Move AES-GCM-SIV out from SMALL and handle unaligned keys.

In order to use AES-GCM-SIV in the open-source QUIC boxer, it needs to be moved out from OPENSSL_SMALL. (Hopefully the linker can still discard it in the vast majority of cases.) Additionally, the input to the key schedule function comes from outside and may not be aligned, thus we need to use unaligned instructions to read it. Change-Id: I02c261fe0663d13a96c428174943c7e5ac8415a7 Reviewed-on: https://boringssl-review.googlesource.com/16824 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-06-01 10:44:06 -07:00 · 2017-06-01 10:44:06 -07:00 · c5e9ac1cac
commit c5e9ac1cac
parent 6757fbf8e3
5 changed files with 3 additions and 18 deletions
--- a/crypto/cipher_extra/aead_test.cc
+++ b/crypto/cipher_extra/aead_test.cc
@ -49,12 +49,10 @@ static const struct KnownAEAD kAEADs[] = {
    {"AES_256_GCM", EVP_aead_aes_256_gcm, "aes_256_gcm_tests.txt", false, true},
    {"AES_256_GCM_NIST", EVP_aead_aes_256_gcm, "nist_cavp/aes_256_gcm.txt",
     false, true},
-#if !defined(OPENSSL_SMALL)
    {"AES_128_GCM_SIV", EVP_aead_aes_128_gcm_siv, "aes_128_gcm_siv_tests.txt",
     false, false},
    {"AES_256_GCM_SIV", EVP_aead_aes_256_gcm_siv, "aes_256_gcm_siv_tests.txt",
     false, false},
-#endif
    {"ChaCha20Poly1305", EVP_aead_chacha20_poly1305,
     "chacha20_poly1305_tests.txt", false, true},
    {"AES_128_CBC_SHA1_TLS", EVP_aead_aes_128_cbc_sha1_tls,
--- a/crypto/cipher_extra/asm/aes128gcmsiv-x86_64.pl
+++ b/crypto/cipher_extra/asm/aes128gcmsiv-x86_64.pl
@ -460,7 +460,7 @@ $code.=<<___;
 .align 16
 aes128gcmsiv_aes_ks:
 .cfi_startproc
-    vmovdqa (%rdi), %xmm1           # xmm1 = user key
+    vmovdqu (%rdi), %xmm1           # xmm1 = user key
    vmovdqa %xmm1, (%rsi)           # rsi points to output

    vmovdqa con1(%rip), %xmm0
@ -521,8 +521,8 @@ $code.=<<___;
 .align 16
 aes256gcmsiv_aes_ks:
 .cfi_startproc
-    vmovdqa (%rdi), %xmm1
-    vmovdqa 16(%rdi), %xmm3
+    vmovdqu (%rdi), %xmm1
+    vmovdqu 16(%rdi), %xmm3
    vmovdqa %xmm1, (%rsi)
    vmovdqa %xmm3, 16(%rsi)
    vmovdqa con1(%rip), %xmm0
--- a/crypto/cipher_extra/e_aesgcmsiv.c
+++ b/crypto/cipher_extra/e_aesgcmsiv.c
@ -21,8 +21,6 @@
 #include "../fipsmodule/cipher/internal.h"


-#if !defined(OPENSSL_SMALL)
-
 #define EVP_AEAD_AES_GCM_SIV_NONCE_LEN 12
 #define EVP_AEAD_AES_GCM_SIV_TAG_LEN 16

@ -850,5 +848,3 @@ const EVP_AEAD *EVP_aead_aes_256_gcm_siv(void) {
 }

 #endif  /* X86_64 && !NO_ASM */
-
-#endif  /* !OPENSSL_SMALL */
--- a/crypto/fipsmodule/modes/polyval.c
+++ b/crypto/fipsmodule/modes/polyval.c
@ -14,8 +14,6 @@

 #include <openssl/base.h>

-#if !defined(OPENSSL_SMALL)
-
 #include <assert.h>
 #include <string.h>

@ -91,6 +89,3 @@ void CRYPTO_POLYVAL_finish(const struct polyval_ctx *ctx, uint8_t out[16]) {
  byte_reverse(&S);
  OPENSSL_memcpy(out, &S.c, sizeof(polyval_block));
 }
-
-
-#endif  /* !OPENSSL_SMALL */
--- a/tool/speed.cc
+++ b/tool/speed.cc
@ -283,7 +283,6 @@ static bool SpeedAEAD(const EVP_AEAD *aead, const std::string &name,
                        evp_aead_seal);
 }

-#if !defined(OPENSSL_SMALL)
 static bool SpeedAEADOpen(const EVP_AEAD *aead, const std::string &name,
                          size_t ad_len, const std::string &selected) {
  if (!selected.empty() && name.find(selected) == std::string::npos) {
@ -297,7 +296,6 @@ static bool SpeedAEADOpen(const EVP_AEAD *aead, const std::string &name,
         SpeedAEADChunk(aead, name + " (8192 bytes)", 8192, ad_len,
                        evp_aead_open);
 }
-#endif  /* !SMALL */

 static bool SpeedHashChunk(const EVP_MD *md, const std::string &name,
                           size_t chunk_len) {
@ -653,7 +651,6 @@ bool Speed(const std::vector<std::string> &args) {
                 kLegacyADLen, selected) ||
      !SpeedAEAD(EVP_aead_aes_256_cbc_sha1_tls(), "AES-256-CBC-SHA1",
                 kLegacyADLen, selected) ||
-#if !defined(OPENSSL_SMALL)
      !SpeedAEAD(EVP_aead_aes_128_gcm_siv(), "AES-128-GCM-SIV", kTLSADLen,
                 selected) ||
      !SpeedAEAD(EVP_aead_aes_256_gcm_siv(), "AES-256-GCM-SIV", kTLSADLen,
@ -662,7 +659,6 @@ bool Speed(const std::vector<std::string> &args) {
                     selected) ||
      !SpeedAEADOpen(EVP_aead_aes_256_gcm_siv(), "AES-256-GCM-SIV", kTLSADLen,
                     selected) ||
-#endif
      !SpeedHash(EVP_sha1(), "SHA-1", selected) ||
      !SpeedHash(EVP_sha256(), "SHA-256", selected) ||
      !SpeedHash(EVP_sha512(), "SHA-512", selected) ||