From a42abde6993849f82945dc55af5bc1de413f7393 Mon Sep 17 00:00:00 2001
From: Andy Polyakov <appro@openssl.org>
Date: Thu, 4 Apr 2013 15:55:49 +0200
Subject: [PATCH] e_aes.c: reserve for future extensions.

---
 crypto/evp/e_aes.c | 88 +++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 84 insertions(+), 4 deletions(-)

diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index 2400d0041e..a7d4ce4420 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -245,6 +245,9 @@ size_t aesni_gcm_decrypt(const unsigned char *in,
 void gcm_ghash_avx(u64 Xi[2],const u128 Htable[16],const u8 *in,size_t len);
 #define AES_GCM_ASM(gctx)	(gctx->ctr==aesni_ctr32_encrypt_blocks && \
 				 gctx->gcm.ghash==gcm_ghash_avx)
+#define AES_GCM_ASM2(gctx)	(gctx->gcm.block==(block128_f)aesni_encrypt && \
+				 gctx->gcm.ghash==gcm_ghash_avx)
+#undef AES_GCM_ASM2		/* minor size optimization */
 #endif
 
 static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@@ -1339,7 +1342,24 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 				goto err;
 			}
 		else	{
-			if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len))
+			size_t bulk=0;
+#if defined(AES_GCM_ASM2)
+			if (len>=32 && AES_GCM_ASM2(gctx))
+				{
+				if (CRYPTO_gcm128_encrypt(&gctx->gcm,NULL,NULL,0))
+					return -1;
+
+				bulk = AES_gcm_encrypt(in,out,len,
+							gctx->gcm.key,
+							gctx->gcm.Yi.c,
+							gctx->gcm.Xi.u);
+				gctx->gcm.len.u[1] += bulk;
+				}
+#endif
+			if (CRYPTO_gcm128_encrypt(&gctx->gcm,
+							in +bulk,
+							out+bulk,
+							len-bulk))
 				goto err;
 			}
 		out += len;
@@ -1374,7 +1394,24 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 				goto err;
 			}
 		else	{
-			if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len))
+			size_t bulk=0;
+#if defined(AES_GCM_ASM2)
+			if (len>=16 && AES_GCM_ASM2(gctx))
+				{
+				if (CRYPTO_gcm128_decrypt(&gctx->gcm,NULL,NULL,0))
+					return -1;
+
+				bulk = AES_gcm_decrypt(in,out,len,
+							gctx->gcm.key,
+							gctx->gcm.Yi.c,
+							gctx->gcm.Xi.u);
+				gctx->gcm.len.u[1] += bulk;
+				}
+#endif
+			if (CRYPTO_gcm128_decrypt(&gctx->gcm,
+							in +bulk,
+							out+bulk,
+							len-bulk))
 				goto err;
 			}
 		/* Retrieve tag */
@@ -1445,7 +1482,28 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 					return -1;
 				}
 			else	{
-				if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len))
+				size_t bulk=0;
+#if defined(AES_GCM_ASM2)
+				if (len>=32 && AES_GCM_ASM2(gctx))
+					{
+					size_t res = (16-gctx->gcm.mres)%16;
+
+					if (CRYPTO_gcm128_encrypt(&gctx->gcm,
+							in,out,res))
+						return -1;
+
+					bulk = AES_gcm_encrypt(in+res,
+							out+res,len-res,								gctx->gcm.key,
+							gctx->gcm.Yi.c,
+							gctx->gcm.Xi.u);
+					gctx->gcm.len.u[1] += bulk;
+					bulk += res;
+					}
+#endif
+				if (CRYPTO_gcm128_encrypt(&gctx->gcm,
+							in +bulk,
+							out+bulk,
+							len-bulk))
 					return -1;
 				}
 			}
@@ -1480,7 +1538,29 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 					return -1;
 				}
 			else	{
-				if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len))
+				size_t bulk=0;
+#if defined(AES_GCM_ASM2)
+				if (len>=16 && AES_GCM_ASM2(gctx))
+					{
+					size_t res = (16-gctx->gcm.mres)%16;
+
+					if (CRYPTO_gcm128_decrypt(&gctx->gcm,
+							in,out,res))
+						return -1;
+
+					bulk = AES_gcm_decrypt(in+res,
+							out+res,len-res,
+							gctx->gcm.key,
+							gctx->gcm.Yi.c,
+							gctx->gcm.Xi.u);
+					gctx->gcm.len.u[1] += bulk;
+					bulk += res;
+					}
+#endif
+				if (CRYPTO_gcm128_decrypt(&gctx->gcm,
+							in +bulk,
+							out+bulk,
+							len-bulk))
 					return -1;
 				}
 			}
-- 
GitLab