e_aes.c: reserve for future extensions.

a42abde6 · Andy Polyakov · 64f7e2c4 · a42abde6
隐藏空白更改
内联并排

Showing with 84 addition and 4 deletion

crypto/evp/e_aes.c crypto/evp/e_aes.c +84 -4

未找到文件。
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -245,6 +245,9 @@ size_t aesni_gcm_decrypt(const unsigned char *in,
 void gcm_ghash_avx(u64 Xi[2],const u128 Htable[16],const u8 *in,size_t len);
 #define AES_GCM_ASM(gctx)	(gctx->ctr==aesni_ctr32_encrypt_blocks && \
 				 gctx->gcm.ghash==gcm_ghash_avx)
+#define AES_GCM_ASM2(gctx)	(gctx->gcm.block==(block128_f)aesni_encrypt && \
+				 gctx->gcm.ghash==gcm_ghash_avx)
+#undef AES_GCM_ASM2		/* minor size optimization */
 #endif

 static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@@ -1339,7 +1342,24 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 				goto err;
 			}
 		else	{
-			if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len))
+			size_t bulk=0;
+#if defined(AES_GCM_ASM2)
+			if (len>=32 && AES_GCM_ASM2(gctx))
+				{
+				if (CRYPTO_gcm128_encrypt(&gctx->gcm,NULL,NULL,0))
+					return -1;
+
+				bulk = AES_gcm_encrypt(in,out,len,
+							gctx->gcm.key,
+							gctx->gcm.Yi.c,
+							gctx->gcm.Xi.u);
+				gctx->gcm.len.u[1] += bulk;
+				}
+#endif
+			if (CRYPTO_gcm128_encrypt(&gctx->gcm,
+							in +bulk,
+							out+bulk,
+							len-bulk))
 				goto err;
 			}
 		out += len;
@@ -1374,7 +1394,24 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 				goto err;
 			}
 		else	{
-			if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len))
+			size_t bulk=0;
+#if defined(AES_GCM_ASM2)
+			if (len>=16 && AES_GCM_ASM2(gctx))
+				{
+				if (CRYPTO_gcm128_decrypt(&gctx->gcm,NULL,NULL,0))
+					return -1;
+
+				bulk = AES_gcm_decrypt(in,out,len,
+							gctx->gcm.key,
+							gctx->gcm.Yi.c,
+							gctx->gcm.Xi.u);
+				gctx->gcm.len.u[1] += bulk;
+				}
+#endif
+			if (CRYPTO_gcm128_decrypt(&gctx->gcm,
+							in +bulk,
+							out+bulk,
+							len-bulk))
 				goto err;
 			}
 		/* Retrieve tag */
@@ -1445,7 +1482,28 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 					return -1;
 				}
 			else	{
-				if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len))
+				size_t bulk=0;
+#if defined(AES_GCM_ASM2)
+				if (len>=32 && AES_GCM_ASM2(gctx))
+					{
+					size_t res = (16-gctx->gcm.mres)%16;
+
+					if (CRYPTO_gcm128_encrypt(&gctx->gcm,
+							in,out,res))
+						return -1;
+
+					bulk = AES_gcm_encrypt(in+res,
+							out+res,len-res,								gctx->gcm.key,
+							gctx->gcm.Yi.c,
+							gctx->gcm.Xi.u);
+					gctx->gcm.len.u[1] += bulk;
+					bulk += res;
+					}
+#endif
+				if (CRYPTO_gcm128_encrypt(&gctx->gcm,
+							in +bulk,
+							out+bulk,
+							len-bulk))
 					return -1;
 				}
 			}
@@ -1480,7 +1538,29 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 					return -1;
 				}
 			else	{
-				if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len))
+				size_t bulk=0;
+#if defined(AES_GCM_ASM2)
+				if (len>=16 && AES_GCM_ASM2(gctx))
+					{
+					size_t res = (16-gctx->gcm.mres)%16;
+
+					if (CRYPTO_gcm128_decrypt(&gctx->gcm,
+							in,out,res))
+						return -1;
+
+					bulk = AES_gcm_decrypt(in+res,
+							out+res,len-res,
+							gctx->gcm.key,
+							gctx->gcm.Yi.c,
+							gctx->gcm.Xi.u);
+					gctx->gcm.len.u[1] += bulk;
+					bulk += res;
+					}
+#endif
+				if (CRYPTO_gcm128_decrypt(&gctx->gcm,
+							in +bulk,
+							out+bulk,
+							len-bulk))
 					return -1;
 				}
 			}