rem, &sctx->ccm.ks.ks,
- sctx->ccm.s390x.nonce.b, sctx->ccm.s390x.buf.b,
- &num, (ctr128_f)AES_ctr32_encrypt);
+ sctx->ccm.s390x.nonce.b, sctx->ccm.s390x.buf.b,
+ &num, (ctr128_f)AES_ctr32_encrypt);
} else {
/* decrypt-then-mac */
CRYPTO_ctr128_encrypt_ctr32(in, out, len + rem, &sctx->ccm.ks.ks,
- sctx->ccm.s390x.nonce.b, sctx->ccm.s390x.buf.b,
- &num, (ctr128_f)AES_ctr32_encrypt);
+ sctx->ccm.s390x.nonce.b, sctx->ccm.s390x.buf.b,
+ &num, (ctr128_f)AES_ctr32_encrypt);
if (len)
s390x_kmac(out, len, sctx->ccm.s390x.fc, &sctx->ccm.s390x.kmac);
@@ -188,8 +193,8 @@ static int s390x_aes_ccm_auth_encdec(PROV_CCM_CTX *ctx,
sctx->ccm.s390x.kmac.icv.b[i] ^= out[len + i];
s390x_km(sctx->ccm.s390x.kmac.icv.b, 16,
- sctx->ccm.s390x.kmac.icv.b,
- sctx->ccm.s390x.fc, sctx->ccm.s390x.kmac.k);
+ sctx->ccm.s390x.kmac.icv.b,
+ sctx->ccm.s390x.fc, sctx->ccm.s390x.kmac.k);
}
}
/* encrypt tag */
@@ -197,17 +202,16 @@ static int s390x_aes_ccm_auth_encdec(PROV_CCM_CTX *ctx,
sctx->ccm.s390x.nonce.b[i] = 0;
s390x_km(sctx->ccm.s390x.nonce.b, 16, sctx->ccm.s390x.buf.b,
- sctx->ccm.s390x.fc, sctx->ccm.s390x.kmac.k);
+ sctx->ccm.s390x.fc, sctx->ccm.s390x.kmac.k);
sctx->ccm.s390x.kmac.icv.g[0] ^= sctx->ccm.s390x.buf.g[0];
sctx->ccm.s390x.kmac.icv.g[1] ^= sctx->ccm.s390x.buf.g[1];
- sctx->ccm.s390x.nonce.b[0] = flags; /* restore flags field */
+ sctx->ccm.s390x.nonce.b[0] = flags; /* restore flags field */
return 1;
}
-
static int s390x_aes_ccm_gettag(PROV_CCM_CTX *ctx,
- unsigned char *tag, size_t tlen)
+ unsigned char *tag, size_t tlen)
{
PROV_AES_CCM_CTX *sctx = (PROV_AES_CCM_CTX *)ctx;
@@ -218,9 +222,9 @@ static int s390x_aes_ccm_gettag(PROV_CCM_CTX *ctx,
}
static int s390x_aes_ccm_auth_encrypt(PROV_CCM_CTX *ctx,
- const unsigned char *in,
- unsigned char *out, size_t len,
- unsigned char *tag, size_t taglen)
+ const unsigned char *in,
+ unsigned char *out, size_t len,
+ unsigned char *tag, size_t taglen)
{
int rv;
@@ -231,10 +235,10 @@ static int s390x_aes_ccm_auth_encrypt(PROV_CCM_CTX *ctx,
}
static int s390x_aes_ccm_auth_decrypt(PROV_CCM_CTX *ctx,
- const unsigned char *in,
- unsigned char *out, size_t len,
- unsigned char *expected_tag,
- size_t taglen)
+ const unsigned char *in,
+ unsigned char *out, size_t len,
+ unsigned char *expected_tag,
+ size_t taglen)
{
int rv = 0;
PROV_AES_CCM_CTX *sctx = (PROV_AES_CCM_CTX *)ctx;
@@ -258,11 +262,12 @@ static const PROV_CCM_HW s390x_aes_ccm = {
s390x_aes_ccm_gettag
};
-const PROV_CCM_HW *ossl_prov_aes_hw_ccm(size_t keybits)
+const PROV_CCM_HW *ossl_prov_aes_hw_ccm_s390x(size_t keybits)
{
if ((keybits == 128 && S390X_aes_128_ccm_CAPABLE)
- || (keybits == 192 && S390X_aes_192_ccm_CAPABLE)
- || (keybits == 256 && S390X_aes_256_ccm_CAPABLE))
+ || (keybits == 192 && S390X_aes_192_ccm_CAPABLE)
+ || (keybits == 256 && S390X_aes_256_ccm_CAPABLE))
return &s390x_aes_ccm;
- return &aes_ccm;
+ return NULL;
}
+#endif
diff --git a/providers/implementations/ciphers/cipher_aes_ccm_hw_t4.inc b/providers/implementations/ciphers/cipher_aes_ccm_hw_t4.c
similarity index 62%
rename from providers/implementations/ciphers/cipher_aes_ccm_hw_t4.inc
rename to providers/implementations/ciphers/cipher_aes_ccm_hw_t4.c
index a676d411b5..981773760f 100644
--- a/providers/implementations/ciphers/cipher_aes_ccm_hw_t4.inc
+++ b/providers/implementations/ciphers/cipher_aes_ccm_hw_t4.c
@@ -9,16 +9,19 @@
/*-
* Fujitsu SPARC64 X support for AES CCM.
- * This file is included by cipher_aes_ccm_hw.c
+ * This file is used by cipher_aes_ccm_hw.c
*/
+#include "internal/deprecated.h"
+#include "cipher_aes_ccm.h"
+
+#if defined(SPARC_AES_CAPABLE)
+
static int ccm_t4_aes_initkey(PROV_CCM_CTX *ctx, const unsigned char *key,
- size_t keylen)
+ size_t keylen)
{
- PROV_AES_CCM_CTX *actx = (PROV_AES_CCM_CTX *)ctx;
-
- AES_HW_CCM_SET_KEY_FN(aes_t4_set_encrypt_key, aes_t4_encrypt, NULL, NULL);
- return 1;
+ return ossl_cipher_set_ccm_aes_initkey(ctx, key, keylen,
+ aes_t4_set_encrypt_key, aes_t4_encrypt, NULL, NULL);
}
static const PROV_CCM_HW t4_aes_ccm = {
@@ -30,7 +33,10 @@ static const PROV_CCM_HW t4_aes_ccm = {
ossl_ccm_generic_gettag
};
-const PROV_CCM_HW *ossl_prov_aes_hw_ccm(size_t keybits)
+const PROV_CCM_HW *ossl_prov_aes_hw_ccm_t4(size_t keybits)
{
- return SPARC_AES_CAPABLE ? &t4_aes_ccm : &aes_ccm;
+ if (SPARC_AES_CAPABLE)
+ return &t4_aes_ccm;
+ return NULL;
}
+#endif