OpenCoverage

e_aes.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/openssl/src/crypto/evp/e_aes.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/*-
2 * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.-
3 *-
4 * Licensed under the OpenSSL license (the "License"). You may not use-
5 * this file except in compliance with the License. You can obtain a copy-
6 * in the file LICENSE in the source distribution or at-
7 * https://www.openssl.org/source/license.html-
8 */-
9-
10#include <openssl/opensslconf.h>-
11#include <openssl/crypto.h>-
12#include <openssl/evp.h>-
13#include <openssl/err.h>-
14#include <string.h>-
15#include <assert.h>-
16#include <openssl/aes.h>-
17#include "internal/evp_int.h"-
18#include "modes_lcl.h"-
19#include <openssl/rand.h>-
20#include "evp_locl.h"-
21-
22typedef struct {-
23 union {-
24 double align;-
25 AES_KEY ks;-
26 } ks;-
27 block128_f block;-
28 union {-
29 cbc128_f cbc;-
30 ctr128_f ctr;-
31 } stream;-
32} EVP_AES_KEY;-
33-
34typedef struct {-
35 union {-
36 double align;-
37 AES_KEY ks;-
38 } ks; /* AES key schedule to use */-
39 int key_set; /* Set if key initialised */-
40 int iv_set; /* Set if an iv is set */-
41 GCM128_CONTEXT gcm;-
42 unsigned char *iv; /* Temporary IV store */-
43 int ivlen; /* IV length */-
44 int taglen;-
45 int iv_gen; /* It is OK to generate IVs */-
46 int tls_aad_len; /* TLS AAD length */-
47 uint64_t tls_enc_records; /* Number of TLS records encrypted */-
48 ctr128_f ctr;-
49} EVP_AES_GCM_CTX;-
50-
51typedef struct {-
52 union {-
53 double align;-
54 AES_KEY ks;-
55 } ks1, ks2; /* AES key schedules to use */-
56 XTS128_CONTEXT xts;-
57 void (*stream) (const unsigned char *in,-
58 unsigned char *out, size_t length,-
59 const AES_KEY *key1, const AES_KEY *key2,-
60 const unsigned char iv[16]);-
61} EVP_AES_XTS_CTX;-
62-
63typedef struct {-
64 union {-
65 double align;-
66 AES_KEY ks;-
67 } ks; /* AES key schedule to use */-
68 int key_set; /* Set if key initialised */-
69 int iv_set; /* Set if an iv is set */-
70 int tag_set; /* Set if tag is valid */-
71 int len_set; /* Set if message length set */-
72 int L, M; /* L and M parameters from RFC3610 */-
73 int tls_aad_len; /* TLS AAD length */-
74 CCM128_CONTEXT ccm;-
75 ccm128_f str;-
76} EVP_AES_CCM_CTX;-
77-
78#ifndef OPENSSL_NO_OCB-
79typedef struct {-
80 union {-
81 double align;-
82 AES_KEY ks;-
83 } ksenc; /* AES key schedule to use for encryption */-
84 union {-
85 double align;-
86 AES_KEY ks;-
87 } ksdec; /* AES key schedule to use for decryption */-
88 int key_set; /* Set if key initialised */-
89 int iv_set; /* Set if an iv is set */-
90 OCB128_CONTEXT ocb;-
91 unsigned char *iv; /* Temporary IV store */-
92 unsigned char tag[16];-
93 unsigned char data_buf[16]; /* Store partial data blocks */-
94 unsigned char aad_buf[16]; /* Store partial AAD blocks */-
95 int data_buf_len;-
96 int aad_buf_len;-
97 int ivlen; /* IV length */-
98 int taglen;-
99} EVP_AES_OCB_CTX;-
100#endif-
101-
102#define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4))-
103-
104#ifdef VPAES_ASM-
105int vpaes_set_encrypt_key(const unsigned char *userKey, int bits,-
106 AES_KEY *key);-
107int vpaes_set_decrypt_key(const unsigned char *userKey, int bits,-
108 AES_KEY *key);-
109-
110void vpaes_encrypt(const unsigned char *in, unsigned char *out,-
111 const AES_KEY *key);-
112void vpaes_decrypt(const unsigned char *in, unsigned char *out,-
113 const AES_KEY *key);-
114-
115void vpaes_cbc_encrypt(const unsigned char *in,-
116 unsigned char *out,-
117 size_t length,-
118 const AES_KEY *key, unsigned char *ivec, int enc);-
119#endif-
120#ifdef BSAES_ASM-
121void bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out,-
122 size_t length, const AES_KEY *key,-
123 unsigned char ivec[16], int enc);-
124void bsaes_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,-
125 size_t len, const AES_KEY *key,-
126 const unsigned char ivec[16]);-
127void bsaes_xts_encrypt(const unsigned char *inp, unsigned char *out,-
128 size_t len, const AES_KEY *key1,-
129 const AES_KEY *key2, const unsigned char iv[16]);-
130void bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out,-
131 size_t len, const AES_KEY *key1,-
132 const AES_KEY *key2, const unsigned char iv[16]);-
133#endif-
134#ifdef AES_CTR_ASM-
135void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,-
136 size_t blocks, const AES_KEY *key,-
137 const unsigned char ivec[AES_BLOCK_SIZE]);-
138#endif-
139#ifdef AES_XTS_ASM-
140void AES_xts_encrypt(const unsigned char *inp, unsigned char *out, size_t len,-
141 const AES_KEY *key1, const AES_KEY *key2,-
142 const unsigned char iv[16]);-
143void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len,-
144 const AES_KEY *key1, const AES_KEY *key2,-
145 const unsigned char iv[16]);-
146#endif-
147-
148/* increment counter (64-bit int) by 1 */-
149static void ctr64_inc(unsigned char *counter)-
150{-
151 int n = 8;-
152 unsigned char c;-
153-
154 do {-
155 --n;-
156 c = counter[n];-
157 ++c;-
158 counter[n] = c;-
159 if (c)
cDescription
TRUEevaluated 2743 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 9 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
9-2743
160 return;
executed 2743 times by 1 test: return;
Executed by:
  • libcrypto.so.1.1
2743
161 } while (n);
executed 9 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
nDescription
TRUEevaluated 9 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-9
162}
never executed: end of block
0
163-
164#if defined(OPENSSL_CPUID_OBJ) && (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC))-
165# include "ppc_arch.h"-
166# ifdef VPAES_ASM-
167# define VPAES_CAPABLE (OPENSSL_ppccap_P & PPC_ALTIVEC)-
168# endif-
169# define HWAES_CAPABLE (OPENSSL_ppccap_P & PPC_CRYPTO207)-
170# define HWAES_set_encrypt_key aes_p8_set_encrypt_key-
171# define HWAES_set_decrypt_key aes_p8_set_decrypt_key-
172# define HWAES_encrypt aes_p8_encrypt-
173# define HWAES_decrypt aes_p8_decrypt-
174# define HWAES_cbc_encrypt aes_p8_cbc_encrypt-
175# define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks-
176# define HWAES_xts_encrypt aes_p8_xts_encrypt-
177# define HWAES_xts_decrypt aes_p8_xts_decrypt-
178#endif-
179-
180#if defined(AES_ASM) && !defined(I386_ONLY) && ( \-
181 ((defined(__i386) || defined(__i386__) || \-
182 defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \-
183 defined(__x86_64) || defined(__x86_64__) || \-
184 defined(_M_AMD64) || defined(_M_X64) )-
185-
186extern unsigned int OPENSSL_ia32cap_P[];-
187-
188# ifdef VPAES_ASM-
189# define VPAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32)))-
190# endif-
191# ifdef BSAES_ASM-
192# define BSAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32)))-
193# endif-
194/*-
195 * AES-NI section-
196 */-
197# define AESNI_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(57-32)))-
198-
199int aesni_set_encrypt_key(const unsigned char *userKey, int bits,-
200 AES_KEY *key);-
201int aesni_set_decrypt_key(const unsigned char *userKey, int bits,-
202 AES_KEY *key);-
203-
204void aesni_encrypt(const unsigned char *in, unsigned char *out,-
205 const AES_KEY *key);-
206void aesni_decrypt(const unsigned char *in, unsigned char *out,-
207 const AES_KEY *key);-
208-
209void aesni_ecb_encrypt(const unsigned char *in,-
210 unsigned char *out,-
211 size_t length, const AES_KEY *key, int enc);-
212void aesni_cbc_encrypt(const unsigned char *in,-
213 unsigned char *out,-
214 size_t length,-
215 const AES_KEY *key, unsigned char *ivec, int enc);-
216-
217void aesni_ctr32_encrypt_blocks(const unsigned char *in,-
218 unsigned char *out,-
219 size_t blocks,-
220 const void *key, const unsigned char *ivec);-
221-
222void aesni_xts_encrypt(const unsigned char *in,-
223 unsigned char *out,-
224 size_t length,-
225 const AES_KEY *key1, const AES_KEY *key2,-
226 const unsigned char iv[16]);-
227-
228void aesni_xts_decrypt(const unsigned char *in,-
229 unsigned char *out,-
230 size_t length,-
231 const AES_KEY *key1, const AES_KEY *key2,-
232 const unsigned char iv[16]);-
233-
234void aesni_ccm64_encrypt_blocks(const unsigned char *in,-
235 unsigned char *out,-
236 size_t blocks,-
237 const void *key,-
238 const unsigned char ivec[16],-
239 unsigned char cmac[16]);-
240-
241void aesni_ccm64_decrypt_blocks(const unsigned char *in,-
242 unsigned char *out,-
243 size_t blocks,-
244 const void *key,-
245 const unsigned char ivec[16],-
246 unsigned char cmac[16]);-
247-
248# if defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)-
249size_t aesni_gcm_encrypt(const unsigned char *in,-
250 unsigned char *out,-
251 size_t len,-
252 const void *key, unsigned char ivec[16], u64 *Xi);-
253# define AES_gcm_encrypt aesni_gcm_encrypt-
254size_t aesni_gcm_decrypt(const unsigned char *in,-
255 unsigned char *out,-
256 size_t len,-
257 const void *key, unsigned char ivec[16], u64 *Xi);-
258# define AES_gcm_decrypt aesni_gcm_decrypt-
259void gcm_ghash_avx(u64 Xi[2], const u128 Htable[16], const u8 *in,-
260 size_t len);-
261# define AES_GCM_ASM(gctx) (gctx->ctr==aesni_ctr32_encrypt_blocks && \-
262 gctx->gcm.ghash==gcm_ghash_avx)-
263# define AES_GCM_ASM2(gctx) (gctx->gcm.block==(block128_f)aesni_encrypt && \-
264 gctx->gcm.ghash==gcm_ghash_avx)-
265# undef AES_GCM_ASM2 /* minor size optimization */-
266# endif-
267-
268static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,-
269 const unsigned char *iv, int enc)-
270{-
271 int ret, mode;-
272 EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);-
273-
274 mode = EVP_CIPHER_CTX_mode(ctx);-
275 if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
mode == 0x1Description
TRUEnever evaluated
FALSEnever evaluated
mode == 0x2Description
TRUEnever evaluated
FALSEnever evaluated
0
276 && !enc) {
!encDescription
TRUEnever evaluated
FALSEnever evaluated
0
277 ret = aesni_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,-
278 &dat->ks.ks);-
279 dat->block = (block128_f) aesni_decrypt;-
280 dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
mode == 0x2Description
TRUEnever evaluated
FALSEnever evaluated
0
281 (cbc128_f) aesni_cbc_encrypt : NULL;-
282 } else {
never executed: end of block
0
283 ret = aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,-
284 &dat->ks.ks);-
285 dat->block = (block128_f) aesni_encrypt;-
286 if (mode == EVP_CIPH_CBC_MODE)
mode == 0x2Description
TRUEnever evaluated
FALSEnever evaluated
0
287 dat->stream.cbc = (cbc128_f) aesni_cbc_encrypt;
never executed: dat->stream.cbc = (cbc128_f) aesni_cbc_encrypt;
0
288 else if (mode == EVP_CIPH_CTR_MODE)
mode == 0x5Description
TRUEnever evaluated
FALSEnever evaluated
0
289 dat->stream.ctr = (ctr128_f) aesni_ctr32_encrypt_blocks;
never executed: dat->stream.ctr = (ctr128_f) aesni_ctr32_encrypt_blocks;
0
290 else-
291 dat->stream.cbc = NULL;
never executed: dat->stream.cbc = ((void *)0) ;
0
292 }-
293-
294 if (ret < 0) {
ret < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
295 EVPerr(EVP_F_AESNI_INIT_KEY, EVP_R_AES_KEY_SETUP_FAILED);-
296 return 0;
never executed: return 0;
0
297 }-
298-
299 return 1;
never executed: return 1;
0
300}-
301-
302static int aesni_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
303 const unsigned char *in, size_t len)-
304{-
305 aesni_cbc_encrypt(in, out, len, &EVP_C_DATA(EVP_AES_KEY,ctx)->ks.ks,-
306 EVP_CIPHER_CTX_iv_noconst(ctx),-
307 EVP_CIPHER_CTX_encrypting(ctx));-
308-
309 return 1;
never executed: return 1;
0
310}-
311-
312static int aesni_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
313 const unsigned char *in, size_t len)-
314{-
315 size_t bl = EVP_CIPHER_CTX_block_size(ctx);-
316-
317 if (len < bl)
len < blDescription
TRUEnever evaluated
FALSEnever evaluated
0
318 return 1;
never executed: return 1;
0
319-
320 aesni_ecb_encrypt(in, out, len, &EVP_C_DATA(EVP_AES_KEY,ctx)->ks.ks,-
321 EVP_CIPHER_CTX_encrypting(ctx));-
322-
323 return 1;
never executed: return 1;
0
324}-
325-
326# define aesni_ofb_cipher aes_ofb_cipher-
327static int aesni_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
328 const unsigned char *in, size_t len);-
329-
330# define aesni_cfb_cipher aes_cfb_cipher-
331static int aesni_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
332 const unsigned char *in, size_t len);-
333-
334# define aesni_cfb8_cipher aes_cfb8_cipher-
335static int aesni_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
336 const unsigned char *in, size_t len);-
337-
338# define aesni_cfb1_cipher aes_cfb1_cipher-
339static int aesni_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
340 const unsigned char *in, size_t len);-
341-
342# define aesni_ctr_cipher aes_ctr_cipher-
343static int aesni_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
344 const unsigned char *in, size_t len);-
345-
346static int aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,-
347 const unsigned char *iv, int enc)-
348{-
349 EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);-
350 if (!iv && !key)
!ivDescription
TRUEnever evaluated
FALSEnever evaluated
!keyDescription
TRUEnever evaluated
FALSEnever evaluated
0
351 return 1;
never executed: return 1;
0
352 if (key) {
keyDescription
TRUEnever evaluated
FALSEnever evaluated
0
353 aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,-
354 &gctx->ks.ks);-
355 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f) aesni_encrypt);-
356 gctx->ctr = (ctr128_f) aesni_ctr32_encrypt_blocks;-
357 /*-
358 * If we have an iv can set it directly, otherwise use saved IV.-
359 */-
360 if (iv == NULL && gctx->iv_set)
iv == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
gctx->iv_setDescription
TRUEnever evaluated
FALSEnever evaluated
0
361 iv = gctx->iv;
never executed: iv = gctx->iv;
0
362 if (iv) {
ivDescription
TRUEnever evaluated
FALSEnever evaluated
0
363 CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);-
364 gctx->iv_set = 1;-
365 }
never executed: end of block
0
366 gctx->key_set = 1;-
367 } else {
never executed: end of block
0
368 /* If key set use IV, otherwise copy */-
369 if (gctx->key_set)
gctx->key_setDescription
TRUEnever evaluated
FALSEnever evaluated
0
370 CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
never executed: CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
0
371 else-
372 memcpy(gctx->iv, iv, gctx->ivlen);
never executed: memcpy(gctx->iv, iv, gctx->ivlen);
0
373 gctx->iv_set = 1;-
374 gctx->iv_gen = 0;-
375 }
never executed: end of block
0
376 return 1;
never executed: return 1;
0
377}-
378-
379# define aesni_gcm_cipher aes_gcm_cipher-
380static int aesni_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
381 const unsigned char *in, size_t len);-
382-
383static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,-
384 const unsigned char *iv, int enc)-
385{-
386 EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx);-
387 if (!iv && !key)
!ivDescription
TRUEnever evaluated
FALSEnever evaluated
!keyDescription
TRUEnever evaluated
FALSEnever evaluated
0
388 return 1;
never executed: return 1;
0
389-
390 if (key) {
keyDescription
TRUEnever evaluated
FALSEnever evaluated
0
391 /* key_len is two AES keys */-
392 if (enc) {
encDescription
TRUEnever evaluated
FALSEnever evaluated
0
393 aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4,-
394 &xctx->ks1.ks);-
395 xctx->xts.block1 = (block128_f) aesni_encrypt;-
396 xctx->stream = aesni_xts_encrypt;-
397 } else {
never executed: end of block
0
398 aesni_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4,-
399 &xctx->ks1.ks);-
400 xctx->xts.block1 = (block128_f) aesni_decrypt;-
401 xctx->stream = aesni_xts_decrypt;-
402 }
never executed: end of block
0
403-
404 aesni_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2,-
405 EVP_CIPHER_CTX_key_length(ctx) * 4,-
406 &xctx->ks2.ks);-
407 xctx->xts.block2 = (block128_f) aesni_encrypt;-
408-
409 xctx->xts.key1 = &xctx->ks1;-
410 }
never executed: end of block
0
411-
412 if (iv) {
ivDescription
TRUEnever evaluated
FALSEnever evaluated
0
413 xctx->xts.key2 = &xctx->ks2;-
414 memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 16);-
415 }
never executed: end of block
0
416-
417 return 1;
never executed: return 1;
0
418}-
419-
420# define aesni_xts_cipher aes_xts_cipher-
421static int aesni_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
422 const unsigned char *in, size_t len);-
423-
424static int aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,-
425 const unsigned char *iv, int enc)-
426{-
427 EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx);-
428 if (!iv && !key)
!ivDescription
TRUEnever evaluated
FALSEnever evaluated
!keyDescription
TRUEnever evaluated
FALSEnever evaluated
0
429 return 1;
never executed: return 1;
0
430 if (key) {
keyDescription
TRUEnever evaluated
FALSEnever evaluated
0
431 aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,-
432 &cctx->ks.ks);-
433 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,-
434 &cctx->ks, (block128_f) aesni_encrypt);-
435 cctx->str = enc ? (ccm128_f) aesni_ccm64_encrypt_blocks :
encDescription
TRUEnever evaluated
FALSEnever evaluated
0
436 (ccm128_f) aesni_ccm64_decrypt_blocks;-
437 cctx->key_set = 1;-
438 }
never executed: end of block
0
439 if (iv) {
ivDescription
TRUEnever evaluated
FALSEnever evaluated
0
440 memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L);-
441 cctx->iv_set = 1;-
442 }
never executed: end of block
0
443 return 1;
never executed: return 1;
0
444}-
445-
446# define aesni_ccm_cipher aes_ccm_cipher-
447static int aesni_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
448 const unsigned char *in, size_t len);-
449-
450# ifndef OPENSSL_NO_OCB-
451void aesni_ocb_encrypt(const unsigned char *in, unsigned char *out,-
452 size_t blocks, const void *key,-
453 size_t start_block_num,-
454 unsigned char offset_i[16],-
455 const unsigned char L_[][16],-
456 unsigned char checksum[16]);-
457void aesni_ocb_decrypt(const unsigned char *in, unsigned char *out,-
458 size_t blocks, const void *key,-
459 size_t start_block_num,-
460 unsigned char offset_i[16],-
461 const unsigned char L_[][16],-
462 unsigned char checksum[16]);-
463-
464static int aesni_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,-
465 const unsigned char *iv, int enc)-
466{-
467 EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx);-
468 if (!iv && !key)
!ivDescription
TRUEnever evaluated
FALSEnever evaluated
!keyDescription
TRUEnever evaluated
FALSEnever evaluated
0
469 return 1;
never executed: return 1;
0
470 if (key) {
keyDescription
TRUEnever evaluated
FALSEnever evaluated
0
471 do {-
472 /*-
473 * We set both the encrypt and decrypt key here because decrypt-
474 * needs both. We could possibly optimise to remove setting the-
475 * decrypt for an encryption operation.-
476 */-
477 aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,-
478 &octx->ksenc.ks);-
479 aesni_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,-
480 &octx->ksdec.ks);-
481 if (!CRYPTO_ocb128_init(&octx->ocb,
!CRYPTO_ocb128...i_ocb_decrypt)Description
TRUEnever evaluated
FALSEnever evaluated
0
482 &octx->ksenc.ks, &octx->ksdec.ks,
!CRYPTO_ocb128...i_ocb_decrypt)Description
TRUEnever evaluated
FALSEnever evaluated
0
483 (block128_f) aesni_encrypt,
!CRYPTO_ocb128...i_ocb_decrypt)Description
TRUEnever evaluated
FALSEnever evaluated
0
484 (block128_f) aesni_decrypt,
!CRYPTO_ocb128...i_ocb_decrypt)Description
TRUEnever evaluated
FALSEnever evaluated
0
485 enc ? aesni_ocb_encrypt
!CRYPTO_ocb128...i_ocb_decrypt)Description
TRUEnever evaluated
FALSEnever evaluated
0
486 : aesni_ocb_decrypt))
!CRYPTO_ocb128...i_ocb_decrypt)Description
TRUEnever evaluated
FALSEnever evaluated
0
487 return 0;
never executed: return 0;
0
488 }-
489 while (0);-
490-
491 /*-
492 * If we have an iv we can set it directly, otherwise use saved IV.-
493 */-
494 if (iv == NULL && octx->iv_set)
iv == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
octx->iv_setDescription
TRUEnever evaluated
FALSEnever evaluated
0
495 iv = octx->iv;
never executed: iv = octx->iv;
0
496 if (iv) {
ivDescription
TRUEnever evaluated
FALSEnever evaluated
0
497 if (CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen)
CRYPTO_ocb128_...->taglen) != 1Description
TRUEnever evaluated
FALSEnever evaluated
0
498 != 1)
CRYPTO_ocb128_...->taglen) != 1Description
TRUEnever evaluated
FALSEnever evaluated
0
499 return 0;
never executed: return 0;
0
500 octx->iv_set = 1;-
501 }
never executed: end of block
0
502 octx->key_set = 1;-
503 } else {
never executed: end of block
0
504 /* If key set use IV, otherwise copy */-
505 if (octx->key_set)
octx->key_setDescription
TRUEnever evaluated
FALSEnever evaluated
0
506 CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen);
never executed: CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen);
0
507 else-
508 memcpy(octx->iv, iv, octx->ivlen);
never executed: memcpy(octx->iv, iv, octx->ivlen);
0
509 octx->iv_set = 1;-
510 }
never executed: end of block
0
511 return 1;
never executed: return 1;
0
512}-
513-
514# define aesni_ocb_cipher aes_ocb_cipher-
515static int aesni_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
516 const unsigned char *in, size_t len);-
517# endif /* OPENSSL_NO_OCB */-
518-
519# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \-
520static const EVP_CIPHER aesni_##keylen##_##mode = { \-
521 nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \-
522 flags|EVP_CIPH_##MODE##_MODE, \-
523 aesni_init_key, \-
524 aesni_##mode##_cipher, \-
525 NULL, \-
526 sizeof(EVP_AES_KEY), \-
527 NULL,NULL,NULL,NULL }; \-
528static const EVP_CIPHER aes_##keylen##_##mode = { \-
529 nid##_##keylen##_##nmode,blocksize, \-
530 keylen/8,ivlen, \-
531 flags|EVP_CIPH_##MODE##_MODE, \-
532 aes_init_key, \-
533 aes_##mode##_cipher, \-
534 NULL, \-
535 sizeof(EVP_AES_KEY), \-
536 NULL,NULL,NULL,NULL }; \-
537const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \-
538{ return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; }-
539-
540# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \-
541static const EVP_CIPHER aesni_##keylen##_##mode = { \-
542 nid##_##keylen##_##mode,blocksize, \-
543 (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \-
544 flags|EVP_CIPH_##MODE##_MODE, \-
545 aesni_##mode##_init_key, \-
546 aesni_##mode##_cipher, \-
547 aes_##mode##_cleanup, \-
548 sizeof(EVP_AES_##MODE##_CTX), \-
549 NULL,NULL,aes_##mode##_ctrl,NULL }; \-
550static const EVP_CIPHER aes_##keylen##_##mode = { \-
551 nid##_##keylen##_##mode,blocksize, \-
552 (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \-
553 flags|EVP_CIPH_##MODE##_MODE, \-
554 aes_##mode##_init_key, \-
555 aes_##mode##_cipher, \-
556 aes_##mode##_cleanup, \-
557 sizeof(EVP_AES_##MODE##_CTX), \-
558 NULL,NULL,aes_##mode##_ctrl,NULL }; \-
559const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \-
560{ return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; }-
561-
562#elif defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))-
563-
564# include "sparc_arch.h"-
565-
566extern unsigned int OPENSSL_sparcv9cap_P[];-
567-
568/*-
569 * Initial Fujitsu SPARC64 X support-
570 */-
571# define HWAES_CAPABLE (OPENSSL_sparcv9cap_P[0] & SPARCV9_FJAESX)-
572# define HWAES_set_encrypt_key aes_fx_set_encrypt_key-
573# define HWAES_set_decrypt_key aes_fx_set_decrypt_key-
574# define HWAES_encrypt aes_fx_encrypt-
575# define HWAES_decrypt aes_fx_decrypt-
576# define HWAES_cbc_encrypt aes_fx_cbc_encrypt-
577# define HWAES_ctr32_encrypt_blocks aes_fx_ctr32_encrypt_blocks-
578-
579# define SPARC_AES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_AES)-
580-
581void aes_t4_set_encrypt_key(const unsigned char *key, int bits, AES_KEY *ks);-
582void aes_t4_set_decrypt_key(const unsigned char *key, int bits, AES_KEY *ks);-
583void aes_t4_encrypt(const unsigned char *in, unsigned char *out,-
584 const AES_KEY *key);-
585void aes_t4_decrypt(const unsigned char *in, unsigned char *out,-
586 const AES_KEY *key);-
587/*-
588 * Key-length specific subroutines were chosen for following reason.-
589 * Each SPARC T4 core can execute up to 8 threads which share core's-
590 * resources. Loading as much key material to registers allows to-
591 * minimize references to shared memory interface, as well as amount-
592 * of instructions in inner loops [much needed on T4]. But then having-
593 * non-key-length specific routines would require conditional branches-
594 * either in inner loops or on subroutines' entries. Former is hardly-
595 * acceptable, while latter means code size increase to size occupied-
596 * by multiple key-length specific subroutines, so why fight?-
597 */-
598void aes128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,-
599 size_t len, const AES_KEY *key,-
600 unsigned char *ivec);-
601void aes128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,-
602 size_t len, const AES_KEY *key,-
603 unsigned char *ivec);-
604void aes192_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,-
605 size_t len, const AES_KEY *key,-
606 unsigned char *ivec);-
607void aes192_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,-
608 size_t len, const AES_KEY *key,-
609 unsigned char *ivec);-
610void aes256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,-
611 size_t len, const AES_KEY *key,-
612 unsigned char *ivec);-
613void aes256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,-
614 size_t len, const AES_KEY *key,-
615 unsigned char *ivec);-
616void aes128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,-
617 size_t blocks, const AES_KEY *key,-
618 unsigned char *ivec);-
619void aes192_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,-
620 size_t blocks, const AES_KEY *key,-
621 unsigned char *ivec);-
622void aes256_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,-
623 size_t blocks, const AES_KEY *key,-
624 unsigned char *ivec);-
625void aes128_t4_xts_encrypt(const unsigned char *in, unsigned char *out,-
626 size_t blocks, const AES_KEY *key1,-
627 const AES_KEY *key2, const unsigned char *ivec);-
628void aes128_t4_xts_decrypt(const unsigned char *in, unsigned char *out,-
629 size_t blocks, const AES_KEY *key1,-
630 const AES_KEY *key2, const unsigned char *ivec);-
631void aes256_t4_xts_encrypt(const unsigned char *in, unsigned char *out,-
632 size_t blocks, const AES_KEY *key1,-
633 const AES_KEY *key2, const unsigned char *ivec);-
634void aes256_t4_xts_decrypt(const unsigned char *in, unsigned char *out,-
635 size_t blocks, const AES_KEY *key1,-
636 const AES_KEY *key2, const unsigned char *ivec);-
637-
638static int aes_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,-
639 const unsigned char *iv, int enc)-
640{-
641 int ret, mode, bits;-
642 EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);-
643-
644 mode = EVP_CIPHER_CTX_mode(ctx);-
645 bits = EVP_CIPHER_CTX_key_length(ctx) * 8;-
646 if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)-
647 && !enc) {-
648 ret = 0;-
649 aes_t4_set_decrypt_key(key, bits, &dat->ks.ks);-
650 dat->block = (block128_f) aes_t4_decrypt;-
651 switch (bits) {-
652 case 128:-
653 dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?-
654 (cbc128_f) aes128_t4_cbc_decrypt : NULL;-
655 break;-
656 case 192:-
657 dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?-
658 (cbc128_f) aes192_t4_cbc_decrypt : NULL;-
659 break;-
660 case 256:-
661 dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?-
662 (cbc128_f) aes256_t4_cbc_decrypt : NULL;-
663 break;-
664 default:-
665 ret = -1;-
666 }-
667 } else {-
668 ret = 0;-
669 aes_t4_set_encrypt_key(key, bits, &dat->ks.ks);-
670 dat->block = (block128_f) aes_t4_encrypt;-
671 switch (bits) {-
672 case 128:-
673 if (mode == EVP_CIPH_CBC_MODE)-
674 dat->stream.cbc = (cbc128_f) aes128_t4_cbc_encrypt;-
675 else if (mode == EVP_CIPH_CTR_MODE)-
676 dat->stream.ctr = (ctr128_f) aes128_t4_ctr32_encrypt;-
677 else-
678 dat->stream.cbc = NULL;-
679 break;-
680 case 192:-
681 if (mode == EVP_CIPH_CBC_MODE)-
682 dat->stream.cbc = (cbc128_f) aes192_t4_cbc_encrypt;-
683 else if (mode == EVP_CIPH_CTR_MODE)-
684 dat->stream.ctr = (ctr128_f) aes192_t4_ctr32_encrypt;-
685 else-
686 dat->stream.cbc = NULL;-
687 break;-
688 case 256:-
689 if (mode == EVP_CIPH_CBC_MODE)-
690 dat->stream.cbc = (cbc128_f) aes256_t4_cbc_encrypt;-
691 else if (mode == EVP_CIPH_CTR_MODE)-
692 dat->stream.ctr = (ctr128_f) aes256_t4_ctr32_encrypt;-
693 else-
694 dat->stream.cbc = NULL;-
695 break;-
696 default:-
697 ret = -1;-
698 }-
699 }-
700-
701 if (ret < 0) {-
702 EVPerr(EVP_F_AES_T4_INIT_KEY, EVP_R_AES_KEY_SETUP_FAILED);-
703 return 0;-
704 }-
705-
706 return 1;-
707}-
708-
709# define aes_t4_cbc_cipher aes_cbc_cipher-
710static int aes_t4_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
711 const unsigned char *in, size_t len);-
712-
713# define aes_t4_ecb_cipher aes_ecb_cipher-
714static int aes_t4_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
715 const unsigned char *in, size_t len);-
716-
717# define aes_t4_ofb_cipher aes_ofb_cipher-
718static int aes_t4_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
719 const unsigned char *in, size_t len);-
720-
721# define aes_t4_cfb_cipher aes_cfb_cipher-
722static int aes_t4_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
723 const unsigned char *in, size_t len);-
724-
725# define aes_t4_cfb8_cipher aes_cfb8_cipher-
726static int aes_t4_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
727 const unsigned char *in, size_t len);-
728-
729# define aes_t4_cfb1_cipher aes_cfb1_cipher-
730static int aes_t4_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
731 const unsigned char *in, size_t len);-
732-
733# define aes_t4_ctr_cipher aes_ctr_cipher-
734static int aes_t4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
735 const unsigned char *in, size_t len);-
736-
737static int aes_t4_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,-
738 const unsigned char *iv, int enc)-
739{-
740 EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);-
741 if (!iv && !key)-
742 return 1;-
743 if (key) {-
744 int bits = EVP_CIPHER_CTX_key_length(ctx) * 8;-
745 aes_t4_set_encrypt_key(key, bits, &gctx->ks.ks);-
746 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,-
747 (block128_f) aes_t4_encrypt);-
748 switch (bits) {-
749 case 128:-
750 gctx->ctr = (ctr128_f) aes128_t4_ctr32_encrypt;-
751 break;-
752 case 192:-
753 gctx->ctr = (ctr128_f) aes192_t4_ctr32_encrypt;-
754 break;-
755 case 256:-
756 gctx->ctr = (ctr128_f) aes256_t4_ctr32_encrypt;-
757 break;-
758 default:-
759 return 0;-
760 }-
761 /*-
762 * If we have an iv can set it directly, otherwise use saved IV.-
763 */-
764 if (iv == NULL && gctx->iv_set)-
765 iv = gctx->iv;-
766 if (iv) {-
767 CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);-
768 gctx->iv_set = 1;-
769 }-
770 gctx->key_set = 1;-
771 } else {-
772 /* If key set use IV, otherwise copy */-
773 if (gctx->key_set)-
774 CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);-
775 else-
776 memcpy(gctx->iv, iv, gctx->ivlen);-
777 gctx->iv_set = 1;-
778 gctx->iv_gen = 0;-
779 }-
780 return 1;-
781}-
782-
783# define aes_t4_gcm_cipher aes_gcm_cipher-
784static int aes_t4_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
785 const unsigned char *in, size_t len);-
786-
787static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,-
788 const unsigned char *iv, int enc)-
789{-
790 EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx);-
791 if (!iv && !key)-
792 return 1;-
793-
794 if (key) {-
795 int bits = EVP_CIPHER_CTX_key_length(ctx) * 4;-
796 xctx->stream = NULL;-
797 /* key_len is two AES keys */-
798 if (enc) {-
799 aes_t4_set_encrypt_key(key, bits, &xctx->ks1.ks);-
800 xctx->xts.block1 = (block128_f) aes_t4_encrypt;-
801 switch (bits) {-
802 case 128:-
803 xctx->stream = aes128_t4_xts_encrypt;-
804 break;-
805 case 256:-
806 xctx->stream = aes256_t4_xts_encrypt;-
807 break;-
808 default:-
809 return 0;-
810 }-
811 } else {-
812 aes_t4_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4,-
813 &xctx->ks1.ks);-
814 xctx->xts.block1 = (block128_f) aes_t4_decrypt;-
815 switch (bits) {-
816 case 128:-
817 xctx->stream = aes128_t4_xts_decrypt;-
818 break;-
819 case 256:-
820 xctx->stream = aes256_t4_xts_decrypt;-
821 break;-
822 default:-
823 return 0;-
824 }-
825 }-
826-
827 aes_t4_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2,-
828 EVP_CIPHER_CTX_key_length(ctx) * 4,-
829 &xctx->ks2.ks);-
830 xctx->xts.block2 = (block128_f) aes_t4_encrypt;-
831-
832 xctx->xts.key1 = &xctx->ks1;-
833 }-
834-
835 if (iv) {-
836 xctx->xts.key2 = &xctx->ks2;-
837 memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 16);-
838 }-
839-
840 return 1;-
841}-
842-
843# define aes_t4_xts_cipher aes_xts_cipher-
844static int aes_t4_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
845 const unsigned char *in, size_t len);-
846-
847static int aes_t4_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,-
848 const unsigned char *iv, int enc)-
849{-
850 EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx);-
851 if (!iv && !key)-
852 return 1;-
853 if (key) {-
854 int bits = EVP_CIPHER_CTX_key_length(ctx) * 8;-
855 aes_t4_set_encrypt_key(key, bits, &cctx->ks.ks);-
856 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,-
857 &cctx->ks, (block128_f) aes_t4_encrypt);-
858 cctx->str = NULL;-
859 cctx->key_set = 1;-
860 }-
861 if (iv) {-
862 memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L);-
863 cctx->iv_set = 1;-
864 }-
865 return 1;-
866}-
867-
868# define aes_t4_ccm_cipher aes_ccm_cipher-
869static int aes_t4_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
870 const unsigned char *in, size_t len);-
871-
872# ifndef OPENSSL_NO_OCB-
873static int aes_t4_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,-
874 const unsigned char *iv, int enc)-
875{-
876 EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx);-
877 if (!iv && !key)-
878 return 1;-
879 if (key) {-
880 do {-
881 /*-
882 * We set both the encrypt and decrypt key here because decrypt-
883 * needs both. We could possibly optimise to remove setting the-
884 * decrypt for an encryption operation.-
885 */-
886 aes_t4_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,-
887 &octx->ksenc.ks);-
888 aes_t4_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,-
889 &octx->ksdec.ks);-
890 if (!CRYPTO_ocb128_init(&octx->ocb,-
891 &octx->ksenc.ks, &octx->ksdec.ks,-
892 (block128_f) aes_t4_encrypt,-
893 (block128_f) aes_t4_decrypt,-
894 NULL))-
895 return 0;-
896 }-
897 while (0);-
898-
899 /*-
900 * If we have an iv we can set it directly, otherwise use saved IV.-
901 */-
902 if (iv == NULL && octx->iv_set)-
903 iv = octx->iv;-
904 if (iv) {-
905 if (CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen)-
906 != 1)-
907 return 0;-
908 octx->iv_set = 1;-
909 }-
910 octx->key_set = 1;-
911 } else {-
912 /* If key set use IV, otherwise copy */-
913 if (octx->key_set)-
914 CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen);-
915 else-
916 memcpy(octx->iv, iv, octx->ivlen);-
917 octx->iv_set = 1;-
918 }-
919 return 1;-
920}-
921-
922# define aes_t4_ocb_cipher aes_ocb_cipher-
923static int aes_t4_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
924 const unsigned char *in, size_t len);-
925# endif /* OPENSSL_NO_OCB */-
926-
927# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \-
928static const EVP_CIPHER aes_t4_##keylen##_##mode = { \-
929 nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \-
930 flags|EVP_CIPH_##MODE##_MODE, \-
931 aes_t4_init_key, \-
932 aes_t4_##mode##_cipher, \-
933 NULL, \-
934 sizeof(EVP_AES_KEY), \-
935 NULL,NULL,NULL,NULL }; \-
936static const EVP_CIPHER aes_##keylen##_##mode = { \-
937 nid##_##keylen##_##nmode,blocksize, \-
938 keylen/8,ivlen, \-
939 flags|EVP_CIPH_##MODE##_MODE, \-
940 aes_init_key, \-
941 aes_##mode##_cipher, \-
942 NULL, \-
943 sizeof(EVP_AES_KEY), \-
944 NULL,NULL,NULL,NULL }; \-
945const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \-
946{ return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; }-
947-
948# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \-
949static const EVP_CIPHER aes_t4_##keylen##_##mode = { \-
950 nid##_##keylen##_##mode,blocksize, \-
951 (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \-
952 flags|EVP_CIPH_##MODE##_MODE, \-
953 aes_t4_##mode##_init_key, \-
954 aes_t4_##mode##_cipher, \-
955 aes_##mode##_cleanup, \-
956 sizeof(EVP_AES_##MODE##_CTX), \-
957 NULL,NULL,aes_##mode##_ctrl,NULL }; \-
958static const EVP_CIPHER aes_##keylen##_##mode = { \-
959 nid##_##keylen##_##mode,blocksize, \-
960 (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \-
961 flags|EVP_CIPH_##MODE##_MODE, \-
962 aes_##mode##_init_key, \-
963 aes_##mode##_cipher, \-
964 aes_##mode##_cleanup, \-
965 sizeof(EVP_AES_##MODE##_CTX), \-
966 NULL,NULL,aes_##mode##_ctrl,NULL }; \-
967const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \-
968{ return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; }-
969-
970#elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__)-
971/*-
972 * IBM S390X support-
973 */-
974# include "s390x_arch.h"-
975-
976typedef struct {-
977 union {-
978 double align;-
979 /*--
980 * KM-AES parameter block - begin-
981 * (see z/Architecture Principles of Operation >= SA22-7832-06)-
982 */-
983 struct {-
984 unsigned char k[32];-
985 } param;-
986 /* KM-AES parameter block - end */-
987 } km;-
988 unsigned int fc;-
989} S390X_AES_ECB_CTX;-
990-
991typedef struct {-
992 union {-
993 double align;-
994 /*--
995 * KMO-AES parameter block - begin-
996 * (see z/Architecture Principles of Operation >= SA22-7832-08)-
997 */-
998 struct {-
999 unsigned char cv[16];-
1000 unsigned char k[32];-
1001 } param;-
1002 /* KMO-AES parameter block - end */-
1003 } kmo;-
1004 unsigned int fc;-
1005-
1006 int res;-
1007} S390X_AES_OFB_CTX;-
1008-
1009typedef struct {-
1010 union {-
1011 double align;-
1012 /*--
1013 * KMF-AES parameter block - begin-
1014 * (see z/Architecture Principles of Operation >= SA22-7832-08)-
1015 */-
1016 struct {-
1017 unsigned char cv[16];-
1018 unsigned char k[32];-
1019 } param;-
1020 /* KMF-AES parameter block - end */-
1021 } kmf;-
1022 unsigned int fc;-
1023-
1024 int res;-
1025} S390X_AES_CFB_CTX;-
1026-
1027typedef struct {-
1028 union {-
1029 double align;-
1030 /*--
1031 * KMA-GCM-AES parameter block - begin-
1032 * (see z/Architecture Principles of Operation >= SA22-7832-11)-
1033 */-
1034 struct {-
1035 unsigned char reserved[12];-
1036 union {-
1037 unsigned int w;-
1038 unsigned char b[4];-
1039 } cv;-
1040 union {-
1041 unsigned long long g[2];-
1042 unsigned char b[16];-
1043 } t;-
1044 unsigned char h[16];-
1045 unsigned long long taadl;-
1046 unsigned long long tpcl;-
1047 union {-
1048 unsigned long long g[2];-
1049 unsigned int w[4];-
1050 } j0;-
1051 unsigned char k[32];-
1052 } param;-
1053 /* KMA-GCM-AES parameter block - end */-
1054 } kma;-
1055 unsigned int fc;-
1056 int key_set;-
1057-
1058 unsigned char *iv;-
1059 int ivlen;-
1060 int iv_set;-
1061 int iv_gen;-
1062-
1063 int taglen;-
1064-
1065 unsigned char ares[16];-
1066 unsigned char mres[16];-
1067 unsigned char kres[16];-
1068 int areslen;-
1069 int mreslen;-
1070 int kreslen;-
1071-
1072 int tls_aad_len;-
1073 uint64_t tls_enc_records; /* Number of TLS records encrypted */-
1074} S390X_AES_GCM_CTX;-
1075-
1076typedef struct {-
1077 union {-
1078 double align;-
1079 /*--
1080 * Padding is chosen so that ccm.kmac_param.k overlaps with key.k and-
1081 * ccm.fc with key.k.rounds. Remember that on s390x, an AES_KEY's-
1082 * rounds field is used to store the function code and that the key-
1083 * schedule is not stored (if aes hardware support is detected).-
1084 */-
1085 struct {-
1086 unsigned char pad[16];-
1087 AES_KEY k;-
1088 } key;-
1089-
1090 struct {-
1091 /*--
1092 * KMAC-AES parameter block - begin-
1093 * (see z/Architecture Principles of Operation >= SA22-7832-08)-
1094 */-
1095 struct {-
1096 union {-
1097 unsigned long long g[2];-
1098 unsigned char b[16];-
1099 } icv;-
1100 unsigned char k[32];-
1101 } kmac_param;-
1102 /* KMAC-AES paramater block - end */-
1103-
1104 union {-
1105 unsigned long long g[2];-
1106 unsigned char b[16];-
1107 } nonce;-
1108 union {-
1109 unsigned long long g[2];-
1110 unsigned char b[16];-
1111 } buf;-
1112-
1113 unsigned long long blocks;-
1114 int l;-
1115 int m;-
1116 int tls_aad_len;-
1117 int iv_set;-
1118 int tag_set;-
1119 int len_set;-
1120 int key_set;-
1121-
1122 unsigned char pad[140];-
1123 unsigned int fc;-
1124 } ccm;-
1125 } aes;-
1126} S390X_AES_CCM_CTX;-
1127-
1128/* Convert key size to function code: [16,24,32] -> [18,19,20]. */-
1129# define S390X_AES_FC(keylen) (S390X_AES_128 + ((((keylen) << 3) - 128) >> 6))-
1130-
1131/* Most modes of operation need km for partial block processing. */-
1132# define S390X_aes_128_CAPABLE (OPENSSL_s390xcap_P.km[0] & \-
1133 S390X_CAPBIT(S390X_AES_128))-
1134# define S390X_aes_192_CAPABLE (OPENSSL_s390xcap_P.km[0] & \-
1135 S390X_CAPBIT(S390X_AES_192))-
1136# define S390X_aes_256_CAPABLE (OPENSSL_s390xcap_P.km[0] & \-
1137 S390X_CAPBIT(S390X_AES_256))-
1138-
1139# define s390x_aes_init_key aes_init_key-
1140static int s390x_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,-
1141 const unsigned char *iv, int enc);-
1142-
1143# define S390X_aes_128_cbc_CAPABLE 1 /* checked by callee */-
1144# define S390X_aes_192_cbc_CAPABLE 1-
1145# define S390X_aes_256_cbc_CAPABLE 1-
1146# define S390X_AES_CBC_CTX EVP_AES_KEY-
1147-
1148# define s390x_aes_cbc_init_key aes_init_key-
1149-
1150# define s390x_aes_cbc_cipher aes_cbc_cipher-
1151static int s390x_aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
1152 const unsigned char *in, size_t len);-
1153-
1154# define S390X_aes_128_ecb_CAPABLE S390X_aes_128_CAPABLE-
1155# define S390X_aes_192_ecb_CAPABLE S390X_aes_192_CAPABLE-
1156# define S390X_aes_256_ecb_CAPABLE S390X_aes_256_CAPABLE-
1157-
1158static int s390x_aes_ecb_init_key(EVP_CIPHER_CTX *ctx,-
1159 const unsigned char *key,-
1160 const unsigned char *iv, int enc)-
1161{-
1162 S390X_AES_ECB_CTX *cctx = EVP_C_DATA(S390X_AES_ECB_CTX, ctx);-
1163 const int keylen = EVP_CIPHER_CTX_key_length(ctx);-
1164-
1165 cctx->fc = S390X_AES_FC(keylen);-
1166 if (!enc)-
1167 cctx->fc |= S390X_DECRYPT;-
1168-
1169 memcpy(cctx->km.param.k, key, keylen);-
1170 return 1;-
1171}-
1172-
1173static int s390x_aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
1174 const unsigned char *in, size_t len)-
1175{-
1176 S390X_AES_ECB_CTX *cctx = EVP_C_DATA(S390X_AES_ECB_CTX, ctx);-
1177-
1178 s390x_km(in, len, out, cctx->fc, &cctx->km.param);-
1179 return 1;-
1180}-
1181-
1182# define S390X_aes_128_ofb_CAPABLE (S390X_aes_128_CAPABLE && \-
1183 (OPENSSL_s390xcap_P.kmo[0] & \-
1184 S390X_CAPBIT(S390X_AES_128)))-
1185# define S390X_aes_192_ofb_CAPABLE (S390X_aes_192_CAPABLE && \-
1186 (OPENSSL_s390xcap_P.kmo[0] & \-
1187 S390X_CAPBIT(S390X_AES_192)))-
1188# define S390X_aes_256_ofb_CAPABLE (S390X_aes_256_CAPABLE && \-
1189 (OPENSSL_s390xcap_P.kmo[0] & \-
1190 S390X_CAPBIT(S390X_AES_256)))-
1191-
1192static int s390x_aes_ofb_init_key(EVP_CIPHER_CTX *ctx,-
1193 const unsigned char *key,-
1194 const unsigned char *ivec, int enc)-
1195{-
1196 S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx);-
1197 const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx);-
1198 const int keylen = EVP_CIPHER_CTX_key_length(ctx);-
1199 const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);-
1200-
1201 memcpy(cctx->kmo.param.cv, iv, ivlen);-
1202 memcpy(cctx->kmo.param.k, key, keylen);-
1203 cctx->fc = S390X_AES_FC(keylen);-
1204 cctx->res = 0;-
1205 return 1;-
1206}-
1207-
1208static int s390x_aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
1209 const unsigned char *in, size_t len)-
1210{-
1211 S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx);-
1212 int n = cctx->res;-
1213 int rem;-
1214-
1215 while (n && len) {-
1216 *out = *in ^ cctx->kmo.param.cv[n];-
1217 n = (n + 1) & 0xf;-
1218 --len;-
1219 ++in;-
1220 ++out;-
1221 }-
1222-
1223 rem = len & 0xf;-
1224-
1225 len &= ~(size_t)0xf;-
1226 if (len) {-
1227 s390x_kmo(in, len, out, cctx->fc, &cctx->kmo.param);-
1228-
1229 out += len;-
1230 in += len;-
1231 }-
1232-
1233 if (rem) {-
1234 s390x_km(cctx->kmo.param.cv, 16, cctx->kmo.param.cv, cctx->fc,-
1235 cctx->kmo.param.k);-
1236-
1237 while (rem--) {-
1238 out[n] = in[n] ^ cctx->kmo.param.cv[n];-
1239 ++n;-
1240 }-
1241 }-
1242-
1243 cctx->res = n;-
1244 return 1;-
1245}-
1246-
1247# define S390X_aes_128_cfb_CAPABLE (S390X_aes_128_CAPABLE && \-
1248 (OPENSSL_s390xcap_P.kmf[0] & \-
1249 S390X_CAPBIT(S390X_AES_128)))-
1250# define S390X_aes_192_cfb_CAPABLE (S390X_aes_192_CAPABLE && \-
1251 (OPENSSL_s390xcap_P.kmf[0] & \-
1252 S390X_CAPBIT(S390X_AES_192)))-
1253# define S390X_aes_256_cfb_CAPABLE (S390X_aes_256_CAPABLE && \-
1254 (OPENSSL_s390xcap_P.kmf[0] & \-
1255 S390X_CAPBIT(S390X_AES_256)))-
1256-
1257static int s390x_aes_cfb_init_key(EVP_CIPHER_CTX *ctx,-
1258 const unsigned char *key,-
1259 const unsigned char *ivec, int enc)-
1260{-
1261 S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);-
1262 const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx);-
1263 const int keylen = EVP_CIPHER_CTX_key_length(ctx);-
1264 const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);-
1265-
1266 cctx->fc = S390X_AES_FC(keylen);-
1267 cctx->fc |= 16 << 24; /* 16 bytes cipher feedback */-
1268 if (!enc)-
1269 cctx->fc |= S390X_DECRYPT;-
1270-
1271 cctx->res = 0;-
1272 memcpy(cctx->kmf.param.cv, iv, ivlen);-
1273 memcpy(cctx->kmf.param.k, key, keylen);-
1274 return 1;-
1275}-
1276-
1277static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
1278 const unsigned char *in, size_t len)-
1279{-
1280 S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);-
1281 const int keylen = EVP_CIPHER_CTX_key_length(ctx);-
1282 const int enc = EVP_CIPHER_CTX_encrypting(ctx);-
1283 int n = cctx->res;-
1284 int rem;-
1285 unsigned char tmp;-
1286-
1287 while (n && len) {-
1288 tmp = *in;-
1289 *out = cctx->kmf.param.cv[n] ^ tmp;-
1290 cctx->kmf.param.cv[n] = enc ? *out : tmp;-
1291 n = (n + 1) & 0xf;-
1292 --len;-
1293 ++in;-
1294 ++out;-
1295 }-
1296-
1297 rem = len & 0xf;-
1298-
1299 len &= ~(size_t)0xf;-
1300 if (len) {-
1301 s390x_kmf(in, len, out, cctx->fc, &cctx->kmf.param);-
1302-
1303 out += len;-
1304 in += len;-
1305 }-
1306-
1307 if (rem) {-
1308 s390x_km(cctx->kmf.param.cv, 16, cctx->kmf.param.cv,-
1309 S390X_AES_FC(keylen), cctx->kmf.param.k);-
1310-
1311 while (rem--) {-
1312 tmp = in[n];-
1313 out[n] = cctx->kmf.param.cv[n] ^ tmp;-
1314 cctx->kmf.param.cv[n] = enc ? out[n] : tmp;-
1315 ++n;-
1316 }-
1317 }-
1318-
1319 cctx->res = n;-
1320 return 1;-
1321}-
1322-
1323# define S390X_aes_128_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \-
1324 S390X_CAPBIT(S390X_AES_128))-
1325# define S390X_aes_192_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \-
1326 S390X_CAPBIT(S390X_AES_192))-
1327# define S390X_aes_256_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \-
1328 S390X_CAPBIT(S390X_AES_256))-
1329-
1330static int s390x_aes_cfb8_init_key(EVP_CIPHER_CTX *ctx,-
1331 const unsigned char *key,-
1332 const unsigned char *ivec, int enc)-
1333{-
1334 S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);-
1335 const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx);-
1336 const int keylen = EVP_CIPHER_CTX_key_length(ctx);-
1337 const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);-
1338-
1339 cctx->fc = S390X_AES_FC(keylen);-
1340 cctx->fc |= 1 << 24; /* 1 byte cipher feedback */-
1341 if (!enc)-
1342 cctx->fc |= S390X_DECRYPT;-
1343-
1344 memcpy(cctx->kmf.param.cv, iv, ivlen);-
1345 memcpy(cctx->kmf.param.k, key, keylen);-
1346 return 1;-
1347}-
1348-
1349static int s390x_aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
1350 const unsigned char *in, size_t len)-
1351{-
1352 S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);-
1353-
1354 s390x_kmf(in, len, out, cctx->fc, &cctx->kmf.param);-
1355 return 1;-
1356}-
1357-
1358# define S390X_aes_128_cfb1_CAPABLE 0-
1359# define S390X_aes_192_cfb1_CAPABLE 0-
1360# define S390X_aes_256_cfb1_CAPABLE 0-
1361-
1362# define s390x_aes_cfb1_init_key aes_init_key-
1363-
1364# define s390x_aes_cfb1_cipher aes_cfb1_cipher-
1365static int s390x_aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
1366 const unsigned char *in, size_t len);-
1367-
1368# define S390X_aes_128_ctr_CAPABLE 1 /* checked by callee */-
1369# define S390X_aes_192_ctr_CAPABLE 1-
1370# define S390X_aes_256_ctr_CAPABLE 1-
1371# define S390X_AES_CTR_CTX EVP_AES_KEY-
1372-
1373# define s390x_aes_ctr_init_key aes_init_key-
1374-
1375# define s390x_aes_ctr_cipher aes_ctr_cipher-
1376static int s390x_aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
1377 const unsigned char *in, size_t len);-
1378-
1379# define S390X_aes_128_gcm_CAPABLE (S390X_aes_128_CAPABLE && \-
1380 (OPENSSL_s390xcap_P.kma[0] & \-
1381 S390X_CAPBIT(S390X_AES_128)))-
1382# define S390X_aes_192_gcm_CAPABLE (S390X_aes_192_CAPABLE && \-
1383 (OPENSSL_s390xcap_P.kma[0] & \-
1384 S390X_CAPBIT(S390X_AES_192)))-
1385# define S390X_aes_256_gcm_CAPABLE (S390X_aes_256_CAPABLE && \-
1386 (OPENSSL_s390xcap_P.kma[0] & \-
1387 S390X_CAPBIT(S390X_AES_256)))-
1388-
1389/* iv + padding length for iv lenghts != 12 */-
1390# define S390X_gcm_ivpadlen(i) ((((i) + 15) >> 4 << 4) + 16)-
1391-
1392/*--
1393 * Process additional authenticated data. Returns 0 on success. Code is-
1394 * big-endian.-
1395 */-
1396static int s390x_aes_gcm_aad(S390X_AES_GCM_CTX *ctx, const unsigned char *aad,-
1397 size_t len)-
1398{-
1399 unsigned long long alen;-
1400 int n, rem;-
1401-
1402 if (ctx->kma.param.tpcl)-
1403 return -2;-
1404-
1405 alen = ctx->kma.param.taadl + len;-
1406 if (alen > (U64(1) << 61) || (sizeof(len) == 8 && alen < len))-
1407 return -1;-
1408 ctx->kma.param.taadl = alen;-
1409-
1410 n = ctx->areslen;-
1411 if (n) {-
1412 while (n && len) {-
1413 ctx->ares[n] = *aad;-
1414 n = (n + 1) & 0xf;-
1415 ++aad;-
1416 --len;-
1417 }-
1418 /* ctx->ares contains a complete block if offset has wrapped around */-
1419 if (!n) {-
1420 s390x_kma(ctx->ares, 16, NULL, 0, NULL, ctx->fc, &ctx->kma.param);-
1421 ctx->fc |= S390X_KMA_HS;-
1422 }-
1423 ctx->areslen = n;-
1424 }-
1425-
1426 rem = len & 0xf;-
1427-
1428 len &= ~(size_t)0xf;-
1429 if (len) {-
1430 s390x_kma(aad, len, NULL, 0, NULL, ctx->fc, &ctx->kma.param);-
1431 aad += len;-
1432 ctx->fc |= S390X_KMA_HS;-
1433 }-
1434-
1435 if (rem) {-
1436 ctx->areslen = rem;-
1437-
1438 do {-
1439 --rem;-
1440 ctx->ares[rem] = aad[rem];-
1441 } while (rem);-
1442 }-
1443 return 0;-
1444}-
1445-
1446/*--
1447 * En/de-crypt plain/cipher-text and authenticate ciphertext. Returns 0 for-
1448 * success. Code is big-endian.-
1449 */-
1450static int s390x_aes_gcm(S390X_AES_GCM_CTX *ctx, const unsigned char *in,-
1451 unsigned char *out, size_t len)-
1452{-
1453 const unsigned char *inptr;-
1454 unsigned long long mlen;-
1455 union {-
1456 unsigned int w[4];-
1457 unsigned char b[16];-
1458 } buf;-
1459 size_t inlen;-
1460 int n, rem, i;-
1461-
1462 mlen = ctx->kma.param.tpcl + len;-
1463 if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len))-
1464 return -1;-
1465 ctx->kma.param.tpcl = mlen;-
1466-
1467 n = ctx->mreslen;-
1468 if (n) {-
1469 inptr = in;-
1470 inlen = len;-
1471 while (n && inlen) {-
1472 ctx->mres[n] = *inptr;-
1473 n = (n + 1) & 0xf;-
1474 ++inptr;-
1475 --inlen;-
1476 }-
1477 /* ctx->mres contains a complete block if offset has wrapped around */-
1478 if (!n) {-
1479 s390x_kma(ctx->ares, ctx->areslen, ctx->mres, 16, buf.b,-
1480 ctx->fc | S390X_KMA_LAAD, &ctx->kma.param);-
1481 ctx->fc |= S390X_KMA_HS;-
1482 ctx->areslen = 0;-
1483-
1484 /* previous call already encrypted/decrypted its remainder,-
1485 * see comment below */-
1486 n = ctx->mreslen;-
1487 while (n) {-
1488 *out = buf.b[n];-
1489 n = (n + 1) & 0xf;-
1490 ++out;-
1491 ++in;-
1492 --len;-
1493 }-
1494 ctx->mreslen = 0;-
1495 }-
1496 }-
1497-
1498 rem = len & 0xf;-
1499-
1500 len &= ~(size_t)0xf;-
1501 if (len) {-
1502 s390x_kma(ctx->ares, ctx->areslen, in, len, out,-
1503 ctx->fc | S390X_KMA_LAAD, &ctx->kma.param);-
1504 in += len;-
1505 out += len;-
1506 ctx->fc |= S390X_KMA_HS;-
1507 ctx->areslen = 0;-
1508 }-
1509-
1510 /*--
1511 * If there is a remainder, it has to be saved such that it can be-
1512 * processed by kma later. However, we also have to do the for-now-
1513 * unauthenticated encryption/decryption part here and now...-
1514 */-
1515 if (rem) {-
1516 if (!ctx->mreslen) {-
1517 buf.w[0] = ctx->kma.param.j0.w[0];-
1518 buf.w[1] = ctx->kma.param.j0.w[1];-
1519 buf.w[2] = ctx->kma.param.j0.w[2];-
1520 buf.w[3] = ctx->kma.param.cv.w + 1;-
1521 s390x_km(buf.b, 16, ctx->kres, ctx->fc & 0x1f, &ctx->kma.param.k);-
1522 }-
1523-
1524 n = ctx->mreslen;-
1525 for (i = 0; i < rem; i++) {-
1526 ctx->mres[n + i] = in[i];-
1527 out[i] = in[i] ^ ctx->kres[n + i];-
1528 }-
1529-
1530 ctx->mreslen += rem;-
1531 }-
1532 return 0;-
1533}-
1534-
1535/*--
1536 * Initialize context structure. Code is big-endian.-
1537 */-
1538static void s390x_aes_gcm_setiv(S390X_AES_GCM_CTX *ctx,-
1539 const unsigned char *iv)-
1540{-
1541 ctx->kma.param.t.g[0] = 0;-
1542 ctx->kma.param.t.g[1] = 0;-
1543 ctx->kma.param.tpcl = 0;-
1544 ctx->kma.param.taadl = 0;-
1545 ctx->mreslen = 0;-
1546 ctx->areslen = 0;-
1547 ctx->kreslen = 0;-
1548-
1549 if (ctx->ivlen == 12) {-
1550 memcpy(&ctx->kma.param.j0, iv, ctx->ivlen);-
1551 ctx->kma.param.j0.w[3] = 1;-
1552 ctx->kma.param.cv.w = 1;-
1553 } else {-
1554 /* ctx->iv has the right size and is already padded. */-
1555 memcpy(ctx->iv, iv, ctx->ivlen);-
1556 s390x_kma(ctx->iv, S390X_gcm_ivpadlen(ctx->ivlen), NULL, 0, NULL,-
1557 ctx->fc, &ctx->kma.param);-
1558 ctx->fc |= S390X_KMA_HS;-
1559-
1560 ctx->kma.param.j0.g[0] = ctx->kma.param.t.g[0];-
1561 ctx->kma.param.j0.g[1] = ctx->kma.param.t.g[1];-
1562 ctx->kma.param.cv.w = ctx->kma.param.j0.w[3];-
1563 ctx->kma.param.t.g[0] = 0;-
1564 ctx->kma.param.t.g[1] = 0;-
1565 }-
1566}-
1567-
1568/*--
1569 * Performs various operations on the context structure depending on control-
1570 * type. Returns 1 for success, 0 for failure and -1 for unknown control type.-
1571 * Code is big-endian.-
1572 */-
1573static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)-
1574{-
1575 S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, c);-
1576 S390X_AES_GCM_CTX *gctx_out;-
1577 EVP_CIPHER_CTX *out;-
1578 unsigned char *buf, *iv;-
1579 int ivlen, enc, len;-
1580-
1581 switch (type) {-
1582 case EVP_CTRL_INIT:-
1583 ivlen = EVP_CIPHER_CTX_iv_length(c);-
1584 iv = EVP_CIPHER_CTX_iv_noconst(c);-
1585 gctx->key_set = 0;-
1586 gctx->iv_set = 0;-
1587 gctx->ivlen = ivlen;-
1588 gctx->iv = iv;-
1589 gctx->taglen = -1;-
1590 gctx->iv_gen = 0;-
1591 gctx->tls_aad_len = -1;-
1592 return 1;-
1593-
1594 case EVP_CTRL_AEAD_SET_IVLEN:-
1595 if (arg <= 0)-
1596 return 0;-
1597-
1598 if (arg != 12) {-
1599 iv = EVP_CIPHER_CTX_iv_noconst(c);-
1600 len = S390X_gcm_ivpadlen(arg);-
1601-
1602 /* Allocate memory for iv if needed. */-
1603 if (gctx->ivlen == 12 || len > S390X_gcm_ivpadlen(gctx->ivlen)) {-
1604 if (gctx->iv != iv)-
1605 OPENSSL_free(gctx->iv);-
1606-
1607 if ((gctx->iv = OPENSSL_malloc(len)) == NULL) {-
1608 EVPerr(EVP_F_S390X_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE);-
1609 return 0;-
1610 }-
1611 }-
1612 /* Add padding. */-
1613 memset(gctx->iv + arg, 0, len - arg - 8);-
1614 *((unsigned long long *)(gctx->iv + len - 8)) = arg << 3;-
1615 }-
1616 gctx->ivlen = arg;-
1617 return 1;-
1618-
1619 case EVP_CTRL_AEAD_SET_TAG:-
1620 buf = EVP_CIPHER_CTX_buf_noconst(c);-
1621 enc = EVP_CIPHER_CTX_encrypting(c);-
1622 if (arg <= 0 || arg > 16 || enc)-
1623 return 0;-
1624-
1625 memcpy(buf, ptr, arg);-
1626 gctx->taglen = arg;-
1627 return 1;-
1628-
1629 case EVP_CTRL_AEAD_GET_TAG:-
1630 enc = EVP_CIPHER_CTX_encrypting(c);-
1631 if (arg <= 0 || arg > 16 || !enc || gctx->taglen < 0)-
1632 return 0;-
1633-
1634 memcpy(ptr, gctx->kma.param.t.b, arg);-
1635 return 1;-
1636-
1637 case EVP_CTRL_GCM_SET_IV_FIXED:-
1638 /* Special case: -1 length restores whole iv */-
1639 if (arg == -1) {-
1640 memcpy(gctx->iv, ptr, gctx->ivlen);-
1641 gctx->iv_gen = 1;-
1642 return 1;-
1643 }-
1644 /*-
1645 * Fixed field must be at least 4 bytes and invocation field at least-
1646 * 8.-
1647 */-
1648 if ((arg < 4) || (gctx->ivlen - arg) < 8)-
1649 return 0;-
1650-
1651 if (arg)-
1652 memcpy(gctx->iv, ptr, arg);-
1653-
1654 enc = EVP_CIPHER_CTX_encrypting(c);-
1655 if (enc && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0)-
1656 return 0;-
1657-
1658 gctx->iv_gen = 1;-
1659 return 1;-
1660-
1661 case EVP_CTRL_GCM_IV_GEN:-
1662 if (gctx->iv_gen == 0 || gctx->key_set == 0)-
1663 return 0;-
1664-
1665 s390x_aes_gcm_setiv(gctx, gctx->iv);-
1666-
1667 if (arg <= 0 || arg > gctx->ivlen)-
1668 arg = gctx->ivlen;-
1669-
1670 memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg);-
1671 /*-
1672 * Invocation field will be at least 8 bytes in size and so no need-
1673 * to check wrap around or increment more than last 8 bytes.-
1674 */-
1675 ctr64_inc(gctx->iv + gctx->ivlen - 8);-
1676 gctx->iv_set = 1;-
1677 return 1;-
1678-
1679 case EVP_CTRL_GCM_SET_IV_INV:-
1680 enc = EVP_CIPHER_CTX_encrypting(c);-
1681 if (gctx->iv_gen == 0 || gctx->key_set == 0 || enc)-
1682 return 0;-
1683-
1684 memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg);-
1685 s390x_aes_gcm_setiv(gctx, gctx->iv);-
1686 gctx->iv_set = 1;-
1687 return 1;-
1688-
1689 case EVP_CTRL_AEAD_TLS1_AAD:-
1690 /* Save the aad for later use. */-
1691 if (arg != EVP_AEAD_TLS1_AAD_LEN)-
1692 return 0;-
1693-
1694 buf = EVP_CIPHER_CTX_buf_noconst(c);-
1695 memcpy(buf, ptr, arg);-
1696 gctx->tls_aad_len = arg;-
1697 gctx->tls_enc_records = 0;-
1698-
1699 len = buf[arg - 2] << 8 | buf[arg - 1];-
1700 /* Correct length for explicit iv. */-
1701 if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN)-
1702 return 0;-
1703 len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;-
1704-
1705 /* If decrypting correct for tag too. */-
1706 enc = EVP_CIPHER_CTX_encrypting(c);-
1707 if (!enc) {-
1708 if (len < EVP_GCM_TLS_TAG_LEN)-
1709 return 0;-
1710 len -= EVP_GCM_TLS_TAG_LEN;-
1711 }-
1712 buf[arg - 2] = len >> 8;-
1713 buf[arg - 1] = len & 0xff;-
1714 /* Extra padding: tag appended to record. */-
1715 return EVP_GCM_TLS_TAG_LEN;-
1716-
1717 case EVP_CTRL_COPY:-
1718 out = ptr;-
1719 gctx_out = EVP_C_DATA(S390X_AES_GCM_CTX, out);-
1720 iv = EVP_CIPHER_CTX_iv_noconst(c);-
1721-
1722 if (gctx->iv == iv) {-
1723 gctx_out->iv = EVP_CIPHER_CTX_iv_noconst(out);-
1724 } else {-
1725 len = S390X_gcm_ivpadlen(gctx->ivlen);-
1726-
1727 if ((gctx_out->iv = OPENSSL_malloc(len)) == NULL) {-
1728 EVPerr(EVP_F_S390X_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE);-
1729 return 0;-
1730 }-
1731-
1732 memcpy(gctx_out->iv, gctx->iv, len);-
1733 }-
1734 return 1;-
1735-
1736 default:-
1737 return -1;-
1738 }-
1739}-
1740-
1741/*--
1742 * Set key and/or iv. Returns 1 on success. Otherwise 0 is returned.-
1743 */-
1744static int s390x_aes_gcm_init_key(EVP_CIPHER_CTX *ctx,-
1745 const unsigned char *key,-
1746 const unsigned char *iv, int enc)-
1747{-
1748 S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx);-
1749 int keylen;-
1750-
1751 if (iv == NULL && key == NULL)-
1752 return 1;-
1753-
1754 if (key != NULL) {-
1755 keylen = EVP_CIPHER_CTX_key_length(ctx);-
1756 memcpy(&gctx->kma.param.k, key, keylen);-
1757-
1758 gctx->fc = S390X_AES_FC(keylen);-
1759 if (!enc)-
1760 gctx->fc |= S390X_DECRYPT;-
1761-
1762 if (iv == NULL && gctx->iv_set)-
1763 iv = gctx->iv;-
1764-
1765 if (iv != NULL) {-
1766 s390x_aes_gcm_setiv(gctx, iv);-
1767 gctx->iv_set = 1;-
1768 }-
1769 gctx->key_set = 1;-
1770 } else {-
1771 if (gctx->key_set)-
1772 s390x_aes_gcm_setiv(gctx, iv);-
1773 else-
1774 memcpy(gctx->iv, iv, gctx->ivlen);-
1775-
1776 gctx->iv_set = 1;-
1777 gctx->iv_gen = 0;-
1778 }-
1779 return 1;-
1780}-
1781-
1782/*--
1783 * En/de-crypt and authenticate TLS packet. Returns the number of bytes written-
1784 * if successful. Otherwise -1 is returned. Code is big-endian.-
1785 */-
1786static int s390x_aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
1787 const unsigned char *in, size_t len)-
1788{-
1789 S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx);-
1790 const unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx);-
1791 const int enc = EVP_CIPHER_CTX_encrypting(ctx);-
1792 int rv = -1;-
1793-
1794 if (out != in || len < (EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN))-
1795 return -1;-
1796-
1797 /*-
1798 * Check for too many keys as per FIPS 140-2 IG A.5 "Key/IV Pair Uniqueness-
1799 * Requirements from SP 800-38D". The requirements is for one party to the-
1800 * communication to fail after 2^64 - 1 keys. We do this on the encrypting-
1801 * side only.-
1802 */-
1803 if (ctx->encrypt && ++gctx->tls_enc_records == 0) {-
1804 EVPerr(EVP_F_S390X_AES_GCM_TLS_CIPHER, EVP_R_TOO_MANY_RECORDS);-
1805 goto err;-
1806 }-
1807-
1808 if (EVP_CIPHER_CTX_ctrl(ctx, enc ? EVP_CTRL_GCM_IV_GEN-
1809 : EVP_CTRL_GCM_SET_IV_INV,-
1810 EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)-
1811 goto err;-
1812-
1813 in += EVP_GCM_TLS_EXPLICIT_IV_LEN;-
1814 out += EVP_GCM_TLS_EXPLICIT_IV_LEN;-
1815 len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;-
1816-
1817 gctx->kma.param.taadl = gctx->tls_aad_len << 3;-
1818 gctx->kma.param.tpcl = len << 3;-
1819 s390x_kma(buf, gctx->tls_aad_len, in, len, out,-
1820 gctx->fc | S390X_KMA_LAAD | S390X_KMA_LPC, &gctx->kma.param);-
1821-
1822 if (enc) {-
1823 memcpy(out + len, gctx->kma.param.t.b, EVP_GCM_TLS_TAG_LEN);-
1824 rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;-
1825 } else {-
1826 if (CRYPTO_memcmp(gctx->kma.param.t.b, in + len,-
1827 EVP_GCM_TLS_TAG_LEN)) {-
1828 OPENSSL_cleanse(out, len);-
1829 goto err;-
1830 }-
1831 rv = len;-
1832 }-
1833err:-
1834 gctx->iv_set = 0;-
1835 gctx->tls_aad_len = -1;-
1836 return rv;-
1837}-
1838-
1839/*--
1840 * Called from EVP layer to initialize context, process additional-
1841 * authenticated data, en/de-crypt plain/cipher-text and authenticate-
1842 * ciphertext or process a TLS packet, depending on context. Returns bytes-
1843 * written on success. Otherwise -1 is returned. Code is big-endian.-
1844 */-
1845static int s390x_aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
1846 const unsigned char *in, size_t len)-
1847{-
1848 S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx);-
1849 unsigned char *buf, tmp[16];-
1850 int enc;-
1851-
1852 if (!gctx->key_set)-
1853 return -1;-
1854-
1855 if (gctx->tls_aad_len >= 0)-
1856 return s390x_aes_gcm_tls_cipher(ctx, out, in, len);-
1857-
1858 if (!gctx->iv_set)-
1859 return -1;-
1860-
1861 if (in != NULL) {-
1862 if (out == NULL) {-
1863 if (s390x_aes_gcm_aad(gctx, in, len))-
1864 return -1;-
1865 } else {-
1866 if (s390x_aes_gcm(gctx, in, out, len))-
1867 return -1;-
1868 }-
1869 return len;-
1870 } else {-
1871 gctx->kma.param.taadl <<= 3;-
1872 gctx->kma.param.tpcl <<= 3;-
1873 s390x_kma(gctx->ares, gctx->areslen, gctx->mres, gctx->mreslen, tmp,-
1874 gctx->fc | S390X_KMA_LAAD | S390X_KMA_LPC, &gctx->kma.param);-
1875 /* recall that we already did en-/decrypt gctx->mres-
1876 * and returned it to caller... */-
1877 OPENSSL_cleanse(tmp, gctx->mreslen);-
1878 gctx->iv_set = 0;-
1879-
1880 enc = EVP_CIPHER_CTX_encrypting(ctx);-
1881 if (enc) {-
1882 gctx->taglen = 16;-
1883 } else {-
1884 if (gctx->taglen < 0)-
1885 return -1;-
1886-
1887 buf = EVP_CIPHER_CTX_buf_noconst(ctx);-
1888 if (CRYPTO_memcmp(buf, gctx->kma.param.t.b, gctx->taglen))-
1889 return -1;-
1890 }-
1891 return 0;-
1892 }-
1893}-
1894-
1895static int s390x_aes_gcm_cleanup(EVP_CIPHER_CTX *c)-
1896{-
1897 S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, c);-
1898 const unsigned char *iv;-
1899-
1900 if (gctx == NULL)-
1901 return 0;-
1902-
1903 iv = EVP_CIPHER_CTX_iv(c);-
1904 if (iv != gctx->iv)-
1905 OPENSSL_free(gctx->iv);-
1906-
1907 OPENSSL_cleanse(gctx, sizeof(*gctx));-
1908 return 1;-
1909}-
1910-
1911# define S390X_AES_XTS_CTX EVP_AES_XTS_CTX-
1912# define S390X_aes_128_xts_CAPABLE 1 /* checked by callee */-
1913# define S390X_aes_256_xts_CAPABLE 1-
1914-
1915# define s390x_aes_xts_init_key aes_xts_init_key-
1916static int s390x_aes_xts_init_key(EVP_CIPHER_CTX *ctx,-
1917 const unsigned char *key,-
1918 const unsigned char *iv, int enc);-
1919# define s390x_aes_xts_cipher aes_xts_cipher-
1920static int s390x_aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
1921 const unsigned char *in, size_t len);-
1922# define s390x_aes_xts_ctrl aes_xts_ctrl-
1923static int s390x_aes_xts_ctrl(EVP_CIPHER_CTX *, int type, int arg, void *ptr);-
1924# define s390x_aes_xts_cleanup aes_xts_cleanup-
1925-
1926# define S390X_aes_128_ccm_CAPABLE (S390X_aes_128_CAPABLE && \-
1927 (OPENSSL_s390xcap_P.kmac[0] & \-
1928 S390X_CAPBIT(S390X_AES_128)))-
1929# define S390X_aes_192_ccm_CAPABLE (S390X_aes_192_CAPABLE && \-
1930 (OPENSSL_s390xcap_P.kmac[0] & \-
1931 S390X_CAPBIT(S390X_AES_192)))-
1932# define S390X_aes_256_ccm_CAPABLE (S390X_aes_256_CAPABLE && \-
1933 (OPENSSL_s390xcap_P.kmac[0] & \-
1934 S390X_CAPBIT(S390X_AES_256)))-
1935-
1936# define S390X_CCM_AAD_FLAG 0x40-
1937-
1938/*--
1939 * Set nonce and length fields. Code is big-endian.-
1940 */-
1941static inline void s390x_aes_ccm_setiv(S390X_AES_CCM_CTX *ctx,-
1942 const unsigned char *nonce,-
1943 size_t mlen)-
1944{-
1945 ctx->aes.ccm.nonce.b[0] &= ~S390X_CCM_AAD_FLAG;-
1946 ctx->aes.ccm.nonce.g[1] = mlen;-
1947 memcpy(ctx->aes.ccm.nonce.b + 1, nonce, 15 - ctx->aes.ccm.l);-
1948}-
1949-
1950/*--
1951 * Process additional authenticated data. Code is big-endian.-
1952 */-
1953static void s390x_aes_ccm_aad(S390X_AES_CCM_CTX *ctx, const unsigned char *aad,-
1954 size_t alen)-
1955{-
1956 unsigned char *ptr;-
1957 int i, rem;-
1958-
1959 if (!alen)-
1960 return;-
1961-
1962 ctx->aes.ccm.nonce.b[0] |= S390X_CCM_AAD_FLAG;-
1963-
1964 /* Suppress 'type-punned pointer dereference' warning. */-
1965 ptr = ctx->aes.ccm.buf.b;-
1966-
1967 if (alen < ((1 << 16) - (1 << 8))) {-
1968 *(uint16_t *)ptr = alen;-
1969 i = 2;-
1970 } else if (sizeof(alen) == 8-
1971 && alen >= (size_t)1 << (32 % (sizeof(alen) * 8))) {-
1972 *(uint16_t *)ptr = 0xffff;-
1973 *(uint64_t *)(ptr + 2) = alen;-
1974 i = 10;-
1975 } else {-
1976 *(uint16_t *)ptr = 0xfffe;-
1977 *(uint32_t *)(ptr + 2) = alen;-
1978 i = 6;-
1979 }-
1980-
1981 while (i < 16 && alen) {-
1982 ctx->aes.ccm.buf.b[i] = *aad;-
1983 ++aad;-
1984 --alen;-
1985 ++i;-
1986 }-
1987 while (i < 16) {-
1988 ctx->aes.ccm.buf.b[i] = 0;-
1989 ++i;-
1990 }-
1991-
1992 ctx->aes.ccm.kmac_param.icv.g[0] = 0;-
1993 ctx->aes.ccm.kmac_param.icv.g[1] = 0;-
1994 s390x_kmac(ctx->aes.ccm.nonce.b, 32, ctx->aes.ccm.fc,-
1995 &ctx->aes.ccm.kmac_param);-
1996 ctx->aes.ccm.blocks += 2;-
1997-
1998 rem = alen & 0xf;-
1999 alen &= ~(size_t)0xf;-
2000 if (alen) {-
2001 s390x_kmac(aad, alen, ctx->aes.ccm.fc, &ctx->aes.ccm.kmac_param);-
2002 ctx->aes.ccm.blocks += alen >> 4;-
2003 aad += alen;-
2004 }-
2005 if (rem) {-
2006 for (i = 0; i < rem; i++)-
2007 ctx->aes.ccm.kmac_param.icv.b[i] ^= aad[i];-
2008-
2009 s390x_km(ctx->aes.ccm.kmac_param.icv.b, 16,-
2010 ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc,-
2011 ctx->aes.ccm.kmac_param.k);-
2012 ctx->aes.ccm.blocks++;-
2013 }-
2014}-
2015-
2016/*--
2017 * En/de-crypt plain/cipher-text. Compute tag from plaintext. Returns 0 for-
2018 * success.-
2019 */-
2020static int s390x_aes_ccm(S390X_AES_CCM_CTX *ctx, const unsigned char *in,-
2021 unsigned char *out, size_t len, int enc)-
2022{-
2023 size_t n, rem;-
2024 unsigned int i, l, num;-
2025 unsigned char flags;-
2026-
2027 flags = ctx->aes.ccm.nonce.b[0];-
2028 if (!(flags & S390X_CCM_AAD_FLAG)) {-
2029 s390x_km(ctx->aes.ccm.nonce.b, 16, ctx->aes.ccm.kmac_param.icv.b,-
2030 ctx->aes.ccm.fc, ctx->aes.ccm.kmac_param.k);-
2031 ctx->aes.ccm.blocks++;-
2032 }-
2033 l = flags & 0x7;-
2034 ctx->aes.ccm.nonce.b[0] = l;-
2035-
2036 /*--
2037 * Reconstruct length from encoded length field-
2038 * and initialize it with counter value.-
2039 */-
2040 n = 0;-
2041 for (i = 15 - l; i < 15; i++) {-
2042 n |= ctx->aes.ccm.nonce.b[i];-
2043 ctx->aes.ccm.nonce.b[i] = 0;-
2044 n <<= 8;-
2045 }-
2046 n |= ctx->aes.ccm.nonce.b[15];-
2047 ctx->aes.ccm.nonce.b[15] = 1;-
2048-
2049 if (n != len)-
2050 return -1; /* length mismatch */-
2051-
2052 if (enc) {-
2053 /* Two operations per block plus one for tag encryption */-
2054 ctx->aes.ccm.blocks += (((len + 15) >> 4) << 1) + 1;-
2055 if (ctx->aes.ccm.blocks > (1ULL << 61))-
2056 return -2; /* too much data */-
2057 }-
2058-
2059 num = 0;-
2060 rem = len & 0xf;-
2061 len &= ~(size_t)0xf;-
2062-
2063 if (enc) {-
2064 /* mac-then-encrypt */-
2065 if (len)-
2066 s390x_kmac(in, len, ctx->aes.ccm.fc, &ctx->aes.ccm.kmac_param);-
2067 if (rem) {-
2068 for (i = 0; i < rem; i++)-
2069 ctx->aes.ccm.kmac_param.icv.b[i] ^= in[len + i];-
2070-
2071 s390x_km(ctx->aes.ccm.kmac_param.icv.b, 16,-
2072 ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc,-
2073 ctx->aes.ccm.kmac_param.k);-
2074 }-
2075-
2076 CRYPTO_ctr128_encrypt_ctr32(in, out, len + rem, &ctx->aes.key.k,-
2077 ctx->aes.ccm.nonce.b, ctx->aes.ccm.buf.b,-
2078 &num, (ctr128_f)AES_ctr32_encrypt);-
2079 } else {-
2080 /* decrypt-then-mac */-
2081 CRYPTO_ctr128_encrypt_ctr32(in, out, len + rem, &ctx->aes.key.k,-
2082 ctx->aes.ccm.nonce.b, ctx->aes.ccm.buf.b,-
2083 &num, (ctr128_f)AES_ctr32_encrypt);-
2084-
2085 if (len)-
2086 s390x_kmac(out, len, ctx->aes.ccm.fc, &ctx->aes.ccm.kmac_param);-
2087 if (rem) {-
2088 for (i = 0; i < rem; i++)-
2089 ctx->aes.ccm.kmac_param.icv.b[i] ^= out[len + i];-
2090-
2091 s390x_km(ctx->aes.ccm.kmac_param.icv.b, 16,-
2092 ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc,-
2093 ctx->aes.ccm.kmac_param.k);-
2094 }-
2095 }-
2096 /* encrypt tag */-
2097 for (i = 15 - l; i < 16; i++)-
2098 ctx->aes.ccm.nonce.b[i] = 0;-
2099-
2100 s390x_km(ctx->aes.ccm.nonce.b, 16, ctx->aes.ccm.buf.b, ctx->aes.ccm.fc,-
2101 ctx->aes.ccm.kmac_param.k);-
2102 ctx->aes.ccm.kmac_param.icv.g[0] ^= ctx->aes.ccm.buf.g[0];-
2103 ctx->aes.ccm.kmac_param.icv.g[1] ^= ctx->aes.ccm.buf.g[1];-
2104-
2105 ctx->aes.ccm.nonce.b[0] = flags; /* restore flags field */-
2106 return 0;-
2107}-
2108-
2109/*--
2110 * En/de-crypt and authenticate TLS packet. Returns the number of bytes written-
2111 * if successful. Otherwise -1 is returned.-
2112 */-
2113static int s390x_aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
2114 const unsigned char *in, size_t len)-
2115{-
2116 S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);-
2117 unsigned char *ivec = EVP_CIPHER_CTX_iv_noconst(ctx);-
2118 unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx);-
2119 const int enc = EVP_CIPHER_CTX_encrypting(ctx);-
2120-
2121 if (out != in-
2122 || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->aes.ccm.m))-
2123 return -1;-
2124-
2125 if (enc) {-
2126 /* Set explicit iv (sequence number). */-
2127 memcpy(out, buf, EVP_CCM_TLS_EXPLICIT_IV_LEN);-
2128 }-
2129-
2130 len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->aes.ccm.m;-
2131 /*--
2132 * Get explicit iv (sequence number). We already have fixed iv-
2133 * (server/client_write_iv) here.-
2134 */-
2135 memcpy(ivec + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN);-
2136 s390x_aes_ccm_setiv(cctx, ivec, len);-
2137-
2138 /* Process aad (sequence number|type|version|length) */-
2139 s390x_aes_ccm_aad(cctx, buf, cctx->aes.ccm.tls_aad_len);-
2140-
2141 in += EVP_CCM_TLS_EXPLICIT_IV_LEN;-
2142 out += EVP_CCM_TLS_EXPLICIT_IV_LEN;-
2143-
2144 if (enc) {-
2145 if (s390x_aes_ccm(cctx, in, out, len, enc))-
2146 return -1;-
2147-
2148 memcpy(out + len, cctx->aes.ccm.kmac_param.icv.b, cctx->aes.ccm.m);-
2149 return len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->aes.ccm.m;-
2150 } else {-
2151 if (!s390x_aes_ccm(cctx, in, out, len, enc)) {-
2152 if (!CRYPTO_memcmp(cctx->aes.ccm.kmac_param.icv.b, in + len,-
2153 cctx->aes.ccm.m))-
2154 return len;-
2155 }-
2156-
2157 OPENSSL_cleanse(out, len);-
2158 return -1;-
2159 }-
2160}-
2161-
2162/*--
2163 * Set key and flag field and/or iv. Returns 1 if successful. Otherwise 0 is-
2164 * returned.-
2165 */-
2166static int s390x_aes_ccm_init_key(EVP_CIPHER_CTX *ctx,-
2167 const unsigned char *key,-
2168 const unsigned char *iv, int enc)-
2169{-
2170 S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);-
2171 unsigned char *ivec;-
2172 int keylen;-
2173-
2174 if (iv == NULL && key == NULL)-
2175 return 1;-
2176-
2177 if (key != NULL) {-
2178 keylen = EVP_CIPHER_CTX_key_length(ctx);-
2179 cctx->aes.ccm.fc = S390X_AES_FC(keylen);-
2180 memcpy(cctx->aes.ccm.kmac_param.k, key, keylen);-
2181-
2182 /* Store encoded m and l. */-
2183 cctx->aes.ccm.nonce.b[0] = ((cctx->aes.ccm.l - 1) & 0x7)-
2184 | (((cctx->aes.ccm.m - 2) >> 1) & 0x7) << 3;-
2185 memset(cctx->aes.ccm.nonce.b + 1, 0,-
2186 sizeof(cctx->aes.ccm.nonce.b));-
2187 cctx->aes.ccm.blocks = 0;-
2188-
2189 cctx->aes.ccm.key_set = 1;-
2190 }-
2191-
2192 if (iv != NULL) {-
2193 ivec = EVP_CIPHER_CTX_iv_noconst(ctx);-
2194 memcpy(ivec, iv, 15 - cctx->aes.ccm.l);-
2195-
2196 cctx->aes.ccm.iv_set = 1;-
2197 }-
2198-
2199 return 1;-
2200}-
2201-
2202/*--
2203 * Called from EVP layer to initialize context, process additional-
2204 * authenticated data, en/de-crypt plain/cipher-text and authenticate-
2205 * plaintext or process a TLS packet, depending on context. Returns bytes-
2206 * written on success. Otherwise -1 is returned.-
2207 */-
2208static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
2209 const unsigned char *in, size_t len)-
2210{-
2211 S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);-
2212 const int enc = EVP_CIPHER_CTX_encrypting(ctx);-
2213 int rv;-
2214 unsigned char *buf, *ivec;-
2215-
2216 if (!cctx->aes.ccm.key_set)-
2217 return -1;-
2218-
2219 if (cctx->aes.ccm.tls_aad_len >= 0)-
2220 return s390x_aes_ccm_tls_cipher(ctx, out, in, len);-
2221-
2222 /*--
2223 * Final(): Does not return any data. Recall that ccm is mac-then-encrypt-
2224 * so integrity must be checked already at Update() i.e., before-
2225 * potentially corrupted data is output.-
2226 */-
2227 if (in == NULL && out != NULL)-
2228 return 0;-
2229-
2230 if (!cctx->aes.ccm.iv_set)-
2231 return -1;-
2232-
2233 if (!enc && !cctx->aes.ccm.tag_set)-
2234 return -1;-
2235-
2236 if (out == NULL) {-
2237 /* Update(): Pass message length. */-
2238 if (in == NULL) {-
2239 ivec = EVP_CIPHER_CTX_iv_noconst(ctx);-
2240 s390x_aes_ccm_setiv(cctx, ivec, len);-
2241-
2242 cctx->aes.ccm.len_set = 1;-
2243 return len;-
2244 }-
2245-
2246 /* Update(): Process aad. */-
2247 if (!cctx->aes.ccm.len_set && len)-
2248 return -1;-
2249-
2250 s390x_aes_ccm_aad(cctx, in, len);-
2251 return len;-
2252 }-
2253-
2254 /* Update(): Process message. */-
2255-
2256 if (!cctx->aes.ccm.len_set) {-
2257 /*--
2258 * In case message length was not previously set explicitly via-
2259 * Update(), set it now.-
2260 */-
2261 ivec = EVP_CIPHER_CTX_iv_noconst(ctx);-
2262 s390x_aes_ccm_setiv(cctx, ivec, len);-
2263-
2264 cctx->aes.ccm.len_set = 1;-
2265 }-
2266-
2267 if (enc) {-
2268 if (s390x_aes_ccm(cctx, in, out, len, enc))-
2269 return -1;-
2270-
2271 cctx->aes.ccm.tag_set = 1;-
2272 return len;-
2273 } else {-
2274 rv = -1;-
2275-
2276 if (!s390x_aes_ccm(cctx, in, out, len, enc)) {-
2277 buf = EVP_CIPHER_CTX_buf_noconst(ctx);-
2278 if (!CRYPTO_memcmp(cctx->aes.ccm.kmac_param.icv.b, buf,-
2279 cctx->aes.ccm.m))-
2280 rv = len;-
2281 }-
2282-
2283 if (rv == -1)-
2284 OPENSSL_cleanse(out, len);-
2285-
2286 cctx->aes.ccm.iv_set = 0;-
2287 cctx->aes.ccm.tag_set = 0;-
2288 cctx->aes.ccm.len_set = 0;-
2289 return rv;-
2290 }-
2291}-
2292-
2293/*--
2294 * Performs various operations on the context structure depending on control-
2295 * type. Returns 1 for success, 0 for failure and -1 for unknown control type.-
2296 * Code is big-endian.-
2297 */-
2298static int s390x_aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)-
2299{-
2300 S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, c);-
2301 unsigned char *buf, *iv;-
2302 int enc, len;-
2303-
2304 switch (type) {-
2305 case EVP_CTRL_INIT:-
2306 cctx->aes.ccm.key_set = 0;-
2307 cctx->aes.ccm.iv_set = 0;-
2308 cctx->aes.ccm.l = 8;-
2309 cctx->aes.ccm.m = 12;-
2310 cctx->aes.ccm.tag_set = 0;-
2311 cctx->aes.ccm.len_set = 0;-
2312 cctx->aes.ccm.tls_aad_len = -1;-
2313 return 1;-
2314-
2315 case EVP_CTRL_AEAD_TLS1_AAD:-
2316 if (arg != EVP_AEAD_TLS1_AAD_LEN)-
2317 return 0;-
2318-
2319 /* Save the aad for later use. */-
2320 buf = EVP_CIPHER_CTX_buf_noconst(c);-
2321 memcpy(buf, ptr, arg);-
2322 cctx->aes.ccm.tls_aad_len = arg;-
2323-
2324 len = buf[arg - 2] << 8 | buf[arg - 1];-
2325 if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN)-
2326 return 0;-
2327-
2328 /* Correct length for explicit iv. */-
2329 len -= EVP_CCM_TLS_EXPLICIT_IV_LEN;-
2330-
2331 enc = EVP_CIPHER_CTX_encrypting(c);-
2332 if (!enc) {-
2333 if (len < cctx->aes.ccm.m)-
2334 return 0;-
2335-
2336 /* Correct length for tag. */-
2337 len -= cctx->aes.ccm.m;-
2338 }-
2339-
2340 buf[arg - 2] = len >> 8;-
2341 buf[arg - 1] = len & 0xff;-
2342-
2343 /* Extra padding: tag appended to record. */-
2344 return cctx->aes.ccm.m;-
2345-
2346 case EVP_CTRL_CCM_SET_IV_FIXED:-
2347 if (arg != EVP_CCM_TLS_FIXED_IV_LEN)-
2348 return 0;-
2349-
2350 /* Copy to first part of the iv. */-
2351 iv = EVP_CIPHER_CTX_iv_noconst(c);-
2352 memcpy(iv, ptr, arg);-
2353 return 1;-
2354-
2355 case EVP_CTRL_AEAD_SET_IVLEN:-
2356 arg = 15 - arg;-
2357 /* fall-through */-
2358-
2359 case EVP_CTRL_CCM_SET_L:-
2360 if (arg < 2 || arg > 8)-
2361 return 0;-
2362-
2363 cctx->aes.ccm.l = arg;-
2364 return 1;-
2365-
2366 case EVP_CTRL_AEAD_SET_TAG:-
2367 if ((arg & 1) || arg < 4 || arg > 16)-
2368 return 0;-
2369-
2370 enc = EVP_CIPHER_CTX_encrypting(c);-
2371 if (enc && ptr)-
2372 return 0;-
2373-
2374 if (ptr) {-
2375 cctx->aes.ccm.tag_set = 1;-
2376 buf = EVP_CIPHER_CTX_buf_noconst(c);-
2377 memcpy(buf, ptr, arg);-
2378 }-
2379-
2380 cctx->aes.ccm.m = arg;-
2381 return 1;-
2382-
2383 case EVP_CTRL_AEAD_GET_TAG:-
2384 enc = EVP_CIPHER_CTX_encrypting(c);-
2385 if (!enc || !cctx->aes.ccm.tag_set)-
2386 return 0;-
2387-
2388 if(arg < cctx->aes.ccm.m)-
2389 return 0;-
2390-
2391 memcpy(ptr, cctx->aes.ccm.kmac_param.icv.b, cctx->aes.ccm.m);-
2392 cctx->aes.ccm.tag_set = 0;-
2393 cctx->aes.ccm.iv_set = 0;-
2394 cctx->aes.ccm.len_set = 0;-
2395 return 1;-
2396-
2397 case EVP_CTRL_COPY:-
2398 return 1;-
2399-
2400 default:-
2401 return -1;-
2402 }-
2403}-
2404-
2405# define s390x_aes_ccm_cleanup aes_ccm_cleanup-
2406-
2407# ifndef OPENSSL_NO_OCB-
2408# define S390X_AES_OCB_CTX EVP_AES_OCB_CTX-
2409# define S390X_aes_128_ocb_CAPABLE 0-
2410# define S390X_aes_192_ocb_CAPABLE 0-
2411# define S390X_aes_256_ocb_CAPABLE 0-
2412-
2413# define s390x_aes_ocb_init_key aes_ocb_init_key-
2414static int s390x_aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,-
2415 const unsigned char *iv, int enc);-
2416# define s390x_aes_ocb_cipher aes_ocb_cipher-
2417static int s390x_aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
2418 const unsigned char *in, size_t len);-
2419# define s390x_aes_ocb_cleanup aes_ocb_cleanup-
2420static int s390x_aes_ocb_cleanup(EVP_CIPHER_CTX *);-
2421# define s390x_aes_ocb_ctrl aes_ocb_ctrl-
2422static int s390x_aes_ocb_ctrl(EVP_CIPHER_CTX *, int type, int arg, void *ptr);-
2423# endif-
2424-
2425# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode, \-
2426 MODE,flags) \-
2427static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \-
2428 nid##_##keylen##_##nmode,blocksize, \-
2429 keylen / 8, \-
2430 ivlen, \-
2431 flags | EVP_CIPH_##MODE##_MODE, \-
2432 s390x_aes_##mode##_init_key, \-
2433 s390x_aes_##mode##_cipher, \-
2434 NULL, \-
2435 sizeof(S390X_AES_##MODE##_CTX), \-
2436 NULL, \-
2437 NULL, \-
2438 NULL, \-
2439 NULL \-
2440}; \-
2441static const EVP_CIPHER aes_##keylen##_##mode = { \-
2442 nid##_##keylen##_##nmode, \-
2443 blocksize, \-
2444 keylen / 8, \-
2445 ivlen, \-
2446 flags | EVP_CIPH_##MODE##_MODE, \-
2447 aes_init_key, \-
2448 aes_##mode##_cipher, \-
2449 NULL, \-
2450 sizeof(EVP_AES_KEY), \-
2451 NULL, \-
2452 NULL, \-
2453 NULL, \-
2454 NULL \-
2455}; \-
2456const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \-
2457{ \-
2458 return S390X_aes_##keylen##_##mode##_CAPABLE ? \-
2459 &s390x_aes_##keylen##_##mode : &aes_##keylen##_##mode; \-
2460}-
2461-
2462# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags)\-
2463static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \-
2464 nid##_##keylen##_##mode, \-
2465 blocksize, \-
2466 (EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) * keylen / 8, \-
2467 ivlen, \-
2468 flags | EVP_CIPH_##MODE##_MODE, \-
2469 s390x_aes_##mode##_init_key, \-
2470 s390x_aes_##mode##_cipher, \-
2471 s390x_aes_##mode##_cleanup, \-
2472 sizeof(S390X_AES_##MODE##_CTX), \-
2473 NULL, \-
2474 NULL, \-
2475 s390x_aes_##mode##_ctrl, \-
2476 NULL \-
2477}; \-
2478static const EVP_CIPHER aes_##keylen##_##mode = { \-
2479 nid##_##keylen##_##mode,blocksize, \-
2480 (EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) * keylen / 8, \-
2481 ivlen, \-
2482 flags | EVP_CIPH_##MODE##_MODE, \-
2483 aes_##mode##_init_key, \-
2484 aes_##mode##_cipher, \-
2485 aes_##mode##_cleanup, \-
2486 sizeof(EVP_AES_##MODE##_CTX), \-
2487 NULL, \-
2488 NULL, \-
2489 aes_##mode##_ctrl, \-
2490 NULL \-
2491}; \-
2492const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \-
2493{ \-
2494 return S390X_aes_##keylen##_##mode##_CAPABLE ? \-
2495 &s390x_aes_##keylen##_##mode : &aes_##keylen##_##mode; \-
2496}-
2497-
2498#else-
2499-
2500# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \-
2501static const EVP_CIPHER aes_##keylen##_##mode = { \-
2502 nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \-
2503 flags|EVP_CIPH_##MODE##_MODE, \-
2504 aes_init_key, \-
2505 aes_##mode##_cipher, \-
2506 NULL, \-
2507 sizeof(EVP_AES_KEY), \-
2508 NULL,NULL,NULL,NULL }; \-
2509const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \-
2510{ return &aes_##keylen##_##mode; }-
2511-
2512# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \-
2513static const EVP_CIPHER aes_##keylen##_##mode = { \-
2514 nid##_##keylen##_##mode,blocksize, \-
2515 (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \-
2516 flags|EVP_CIPH_##MODE##_MODE, \-
2517 aes_##mode##_init_key, \-
2518 aes_##mode##_cipher, \-
2519 aes_##mode##_cleanup, \-
2520 sizeof(EVP_AES_##MODE##_CTX), \-
2521 NULL,NULL,aes_##mode##_ctrl,NULL }; \-
2522const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \-
2523{ return &aes_##keylen##_##mode; }-
2524-
2525#endif-
2526-
2527#if defined(OPENSSL_CPUID_OBJ) && (defined(__arm__) || defined(__arm) || defined(__aarch64__))-
2528# include "arm_arch.h"-
2529# if __ARM_MAX_ARCH__>=7-
2530# if defined(BSAES_ASM)-
2531# define BSAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON)-
2532# endif-
2533# if defined(VPAES_ASM)-
2534# define VPAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON)-
2535# endif-
2536# define HWAES_CAPABLE (OPENSSL_armcap_P & ARMV8_AES)-
2537# define HWAES_set_encrypt_key aes_v8_set_encrypt_key-
2538# define HWAES_set_decrypt_key aes_v8_set_decrypt_key-
2539# define HWAES_encrypt aes_v8_encrypt-
2540# define HWAES_decrypt aes_v8_decrypt-
2541# define HWAES_cbc_encrypt aes_v8_cbc_encrypt-
2542# define HWAES_ctr32_encrypt_blocks aes_v8_ctr32_encrypt_blocks-
2543# endif-
2544#endif-
2545-
2546#if defined(HWAES_CAPABLE)-
2547int HWAES_set_encrypt_key(const unsigned char *userKey, const int bits,-
2548 AES_KEY *key);-
2549int HWAES_set_decrypt_key(const unsigned char *userKey, const int bits,-
2550 AES_KEY *key);-
2551void HWAES_encrypt(const unsigned char *in, unsigned char *out,-
2552 const AES_KEY *key);-
2553void HWAES_decrypt(const unsigned char *in, unsigned char *out,-
2554 const AES_KEY *key);-
2555void HWAES_cbc_encrypt(const unsigned char *in, unsigned char *out,-
2556 size_t length, const AES_KEY *key,-
2557 unsigned char *ivec, const int enc);-
2558void HWAES_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,-
2559 size_t len, const AES_KEY *key,-
2560 const unsigned char ivec[16]);-
2561void HWAES_xts_encrypt(const unsigned char *inp, unsigned char *out,-
2562 size_t len, const AES_KEY *key1,-
2563 const AES_KEY *key2, const unsigned char iv[16]);-
2564void HWAES_xts_decrypt(const unsigned char *inp, unsigned char *out,-
2565 size_t len, const AES_KEY *key1,-
2566 const AES_KEY *key2, const unsigned char iv[16]);-
2567#endif-
2568-
2569#define BLOCK_CIPHER_generic_pack(nid,keylen,flags) \-
2570 BLOCK_CIPHER_generic(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \-
2571 BLOCK_CIPHER_generic(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \-
2572 BLOCK_CIPHER_generic(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \-
2573 BLOCK_CIPHER_generic(nid,keylen,1,16,cfb128,cfb,CFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \-
2574 BLOCK_CIPHER_generic(nid,keylen,1,16,cfb1,cfb1,CFB,flags) \-
2575 BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags) \-
2576 BLOCK_CIPHER_generic(nid,keylen,1,16,ctr,ctr,CTR,flags)-
2577-
2578static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,-
2579 const unsigned char *iv, int enc)-
2580{-
2581 int ret, mode;-
2582 EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);-
2583-
2584 mode = EVP_CIPHER_CTX_mode(ctx);-
2585 if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
mode == 0x1Description
TRUEevaluated 3163388 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
FALSEevaluated 29979 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
mode == 0x2Description
TRUEevaluated 10821 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 19158 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
10821-3163388
2586 && !enc) {
!encDescription
TRUEevaluated 4787 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 3182228 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
4787-3182228
2587#ifdef HWAES_CAPABLE-
2588 if (HWAES_CAPABLE) {-
2589 ret = HWAES_set_decrypt_key(key,-
2590 EVP_CIPHER_CTX_key_length(ctx) * 8,-
2591 &dat->ks.ks);-
2592 dat->block = (block128_f) HWAES_decrypt;-
2593 dat->stream.cbc = NULL;-
2594# ifdef HWAES_cbc_encrypt-
2595 if (mode == EVP_CIPH_CBC_MODE)-
2596 dat->stream.cbc = (cbc128_f) HWAES_cbc_encrypt;-
2597# endif-
2598 } else-
2599#endif-
2600#ifdef BSAES_CAPABLE-
2601 if (BSAES_CAPABLE && mode == EVP_CIPH_CBC_MODE) {
(OPENSSL_ia32c...&(1<<(41-32)))Description
TRUEevaluated 4787 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
mode == 0x2Description
TRUEevaluated 4622 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 165 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-4787
2602 ret = AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,-
2603 &dat->ks.ks);-
2604 dat->block = (block128_f) AES_decrypt;-
2605 dat->stream.cbc = (cbc128_f) bsaes_cbc_encrypt;-
2606 } else
executed 4622 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
4622
2607#endif-
2608#ifdef VPAES_CAPABLE-
2609 if (VPAES_CAPABLE) {
(OPENSSL_ia32c...&(1<<(41-32)))Description
TRUEevaluated 165 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-165
2610 ret = vpaes_set_decrypt_key(key,-
2611 EVP_CIPHER_CTX_key_length(ctx) * 8,-
2612 &dat->ks.ks);-
2613 dat->block = (block128_f) vpaes_decrypt;-
2614 dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
mode == 0x2Description
TRUEnever evaluated
FALSEevaluated 165 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-165
2615 (cbc128_f) vpaes_cbc_encrypt : NULL;-
2616 } else
executed 165 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
165
2617#endif-
2618 {-
2619 ret = AES_set_decrypt_key(key,-
2620 EVP_CIPHER_CTX_key_length(ctx) * 8,-
2621 &dat->ks.ks);-
2622 dat->block = (block128_f) AES_decrypt;-
2623 dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
mode == 0x2Description
TRUEnever evaluated
FALSEnever evaluated
0
2624 (cbc128_f) AES_cbc_encrypt : NULL;-
2625 }
never executed: end of block
0
2626 } else-
2627#ifdef HWAES_CAPABLE-
2628 if (HWAES_CAPABLE) {-
2629 ret = HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,-
2630 &dat->ks.ks);-
2631 dat->block = (block128_f) HWAES_encrypt;-
2632 dat->stream.cbc = NULL;-
2633# ifdef HWAES_cbc_encrypt-
2634 if (mode == EVP_CIPH_CBC_MODE)-
2635 dat->stream.cbc = (cbc128_f) HWAES_cbc_encrypt;-
2636 else-
2637# endif-
2638# ifdef HWAES_ctr32_encrypt_blocks-
2639 if (mode == EVP_CIPH_CTR_MODE)-
2640 dat->stream.ctr = (ctr128_f) HWAES_ctr32_encrypt_blocks;-
2641 else-
2642# endif-
2643 (void)0; /* terminate potentially open 'else' */-
2644 } else-
2645#endif-
2646#ifdef BSAES_CAPABLE-
2647 if (BSAES_CAPABLE && mode == EVP_CIPH_CTR_MODE) {
(OPENSSL_ia32c...&(1<<(41-32)))Description
TRUEevaluated 3197857 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
FALSEnever evaluated
mode == 0x5Description
TRUEevaluated 6278 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 3198543 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-3198543
2648 ret = AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,-
2649 &dat->ks.ks);-
2650 dat->block = (block128_f) AES_encrypt;-
2651 dat->stream.ctr = (ctr128_f) bsaes_ctr32_encrypt_blocks;-
2652 } else
executed 6278 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
6278
2653#endif-
2654#ifdef VPAES_CAPABLE-
2655 if (VPAES_CAPABLE) {
(OPENSSL_ia32c...&(1<<(41-32)))Description
TRUEevaluated 3162861 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
FALSEnever evaluated
0-3162861
2656 ret = vpaes_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,-
2657 &dat->ks.ks);-
2658 dat->block = (block128_f) vpaes_encrypt;-
2659 dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
mode == 0x2Description
TRUEevaluated 6199 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 3123098 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
6199-3123098
2660 (cbc128_f) vpaes_cbc_encrypt : NULL;-
2661 } else
executed 3118051 times by 2 tests: end of block
Executed by:
  • libcrypto.so.1.1
  • sm2_internal_test
3118051
2662#endif-
2663 {-
2664 ret = AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,-
2665 &dat->ks.ks);-
2666 dat->block = (block128_f) AES_encrypt;-
2667 dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
mode == 0x2Description
TRUEnever evaluated
FALSEnever evaluated
0
2668 (cbc128_f) AES_cbc_encrypt : NULL;-
2669#ifdef AES_CTR_ASM-
2670 if (mode == EVP_CIPH_CTR_MODE)-
2671 dat->stream.ctr = (ctr128_f) AES_ctr32_encrypt;-
2672#endif-
2673 }
never executed: end of block
0
2674-
2675 if (ret < 0) {
ret < 0Description
TRUEnever evaluated
FALSEevaluated 3128826 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-3128826
2676 EVPerr(EVP_F_AES_INIT_KEY, EVP_R_AES_KEY_SETUP_FAILED);-
2677 return 0;
never executed: return 0;
0
2678 }-
2679-
2680 return 1;
executed 3144895 times by 2 tests: return 1;
Executed by:
  • libcrypto.so.1.1
  • sm2_internal_test
3144895
2681}-
2682-
2683static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
2684 const unsigned char *in, size_t len)-
2685{-
2686 EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);-
2687-
2688 if (dat->stream.cbc)
dat->stream.cbcDescription
TRUEevaluated 45300 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-45300
2689 (*dat->stream.cbc) (in, out, len, &dat->ks,
executed 45300 times by 1 test: (*dat->stream.cbc) (in, out, len, &dat->ks, EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_encrypting(ctx));
Executed by:
  • libcrypto.so.1.1
45300
2690 EVP_CIPHER_CTX_iv_noconst(ctx),
executed 45300 times by 1 test: (*dat->stream.cbc) (in, out, len, &dat->ks, EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_encrypting(ctx));
Executed by:
  • libcrypto.so.1.1
45300
2691 EVP_CIPHER_CTX_encrypting(ctx));
executed 45300 times by 1 test: (*dat->stream.cbc) (in, out, len, &dat->ks, EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_encrypting(ctx));
Executed by:
  • libcrypto.so.1.1
45300
2692 else if (EVP_CIPHER_CTX_encrypting(ctx))
EVP_CIPHER_CTX_encrypting(ctx)Description
TRUEnever evaluated
FALSEnever evaluated
0
2693 CRYPTO_cbc128_encrypt(in, out, len, &dat->ks,
never executed: CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, EVP_CIPHER_CTX_iv_noconst(ctx), dat->block);
0
2694 EVP_CIPHER_CTX_iv_noconst(ctx), dat->block);
never executed: CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, EVP_CIPHER_CTX_iv_noconst(ctx), dat->block);
0
2695 else-
2696 CRYPTO_cbc128_decrypt(in, out, len, &dat->ks,
never executed: CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, EVP_CIPHER_CTX_iv_noconst(ctx), dat->block);
0
2697 EVP_CIPHER_CTX_iv_noconst(ctx), dat->block);
never executed: CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, EVP_CIPHER_CTX_iv_noconst(ctx), dat->block);
0
2698-
2699 return 1;
executed 45300 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
45300
2700}-
2701-
2702static int aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
2703 const unsigned char *in, size_t len)-
2704{-
2705 size_t bl = EVP_CIPHER_CTX_block_size(ctx);-
2706 size_t i;-
2707 EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);-
2708-
2709 if (len < bl)
len < blDescription
TRUEnever evaluated
FALSEevaluated 27767782 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-27767782
2710 return 1;
never executed: return 1;
0
2711-
2712 for (i = 0, len -= bl; i <= len; i += bl)
i <= lenDescription
TRUEevaluated 27479641 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
FALSEevaluated 28589899 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
27479641-28589899
2713 (*dat->block) (in + i, out + i, &dat->ks);
executed 27404611 times by 2 tests: (*dat->block) (in + i, out + i, &dat->ks);
Executed by:
  • libcrypto.so.1.1
  • sm2_internal_test
27404611
2714-
2715 return 1;
executed 28560056 times by 2 tests: return 1;
Executed by:
  • libcrypto.so.1.1
  • sm2_internal_test
28560056
2716}-
2717-
2718static int aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
2719 const unsigned char *in, size_t len)-
2720{-
2721 EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);-
2722-
2723 int num = EVP_CIPHER_CTX_num(ctx);-
2724 CRYPTO_ofb128_encrypt(in, out, len, &dat->ks,-
2725 EVP_CIPHER_CTX_iv_noconst(ctx), &num, dat->block);-
2726 EVP_CIPHER_CTX_set_num(ctx, num);-
2727 return 1;
executed 18990 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
18990
2728}-
2729-
2730static int aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
2731 const unsigned char *in, size_t len)-
2732{-
2733 EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);-
2734-
2735 int num = EVP_CIPHER_CTX_num(ctx);-
2736 CRYPTO_cfb128_encrypt(in, out, len, &dat->ks,-
2737 EVP_CIPHER_CTX_iv_noconst(ctx), &num,-
2738 EVP_CIPHER_CTX_encrypting(ctx), dat->block);-
2739 EVP_CIPHER_CTX_set_num(ctx, num);-
2740 return 1;
executed 18990 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
18990
2741}-
2742-
2743static int aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
2744 const unsigned char *in, size_t len)-
2745{-
2746 EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);-
2747-
2748 int num = EVP_CIPHER_CTX_num(ctx);-
2749 CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks,-
2750 EVP_CIPHER_CTX_iv_noconst(ctx), &num,-
2751 EVP_CIPHER_CTX_encrypting(ctx), dat->block);-
2752 EVP_CIPHER_CTX_set_num(ctx, num);-
2753 return 1;
executed 6 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
6
2754}-
2755-
2756static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
2757 const unsigned char *in, size_t len)-
2758{-
2759 EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);-
2760-
2761 if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) {
EVP_CIPHER_CTX...s(ctx, 0x2000)Description
TRUEnever evaluated
FALSEevaluated 6 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-6
2762 int num = EVP_CIPHER_CTX_num(ctx);-
2763 CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks,-
2764 EVP_CIPHER_CTX_iv_noconst(ctx), &num,-
2765 EVP_CIPHER_CTX_encrypting(ctx), dat->block);-
2766 EVP_CIPHER_CTX_set_num(ctx, num);-
2767 return 1;
never executed: return 1;
0
2768 }-
2769-
2770 while (len >= MAXBITCHUNK) {
len >= ((size_...(size_t)*8-4))Description
TRUEnever evaluated
FALSEevaluated 6 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-6
2771 int num = EVP_CIPHER_CTX_num(ctx);-
2772 CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks,-
2773 EVP_CIPHER_CTX_iv_noconst(ctx), &num,-
2774 EVP_CIPHER_CTX_encrypting(ctx), dat->block);-
2775 EVP_CIPHER_CTX_set_num(ctx, num);-
2776 len -= MAXBITCHUNK;-
2777 out += MAXBITCHUNK;-
2778 in += MAXBITCHUNK;-
2779 }
never executed: end of block
0
2780 if (len) {
lenDescription
TRUEevaluated 6 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-6
2781 int num = EVP_CIPHER_CTX_num(ctx);-
2782 CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks,-
2783 EVP_CIPHER_CTX_iv_noconst(ctx), &num,-
2784 EVP_CIPHER_CTX_encrypting(ctx), dat->block);-
2785 EVP_CIPHER_CTX_set_num(ctx, num);-
2786 }
executed 6 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
6
2787-
2788 return 1;
executed 6 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
6
2789}-
2790-
2791static int aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
2792 const unsigned char *in, size_t len)-
2793{-
2794 unsigned int num = EVP_CIPHER_CTX_num(ctx);-
2795 EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);-
2796-
2797 if (dat->stream.ctr)
dat->stream.ctrDescription
TRUEevaluated 18678 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-18678
2798 CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks,
executed 18678 times by 1 test: CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks, EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_buf_noconst(ctx), &num, dat->stream.ctr);
Executed by:
  • libcrypto.so.1.1
18678
2799 EVP_CIPHER_CTX_iv_noconst(ctx),
executed 18678 times by 1 test: CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks, EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_buf_noconst(ctx), &num, dat->stream.ctr);
Executed by:
  • libcrypto.so.1.1
18678
2800 EVP_CIPHER_CTX_buf_noconst(ctx),
executed 18678 times by 1 test: CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks, EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_buf_noconst(ctx), &num, dat->stream.ctr);
Executed by:
  • libcrypto.so.1.1
18678
2801 &num, dat->stream.ctr);
executed 18678 times by 1 test: CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks, EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_buf_noconst(ctx), &num, dat->stream.ctr);
Executed by:
  • libcrypto.so.1.1
18678
2802 else-
2803 CRYPTO_ctr128_encrypt(in, out, len, &dat->ks,
never executed: CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_buf_noconst(ctx), &num, dat->block);
0
2804 EVP_CIPHER_CTX_iv_noconst(ctx),
never executed: CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_buf_noconst(ctx), &num, dat->block);
0
2805 EVP_CIPHER_CTX_buf_noconst(ctx), &num,
never executed: CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_buf_noconst(ctx), &num, dat->block);
0
2806 dat->block);
never executed: CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_buf_noconst(ctx), &num, dat->block);
0
2807 EVP_CIPHER_CTX_set_num(ctx, num);-
2808 return 1;
executed 18678 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
18678
2809}-
2810-
2811BLOCK_CIPHER_generic_pack(NID_aes, 128, 0)
executed 5105 times by 1 test: return (OPENSSL_ia32cap_P[1]&(1<<(57-32)))?&aesni_128_cbc:&aes_128_cbc;
Executed by:
  • libcrypto.so.1.1
executed 6294 times by 1 test: return (OPENSSL_ia32cap_P[1]&(1<<(57-32)))?&aesni_128_ecb:&aes_128_ecb;
Executed by:
  • libcrypto.so.1.1
executed 1962 times by 1 test: return (OPENSSL_ia32cap_P[1]&(1<<(57-32)))?&aesni_128_ofb:&aes_128_ofb;
Executed by:
  • libcrypto.so.1.1
executed 1962 times by 1 test: return (OPENSSL_ia32cap_P[1]&(1<<(57-32)))?&aesni_128_cfb:&aes_128_cfb;
Executed by:
  • libcrypto.so.1.1
executed 1962 times by 1 test: return (OPENSSL_ia32cap_P[1]&(1<<(57-32)))?&aesni_128_cfb1:&aes_128_cfb1;
Executed by:
  • libcrypto.so.1.1
executed 1962 times by 1 test: return (OPENSSL_ia32cap_P[1]&(1<<(57-32)))?&aesni_128_cfb8:&aes_128_cfb8;
Executed by:
  • libcrypto.so.1.1
executed 1964 times by 1 test: return (OPENSSL_ia32cap_P[1]&(1<<(57-32)))?&aesni_128_ctr:&aes_128_ctr;
Executed by:
  • libcrypto.so.1.1
(OPENSSL_ia32c...&(1<<(57-32)))Description
TRUEnever evaluated
FALSEevaluated 5105 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
(OPENSSL_ia32c...&(1<<(57-32)))Description
TRUEnever evaluated
FALSEevaluated 6294 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
(OPENSSL_ia32c...&(1<<(57-32)))Description
TRUEnever evaluated
FALSEevaluated 1962 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
(OPENSSL_ia32c...&(1<<(57-32)))Description
TRUEnever evaluated
FALSEevaluated 1962 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
(OPENSSL_ia32c...&(1<<(57-32)))Description
TRUEnever evaluated
FALSEevaluated 1962 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
(OPENSSL_ia32c...&(1<<(57-32)))Description
TRUEnever evaluated
FALSEevaluated 1962 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
(OPENSSL_ia32c...&(1<<(57-32)))Description
TRUEnever evaluated
FALSEevaluated 1964 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-6294
2812 BLOCK_CIPHER_generic_pack(NID_aes, 192, 0)
executed 3921 times by 1 test: return (OPENSSL_ia32cap_P[1]&(1<<(57-32)))?&aesni_192_cbc:&aes_192_cbc;
Executed by:
  • libcrypto.so.1.1
executed 6294 times by 1 test: return (OPENSSL_ia32cap_P[1]&(1<<(57-32)))?&aesni_192_ecb:&aes_192_ecb;
Executed by:
  • libcrypto.so.1.1
executed 1962 times by 1 test: return (OPENSSL_ia32cap_P[1]&(1<<(57-32)))?&aesni_192_ofb:&aes_192_ofb;
Executed by:
  • libcrypto.so.1.1
executed 1962 times by 1 test: return (OPENSSL_ia32cap_P[1]&(1<<(57-32)))?&aesni_192_cfb:&aes_192_cfb;
Executed by:
  • libcrypto.so.1.1
executed 1962 times by 1 test: return (OPENSSL_ia32cap_P[1]&(1<<(57-32)))?&aesni_192_cfb1:&aes_192_cfb1;
Executed by:
  • libcrypto.so.1.1
executed 1962 times by 1 test: return (OPENSSL_ia32cap_P[1]&(1<<(57-32)))?&aesni_192_cfb8:&aes_192_cfb8;
Executed by:
  • libcrypto.so.1.1
executed 1962 times by 1 test: return (OPENSSL_ia32cap_P[1]&(1<<(57-32)))?&aesni_192_ctr:&aes_192_ctr;
Executed by:
  • libcrypto.so.1.1
(OPENSSL_ia32c...&(1<<(57-32)))Description
TRUEnever evaluated
FALSEevaluated 3921 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
(OPENSSL_ia32c...&(1<<(57-32)))Description
TRUEnever evaluated
FALSEevaluated 6294 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
(OPENSSL_ia32c...&(1<<(57-32)))Description
TRUEnever evaluated
FALSEevaluated 1962 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
(OPENSSL_ia32c...&(1<<(57-32)))Description
TRUEnever evaluated
FALSEevaluated 1962 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
(OPENSSL_ia32c...&(1<<(57-32)))Description
TRUEnever evaluated
FALSEevaluated 1962 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
(OPENSSL_ia32c...&(1<<(57-32)))Description
TRUEnever evaluated
FALSEevaluated 1962 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
(OPENSSL_ia32c...&(1<<(57-32)))Description
TRUEnever evaluated
FALSEevaluated 1962 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-6294
2813 BLOCK_CIPHER_generic_pack(NID_aes, 256, 0)
executed 5881 times by 1 test: return (OPENSSL_ia32cap_P[1]&(1<<(57-32)))?&aesni_256_cbc:&aes_256_cbc;
Executed by:
  • libcrypto.so.1.1
executed 8095 times by 2 tests: return (OPENSSL_ia32cap_P[1]&(1<<(57-32)))?&aesni_256_ecb:&aes_256_ecb;
Executed by:
  • libcrypto.so.1.1
  • sm2_internal_test
executed 1964 times by 1 test: return (OPENSSL_ia32cap_P[1]&(1<<(57-32)))?&aesni_256_ofb:&aes_256_ofb;
Executed by:
  • libcrypto.so.1.1
executed 1964 times by 1 test: return (OPENSSL_ia32cap_P[1]&(1<<(57-32)))?&aesni_256_cfb:&aes_256_cfb;
Executed by:
  • libcrypto.so.1.1
executed 1962 times by 1 test: return (OPENSSL_ia32cap_P[1]&(1<<(57-32)))?&aesni_256_cfb1:&aes_256_cfb1;
Executed by:
  • libcrypto.so.1.1
executed 1962 times by 1 test: return (OPENSSL_ia32cap_P[1]&(1<<(57-32)))?&aesni_256_cfb8:&aes_256_cfb8;
Executed by:
  • libcrypto.so.1.1
executed 1962 times by 1 test: return (OPENSSL_ia32cap_P[1]&(1<<(57-32)))?&aesni_256_ctr:&aes_256_ctr;
Executed by:
  • libcrypto.so.1.1
(OPENSSL_ia32c...&(1<<(57-32)))Description
TRUEnever evaluated
FALSEevaluated 5881 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
(OPENSSL_ia32c...&(1<<(57-32)))Description
TRUEnever evaluated
FALSEevaluated 8095 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
(OPENSSL_ia32c...&(1<<(57-32)))Description
TRUEnever evaluated
FALSEevaluated 1964 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
(OPENSSL_ia32c...&(1<<(57-32)))Description
TRUEnever evaluated
FALSEevaluated 1964 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
(OPENSSL_ia32c...&(1<<(57-32)))Description
TRUEnever evaluated
FALSEevaluated 1962 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
(OPENSSL_ia32c...&(1<<(57-32)))Description
TRUEnever evaluated
FALSEevaluated 1962 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
(OPENSSL_ia32c...&(1<<(57-32)))Description
TRUEnever evaluated
FALSEevaluated 1962 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-8095
2814-
2815static int aes_gcm_cleanup(EVP_CIPHER_CTX *c)-
2816{-
2817 EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,c);-
2818 if (gctx == NULL)
gctx == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 7313 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-7313
2819 return 0;
never executed: return 0;
0
2820 OPENSSL_cleanse(&gctx->gcm, sizeof(gctx->gcm));-
2821 if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(c))
gctx->iv != EV..._iv_noconst(c)Description
TRUEevaluated 147 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 7166 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
147-7166
2822 OPENSSL_free(gctx->iv);
executed 147 times by 1 test: CRYPTO_free(gctx->iv, __FILE__, 2822);
Executed by:
  • libcrypto.so.1.1
147
2823 return 1;
executed 7313 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
7313
2824}-
2825-
2826static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)-
2827{-
2828 EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,c);-
2829 switch (type) {-
2830 case EVP_CTRL_INIT:
executed 7763 times by 1 test: case 0x0:
Executed by:
  • libcrypto.so.1.1
7763
2831 gctx->key_set = 0;-
2832 gctx->iv_set = 0;-
2833 gctx->ivlen = c->cipher->iv_len;-
2834 gctx->iv = c->iv;-
2835 gctx->taglen = -1;-
2836 gctx->iv_gen = 0;-
2837 gctx->tls_aad_len = -1;-
2838 return 1;
executed 7763 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
7763
2839-
2840 case EVP_CTRL_AEAD_SET_IVLEN:
executed 5838 times by 1 test: case 0x9:
Executed by:
  • libcrypto.so.1.1
5838
2841 if (arg <= 0)
arg <= 0Description
TRUEnever evaluated
FALSEevaluated 5838 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-5838
2842 return 0;
never executed: return 0;
0
2843 /* Allocate memory for IV if needed */-
2844 if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) {
(arg > 16)Description
TRUEevaluated 147 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 5691 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
(arg > gctx->ivlen)Description
TRUEevaluated 147 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-5691
2845 if (gctx->iv != c->iv)
gctx->iv != c->ivDescription
TRUEnever evaluated
FALSEevaluated 147 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-147
2846 OPENSSL_free(gctx->iv);
never executed: CRYPTO_free(gctx->iv, __FILE__, 2846);
0
2847 if ((gctx->iv = OPENSSL_malloc(arg)) == NULL) {
(gctx->iv = CR...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 147 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-147
2848 EVPerr(EVP_F_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE);-
2849 return 0;
never executed: return 0;
0
2850 }-
2851 }
executed 147 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
147
2852 gctx->ivlen = arg;-
2853 return 1;
executed 5838 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
5838
2854-
2855 case EVP_CTRL_AEAD_SET_TAG:
executed 13652 times by 1 test: case 0x11:
Executed by:
  • libcrypto.so.1.1
13652
2856 if (arg <= 0 || arg > 16 || c->encrypt)
arg <= 0Description
TRUEnever evaluated
FALSEevaluated 13652 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
arg > 16Description
TRUEnever evaluated
FALSEevaluated 13652 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
c->encryptDescription
TRUEnever evaluated
FALSEevaluated 13652 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-13652
2857 return 0;
never executed: return 0;
0
2858 memcpy(c->buf, ptr, arg);-
2859 gctx->taglen = arg;-
2860 return 1;
executed 13652 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
13652
2861-
2862 case EVP_CTRL_AEAD_GET_TAG:
executed 12236 times by 1 test: case 0x10:
Executed by:
  • libcrypto.so.1.1
12236
2863 if (arg <= 0 || arg > 16 || !c->encrypt
arg <= 0Description
TRUEnever evaluated
FALSEevaluated 12236 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
arg > 16Description
TRUEnever evaluated
FALSEevaluated 12236 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
!c->encryptDescription
TRUEnever evaluated
FALSEevaluated 12236 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-12236
2864 || gctx->taglen < 0)
gctx->taglen < 0Description
TRUEnever evaluated
FALSEevaluated 12236 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-12236
2865 return 0;
never executed: return 0;
0
2866 memcpy(ptr, c->buf, arg);-
2867 return 1;
executed 12236 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
12236
2868-
2869 case EVP_CTRL_GCM_SET_IV_FIXED:
executed 1911 times by 1 test: case 0x12:
Executed by:
  • libcrypto.so.1.1
1911
2870 /* Special case: -1 length restores whole IV */-
2871 if (arg == -1) {
arg == -1Description
TRUEnever evaluated
FALSEevaluated 1911 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1911
2872 memcpy(gctx->iv, ptr, gctx->ivlen);-
2873 gctx->iv_gen = 1;-
2874 return 1;
never executed: return 1;
0
2875 }-
2876 /*-
2877 * Fixed field must be at least 4 bytes and invocation field at least-
2878 * 8.-
2879 */-
2880 if ((arg < 4) || (gctx->ivlen - arg) < 8)
(arg < 4)Description
TRUEnever evaluated
FALSEevaluated 1911 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
(gctx->ivlen - arg) < 8Description
TRUEnever evaluated
FALSEevaluated 1911 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1911
2881 return 0;
never executed: return 0;
0
2882 if (arg)
argDescription
TRUEevaluated 1911 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-1911
2883 memcpy(gctx->iv, ptr, arg);
executed 1911 times by 1 test: memcpy(gctx->iv, ptr, arg);
Executed by:
  • libcrypto.so.1.1
1911
2884 if (c->encrypt && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0)
c->encryptDescription
TRUEevaluated 952 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 959 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
RAND_bytes(gct...en - arg) <= 0Description
TRUEnever evaluated
FALSEevaluated 952 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-959
2885 return 0;
never executed: return 0;
0
2886 gctx->iv_gen = 1;-
2887 return 1;
executed 1911 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
1911
2888-
2889 case EVP_CTRL_GCM_IV_GEN:
executed 2743 times by 1 test: case 0x13:
Executed by:
  • libcrypto.so.1.1
2743
2890 if (gctx->iv_gen == 0 || gctx->key_set == 0)
gctx->iv_gen == 0Description
TRUEnever evaluated
FALSEevaluated 2743 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
gctx->key_set == 0Description
TRUEnever evaluated
FALSEevaluated 2743 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-2743
2891 return 0;
never executed: return 0;
0
2892 CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen);-
2893 if (arg <= 0 || arg > gctx->ivlen)
arg <= 0Description
TRUEnever evaluated
FALSEevaluated 2743 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
arg > gctx->ivlenDescription
TRUEnever evaluated
FALSEevaluated 2743 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-2743
2894 arg = gctx->ivlen;
never executed: arg = gctx->ivlen;
0
2895 memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg);-
2896 /*-
2897 * Invocation field will be at least 8 bytes in size and so no need-
2898 * to check wrap around or increment more than last 8 bytes.-
2899 */-
2900 ctr64_inc(gctx->iv + gctx->ivlen - 8);-
2901 gctx->iv_set = 1;-
2902 return 1;
executed 2743 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
2743
2903-
2904 case EVP_CTRL_GCM_SET_IV_INV:
executed 2577 times by 1 test: case 0x18:
Executed by:
  • libcrypto.so.1.1
2577
2905 if (gctx->iv_gen == 0 || gctx->key_set == 0 || c->encrypt)
gctx->iv_gen == 0Description
TRUEnever evaluated
FALSEevaluated 2577 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
gctx->key_set == 0Description
TRUEnever evaluated
FALSEevaluated 2577 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
c->encryptDescription
TRUEnever evaluated
FALSEevaluated 2577 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-2577
2906 return 0;
never executed: return 0;
0
2907 memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg);-
2908 CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen);-
2909 gctx->iv_set = 1;-
2910 return 1;
executed 2577 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
2577
2911-
2912 case EVP_CTRL_AEAD_TLS1_AAD:
executed 5324 times by 1 test: case 0x16:
Executed by:
  • libcrypto.so.1.1
5324
2913 /* Save the AAD for later use */-
2914 if (arg != EVP_AEAD_TLS1_AAD_LEN)
arg != 13Description
TRUEnever evaluated
FALSEevaluated 5324 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-5324
2915 return 0;
never executed: return 0;
0
2916 memcpy(c->buf, ptr, arg);-
2917 gctx->tls_aad_len = arg;-
2918 gctx->tls_enc_records = 0;-
2919 {-
2920 unsigned int len = c->buf[arg - 2] << 8 | c->buf[arg - 1];-
2921 /* Correct length for explicit IV */-
2922 if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN)
len < 8Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 5322 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
2-5322
2923 return 0;
executed 2 times by 1 test: return 0;
Executed by:
  • libcrypto.so.1.1
2
2924 len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;-
2925 /* If decrypting correct for tag too */-
2926 if (!c->encrypt) {
!c->encryptDescription
TRUEevaluated 2579 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 2743 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
2579-2743
2927 if (len < EVP_GCM_TLS_TAG_LEN)
len < 16Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 2577 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
2-2577
2928 return 0;
executed 2 times by 1 test: return 0;
Executed by:
  • libcrypto.so.1.1
2
2929 len -= EVP_GCM_TLS_TAG_LEN;-
2930 }
executed 2577 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
2577
2931 c->buf[arg - 2] = len >> 8;-
2932 c->buf[arg - 1] = len & 0xff;-
2933 }-
2934 /* Extra padding: tag appended to record */-
2935 return EVP_GCM_TLS_TAG_LEN;
executed 5320 times by 1 test: return 16;
Executed by:
  • libcrypto.so.1.1
5320
2936-
2937 case EVP_CTRL_COPY:
never executed: case 0x8:
0
2938 {-
2939 EVP_CIPHER_CTX *out = ptr;-
2940 EVP_AES_GCM_CTX *gctx_out = EVP_C_DATA(EVP_AES_GCM_CTX,out);-
2941 if (gctx->gcm.key) {
gctx->gcm.keyDescription
TRUEnever evaluated
FALSEnever evaluated
0
2942 if (gctx->gcm.key != &gctx->ks)
gctx->gcm.key != &gctx->ksDescription
TRUEnever evaluated
FALSEnever evaluated
0
2943 return 0;
never executed: return 0;
0
2944 gctx_out->gcm.key = &gctx_out->ks;-
2945 }
never executed: end of block
0
2946 if (gctx->iv == c->iv)
gctx->iv == c->ivDescription
TRUEnever evaluated
FALSEnever evaluated
0
2947 gctx_out->iv = out->iv;
never executed: gctx_out->iv = out->iv;
0
2948 else {-
2949 if ((gctx_out->iv = OPENSSL_malloc(gctx->ivlen)) == NULL) {
(gctx_out->iv ...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2950 EVPerr(EVP_F_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE);-
2951 return 0;
never executed: return 0;
0
2952 }-
2953 memcpy(gctx_out->iv, gctx->iv, gctx->ivlen);-
2954 }
never executed: end of block
0
2955 return 1;
never executed: return 1;
0
2956 }-
2957-
2958 default:
never executed: default:
0
2959 return -1;
never executed: return -1;
0
2960-
2961 }-
2962}-
2963-
2964static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,-
2965 const unsigned char *iv, int enc)-
2966{-
2967 EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);-
2968 if (!iv && !key)
!ivDescription
TRUEevaluated 12950 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 25888 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
!keyDescription
TRUEevaluated 5838 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 7112 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
5838-25888
2969 return 1;
executed 5838 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
5838
2970 if (key) {
keyDescription
TRUEevaluated 7763 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 25237 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
7763-25237
2971 do {-
2972#ifdef HWAES_CAPABLE-
2973 if (HWAES_CAPABLE) {-
2974 HWAES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);-
2975 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,-
2976 (block128_f) HWAES_encrypt);-
2977# ifdef HWAES_ctr32_encrypt_blocks-
2978 gctx->ctr = (ctr128_f) HWAES_ctr32_encrypt_blocks;-
2979# else-
2980 gctx->ctr = NULL;-
2981# endif-
2982 break;-
2983 } else-
2984#endif-
2985#ifdef BSAES_CAPABLE-
2986 if (BSAES_CAPABLE) {
(OPENSSL_ia32c...&(1<<(41-32)))Description
TRUEevaluated 7763 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-7763
2987 AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);-
2988 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,-
2989 (block128_f) AES_encrypt);-
2990 gctx->ctr = (ctr128_f) bsaes_ctr32_encrypt_blocks;-
2991 break;
executed 7763 times by 1 test: break;
Executed by:
  • libcrypto.so.1.1
7763
2992 } else-
2993#endif-
2994#ifdef VPAES_CAPABLE-
2995 if (VPAES_CAPABLE) {
(OPENSSL_ia32c...&(1<<(41-32)))Description
TRUEnever evaluated
FALSEnever evaluated
0
2996 vpaes_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);-
2997 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,-
2998 (block128_f) vpaes_encrypt);-
2999 gctx->ctr = NULL;-
3000 break;
never executed: break;
0
3001 } else-
3002#endif-
3003 (void)0; /* terminate potentially open 'else' */
never executed: (void)0;
0
3004-
3005 AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);-
3006 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,-
3007 (block128_f) AES_encrypt);-
3008#ifdef AES_CTR_ASM-
3009 gctx->ctr = (ctr128_f) AES_ctr32_encrypt;-
3010#else-
3011 gctx->ctr = NULL;-
3012#endif-
3013 } while (0);-
3014-
3015 /*-
3016 * If we have an iv can set it directly, otherwise use saved IV.-
3017 */-
3018 if (iv == NULL && gctx->iv_set)
iv == ((void *)0)Description
TRUEevaluated 7112 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 651 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
gctx->iv_setDescription
TRUEnever evaluated
FALSEevaluated 7112 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-7112
3019 iv = gctx->iv;
never executed: iv = gctx->iv;
0
3020 if (iv) {
ivDescription
TRUEevaluated 651 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 7112 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
651-7112
3021 CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);-
3022 gctx->iv_set = 1;-
3023 }
executed 651 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
651
3024 gctx->key_set = 1;-
3025 } else {
executed 7763 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
7763
3026 /* If key set use IV, otherwise copy */-
3027 if (gctx->key_set)
gctx->key_setDescription
TRUEevaluated 25237 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-25237
3028 CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
executed 25237 times by 1 test: CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
Executed by:
  • libcrypto.so.1.1
25237
3029 else-
3030 memcpy(gctx->iv, iv, gctx->ivlen);
never executed: memcpy(gctx->iv, iv, gctx->ivlen);
0
3031 gctx->iv_set = 1;-
3032 gctx->iv_gen = 0;-
3033 }
executed 25237 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
25237
3034 return 1;
executed 33000 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
33000
3035}-
3036-
3037/*-
3038 * Handle TLS GCM packet format. This consists of the last portion of the IV-
3039 * followed by the payload and finally the tag. On encrypt generate IV,-
3040 * encrypt payload and write the tag. On verify retrieve IV, decrypt payload-
3041 * and verify tag.-
3042 */-
3043-
3044static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
3045 const unsigned char *in, size_t len)-
3046{-
3047 EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);-
3048 int rv = -1;-
3049 /* Encrypt/decrypt must be performed in place */-
3050 if (out != in
out != inDescription
TRUEnever evaluated
FALSEevaluated 5320 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-5320
3051 || len < (EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN))
len < (8 + 16)Description
TRUEnever evaluated
FALSEevaluated 5320 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-5320
3052 return -1;
never executed: return -1;
0
3053 -
3054 /*-
3055 * Check for too many keys as per FIPS 140-2 IG A.5 "Key/IV Pair Uniqueness-
3056 * Requirements from SP 800-38D". The requirements is for one party to the-
3057 * communication to fail after 2^64 - 1 keys. We do this on the encrypting-
3058 * side only.-
3059 */-
3060 if (ctx->encrypt && ++gctx->tls_enc_records == 0) {
ctx->encryptDescription
TRUEevaluated 2743 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 2577 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
++gctx->tls_enc_records == 0Description
TRUEnever evaluated
FALSEevaluated 2743 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-2743
3061 EVPerr(EVP_F_AES_GCM_TLS_CIPHER, EVP_R_TOO_MANY_RECORDS);-
3062 goto err;
never executed: goto err;
0
3063 }-
3064-
3065 /*-
3066 * Set IV from start of buffer or generate IV and write to start of-
3067 * buffer.-
3068 */-
3069 if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ? EVP_CTRL_GCM_IV_GEN
EVP_CIPHER_CTX..., 8, out) <= 0Description
TRUEnever evaluated
FALSEevaluated 5320 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-5320
3070 : EVP_CTRL_GCM_SET_IV_INV,
EVP_CIPHER_CTX..., 8, out) <= 0Description
TRUEnever evaluated
FALSEevaluated 5320 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-5320
3071 EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
EVP_CIPHER_CTX..., 8, out) <= 0Description
TRUEnever evaluated
FALSEevaluated 5320 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-5320
3072 goto err;
never executed: goto err;
0
3073 /* Use saved AAD */-
3074 if (CRYPTO_gcm128_aad(&gctx->gcm, ctx->buf, gctx->tls_aad_len))
CRYPTO_gcm128_...->tls_aad_len)Description
TRUEnever evaluated
FALSEevaluated 5320 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-5320
3075 goto err;
never executed: goto err;
0
3076 /* Fix buffer and length to point to payload */-
3077 in += EVP_GCM_TLS_EXPLICIT_IV_LEN;-
3078 out += EVP_GCM_TLS_EXPLICIT_IV_LEN;-
3079 len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;-
3080 if (ctx->encrypt) {
ctx->encryptDescription
TRUEevaluated 2743 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 2577 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
2577-2743
3081 /* Encrypt payload */-
3082 if (gctx->ctr) {
gctx->ctrDescription
TRUEevaluated 2743 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-2743
3083 size_t bulk = 0;-
3084#if defined(AES_GCM_ASM)-
3085 if (len >= 32 && AES_GCM_ASM(gctx)) {
len >= 32Description
TRUEevaluated 942 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 1801 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
gctx->ctr==aes...encrypt_blocksDescription
TRUEnever evaluated
FALSEevaluated 942 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
gctx->gcm.ghash==gcm_ghash_avxDescription
TRUEnever evaluated
FALSEnever evaluated
0-1801
3086 if (CRYPTO_gcm128_encrypt(&gctx->gcm, NULL, NULL, 0))
CRYPTO_gcm128_...void *)0) , 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
3087 return -1;
never executed: return -1;
0
3088-
3089 bulk = AES_gcm_encrypt(in, out, len,-
3090 gctx->gcm.key,-
3091 gctx->gcm.Yi.c, gctx->gcm.Xi.u);-
3092 gctx->gcm.len.u[1] += bulk;-
3093 }
never executed: end of block
0
3094#endif-
3095 if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm,
CRYPTO_gcm128_...lk, gctx->ctr)Description
TRUEnever evaluated
FALSEevaluated 2743 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-2743
3096 in + bulk,
CRYPTO_gcm128_...lk, gctx->ctr)Description
TRUEnever evaluated
FALSEevaluated 2743 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-2743
3097 out + bulk,
CRYPTO_gcm128_...lk, gctx->ctr)Description
TRUEnever evaluated
FALSEevaluated 2743 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-2743
3098 len - bulk, gctx->ctr))
CRYPTO_gcm128_...lk, gctx->ctr)Description
TRUEnever evaluated
FALSEevaluated 2743 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-2743
3099 goto err;
never executed: goto err;
0
3100 } else {
executed 2743 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
2743
3101 size_t bulk = 0;-
3102#if defined(AES_GCM_ASM2)-
3103 if (len >= 32 && AES_GCM_ASM2(gctx)) {-
3104 if (CRYPTO_gcm128_encrypt(&gctx->gcm, NULL, NULL, 0))-
3105 return -1;-
3106-
3107 bulk = AES_gcm_encrypt(in, out, len,-
3108 gctx->gcm.key,-
3109 gctx->gcm.Yi.c, gctx->gcm.Xi.u);-
3110 gctx->gcm.len.u[1] += bulk;-
3111 }-
3112#endif-
3113 if (CRYPTO_gcm128_encrypt(&gctx->gcm,
CRYPTO_gcm128_...k, len - bulk)Description
TRUEnever evaluated
FALSEnever evaluated
0
3114 in + bulk, out + bulk, len - bulk))
CRYPTO_gcm128_...k, len - bulk)Description
TRUEnever evaluated
FALSEnever evaluated
0
3115 goto err;
never executed: goto err;
0
3116 }
never executed: end of block
0
3117 out += len;-
3118 /* Finally write tag */-
3119 CRYPTO_gcm128_tag(&gctx->gcm, out, EVP_GCM_TLS_TAG_LEN);-
3120 rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;-
3121 } else {
executed 2743 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
2743
3122 /* Decrypt */-
3123 if (gctx->ctr) {
gctx->ctrDescription
TRUEevaluated 2577 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-2577
3124 size_t bulk = 0;-
3125#if defined(AES_GCM_ASM)-
3126 if (len >= 16 && AES_GCM_ASM(gctx)) {
len >= 16Description
TRUEevaluated 1830 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 747 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
gctx->ctr==aes...encrypt_blocksDescription
TRUEnever evaluated
FALSEevaluated 1830 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
gctx->gcm.ghash==gcm_ghash_avxDescription
TRUEnever evaluated
FALSEnever evaluated
0-1830
3127 if (CRYPTO_gcm128_decrypt(&gctx->gcm, NULL, NULL, 0))
CRYPTO_gcm128_...void *)0) , 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
3128 return -1;
never executed: return -1;
0
3129-
3130 bulk = AES_gcm_decrypt(in, out, len,-
3131 gctx->gcm.key,-
3132 gctx->gcm.Yi.c, gctx->gcm.Xi.u);-
3133 gctx->gcm.len.u[1] += bulk;-
3134 }
never executed: end of block
0
3135#endif-
3136 if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm,
CRYPTO_gcm128_...lk, gctx->ctr)Description
TRUEnever evaluated
FALSEevaluated 2577 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-2577
3137 in + bulk,
CRYPTO_gcm128_...lk, gctx->ctr)Description
TRUEnever evaluated
FALSEevaluated 2577 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-2577
3138 out + bulk,
CRYPTO_gcm128_...lk, gctx->ctr)Description
TRUEnever evaluated
FALSEevaluated 2577 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-2577
3139 len - bulk, gctx->ctr))
CRYPTO_gcm128_...lk, gctx->ctr)Description
TRUEnever evaluated
FALSEevaluated 2577 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-2577
3140 goto err;
never executed: goto err;
0
3141 } else {
executed 2577 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
2577
3142 size_t bulk = 0;-
3143#if defined(AES_GCM_ASM2)-
3144 if (len >= 16 && AES_GCM_ASM2(gctx)) {-
3145 if (CRYPTO_gcm128_decrypt(&gctx->gcm, NULL, NULL, 0))-
3146 return -1;-
3147-
3148 bulk = AES_gcm_decrypt(in, out, len,-
3149 gctx->gcm.key,-
3150 gctx->gcm.Yi.c, gctx->gcm.Xi.u);-
3151 gctx->gcm.len.u[1] += bulk;-
3152 }-
3153#endif-
3154 if (CRYPTO_gcm128_decrypt(&gctx->gcm,
CRYPTO_gcm128_...k, len - bulk)Description
TRUEnever evaluated
FALSEnever evaluated
0
3155 in + bulk, out + bulk, len - bulk))
CRYPTO_gcm128_...k, len - bulk)Description
TRUEnever evaluated
FALSEnever evaluated
0
3156 goto err;
never executed: goto err;
0
3157 }
never executed: end of block
0
3158 /* Retrieve tag */-
3159 CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, EVP_GCM_TLS_TAG_LEN);-
3160 /* If tag mismatch wipe buffer */-
3161 if (CRYPTO_memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) {
CRYPTO_memcmp(... in + len, 16)Description
TRUEevaluated 27 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 2550 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
27-2550
3162 OPENSSL_cleanse(out, len);-
3163 goto err;
executed 27 times by 1 test: goto err;
Executed by:
  • libcrypto.so.1.1
27
3164 }-
3165 rv = len;-
3166 }
executed 2550 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
2550
3167-
3168 err:
code before this statement executed 5293 times by 1 test: err:
Executed by:
  • libcrypto.so.1.1
5293
3169 gctx->iv_set = 0;-
3170 gctx->tls_aad_len = -1;-
3171 return rv;
executed 5320 times by 1 test: return rv;
Executed by:
  • libcrypto.so.1.1
5320
3172}-
3173-
3174static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
3175 const unsigned char *in, size_t len)-
3176{-
3177 EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);-
3178 /* If not set up, return error */-
3179 if (!gctx->key_set)
!gctx->key_setDescription
TRUEnever evaluated
FALSEevaluated 83560 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-83560
3180 return -1;
never executed: return -1;
0
3181-
3182 if (gctx->tls_aad_len >= 0)
gctx->tls_aad_len >= 0Description
TRUEevaluated 5320 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 78240 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
5320-78240
3183 return aes_gcm_tls_cipher(ctx, out, in, len);
executed 5320 times by 1 test: return aes_gcm_tls_cipher(ctx, out, in, len);
Executed by:
  • libcrypto.so.1.1
5320
3184-
3185 if (!gctx->iv_set)
!gctx->iv_setDescription
TRUEnever evaluated
FALSEevaluated 78240 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-78240
3186 return -1;
never executed: return -1;
0
3187 if (in) {
inDescription
TRUEevaluated 52352 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 25888 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
25888-52352
3188 if (out == NULL) {
out == ((void *)0)Description
TRUEevaluated 25960 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 26392 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
25960-26392
3189 if (CRYPTO_gcm128_aad(&gctx->gcm, in, len))
CRYPTO_gcm128_...>gcm, in, len)Description
TRUEnever evaluated
FALSEevaluated 25960 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-25960
3190 return -1;
never executed: return -1;
0
3191 } else if (ctx->encrypt) {
executed 25960 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
ctx->encryptDescription
TRUEevaluated 12488 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 13904 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
12488-25960
3192 if (gctx->ctr) {
gctx->ctrDescription
TRUEevaluated 12488 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-12488
3193 size_t bulk = 0;-
3194#if defined(AES_GCM_ASM)-
3195 if (len >= 32 && AES_GCM_ASM(gctx)) {
len >= 32Description
TRUEevaluated 10213 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 2275 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
gctx->ctr==aes...encrypt_blocksDescription
TRUEnever evaluated
FALSEevaluated 10213 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
gctx->gcm.ghash==gcm_ghash_avxDescription
TRUEnever evaluated
FALSEnever evaluated
0-10213
3196 size_t res = (16 - gctx->gcm.mres) % 16;-
3197-
3198 if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, res))
CRYPTO_gcm128_... in, out, res)Description
TRUEnever evaluated
FALSEnever evaluated
0
3199 return -1;
never executed: return -1;
0
3200-
3201 bulk = AES_gcm_encrypt(in + res,-
3202 out + res, len - res,-
3203 gctx->gcm.key, gctx->gcm.Yi.c,-
3204 gctx->gcm.Xi.u);-
3205 gctx->gcm.len.u[1] += bulk;-
3206 bulk += res;-
3207 }
never executed: end of block
0
3208#endif-
3209 if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm,
CRYPTO_gcm128_...lk, gctx->ctr)Description
TRUEnever evaluated
FALSEevaluated 12488 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-12488
3210 in + bulk,
CRYPTO_gcm128_...lk, gctx->ctr)Description
TRUEnever evaluated
FALSEevaluated 12488 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-12488
3211 out + bulk,
CRYPTO_gcm128_...lk, gctx->ctr)Description
TRUEnever evaluated
FALSEevaluated 12488 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-12488
3212 len - bulk, gctx->ctr))
CRYPTO_gcm128_...lk, gctx->ctr)Description
TRUEnever evaluated
FALSEevaluated 12488 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-12488
3213 return -1;
never executed: return -1;
0
3214 } else {
executed 12488 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
12488
3215 size_t bulk = 0;-
3216#if defined(AES_GCM_ASM2)-
3217 if (len >= 32 && AES_GCM_ASM2(gctx)) {-
3218 size_t res = (16 - gctx->gcm.mres) % 16;-
3219-
3220 if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, res))-
3221 return -1;-
3222-
3223 bulk = AES_gcm_encrypt(in + res,-
3224 out + res, len - res,-
3225 gctx->gcm.key, gctx->gcm.Yi.c,-
3226 gctx->gcm.Xi.u);-
3227 gctx->gcm.len.u[1] += bulk;-
3228 bulk += res;-
3229 }-
3230#endif-
3231 if (CRYPTO_gcm128_encrypt(&gctx->gcm,
CRYPTO_gcm128_...k, len - bulk)Description
TRUEnever evaluated
FALSEnever evaluated
0
3232 in + bulk, out + bulk, len - bulk))
CRYPTO_gcm128_...k, len - bulk)Description
TRUEnever evaluated
FALSEnever evaluated
0
3233 return -1;
never executed: return -1;
0
3234 }
never executed: end of block
0
3235 } else {-
3236 if (gctx->ctr) {
gctx->ctrDescription
TRUEevaluated 13904 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-13904
3237 size_t bulk = 0;-
3238#if defined(AES_GCM_ASM)-
3239 if (len >= 16 && AES_GCM_ASM(gctx)) {
len >= 16Description
TRUEevaluated 9775 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 4129 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
gctx->ctr==aes...encrypt_blocksDescription
TRUEnever evaluated
FALSEevaluated 9775 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
gctx->gcm.ghash==gcm_ghash_avxDescription
TRUEnever evaluated
FALSEnever evaluated
0-9775
3240 size_t res = (16 - gctx->gcm.mres) % 16;-
3241-
3242 if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, res))
CRYPTO_gcm128_... in, out, res)Description
TRUEnever evaluated
FALSEnever evaluated
0
3243 return -1;
never executed: return -1;
0
3244-
3245 bulk = AES_gcm_decrypt(in + res,-
3246 out + res, len - res,-
3247 gctx->gcm.key,-
3248 gctx->gcm.Yi.c, gctx->gcm.Xi.u);-
3249 gctx->gcm.len.u[1] += bulk;-
3250 bulk += res;-
3251 }
never executed: end of block
0
3252#endif-
3253 if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm,
CRYPTO_gcm128_...lk, gctx->ctr)Description
TRUEnever evaluated
FALSEevaluated 13904 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-13904
3254 in + bulk,
CRYPTO_gcm128_...lk, gctx->ctr)Description
TRUEnever evaluated
FALSEevaluated 13904 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-13904
3255 out + bulk,
CRYPTO_gcm128_...lk, gctx->ctr)Description
TRUEnever evaluated
FALSEevaluated 13904 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-13904
3256 len - bulk, gctx->ctr))
CRYPTO_gcm128_...lk, gctx->ctr)Description
TRUEnever evaluated
FALSEevaluated 13904 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-13904
3257 return -1;
never executed: return -1;
0
3258 } else {
executed 13904 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
13904
3259 size_t bulk = 0;-
3260#if defined(AES_GCM_ASM2)-
3261 if (len >= 16 && AES_GCM_ASM2(gctx)) {-
3262 size_t res = (16 - gctx->gcm.mres) % 16;-
3263-
3264 if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, res))-
3265 return -1;-
3266-
3267 bulk = AES_gcm_decrypt(in + res,-
3268 out + res, len - res,-
3269 gctx->gcm.key,-
3270 gctx->gcm.Yi.c, gctx->gcm.Xi.u);-
3271 gctx->gcm.len.u[1] += bulk;-
3272 bulk += res;-
3273 }-
3274#endif-
3275 if (CRYPTO_gcm128_decrypt(&gctx->gcm,
CRYPTO_gcm128_...k, len - bulk)Description
TRUEnever evaluated
FALSEnever evaluated
0
3276 in + bulk, out + bulk, len - bulk))
CRYPTO_gcm128_...k, len - bulk)Description
TRUEnever evaluated
FALSEnever evaluated
0
3277 return -1;
never executed: return -1;
0
3278 }
never executed: end of block
0
3279 }-
3280 return len;
executed 52352 times by 1 test: return len;
Executed by:
  • libcrypto.so.1.1
52352
3281 } else {-
3282 if (!ctx->encrypt) {
!ctx->encryptDescription
TRUEevaluated 13652 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 12236 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
12236-13652
3283 if (gctx->taglen < 0)
gctx->taglen < 0Description
TRUEnever evaluated
FALSEevaluated 13652 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-13652
3284 return -1;
never executed: return -1;
0
3285 if (CRYPTO_gcm128_finish(&gctx->gcm, ctx->buf, gctx->taglen) != 0)
CRYPTO_gcm128_...->taglen) != 0Description
TRUEevaluated 2965 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 10687 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
2965-10687
3286 return -1;
executed 2965 times by 1 test: return -1;
Executed by:
  • libcrypto.so.1.1
2965
3287 gctx->iv_set = 0;-
3288 return 0;
executed 10687 times by 1 test: return 0;
Executed by:
  • libcrypto.so.1.1
10687
3289 }-
3290 CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, 16);-
3291 gctx->taglen = 16;-
3292 /* Don't reuse the IV */-
3293 gctx->iv_set = 0;-
3294 return 0;
executed 12236 times by 1 test: return 0;
Executed by:
  • libcrypto.so.1.1
12236
3295 }-
3296-
3297}-
3298-
3299#define CUSTOM_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \-
3300 | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \-
3301 | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \-
3302 | EVP_CIPH_CUSTOM_COPY)-
3303-
3304BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM,
executed 10282 times by 1 test: return (OPENSSL_ia32cap_P[1]&(1<<(57-32)))?&aesni_128_gcm:&aes_128_gcm;
Executed by:
  • libcrypto.so.1.1
(OPENSSL_ia32c...&(1<<(57-32)))Description
TRUEnever evaluated
FALSEevaluated 10282 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-10282
3305 EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)-
3306 BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, gcm, GCM,
executed 1962 times by 1 test: return (OPENSSL_ia32cap_P[1]&(1<<(57-32)))?&aesni_192_gcm:&aes_192_gcm;
Executed by:
  • libcrypto.so.1.1
(OPENSSL_ia32c...&(1<<(57-32)))Description
TRUEnever evaluated
FALSEevaluated 1962 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1962
3307 EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)-
3308 BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, gcm, GCM,
executed 3920 times by 1 test: return (OPENSSL_ia32cap_P[1]&(1<<(57-32)))?&aesni_256_gcm:&aes_256_gcm;
Executed by:
  • libcrypto.so.1.1
(OPENSSL_ia32c...&(1<<(57-32)))Description
TRUEnever evaluated
FALSEevaluated 3920 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-3920
3309 EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)-
3310-
3311static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)-
3312{-
3313 EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,c);-
3314 if (type == EVP_CTRL_COPY) {
type == 0x8Description
TRUEnever evaluated
FALSEevaluated 385 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-385
3315 EVP_CIPHER_CTX *out = ptr;-
3316 EVP_AES_XTS_CTX *xctx_out = EVP_C_DATA(EVP_AES_XTS_CTX,out);-
3317 if (xctx->xts.key1) {
xctx->xts.key1Description
TRUEnever evaluated
FALSEnever evaluated
0
3318 if (xctx->xts.key1 != &xctx->ks1)
xctx->xts.key1 != &xctx->ks1Description
TRUEnever evaluated
FALSEnever evaluated
0
3319 return 0;
never executed: return 0;
0
3320 xctx_out->xts.key1 = &xctx_out->ks1;-
3321 }
never executed: end of block
0
3322 if (xctx->xts.key2) {
xctx->xts.key2Description
TRUEnever evaluated
FALSEnever evaluated
0
3323 if (xctx->xts.key2 != &xctx->ks2)
xctx->xts.key2 != &xctx->ks2Description
TRUEnever evaluated
FALSEnever evaluated
0
3324 return 0;
never executed: return 0;
0
3325 xctx_out->xts.key2 = &xctx_out->ks2;-
3326 }
never executed: end of block
0
3327 return 1;
never executed: return 1;
0
3328 } else if (type != EVP_CTRL_INIT)
type != 0x0Description
TRUEnever evaluated
FALSEevaluated 385 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-385
3329 return -1;
never executed: return -1;
0
3330 /* key1 and key2 are used as an indicator both key and IV are set */-
3331 xctx->xts.key1 = NULL;-
3332 xctx->xts.key2 = NULL;-
3333 return 1;
executed 385 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
385
3334}-
3335-
3336static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,-
3337 const unsigned char *iv, int enc)-
3338{-
3339 EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx);-
3340 if (!iv && !key)
!ivDescription
TRUEevaluated 385 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 385 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
!keyDescription
TRUEevaluated 385 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-385
3341 return 1;
executed 385 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
385
3342-
3343 if (key)
keyDescription
TRUEevaluated 385 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-385
3344 do {-
3345#ifdef AES_XTS_ASM-
3346 xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt;-
3347#else-
3348 xctx->stream = NULL;-
3349#endif-
3350 /* key_len is two AES keys */-
3351#ifdef HWAES_CAPABLE-
3352 if (HWAES_CAPABLE) {-
3353 if (enc) {-
3354 HWAES_set_encrypt_key(key,-
3355 EVP_CIPHER_CTX_key_length(ctx) * 4,-
3356 &xctx->ks1.ks);-
3357 xctx->xts.block1 = (block128_f) HWAES_encrypt;-
3358# ifdef HWAES_xts_encrypt-
3359 xctx->stream = HWAES_xts_encrypt;-
3360# endif-
3361 } else {-
3362 HWAES_set_decrypt_key(key,-
3363 EVP_CIPHER_CTX_key_length(ctx) * 4,-
3364 &xctx->ks1.ks);-
3365 xctx->xts.block1 = (block128_f) HWAES_decrypt;-
3366# ifdef HWAES_xts_decrypt-
3367 xctx->stream = HWAES_xts_decrypt;-
3368#endif-
3369 }-
3370-
3371 HWAES_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2,-
3372 EVP_CIPHER_CTX_key_length(ctx) * 4,-
3373 &xctx->ks2.ks);-
3374 xctx->xts.block2 = (block128_f) HWAES_encrypt;-
3375-
3376 xctx->xts.key1 = &xctx->ks1;-
3377 break;-
3378 } else-
3379#endif-
3380#ifdef BSAES_CAPABLE-
3381 if (BSAES_CAPABLE)
(OPENSSL_ia32c...&(1<<(41-32)))Description
TRUEevaluated 385 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-385
3382 xctx->stream = enc ? bsaes_xts_encrypt : bsaes_xts_decrypt;
executed 385 times by 1 test: xctx->stream = enc ? bsaes_xts_encrypt : bsaes_xts_decrypt;
Executed by:
  • libcrypto.so.1.1
encDescription
TRUEevaluated 193 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 192 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
192-385
3383 else-
3384#endif-
3385#ifdef VPAES_CAPABLE-
3386 if (VPAES_CAPABLE) {
(OPENSSL_ia32c...&(1<<(41-32)))Description
TRUEnever evaluated
FALSEnever evaluated
0
3387 if (enc) {
encDescription
TRUEnever evaluated
FALSEnever evaluated
0
3388 vpaes_set_encrypt_key(key,-
3389 EVP_CIPHER_CTX_key_length(ctx) * 4,-
3390 &xctx->ks1.ks);-
3391 xctx->xts.block1 = (block128_f) vpaes_encrypt;-
3392 } else {
never executed: end of block
0
3393 vpaes_set_decrypt_key(key,-
3394 EVP_CIPHER_CTX_key_length(ctx) * 4,-
3395 &xctx->ks1.ks);-
3396 xctx->xts.block1 = (block128_f) vpaes_decrypt;-
3397 }
never executed: end of block
0
3398-
3399 vpaes_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2,-
3400 EVP_CIPHER_CTX_key_length(ctx) * 4,-
3401 &xctx->ks2.ks);-
3402 xctx->xts.block2 = (block128_f) vpaes_encrypt;-
3403-
3404 xctx->xts.key1 = &xctx->ks1;-
3405 break;
never executed: break;
0
3406 } else-
3407#endif-
3408 (void)0; /* terminate potentially open 'else' */
never executed: (void)0;
0
3409-
3410 if (enc) {
encDescription
TRUEevaluated 193 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 192 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
192-193
3411 AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4,-
3412 &xctx->ks1.ks);-
3413 xctx->xts.block1 = (block128_f) AES_encrypt;-
3414 } else {
executed 193 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
193
3415 AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4,-
3416 &xctx->ks1.ks);-
3417 xctx->xts.block1 = (block128_f) AES_decrypt;-
3418 }
executed 192 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
192
3419-
3420 AES_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2,-
3421 EVP_CIPHER_CTX_key_length(ctx) * 4,-
3422 &xctx->ks2.ks);-
3423 xctx->xts.block2 = (block128_f) AES_encrypt;-
3424-
3425 xctx->xts.key1 = &xctx->ks1;-
3426 } while (0);
executed 385 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
385
3427-
3428 if (iv) {
ivDescription
TRUEevaluated 385 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-385
3429 xctx->xts.key2 = &xctx->ks2;-
3430 memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 16);-
3431 }
executed 385 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
385
3432-
3433 return 1;
executed 385 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
385
3434}-
3435-
3436static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
3437 const unsigned char *in, size_t len)-
3438{-
3439 EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx);-
3440-
3441 if (xctx->xts.key1 == NULL
xctx->xts.key1 == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 385 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-385
3442 || xctx->xts.key2 == NULL
xctx->xts.key2 == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 385 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-385
3443 || out == NULL
out == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 385 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-385
3444 || in == NULL
in == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 385 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-385
3445 || len < AES_BLOCK_SIZE)
len < 16Description
TRUEnever evaluated
FALSEevaluated 385 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-385
3446 return 0;
never executed: return 0;
0
3447-
3448 /*-
3449 * Verify that the two keys are different.-
3450 *-
3451 * This addresses the vulnerability described in Rogaway's September 2004-
3452 * paper (http://web.cs.ucdavis.edu/~rogaway/papers/offsets.pdf):-
3453 * "Efficient Instantiations of Tweakable Blockciphers and Refinements-
3454 * to Modes OCB and PMAC".-
3455 *-
3456 * FIPS 140-2 IG A.9 XTS-AES Key Generation Requirements states that:-
3457 * "The check for Key_1 != Key_2 shall be done at any place BEFORE-
3458 * using the keys in the XTS-AES algorithm to process data with them."-
3459 */-
3460 if (CRYPTO_memcmp(xctx->xts.key1, xctx->xts.key2,
CRYPTO_memcmp(...ctx) / 2) == 0Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 384 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
1-384
3461 EVP_CIPHER_CTX_key_length(ctx) / 2) == 0)
CRYPTO_memcmp(...ctx) / 2) == 0Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 384 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
1-384
3462 return 0;
executed 1 time by 1 test: return 0;
Executed by:
  • libcrypto.so.1.1
1
3463-
3464 if (xctx->stream)
xctx->streamDescription
TRUEevaluated 384 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-384
3465 (*xctx->stream) (in, out, len,
executed 384 times by 1 test: (*xctx->stream) (in, out, len, xctx->xts.key1, xctx->xts.key2, EVP_CIPHER_CTX_iv_noconst(ctx));
Executed by:
  • libcrypto.so.1.1
384
3466 xctx->xts.key1, xctx->xts.key2,
executed 384 times by 1 test: (*xctx->stream) (in, out, len, xctx->xts.key1, xctx->xts.key2, EVP_CIPHER_CTX_iv_noconst(ctx));
Executed by:
  • libcrypto.so.1.1
384
3467 EVP_CIPHER_CTX_iv_noconst(ctx));
executed 384 times by 1 test: (*xctx->stream) (in, out, len, xctx->xts.key1, xctx->xts.key2, EVP_CIPHER_CTX_iv_noconst(ctx));
Executed by:
  • libcrypto.so.1.1
384
3468 else if (CRYPTO_xts128_encrypt(&xctx->xts, EVP_CIPHER_CTX_iv_noconst(ctx),
CRYPTO_xts128_...crypting(ctx))Description
TRUEnever evaluated
FALSEnever evaluated
0
3469 in, out, len,
CRYPTO_xts128_...crypting(ctx))Description
TRUEnever evaluated
FALSEnever evaluated
0
3470 EVP_CIPHER_CTX_encrypting(ctx)))
CRYPTO_xts128_...crypting(ctx))Description
TRUEnever evaluated
FALSEnever evaluated
0
3471 return 0;
never executed: return 0;
0
3472 return 1;
executed 384 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
384
3473}-
3474-
3475#define aes_xts_cleanup NULL-
3476-
3477#define XTS_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV \-
3478 | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \-
3479 | EVP_CIPH_CUSTOM_COPY)-
3480-
3481BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS, XTS_FLAGS)
executed 1962 times by 1 test: return (OPENSSL_ia32cap_P[1]&(1<<(57-32)))?&aesni_128_xts:&aes_128_xts;
Executed by:
  • libcrypto.so.1.1
(OPENSSL_ia32c...&(1<<(57-32)))Description
TRUEnever evaluated
FALSEevaluated 1962 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1962
3482 BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, XTS_FLAGS)
executed 1962 times by 1 test: return (OPENSSL_ia32cap_P[1]&(1<<(57-32)))?&aesni_256_xts:&aes_256_xts;
Executed by:
  • libcrypto.so.1.1
(OPENSSL_ia32c...&(1<<(57-32)))Description
TRUEnever evaluated
FALSEevaluated 1962 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1962
3483-
3484static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)-
3485{-
3486 EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,c);-
3487 switch (type) {-
3488 case EVP_CTRL_INIT:
executed 163 times by 1 test: case 0x0:
Executed by:
  • libcrypto.so.1.1
163
3489 cctx->key_set = 0;-
3490 cctx->iv_set = 0;-
3491 cctx->L = 8;-
3492 cctx->M = 12;-
3493 cctx->tag_set = 0;-
3494 cctx->len_set = 0;-
3495 cctx->tls_aad_len = -1;-
3496 return 1;
executed 163 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
163
3497-
3498 case EVP_CTRL_AEAD_TLS1_AAD:
executed 346 times by 1 test: case 0x16:
Executed by:
  • libcrypto.so.1.1
346
3499 /* Save the AAD for later use */-
3500 if (arg != EVP_AEAD_TLS1_AAD_LEN)
arg != 13Description
TRUEnever evaluated
FALSEevaluated 346 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-346
3501 return 0;
never executed: return 0;
0
3502 memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);-
3503 cctx->tls_aad_len = arg;-
3504 {-
3505 uint16_t len =-
3506 EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8-
3507 | EVP_CIPHER_CTX_buf_noconst(c)[arg - 1];-
3508 /* Correct length for explicit IV */-
3509 if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN)
len < 8Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 344 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
2-344
3510 return 0;
executed 2 times by 1 test: return 0;
Executed by:
  • libcrypto.so.1.1
2
3511 len -= EVP_CCM_TLS_EXPLICIT_IV_LEN;-
3512 /* If decrypting correct for tag too */-
3513 if (!EVP_CIPHER_CTX_encrypting(c)) {
!EVP_CIPHER_CTX_encrypting(c)Description
TRUEevaluated 97 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 247 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
97-247
3514 if (len < cctx->M)
len < cctx->MDescription
TRUEevaluated 2 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 95 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
2-95
3515 return 0;
executed 2 times by 1 test: return 0;
Executed by:
  • libcrypto.so.1.1
2
3516 len -= cctx->M;-
3517 }
executed 95 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
95
3518 EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] = len >> 8;-
3519 EVP_CIPHER_CTX_buf_noconst(c)[arg - 1] = len & 0xff;-
3520 }-
3521 /* Extra padding: tag appended to record */-
3522 return cctx->M;
executed 342 times by 1 test: return cctx->M;
Executed by:
  • libcrypto.so.1.1
342
3523-
3524 case EVP_CTRL_CCM_SET_IV_FIXED:
executed 126 times by 1 test: case 0x12:
Executed by:
  • libcrypto.so.1.1
126
3525 /* Sanity check length */-
3526 if (arg != EVP_CCM_TLS_FIXED_IV_LEN)
arg != 4Description
TRUEnever evaluated
FALSEevaluated 126 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-126
3527 return 0;
never executed: return 0;
0
3528 /* Just copy to first part of IV */-
3529 memcpy(EVP_CIPHER_CTX_iv_noconst(c), ptr, arg);-
3530 return 1;
executed 126 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
126
3531-
3532 case EVP_CTRL_AEAD_SET_IVLEN:
executed 163 times by 1 test: case 0x9:
Executed by:
  • libcrypto.so.1.1
163
3533 arg = 15 - arg;-
3534 /* fall thru */-
3535 case EVP_CTRL_CCM_SET_L:
code before this statement executed 163 times by 1 test: case 0x14:
Executed by:
  • libcrypto.so.1.1
never executed: case 0x14:
0-163
3536 if (arg < 2 || arg > 8)
arg < 2Description
TRUEnever evaluated
FALSEevaluated 163 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
arg > 8Description
TRUEnever evaluated
FALSEevaluated 163 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-163
3537 return 0;
never executed: return 0;
0
3538 cctx->L = arg;-
3539 return 1;
executed 163 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
163
3540-
3541 case EVP_CTRL_AEAD_SET_TAG:
executed 205 times by 1 test: case 0x11:
Executed by:
  • libcrypto.so.1.1
205
3542 if ((arg & 1) || arg < 4 || arg > 16)
(arg & 1)Description
TRUEnever evaluated
FALSEevaluated 205 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
arg < 4Description
TRUEnever evaluated
FALSEevaluated 205 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
arg > 16Description
TRUEnever evaluated
FALSEevaluated 205 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-205
3543 return 0;
never executed: return 0;
0
3544 if (EVP_CIPHER_CTX_encrypting(c) && ptr)
EVP_CIPHER_CTX_encrypting(c)Description
TRUEevaluated 94 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 111 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
ptrDescription
TRUEnever evaluated
FALSEevaluated 94 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-111
3545 return 0;
never executed: return 0;
0
3546 if (ptr) {
ptrDescription
TRUEevaluated 28 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 177 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
28-177
3547 cctx->tag_set = 1;-
3548 memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);-
3549 }
executed 28 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
28
3550 cctx->M = arg;-
3551 return 1;
executed 205 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
205
3552-
3553 case EVP_CTRL_AEAD_GET_TAG:
executed 27 times by 1 test: case 0x10:
Executed by:
  • libcrypto.so.1.1
27
3554 if (!EVP_CIPHER_CTX_encrypting(c) || !cctx->tag_set)
!EVP_CIPHER_CTX_encrypting(c)Description
TRUEnever evaluated
FALSEevaluated 27 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
!cctx->tag_setDescription
TRUEnever evaluated
FALSEevaluated 27 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-27
3555 return 0;
never executed: return 0;
0
3556 if (!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg))
!CRYPTO_ccm128..., (size_t)arg)Description
TRUEnever evaluated
FALSEevaluated 27 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-27
3557 return 0;
never executed: return 0;
0
3558 cctx->tag_set = 0;-
3559 cctx->iv_set = 0;-
3560 cctx->len_set = 0;-
3561 return 1;
executed 27 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
27
3562-
3563 case EVP_CTRL_COPY:
never executed: case 0x8:
0
3564 {-
3565 EVP_CIPHER_CTX *out = ptr;-
3566 EVP_AES_CCM_CTX *cctx_out = EVP_C_DATA(EVP_AES_CCM_CTX,out);-
3567 if (cctx->ccm.key) {
cctx->ccm.keyDescription
TRUEnever evaluated
FALSEnever evaluated
0
3568 if (cctx->ccm.key != &cctx->ks)
cctx->ccm.key != &cctx->ksDescription
TRUEnever evaluated
FALSEnever evaluated
0
3569 return 0;
never executed: return 0;
0
3570 cctx_out->ccm.key = &cctx_out->ks;-
3571 }
never executed: end of block
0
3572 return 1;
never executed: return 1;
0
3573 }-
3574-
3575 default:
never executed: default:
0
3576 return -1;
never executed: return -1;
0
3577-
3578 }-
3579}-
3580-
3581static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,-
3582 const unsigned char *iv, int enc)-
3583{-
3584 EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx);-
3585 if (!iv && !key)
!ivDescription
TRUEevaluated 313 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 55 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
!keyDescription
TRUEevaluated 163 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 150 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
55-313
3586 return 1;
executed 163 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
163
3587 if (key)
keyDescription
TRUEevaluated 163 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 42 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
42-163
3588 do {-
3589#ifdef HWAES_CAPABLE-
3590 if (HWAES_CAPABLE) {-
3591 HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,-
3592 &cctx->ks.ks);-
3593-
3594 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,-
3595 &cctx->ks, (block128_f) HWAES_encrypt);-
3596 cctx->str = NULL;-
3597 cctx->key_set = 1;-
3598 break;-
3599 } else-
3600#endif-
3601#ifdef VPAES_CAPABLE-
3602 if (VPAES_CAPABLE) {
(OPENSSL_ia32c...&(1<<(41-32)))Description
TRUEevaluated 163 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-163
3603 vpaes_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,-
3604 &cctx->ks.ks);-
3605 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,-
3606 &cctx->ks, (block128_f) vpaes_encrypt);-
3607 cctx->str = NULL;-
3608 cctx->key_set = 1;-
3609 break;
executed 163 times by 1 test: break;
Executed by:
  • libcrypto.so.1.1
163
3610 }-
3611#endif-
3612 AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,-
3613 &cctx->ks.ks);-
3614 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,-
3615 &cctx->ks, (block128_f) AES_encrypt);-
3616 cctx->str = NULL;-
3617 cctx->key_set = 1;-
3618 } while (0);
never executed: end of block
0
3619 if (iv) {
ivDescription
TRUEevaluated 55 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 150 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
55-150
3620 memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L);-
3621 cctx->iv_set = 1;-
3622 }
executed 55 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
55
3623 return 1;
executed 205 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
205
3624}-
3625-
3626static int aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
3627 const unsigned char *in, size_t len)-
3628{-
3629 EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx);-
3630 CCM128_CONTEXT *ccm = &cctx->ccm;-
3631 /* Encrypt/decrypt must be performed in place */-
3632 if (out != in || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->M))
out != inDescription
TRUEnever evaluated
FALSEevaluated 342 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
len < (8 + (size_t)cctx->M)Description
TRUEnever evaluated
FALSEevaluated 342 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-342
3633 return -1;
never executed: return -1;
0
3634 /* If encrypting set explicit IV from sequence number (start of AAD) */-
3635 if (EVP_CIPHER_CTX_encrypting(ctx))
EVP_CIPHER_CTX_encrypting(ctx)Description
TRUEevaluated 247 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 95 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
95-247
3636 memcpy(out, EVP_CIPHER_CTX_buf_noconst(ctx),
executed 247 times by 1 test: memcpy(out, EVP_CIPHER_CTX_buf_noconst(ctx), 8);
Executed by:
  • libcrypto.so.1.1
247
3637 EVP_CCM_TLS_EXPLICIT_IV_LEN);
executed 247 times by 1 test: memcpy(out, EVP_CIPHER_CTX_buf_noconst(ctx), 8);
Executed by:
  • libcrypto.so.1.1
247
3638 /* Get rest of IV from explicit IV */-
3639 memcpy(EVP_CIPHER_CTX_iv_noconst(ctx) + EVP_CCM_TLS_FIXED_IV_LEN, in,-
3640 EVP_CCM_TLS_EXPLICIT_IV_LEN);-
3641 /* Correct length value */-
3642 len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M;-
3643 if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), 15 - cctx->L,
CRYPTO_ccm128_... cctx->L, len)Description
TRUEnever evaluated
FALSEevaluated 342 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-342
3644 len))
CRYPTO_ccm128_... cctx->L, len)Description
TRUEnever evaluated
FALSEevaluated 342 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-342
3645 return -1;
never executed: return -1;
0
3646 /* Use saved AAD */-
3647 CRYPTO_ccm128_aad(ccm, EVP_CIPHER_CTX_buf_noconst(ctx), cctx->tls_aad_len);-
3648 /* Fix buffer to point to payload */-
3649 in += EVP_CCM_TLS_EXPLICIT_IV_LEN;-
3650 out += EVP_CCM_TLS_EXPLICIT_IV_LEN;-
3651 if (EVP_CIPHER_CTX_encrypting(ctx)) {
EVP_CIPHER_CTX_encrypting(ctx)Description
TRUEevaluated 247 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 95 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
95-247
3652 if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len,
cctx->str ? CR... in, out, len)Description
TRUEnever evaluated
FALSEevaluated 247 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
cctx->strDescription
TRUEnever evaluated
FALSEevaluated 247 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-247
3653 cctx->str) :
cctx->str ? CR... in, out, len)Description
TRUEnever evaluated
FALSEevaluated 247 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-247
3654 CRYPTO_ccm128_encrypt(ccm, in, out, len))
cctx->str ? CR... in, out, len)Description
TRUEnever evaluated
FALSEevaluated 247 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-247
3655 return -1;
never executed: return -1;
0
3656 if (!CRYPTO_ccm128_tag(ccm, out + len, cctx->M))
!CRYPTO_ccm128... len, cctx->M)Description
TRUEnever evaluated
FALSEevaluated 247 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-247
3657 return -1;
never executed: return -1;
0
3658 return len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M;
executed 247 times by 1 test: return len + 8 + cctx->M;
Executed by:
  • libcrypto.so.1.1
247
3659 } else {-
3660 if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len,
cctx->str ? !C... in, out, len)Description
TRUEevaluated 95 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
cctx->strDescription
TRUEnever evaluated
FALSEevaluated 95 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-95
3661 cctx->str) :
cctx->str ? !C... in, out, len)Description
TRUEevaluated 95 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-95
3662 !CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
cctx->str ? !C... in, out, len)Description
TRUEevaluated 95 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-95
3663 unsigned char tag[16];-
3664 if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
CRYPTO_ccm128_... tag, cctx->M)Description
TRUEevaluated 95 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-95
3665 if (!CRYPTO_memcmp(tag, in + len, cctx->M))
!CRYPTO_memcmp... len, cctx->M)Description
TRUEevaluated 60 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 35 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
35-60
3666 return len;
executed 60 times by 1 test: return len;
Executed by:
  • libcrypto.so.1.1
60
3667 }
executed 35 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
35
3668 }
executed 35 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
35
3669 OPENSSL_cleanse(out, len);-
3670 return -1;
executed 35 times by 1 test: return -1;
Executed by:
  • libcrypto.so.1.1
35
3671 }-
3672}-
3673-
3674static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
3675 const unsigned char *in, size_t len)-
3676{-
3677 EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx);-
3678 CCM128_CONTEXT *ccm = &cctx->ccm;-
3679 /* If not set up, return error */-
3680 if (!cctx->key_set)
!cctx->key_setDescription
TRUEnever evaluated
FALSEevaluated 561 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-561
3681 return -1;
never executed: return -1;
0
3682-
3683 if (cctx->tls_aad_len >= 0)
cctx->tls_aad_len >= 0Description
TRUEevaluated 342 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 219 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
219-342
3684 return aes_ccm_tls_cipher(ctx, out, in, len);
executed 342 times by 1 test: return aes_ccm_tls_cipher(ctx, out, in, len);
Executed by:
  • libcrypto.so.1.1
342
3685-
3686 /* EVP_*Final() doesn't return any data */-
3687 if (in == NULL && out != NULL)
in == ((void *)0)Description
TRUEevaluated 109 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 110 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
out != ((void *)0)Description
TRUEevaluated 54 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 55 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
54-110
3688 return 0;
executed 54 times by 1 test: return 0;
Executed by:
  • libcrypto.so.1.1
54
3689-
3690 if (!cctx->iv_set)
!cctx->iv_setDescription
TRUEnever evaluated
FALSEevaluated 165 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-165
3691 return -1;
never executed: return -1;
0
3692-
3693 if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set)
!EVP_CIPHER_CT...ncrypting(ctx)Description
TRUEevaluated 84 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 81 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
!cctx->tag_setDescription
TRUEnever evaluated
FALSEevaluated 84 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-84
3694 return -1;
never executed: return -1;
0
3695 if (!out) {
!outDescription
TRUEevaluated 110 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 55 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
55-110
3696 if (!in) {
!inDescription
TRUEevaluated 55 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 55 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
55
3697 if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
CRYPTO_ccm128_... cctx->L, len)Description
TRUEnever evaluated
FALSEevaluated 55 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-55
3698 15 - cctx->L, len))
CRYPTO_ccm128_... cctx->L, len)Description
TRUEnever evaluated
FALSEevaluated 55 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-55
3699 return -1;
never executed: return -1;
0
3700 cctx->len_set = 1;-
3701 return len;
executed 55 times by 1 test: return len;
Executed by:
  • libcrypto.so.1.1
55
3702 }-
3703 /* If have AAD need message length */-
3704 if (!cctx->len_set && len)
!cctx->len_setDescription
TRUEnever evaluated
FALSEevaluated 55 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
lenDescription
TRUEnever evaluated
FALSEnever evaluated
0-55
3705 return -1;
never executed: return -1;
0
3706 CRYPTO_ccm128_aad(ccm, in, len);-
3707 return len;
executed 55 times by 1 test: return len;
Executed by:
  • libcrypto.so.1.1
55
3708 }-
3709 /* If not set length yet do it */-
3710 if (!cctx->len_set) {
!cctx->len_setDescription
TRUEnever evaluated
FALSEevaluated 55 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-55
3711 if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
CRYPTO_ccm128_... cctx->L, len)Description
TRUEnever evaluated
FALSEnever evaluated
0
3712 15 - cctx->L, len))
CRYPTO_ccm128_... cctx->L, len)Description
TRUEnever evaluated
FALSEnever evaluated
0
3713 return -1;
never executed: return -1;
0
3714 cctx->len_set = 1;-
3715 }
never executed: end of block
0
3716 if (EVP_CIPHER_CTX_encrypting(ctx)) {
EVP_CIPHER_CTX_encrypting(ctx)Description
TRUEevaluated 27 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 28 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
27-28
3717 if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len,
cctx->str ? CR... in, out, len)Description
TRUEnever evaluated
FALSEevaluated 27 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
cctx->strDescription
TRUEnever evaluated
FALSEevaluated 27 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-27
3718 cctx->str) :
cctx->str ? CR... in, out, len)Description
TRUEnever evaluated
FALSEevaluated 27 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-27
3719 CRYPTO_ccm128_encrypt(ccm, in, out, len))
cctx->str ? CR... in, out, len)Description
TRUEnever evaluated
FALSEevaluated 27 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-27
3720 return -1;
never executed: return -1;
0
3721 cctx->tag_set = 1;-
3722 return len;
executed 27 times by 1 test: return len;
Executed by:
  • libcrypto.so.1.1
27
3723 } else {-
3724 int rv = -1;-
3725 if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len,
cctx->str ? !C... in, out, len)Description
TRUEevaluated 28 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
cctx->strDescription
TRUEnever evaluated
FALSEevaluated 28 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-28
3726 cctx->str) :
cctx->str ? !C... in, out, len)Description
TRUEevaluated 28 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-28
3727 !CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
cctx->str ? !C... in, out, len)Description
TRUEevaluated 28 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-28
3728 unsigned char tag[16];-
3729 if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
CRYPTO_ccm128_... tag, cctx->M)Description
TRUEevaluated 28 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-28
3730 if (!CRYPTO_memcmp(tag, EVP_CIPHER_CTX_buf_noconst(ctx),
!CRYPTO_memcmp...ctx), cctx->M)Description
TRUEevaluated 27 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
1-27
3731 cctx->M))
!CRYPTO_memcmp...ctx), cctx->M)Description
TRUEevaluated 27 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
1-27
3732 rv = len;
executed 27 times by 1 test: rv = len;
Executed by:
  • libcrypto.so.1.1
27
3733 }
executed 28 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
28
3734 }
executed 28 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
28
3735 if (rv == -1)
rv == -1Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 27 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
1-27
3736 OPENSSL_cleanse(out, len);
executed 1 time by 1 test: OPENSSL_cleanse(out, len);
Executed by:
  • libcrypto.so.1.1
1
3737 cctx->iv_set = 0;-
3738 cctx->tag_set = 0;-
3739 cctx->len_set = 0;-
3740 return rv;
executed 28 times by 1 test: return rv;
Executed by:
  • libcrypto.so.1.1
28
3741 }-
3742}-
3743-
3744#define aes_ccm_cleanup NULL-
3745-
3746BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM,
executed 3920 times by 1 test: return (OPENSSL_ia32cap_P[1]&(1<<(57-32)))?&aesni_128_ccm:&aes_128_ccm;
Executed by:
  • libcrypto.so.1.1
(OPENSSL_ia32c...&(1<<(57-32)))Description
TRUEnever evaluated
FALSEevaluated 3920 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-3920
3747 EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)-
3748 BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM,
executed 1962 times by 1 test: return (OPENSSL_ia32cap_P[1]&(1<<(57-32)))?&aesni_192_ccm:&aes_192_ccm;
Executed by:
  • libcrypto.so.1.1
(OPENSSL_ia32c...&(1<<(57-32)))Description
TRUEnever evaluated
FALSEevaluated 1962 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1962
3749 EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)-
3750 BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM,
executed 3920 times by 1 test: return (OPENSSL_ia32cap_P[1]&(1<<(57-32)))?&aesni_256_ccm:&aes_256_ccm;
Executed by:
  • libcrypto.so.1.1
(OPENSSL_ia32c...&(1<<(57-32)))Description
TRUEnever evaluated
FALSEevaluated 3920 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-3920
3751 EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)-
3752-
3753typedef struct {-
3754 union {-
3755 double align;-
3756 AES_KEY ks;-
3757 } ks;-
3758 /* Indicates if IV has been set */-
3759 unsigned char *iv;-
3760} EVP_AES_WRAP_CTX;-
3761-
3762static int aes_wrap_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,-
3763 const unsigned char *iv, int enc)-
3764{-
3765 EVP_AES_WRAP_CTX *wctx = EVP_C_DATA(EVP_AES_WRAP_CTX,ctx);-
3766 if (!iv && !key)
!ivDescription
TRUEevaluated 206 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
!keyDescription
TRUEevaluated 103 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 103 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-206
3767 return 1;
executed 103 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
103
3768 if (key) {
keyDescription
TRUEevaluated 103 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-103
3769 if (EVP_CIPHER_CTX_encrypting(ctx))
EVP_CIPHER_CTX_encrypting(ctx)Description
TRUEevaluated 51 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 52 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
51-52
3770 AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
executed 51 times by 1 test: AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, &wctx->ks.ks);
Executed by:
  • libcrypto.so.1.1
51
3771 &wctx->ks.ks);
executed 51 times by 1 test: AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, &wctx->ks.ks);
Executed by:
  • libcrypto.so.1.1
51
3772 else-
3773 AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
executed 52 times by 1 test: AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, &wctx->ks.ks);
Executed by:
  • libcrypto.so.1.1
52
3774 &wctx->ks.ks);
executed 52 times by 1 test: AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, &wctx->ks.ks);
Executed by:
  • libcrypto.so.1.1
52
3775 if (!iv)
!ivDescription
TRUEevaluated 103 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-103
3776 wctx->iv = NULL;
executed 103 times by 1 test: wctx->iv = ((void *)0) ;
Executed by:
  • libcrypto.so.1.1
103
3777 }
executed 103 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
103
3778 if (iv) {
ivDescription
TRUEnever evaluated
FALSEevaluated 103 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-103
3779 memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, EVP_CIPHER_CTX_iv_length(ctx));-
3780 wctx->iv = EVP_CIPHER_CTX_iv_noconst(ctx);-
3781 }
never executed: end of block
0
3782 return 1;
executed 103 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
103
3783}-
3784-
3785static int aes_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
3786 const unsigned char *in, size_t inlen)-
3787{-
3788 EVP_AES_WRAP_CTX *wctx = EVP_C_DATA(EVP_AES_WRAP_CTX,ctx);-
3789 size_t rv;-
3790 /* AES wrap with padding has IV length of 4, without padding 8 */-
3791 int pad = EVP_CIPHER_CTX_iv_length(ctx) == 4;-
3792 /* No final operation so always return zero length */-
3793 if (!in)
!inDescription
TRUEevaluated 96 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 109 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
96-109
3794 return 0;
executed 96 times by 1 test: return 0;
Executed by:
  • libcrypto.so.1.1
96
3795 /* Input length must always be non-zero */-
3796 if (!inlen)
!inlenDescription
TRUEnever evaluated
FALSEevaluated 109 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-109
3797 return -1;
never executed: return -1;
0
3798 /* If decrypting need at least 16 bytes and multiple of 8 */-
3799 if (!EVP_CIPHER_CTX_encrypting(ctx) && (inlen < 16 || inlen & 0x7))
!EVP_CIPHER_CT...ncrypting(ctx)Description
TRUEevaluated 55 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 54 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
inlen < 16Description
TRUEnever evaluated
FALSEevaluated 55 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
inlen & 0x7Description
TRUEnever evaluated
FALSEevaluated 55 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-55
3800 return -1;
never executed: return -1;
0
3801 /* If not padding input must be multiple of 8 */-
3802 if (!pad && inlen & 0x7)
!padDescription
TRUEevaluated 85 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 24 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
inlen & 0x7Description
TRUEnever evaluated
FALSEevaluated 85 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-85
3803 return -1;
never executed: return -1;
0
3804 if (is_partially_overlapping(out, in, inlen)) {
is_partially_o...ut, in, inlen)Description
TRUEnever evaluated
FALSEevaluated 109 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-109
3805 EVPerr(EVP_F_AES_WRAP_CIPHER, EVP_R_PARTIALLY_OVERLAPPING);-
3806 return 0;
never executed: return 0;
0
3807 }-
3808 if (!out) {
!outDescription
TRUEevaluated 6 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 103 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
6-103
3809 if (EVP_CIPHER_CTX_encrypting(ctx)) {
EVP_CIPHER_CTX_encrypting(ctx)Description
TRUEevaluated 3 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 3 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
3
3810 /* If padding round up to multiple of 8 */-
3811 if (pad)
padDescription
TRUEnever evaluated
FALSEevaluated 3 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-3
3812 inlen = (inlen + 7) / 8 * 8;
never executed: inlen = (inlen + 7) / 8 * 8;
0
3813 /* 8 byte prefix */-
3814 return inlen + 8;
executed 3 times by 1 test: return inlen + 8;
Executed by:
  • libcrypto.so.1.1
3
3815 } else {-
3816 /*-
3817 * If not padding output will be exactly 8 bytes smaller than-
3818 * input. If padding it will be at least 8 bytes smaller but we-
3819 * don't know how much.-
3820 */-
3821 return inlen - 8;
executed 3 times by 1 test: return inlen - 8;
Executed by:
  • libcrypto.so.1.1
3
3822 }-
3823 }-
3824 if (pad) {
padDescription
TRUEevaluated 24 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 79 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
24-79
3825 if (EVP_CIPHER_CTX_encrypting(ctx))
EVP_CIPHER_CTX_encrypting(ctx)Description
TRUEevaluated 12 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 12 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
12
3826 rv = CRYPTO_128_wrap_pad(&wctx->ks.ks, wctx->iv,
executed 12 times by 1 test: rv = CRYPTO_128_wrap_pad(&wctx->ks.ks, wctx->iv, out, in, inlen, (block128_f) AES_encrypt);
Executed by:
  • libcrypto.so.1.1
12
3827 out, in, inlen,
executed 12 times by 1 test: rv = CRYPTO_128_wrap_pad(&wctx->ks.ks, wctx->iv, out, in, inlen, (block128_f) AES_encrypt);
Executed by:
  • libcrypto.so.1.1
12
3828 (block128_f) AES_encrypt);
executed 12 times by 1 test: rv = CRYPTO_128_wrap_pad(&wctx->ks.ks, wctx->iv, out, in, inlen, (block128_f) AES_encrypt);
Executed by:
  • libcrypto.so.1.1
12
3829 else-
3830 rv = CRYPTO_128_unwrap_pad(&wctx->ks.ks, wctx->iv,
executed 12 times by 1 test: rv = CRYPTO_128_unwrap_pad(&wctx->ks.ks, wctx->iv, out, in, inlen, (block128_f) AES_decrypt);
Executed by:
  • libcrypto.so.1.1
12
3831 out, in, inlen,
executed 12 times by 1 test: rv = CRYPTO_128_unwrap_pad(&wctx->ks.ks, wctx->iv, out, in, inlen, (block128_f) AES_decrypt);
Executed by:
  • libcrypto.so.1.1
12
3832 (block128_f) AES_decrypt);
executed 12 times by 1 test: rv = CRYPTO_128_unwrap_pad(&wctx->ks.ks, wctx->iv, out, in, inlen, (block128_f) AES_decrypt);
Executed by:
  • libcrypto.so.1.1
12
3833 } else {-
3834 if (EVP_CIPHER_CTX_encrypting(ctx))
EVP_CIPHER_CTX_encrypting(ctx)Description
TRUEevaluated 39 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 40 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
39-40
3835 rv = CRYPTO_128_wrap(&wctx->ks.ks, wctx->iv,
executed 39 times by 1 test: rv = CRYPTO_128_wrap(&wctx->ks.ks, wctx->iv, out, in, inlen, (block128_f) AES_encrypt);
Executed by:
  • libcrypto.so.1.1
39
3836 out, in, inlen, (block128_f) AES_encrypt);
executed 39 times by 1 test: rv = CRYPTO_128_wrap(&wctx->ks.ks, wctx->iv, out, in, inlen, (block128_f) AES_encrypt);
Executed by:
  • libcrypto.so.1.1
39
3837 else-
3838 rv = CRYPTO_128_unwrap(&wctx->ks.ks, wctx->iv,
executed 40 times by 1 test: rv = CRYPTO_128_unwrap(&wctx->ks.ks, wctx->iv, out, in, inlen, (block128_f) AES_decrypt);
Executed by:
  • libcrypto.so.1.1
40
3839 out, in, inlen, (block128_f) AES_decrypt);
executed 40 times by 1 test: rv = CRYPTO_128_unwrap(&wctx->ks.ks, wctx->iv, out, in, inlen, (block128_f) AES_decrypt);
Executed by:
  • libcrypto.so.1.1
40
3840 }-
3841 return rv ? (int)rv : -1;
executed 103 times by 1 test: return rv ? (int)rv : -1;
Executed by:
  • libcrypto.so.1.1
rvDescription
TRUEevaluated 102 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
1-103
3842}-
3843-
3844#define WRAP_FLAGS (EVP_CIPH_WRAP_MODE \-
3845 | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \-
3846 | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1)-
3847-
3848static const EVP_CIPHER aes_128_wrap = {-
3849 NID_id_aes128_wrap,-
3850 8, 16, 8, WRAP_FLAGS,-
3851 aes_wrap_init_key, aes_wrap_cipher,-
3852 NULL,-
3853 sizeof(EVP_AES_WRAP_CTX),-
3854 NULL, NULL, NULL, NULL-
3855};-
3856-
3857const EVP_CIPHER *EVP_aes_128_wrap(void)-
3858{-
3859 return &aes_128_wrap;
executed 1965 times by 1 test: return &aes_128_wrap;
Executed by:
  • libcrypto.so.1.1
1965
3860}-
3861-
3862static const EVP_CIPHER aes_192_wrap = {-
3863 NID_id_aes192_wrap,-
3864 8, 24, 8, WRAP_FLAGS,-
3865 aes_wrap_init_key, aes_wrap_cipher,-
3866 NULL,-
3867 sizeof(EVP_AES_WRAP_CTX),-
3868 NULL, NULL, NULL, NULL-
3869};-
3870-
3871const EVP_CIPHER *EVP_aes_192_wrap(void)-
3872{-
3873 return &aes_192_wrap;
executed 1962 times by 1 test: return &aes_192_wrap;
Executed by:
  • libcrypto.so.1.1
1962
3874}-
3875-
3876static const EVP_CIPHER aes_256_wrap = {-
3877 NID_id_aes256_wrap,-
3878 8, 32, 8, WRAP_FLAGS,-
3879 aes_wrap_init_key, aes_wrap_cipher,-
3880 NULL,-
3881 sizeof(EVP_AES_WRAP_CTX),-
3882 NULL, NULL, NULL, NULL-
3883};-
3884-
3885const EVP_CIPHER *EVP_aes_256_wrap(void)-
3886{-
3887 return &aes_256_wrap;
executed 1962 times by 1 test: return &aes_256_wrap;
Executed by:
  • libcrypto.so.1.1
1962
3888}-
3889-
3890static const EVP_CIPHER aes_128_wrap_pad = {-
3891 NID_id_aes128_wrap_pad,-
3892 8, 16, 4, WRAP_FLAGS,-
3893 aes_wrap_init_key, aes_wrap_cipher,-
3894 NULL,-
3895 sizeof(EVP_AES_WRAP_CTX),-
3896 NULL, NULL, NULL, NULL-
3897};-
3898-
3899const EVP_CIPHER *EVP_aes_128_wrap_pad(void)-
3900{-
3901 return &aes_128_wrap_pad;
executed 1962 times by 1 test: return &aes_128_wrap_pad;
Executed by:
  • libcrypto.so.1.1
1962
3902}-
3903-
3904static const EVP_CIPHER aes_192_wrap_pad = {-
3905 NID_id_aes192_wrap_pad,-
3906 8, 24, 4, WRAP_FLAGS,-
3907 aes_wrap_init_key, aes_wrap_cipher,-
3908 NULL,-
3909 sizeof(EVP_AES_WRAP_CTX),-
3910 NULL, NULL, NULL, NULL-
3911};-
3912-
3913const EVP_CIPHER *EVP_aes_192_wrap_pad(void)-
3914{-
3915 return &aes_192_wrap_pad;
executed 1962 times by 1 test: return &aes_192_wrap_pad;
Executed by:
  • libcrypto.so.1.1
1962
3916}-
3917-
3918static const EVP_CIPHER aes_256_wrap_pad = {-
3919 NID_id_aes256_wrap_pad,-
3920 8, 32, 4, WRAP_FLAGS,-
3921 aes_wrap_init_key, aes_wrap_cipher,-
3922 NULL,-
3923 sizeof(EVP_AES_WRAP_CTX),-
3924 NULL, NULL, NULL, NULL-
3925};-
3926-
3927const EVP_CIPHER *EVP_aes_256_wrap_pad(void)-
3928{-
3929 return &aes_256_wrap_pad;
executed 1962 times by 1 test: return &aes_256_wrap_pad;
Executed by:
  • libcrypto.so.1.1
1962
3930}-
3931-
3932#ifndef OPENSSL_NO_OCB-
3933static int aes_ocb_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)-
3934{-
3935 EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,c);-
3936 EVP_CIPHER_CTX *newc;-
3937 EVP_AES_OCB_CTX *new_octx;-
3938-
3939 switch (type) {-
3940 case EVP_CTRL_INIT:
executed 553 times by 1 test: case 0x0:
Executed by:
  • libcrypto.so.1.1
553
3941 octx->key_set = 0;-
3942 octx->iv_set = 0;-
3943 octx->ivlen = EVP_CIPHER_CTX_iv_length(c);-
3944 octx->iv = EVP_CIPHER_CTX_iv_noconst(c);-
3945 octx->taglen = 16;-
3946 octx->data_buf_len = 0;-
3947 octx->aad_buf_len = 0;-
3948 return 1;
executed 553 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
553
3949-
3950 case EVP_CTRL_AEAD_SET_IVLEN:
executed 553 times by 1 test: case 0x9:
Executed by:
  • libcrypto.so.1.1
553
3951 /* IV len must be 1 to 15 */-
3952 if (arg <= 0 || arg > 15)
arg <= 0Description
TRUEnever evaluated
FALSEevaluated 553 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
arg > 15Description
TRUEnever evaluated
FALSEevaluated 553 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-553
3953 return 0;
never executed: return 0;
0
3954-
3955 octx->ivlen = arg;-
3956 return 1;
executed 553 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
553
3957-
3958 case EVP_CTRL_AEAD_SET_TAG:
executed 830 times by 1 test: case 0x11:
Executed by:
  • libcrypto.so.1.1
830
3959 if (!ptr) {
!ptrDescription
TRUEevaluated 553 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 277 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
277-553
3960 /* Tag len must be 0 to 16 */-
3961 if (arg < 0 || arg > 16)
arg < 0Description
TRUEnever evaluated
FALSEevaluated 553 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
arg > 16Description
TRUEnever evaluated
FALSEevaluated 553 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-553
3962 return 0;
never executed: return 0;
0
3963-
3964 octx->taglen = arg;-
3965 return 1;
executed 553 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
553
3966 }-
3967 if (arg != octx->taglen || EVP_CIPHER_CTX_encrypting(c))
arg != octx->taglenDescription
TRUEnever evaluated
FALSEevaluated 277 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
EVP_CIPHER_CTX_encrypting(c)Description
TRUEnever evaluated
FALSEevaluated 277 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-277
3968 return 0;
never executed: return 0;
0
3969 memcpy(octx->tag, ptr, arg);-
3970 return 1;
executed 277 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
277
3971-
3972 case EVP_CTRL_AEAD_GET_TAG:
executed 276 times by 1 test: case 0x10:
Executed by:
  • libcrypto.so.1.1
276
3973 if (arg != octx->taglen || !EVP_CIPHER_CTX_encrypting(c))
arg != octx->taglenDescription
TRUEnever evaluated
FALSEevaluated 276 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
!EVP_CIPHER_CTX_encrypting(c)Description
TRUEnever evaluated
FALSEevaluated 276 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-276
3974 return 0;
never executed: return 0;
0
3975-
3976 memcpy(ptr, octx->tag, arg);-
3977 return 1;
executed 276 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
276
3978-
3979 case EVP_CTRL_COPY:
never executed: case 0x8:
0
3980 newc = (EVP_CIPHER_CTX *)ptr;-
3981 new_octx = EVP_C_DATA(EVP_AES_OCB_CTX,newc);-
3982 return CRYPTO_ocb128_copy_ctx(&new_octx->ocb, &octx->ocb,
never executed: return CRYPTO_ocb128_copy_ctx(&new_octx->ocb, &octx->ocb, &new_octx->ksenc.ks, &new_octx->ksdec.ks);
0
3983 &new_octx->ksenc.ks,
never executed: return CRYPTO_ocb128_copy_ctx(&new_octx->ocb, &octx->ocb, &new_octx->ksenc.ks, &new_octx->ksdec.ks);
0
3984 &new_octx->ksdec.ks);
never executed: return CRYPTO_ocb128_copy_ctx(&new_octx->ocb, &octx->ocb, &new_octx->ksenc.ks, &new_octx->ksdec.ks);
0
3985-
3986 default:
never executed: default:
0
3987 return -1;
never executed: return -1;
0
3988-
3989 }-
3990}-
3991-
3992# ifdef HWAES_CAPABLE-
3993# ifdef HWAES_ocb_encrypt-
3994void HWAES_ocb_encrypt(const unsigned char *in, unsigned char *out,-
3995 size_t blocks, const void *key,-
3996 size_t start_block_num,-
3997 unsigned char offset_i[16],-
3998 const unsigned char L_[][16],-
3999 unsigned char checksum[16]);-
4000# else-
4001# define HWAES_ocb_encrypt ((ocb128_f)NULL)-
4002# endif-
4003# ifdef HWAES_ocb_decrypt-
4004void HWAES_ocb_decrypt(const unsigned char *in, unsigned char *out,-
4005 size_t blocks, const void *key,-
4006 size_t start_block_num,-
4007 unsigned char offset_i[16],-
4008 const unsigned char L_[][16],-
4009 unsigned char checksum[16]);-
4010# else-
4011# define HWAES_ocb_decrypt ((ocb128_f)NULL)-
4012# endif-
4013# endif-
4014-
4015static int aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,-
4016 const unsigned char *iv, int enc)-
4017{-
4018 EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx);-
4019 if (!iv && !key)
!ivDescription
TRUEevaluated 553 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 553 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
!keyDescription
TRUEevaluated 553 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-553
4020 return 1;
executed 553 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
553
4021 if (key) {
keyDescription
TRUEevaluated 553 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-553
4022 do {-
4023 /*-
4024 * We set both the encrypt and decrypt key here because decrypt-
4025 * needs both. We could possibly optimise to remove setting the-
4026 * decrypt for an encryption operation.-
4027 */-
4028# ifdef HWAES_CAPABLE-
4029 if (HWAES_CAPABLE) {-
4030 HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,-
4031 &octx->ksenc.ks);-
4032 HWAES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,-
4033 &octx->ksdec.ks);-
4034 if (!CRYPTO_ocb128_init(&octx->ocb,-
4035 &octx->ksenc.ks, &octx->ksdec.ks,-
4036 (block128_f) HWAES_encrypt,-
4037 (block128_f) HWAES_decrypt,-
4038 enc ? HWAES_ocb_encrypt-
4039 : HWAES_ocb_decrypt))-
4040 return 0;-
4041 break;-
4042 }-
4043# endif-
4044# ifdef VPAES_CAPABLE-
4045 if (VPAES_CAPABLE) {
(OPENSSL_ia32c...&(1<<(41-32)))Description
TRUEevaluated 553 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-553
4046 vpaes_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,-
4047 &octx->ksenc.ks);-
4048 vpaes_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,-
4049 &octx->ksdec.ks);-
4050 if (!CRYPTO_ocb128_init(&octx->ocb,
!CRYPTO_ocb128... ((void *)0) )Description
TRUEnever evaluated
FALSEevaluated 553 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-553
4051 &octx->ksenc.ks, &octx->ksdec.ks,
!CRYPTO_ocb128... ((void *)0) )Description
TRUEnever evaluated
FALSEevaluated 553 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-553
4052 (block128_f) vpaes_encrypt,
!CRYPTO_ocb128... ((void *)0) )Description
TRUEnever evaluated
FALSEevaluated 553 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-553
4053 (block128_f) vpaes_decrypt,
!CRYPTO_ocb128... ((void *)0) )Description
TRUEnever evaluated
FALSEevaluated 553 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-553
4054 NULL))
!CRYPTO_ocb128... ((void *)0) )Description
TRUEnever evaluated
FALSEevaluated 553 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-553
4055 return 0;
never executed: return 0;
0
4056 break;
executed 553 times by 1 test: break;
Executed by:
  • libcrypto.so.1.1
553
4057 }-
4058# endif-
4059 AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,-
4060 &octx->ksenc.ks);-
4061 AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,-
4062 &octx->ksdec.ks);-
4063 if (!CRYPTO_ocb128_init(&octx->ocb,
!CRYPTO_ocb128... ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
0
4064 &octx->ksenc.ks, &octx->ksdec.ks,
!CRYPTO_ocb128... ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
0
4065 (block128_f) AES_encrypt,
!CRYPTO_ocb128... ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
0
4066 (block128_f) AES_decrypt,
!CRYPTO_ocb128... ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
0
4067 NULL))
!CRYPTO_ocb128... ((void *)0) )Description
TRUEnever evaluated
FALSEnever evaluated
0
4068 return 0;
never executed: return 0;
0
4069 }-
4070 while (0);-
4071-
4072 /*-
4073 * If we have an iv we can set it directly, otherwise use saved IV.-
4074 */-
4075 if (iv == NULL && octx->iv_set)
iv == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 553 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
octx->iv_setDescription
TRUEnever evaluated
FALSEnever evaluated
0-553
4076 iv = octx->iv;
never executed: iv = octx->iv;
0
4077 if (iv) {
ivDescription
TRUEevaluated 553 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-553
4078 if (CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen)
CRYPTO_ocb128_...->taglen) != 1Description
TRUEnever evaluated
FALSEevaluated 553 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-553
4079 != 1)
CRYPTO_ocb128_...->taglen) != 1Description
TRUEnever evaluated
FALSEevaluated 553 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-553
4080 return 0;
never executed: return 0;
0
4081 octx->iv_set = 1;-
4082 }
executed 553 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
553
4083 octx->key_set = 1;-
4084 } else {
executed 553 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
553
4085 /* If key set use IV, otherwise copy */-
4086 if (octx->key_set)
octx->key_setDescription
TRUEnever evaluated
FALSEnever evaluated
0
4087 CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen);
never executed: CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen);
0
4088 else-
4089 memcpy(octx->iv, iv, octx->ivlen);
never executed: memcpy(octx->iv, iv, octx->ivlen);
0
4090 octx->iv_set = 1;-
4091 }
never executed: end of block
0
4092 return 1;
executed 553 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
553
4093}-
4094-
4095static int aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,-
4096 const unsigned char *in, size_t len)-
4097{-
4098 unsigned char *buf;-
4099 int *buf_len;-
4100 int written_len = 0;-
4101 size_t trailing_len;-
4102 EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx);-
4103-
4104 /* If IV or Key not set then return error */-
4105 if (!octx->iv_set)
!octx->iv_setDescription
TRUEnever evaluated
FALSEevaluated 2331 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-2331
4106 return -1;
never executed: return -1;
0
4107-
4108 if (!octx->key_set)
!octx->key_setDescription
TRUEnever evaluated
FALSEevaluated 2331 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-2331
4109 return -1;
never executed: return -1;
0
4110-
4111 if (in != NULL) {
in != ((void *)0)Description
TRUEevaluated 1778 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 553 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
553-1778
4112 /*-
4113 * Need to ensure we are only passing full blocks to low level OCB-
4114 * routines. We do it here rather than in EVP_EncryptUpdate/-
4115 * EVP_DecryptUpdate because we need to pass full blocks of AAD too-
4116 * and those routines don't support that-
4117 */-
4118-
4119 /* Are we dealing with AAD or normal data here? */-
4120 if (out == NULL) {
out == ((void *)0)Description
TRUEevaluated 889 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 889 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
889
4121 buf = octx->aad_buf;-
4122 buf_len = &(octx->aad_buf_len);-
4123 } else {
executed 889 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
889
4124 buf = octx->data_buf;-
4125 buf_len = &(octx->data_buf_len);-
4126-
4127 if (is_partially_overlapping(out + *buf_len, in, len)) {
is_partially_o..._len, in, len)Description
TRUEnever evaluated
FALSEevaluated 889 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-889
4128 EVPerr(EVP_F_AES_OCB_CIPHER, EVP_R_PARTIALLY_OVERLAPPING);-
4129 return 0;
never executed: return 0;
0
4130 }-
4131 }
executed 889 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
889
4132-
4133 /*-
4134 * If we've got a partially filled buffer from a previous call then-
4135 * use that data first-
4136 */-
4137 if (*buf_len > 0) {
*buf_len > 0Description
TRUEevaluated 816 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 962 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
816-962
4138 unsigned int remaining;-
4139-
4140 remaining = AES_BLOCK_SIZE - (*buf_len);-
4141 if (remaining > len) {
remaining > lenDescription
TRUEevaluated 408 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 408 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
408
4142 memcpy(buf + (*buf_len), in, len);-
4143 *(buf_len) += len;-
4144 return 0;
executed 408 times by 1 test: return 0;
Executed by:
  • libcrypto.so.1.1
408
4145 }-
4146 memcpy(buf + (*buf_len), in, remaining);-
4147-
4148 /*-
4149 * If we get here we've filled the buffer, so process it-
4150 */-
4151 len -= remaining;-
4152 in += remaining;-
4153 if (out == NULL) {
out == ((void *)0)Description
TRUEevaluated 204 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 204 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
204
4154 if (!CRYPTO_ocb128_aad(&octx->ocb, buf, AES_BLOCK_SIZE))
!CRYPTO_ocb128...>ocb, buf, 16)Description
TRUEnever evaluated
FALSEevaluated 204 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-204
4155 return -1;
never executed: return -1;
0
4156 } else if (EVP_CIPHER_CTX_encrypting(ctx)) {
executed 204 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
EVP_CIPHER_CTX_encrypting(ctx)Description
TRUEevaluated 102 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 102 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
102-204
4157 if (!CRYPTO_ocb128_encrypt(&octx->ocb, buf, out,
!CRYPTO_ocb128... buf, out, 16)Description
TRUEnever evaluated
FALSEevaluated 102 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-102
4158 AES_BLOCK_SIZE))
!CRYPTO_ocb128... buf, out, 16)Description
TRUEnever evaluated
FALSEevaluated 102 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-102
4159 return -1;
never executed: return -1;
0
4160 } else {
executed 102 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
102
4161 if (!CRYPTO_ocb128_decrypt(&octx->ocb, buf, out,
!CRYPTO_ocb128... buf, out, 16)Description
TRUEnever evaluated
FALSEevaluated 102 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-102
4162 AES_BLOCK_SIZE))
!CRYPTO_ocb128... buf, out, 16)Description
TRUEnever evaluated
FALSEevaluated 102 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-102
4163 return -1;
never executed: return -1;
0
4164 }
executed 102 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
102
4165 written_len = AES_BLOCK_SIZE;-
4166 *buf_len = 0;-
4167 if (out != NULL)
out != ((void *)0)Description
TRUEevaluated 204 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 204 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
204
4168 out += AES_BLOCK_SIZE;
executed 204 times by 1 test: out += 16;
Executed by:
  • libcrypto.so.1.1
204
4169 }
executed 408 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
408
4170-
4171 /* Do we have a partial block to handle at the end? */-
4172 trailing_len = len % AES_BLOCK_SIZE;-
4173-
4174 /*-
4175 * If we've got some full blocks to handle, then process these first-
4176 */-
4177 if (len != trailing_len) {
len != trailing_lenDescription
TRUEevaluated 578 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 792 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
578-792
4178 if (out == NULL) {
out == ((void *)0)Description
TRUEevaluated 289 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 289 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
289
4179 if (!CRYPTO_ocb128_aad(&octx->ocb, in, len - trailing_len))
!CRYPTO_ocb128... trailing_len)Description
TRUEnever evaluated
FALSEevaluated 289 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-289
4180 return -1;
never executed: return -1;
0
4181 } else if (EVP_CIPHER_CTX_encrypting(ctx)) {
executed 289 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
EVP_CIPHER_CTX_encrypting(ctx)Description
TRUEevaluated 144 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 145 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
144-289
4182 if (!CRYPTO_ocb128_encrypt
!CRYPTO_ocb128... trailing_len)Description
TRUEnever evaluated
FALSEevaluated 144 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-144
4183 (&octx->ocb, in, out, len - trailing_len))
!CRYPTO_ocb128... trailing_len)Description
TRUEnever evaluated
FALSEevaluated 144 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-144
4184 return -1;
never executed: return -1;
0
4185 } else {
executed 144 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
144
4186 if (!CRYPTO_ocb128_decrypt
!CRYPTO_ocb128... trailing_len)Description
TRUEnever evaluated
FALSEevaluated 145 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-145
4187 (&octx->ocb, in, out, len - trailing_len))
!CRYPTO_ocb128... trailing_len)Description
TRUEnever evaluated
FALSEevaluated 145 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-145
4188 return -1;
never executed: return -1;
0
4189 }
executed 145 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
145
4190 written_len += len - trailing_len;-
4191 in += len - trailing_len;-
4192 }
executed 578 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
578
4193-
4194 /* Handle any trailing partial block */-
4195 if (trailing_len > 0) {
trailing_len > 0Description
TRUEevaluated 1034 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 336 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
336-1034
4196 memcpy(buf, in, trailing_len);-
4197 *buf_len = trailing_len;-
4198 }
executed 1034 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
1034
4199-
4200 return written_len;
executed 1370 times by 1 test: return written_len;
Executed by:
  • libcrypto.so.1.1
1370
4201 } else {-
4202 /*-
4203 * First of all empty the buffer of any partial block that we might-
4204 * have been provided - both for data and AAD-
4205 */-
4206 if (octx->data_buf_len > 0) {
octx->data_buf_len > 0Description
TRUEevaluated 313 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 240 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
240-313
4207 if (EVP_CIPHER_CTX_encrypting(ctx)) {
EVP_CIPHER_CTX_encrypting(ctx)Description
TRUEevaluated 156 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 157 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
156-157
4208 if (!CRYPTO_ocb128_encrypt(&octx->ocb, octx->data_buf, out,
!CRYPTO_ocb128...>data_buf_len)Description
TRUEnever evaluated
FALSEevaluated 156 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-156
4209 octx->data_buf_len))
!CRYPTO_ocb128...>data_buf_len)Description
TRUEnever evaluated
FALSEevaluated 156 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-156
4210 return -1;
never executed: return -1;
0
4211 } else {
executed 156 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
156
4212 if (!CRYPTO_ocb128_decrypt(&octx->ocb, octx->data_buf, out,
!CRYPTO_ocb128...>data_buf_len)Description
TRUEnever evaluated
FALSEevaluated 157 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-157
4213 octx->data_buf_len))
!CRYPTO_ocb128...>data_buf_len)Description
TRUEnever evaluated
FALSEevaluated 157 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-157
4214 return -1;
never executed: return -1;
0
4215 }
executed 157 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
157
4216 written_len = octx->data_buf_len;-
4217 octx->data_buf_len = 0;-
4218 }
executed 313 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
313
4219 if (octx->aad_buf_len > 0) {
octx->aad_buf_len > 0Description
TRUEevaluated 313 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 240 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
240-313
4220 if (!CRYPTO_ocb128_aad
!CRYPTO_ocb128...->aad_buf_len)Description
TRUEnever evaluated
FALSEevaluated 313 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-313
4221 (&octx->ocb, octx->aad_buf, octx->aad_buf_len))
!CRYPTO_ocb128...->aad_buf_len)Description
TRUEnever evaluated
FALSEevaluated 313 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-313
4222 return -1;
never executed: return -1;
0
4223 octx->aad_buf_len = 0;-
4224 }
executed 313 times by 1 test: end of block
Executed by:
  • libcrypto.so.1.1
313
4225 /* If decrypting then verify */-
4226 if (!EVP_CIPHER_CTX_encrypting(ctx)) {
!EVP_CIPHER_CT...ncrypting(ctx)Description
TRUEevaluated 277 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 276 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
276-277
4227 if (octx->taglen < 0)
octx->taglen < 0Description
TRUEnever evaluated
FALSEevaluated 277 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-277
4228 return -1;
never executed: return -1;
0
4229 if (CRYPTO_ocb128_finish(&octx->ocb,
CRYPTO_ocb128_...->taglen) != 0Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 276 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
1-276
4230 octx->tag, octx->taglen) != 0)
CRYPTO_ocb128_...->taglen) != 0Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEevaluated 276 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
1-276
4231 return -1;
executed 1 time by 1 test: return -1;
Executed by:
  • libcrypto.so.1.1
1
4232 octx->iv_set = 0;-
4233 return written_len;
executed 276 times by 1 test: return written_len;
Executed by:
  • libcrypto.so.1.1
276
4234 }-
4235 /* If encrypting then just get the tag */-
4236 if (CRYPTO_ocb128_tag(&octx->ocb, octx->tag, 16) != 1)
CRYPTO_ocb128_...>tag, 16) != 1Description
TRUEnever evaluated
FALSEevaluated 276 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-276
4237 return -1;
never executed: return -1;
0
4238 /* Don't reuse the IV */-
4239 octx->iv_set = 0;-
4240 return written_len;
executed 276 times by 1 test: return written_len;
Executed by:
  • libcrypto.so.1.1
276
4241 }-
4242}-
4243-
4244static int aes_ocb_cleanup(EVP_CIPHER_CTX *c)-
4245{-
4246 EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,c);-
4247 CRYPTO_ocb128_cleanup(&octx->ocb);-
4248 return 1;
executed 553 times by 1 test: return 1;
Executed by:
  • libcrypto.so.1.1
553
4249}-
4250-
4251BLOCK_CIPHER_custom(NID_aes, 128, 16, 12, ocb, OCB,
executed 1962 times by 1 test: return (OPENSSL_ia32cap_P[1]&(1<<(57-32)))?&aesni_128_ocb:&aes_128_ocb;
Executed by:
  • libcrypto.so.1.1
(OPENSSL_ia32c...&(1<<(57-32)))Description
TRUEnever evaluated
FALSEevaluated 1962 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1962
4252 EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)-
4253BLOCK_CIPHER_custom(NID_aes, 192, 16, 12, ocb, OCB,
executed 1962 times by 1 test: return (OPENSSL_ia32cap_P[1]&(1<<(57-32)))?&aesni_192_ocb:&aes_192_ocb;
Executed by:
  • libcrypto.so.1.1
(OPENSSL_ia32c...&(1<<(57-32)))Description
TRUEnever evaluated
FALSEevaluated 1962 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1962
4254 EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)-
4255BLOCK_CIPHER_custom(NID_aes, 256, 16, 12, ocb, OCB,
executed 1962 times by 1 test: return (OPENSSL_ia32cap_P[1]&(1<<(57-32)))?&aesni_256_ocb:&aes_256_ocb;
Executed by:
  • libcrypto.so.1.1
(OPENSSL_ia32c...&(1<<(57-32)))Description
TRUEnever evaluated
FALSEevaluated 1962 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-1962
4256 EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)-
4257#endif /* OPENSSL_NO_OCB */-
Source codeSwitch to Preprocessed file
Generated by Squish Coco 4.2.2