Move AES-GCM-SIV out from SMALL and handle unaligned keys.
In order to use AES-GCM-SIV in the open-source QUIC boxer, it needs to
be moved out from OPENSSL_SMALL. (Hopefully the linker can still discard
it in the vast majority of cases.)
Additionally, the input to the key schedule function comes from outside
and may not be aligned, thus we need to use unaligned instructions to
read it.
Change-Id: I02c261fe0663d13a96c428174943c7e5ac8415a7
Reviewed-on: https://boringssl-review.googlesource.com/16824
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/crypto/cipher_extra/aead_test.cc b/crypto/cipher_extra/aead_test.cc
index 24702ce..3d80551 100644
--- a/crypto/cipher_extra/aead_test.cc
+++ b/crypto/cipher_extra/aead_test.cc
@@ -49,12 +49,10 @@
{"AES_256_GCM", EVP_aead_aes_256_gcm, "aes_256_gcm_tests.txt", false, true},
{"AES_256_GCM_NIST", EVP_aead_aes_256_gcm, "nist_cavp/aes_256_gcm.txt",
false, true},
-#if !defined(OPENSSL_SMALL)
{"AES_128_GCM_SIV", EVP_aead_aes_128_gcm_siv, "aes_128_gcm_siv_tests.txt",
false, false},
{"AES_256_GCM_SIV", EVP_aead_aes_256_gcm_siv, "aes_256_gcm_siv_tests.txt",
false, false},
-#endif
{"ChaCha20Poly1305", EVP_aead_chacha20_poly1305,
"chacha20_poly1305_tests.txt", false, true},
{"AES_128_CBC_SHA1_TLS", EVP_aead_aes_128_cbc_sha1_tls,
diff --git a/crypto/cipher_extra/asm/aes128gcmsiv-x86_64.pl b/crypto/cipher_extra/asm/aes128gcmsiv-x86_64.pl
index 6f19ba0..1a3d064 100644
--- a/crypto/cipher_extra/asm/aes128gcmsiv-x86_64.pl
+++ b/crypto/cipher_extra/asm/aes128gcmsiv-x86_64.pl
@@ -460,7 +460,7 @@
.align 16
aes128gcmsiv_aes_ks:
.cfi_startproc
- vmovdqa (%rdi), %xmm1 # xmm1 = user key
+ vmovdqu (%rdi), %xmm1 # xmm1 = user key
vmovdqa %xmm1, (%rsi) # rsi points to output
vmovdqa con1(%rip), %xmm0
@@ -521,8 +521,8 @@
.align 16
aes256gcmsiv_aes_ks:
.cfi_startproc
- vmovdqa (%rdi), %xmm1
- vmovdqa 16(%rdi), %xmm3
+ vmovdqu (%rdi), %xmm1
+ vmovdqu 16(%rdi), %xmm3
vmovdqa %xmm1, (%rsi)
vmovdqa %xmm3, 16(%rsi)
vmovdqa con1(%rip), %xmm0
diff --git a/crypto/cipher_extra/e_aesgcmsiv.c b/crypto/cipher_extra/e_aesgcmsiv.c
index c7be11c..19d7566 100644
--- a/crypto/cipher_extra/e_aesgcmsiv.c
+++ b/crypto/cipher_extra/e_aesgcmsiv.c
@@ -21,8 +21,6 @@
#include "../fipsmodule/cipher/internal.h"
-#if !defined(OPENSSL_SMALL)
-
#define EVP_AEAD_AES_GCM_SIV_NONCE_LEN 12
#define EVP_AEAD_AES_GCM_SIV_TAG_LEN 16
@@ -850,5 +848,3 @@
}
#endif /* X86_64 && !NO_ASM */
-
-#endif /* !OPENSSL_SMALL */
diff --git a/crypto/fipsmodule/modes/polyval.c b/crypto/fipsmodule/modes/polyval.c
index 89fa9bc..392e2d8 100644
--- a/crypto/fipsmodule/modes/polyval.c
+++ b/crypto/fipsmodule/modes/polyval.c
@@ -14,8 +14,6 @@
#include <openssl/base.h>
-#if !defined(OPENSSL_SMALL)
-
#include <assert.h>
#include <string.h>
@@ -91,6 +89,3 @@
byte_reverse(&S);
OPENSSL_memcpy(out, &S.c, sizeof(polyval_block));
}
-
-
-#endif /* !OPENSSL_SMALL */
diff --git a/tool/speed.cc b/tool/speed.cc
index 6d3997e..e941b8b 100644
--- a/tool/speed.cc
+++ b/tool/speed.cc
@@ -283,7 +283,6 @@
evp_aead_seal);
}
-#if !defined(OPENSSL_SMALL)
static bool SpeedAEADOpen(const EVP_AEAD *aead, const std::string &name,
size_t ad_len, const std::string &selected) {
if (!selected.empty() && name.find(selected) == std::string::npos) {
@@ -297,7 +296,6 @@
SpeedAEADChunk(aead, name + " (8192 bytes)", 8192, ad_len,
evp_aead_open);
}
-#endif /* !SMALL */
static bool SpeedHashChunk(const EVP_MD *md, const std::string &name,
size_t chunk_len) {
@@ -653,7 +651,6 @@
kLegacyADLen, selected) ||
!SpeedAEAD(EVP_aead_aes_256_cbc_sha1_tls(), "AES-256-CBC-SHA1",
kLegacyADLen, selected) ||
-#if !defined(OPENSSL_SMALL)
!SpeedAEAD(EVP_aead_aes_128_gcm_siv(), "AES-128-GCM-SIV", kTLSADLen,
selected) ||
!SpeedAEAD(EVP_aead_aes_256_gcm_siv(), "AES-256-GCM-SIV", kTLSADLen,
@@ -662,7 +659,6 @@
selected) ||
!SpeedAEADOpen(EVP_aead_aes_256_gcm_siv(), "AES-256-GCM-SIV", kTLSADLen,
selected) ||
-#endif
!SpeedHash(EVP_sha1(), "SHA-1", selected) ||
!SpeedHash(EVP_sha256(), "SHA-256", selected) ||
!SpeedHash(EVP_sha512(), "SHA-512", selected) ||
