commit 9ba6410319a4e80c81a0f9423f68385d81735675
author Bob Beck <bbe@google.com> Wed Mar 19 09:41:09 2025 +0000
committer Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> Thu Mar 20 00:11:39 2025 -0700
tree 34639f1fa9d148e7dbcb29c5ac6353f018befd4f
parent 51e517b22cd788399380f288dfd650d7b99c108b

Make bcm use internal AES functions

This prevents problems davidben and I noticed with bcm reaching
out of the module for AES.

Change-Id: I95dc57e8735140ebc296aa005f08677ef24acbe3
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/77827
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: Bob Beck <bbe@google.com>

crypto/fipsmodule/aes/key_wrap.cc.inc

diff --git a/crypto/fipsmodule/aes/key_wrap.cc.inc b/crypto/fipsmodule/aes/key_wrap.cc.inc
index 99c2450..ad1c314 100644
--- a/crypto/fipsmodule/aes/key_wrap.cc.inc
+++ b/crypto/fipsmodule/aes/key_wrap.cc.inc
@@ -20,6 +20,7 @@
 
 #include <openssl/mem.h>
 
+#include "../bcm_interface.h"
 #include "../../internal.h"
 #include "../service_indicator/internal.h"
 
@@ -53,7 +54,7 @@
   for (unsigned j = 0; j < kBound; j++) {
     for (size_t i = 1; i <= n; i++) {
       OPENSSL_memcpy(A + 8, out + 8 * i, 8);
-      AES_encrypt(A, A, key);
+      BCM_aes_encrypt(A, A, key);
 
       uint32_t t = (uint32_t)(n * j + i);
       A[7] ^= t & 0xff;
@@ -96,7 +97,7 @@
       A[5] ^= (t >> 16) & 0xff;
       A[4] ^= (t >> 24) & 0xff;
       OPENSSL_memcpy(A + 8, out + 8 * (i - 1), 8);
-      AES_decrypt(A, A, key);
+      BCM_aes_decrypt(A, A, key);
       OPENSSL_memcpy(out + 8 * (i - 1), A + 8, 8);
     }
   }
@@ -145,7 +146,7 @@
   if (in_len <= 8) {
     memset(block + 8, 0, 8);
     memcpy(block + 8, in, in_len);
-    AES_encrypt(block, out, key);
+    BCM_aes_encrypt(block, out, key);
     *out_len = AES_BLOCK_SIZE;
     return 1;
   }
@@ -179,7 +180,7 @@
   uint8_t iv[8];
   if (in_len == AES_BLOCK_SIZE) {
     uint8_t block[AES_BLOCK_SIZE];
-    AES_decrypt(in, block, key);
+    BCM_aes_decrypt(in, block, key);
     memcpy(iv, block, sizeof(iv));
     memcpy(out, block + 8, 8);
   } else if (!aes_unwrap_key_inner(key, out, iv, in, in_len)) {

crypto/fipsmodule/aes/mode_wrappers.cc.inc

diff --git a/crypto/fipsmodule/aes/mode_wrappers.cc.inc b/crypto/fipsmodule/aes/mode_wrappers.cc.inc
index be5fba9..fdbab94 100644
--- a/crypto/fipsmodule/aes/mode_wrappers.cc.inc
+++ b/crypto/fipsmodule/aes/mode_wrappers.cc.inc
@@ -19,6 +19,15 @@
 #include "../aes/internal.h"
 #include "../service_indicator/internal.h"
 
+namespace {
+void aes_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) {
+  BCM_aes_encrypt(in, out, key);
+}
+
+void aes_decrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) {
+  BCM_aes_decrypt(in, out, key);
+}
+}
 
 void AES_ctr128_encrypt(const uint8_t *in, uint8_t *out, size_t len,
                         const AES_KEY *key, uint8_t ivec[AES_BLOCK_SIZE],
@@ -45,9 +54,9 @@
   assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc));
 
   if (AES_ENCRYPT == enc) {
-    AES_encrypt(in, out, key);
+    BCM_aes_encrypt(in, out, key);
   } else {
-    AES_decrypt(in, out, key);
+    BCM_aes_decrypt(in, out, key);
   }
 
   FIPS_service_indicator_update_state();
@@ -60,9 +69,9 @@
   } else if (!vpaes_capable()) {
     aes_nohw_cbc_encrypt(in, out, len, key, ivec, enc);
   } else if (enc) {
-    CRYPTO_cbc128_encrypt(in, out, len, key, ivec, AES_encrypt);
+    CRYPTO_cbc128_encrypt(in, out, len, key, ivec, aes_encrypt);
   } else {
-    CRYPTO_cbc128_decrypt(in, out, len, key, ivec, AES_decrypt);
+    CRYPTO_cbc128_decrypt(in, out, len, key, ivec, aes_decrypt);
   }
 
   FIPS_service_indicator_update_state();
@@ -71,7 +80,7 @@
 void AES_ofb128_encrypt(const uint8_t *in, uint8_t *out, size_t length,
                         const AES_KEY *key, uint8_t *ivec, int *num) {
   unsigned num_u = (unsigned)(*num);
-  CRYPTO_ofb128_encrypt(in, out, length, key, ivec, &num_u, AES_encrypt);
+  CRYPTO_ofb128_encrypt(in, out, length, key, ivec, &num_u, aes_encrypt);
   *num = (int)num_u;
 }
 
@@ -79,6 +88,6 @@
                         const AES_KEY *key, uint8_t *ivec, int *num,
                         int enc) {
   unsigned num_u = (unsigned)(*num);
-  CRYPTO_cfb128_encrypt(in, out, length, key, ivec, &num_u, enc, AES_encrypt);
+  CRYPTO_cfb128_encrypt(in, out, length, key, ivec, &num_u, enc, aes_encrypt);
   *num = (int)num_u;
 }

crypto/fipsmodule/self_check/self_check.cc.inc

diff --git a/crypto/fipsmodule/self_check/self_check.cc.inc b/crypto/fipsmodule/self_check/self_check.cc.inc
index b5eb7ea..a126a1b 100644
--- a/crypto/fipsmodule/self_check/self_check.cc.inc
+++ b/crypto/fipsmodule/self_check/self_check.cc.inc
@@ -728,8 +728,9 @@
       0x50, 0x3a, 0xc5, 0x5e, 0x8e, 0x93, 0x40, 0xf2, 0x10, 0xd8,
   };
   memcpy(aes_iv, kAESIV, sizeof(kAESIV));
-  if (AES_set_encrypt_key(kAESKey, 8 * sizeof(kAESKey), &aes_key) != 0) {
-    fprintf(CRYPTO_get_stderr(), "AES_set_encrypt_key failed.\n");
+  if (!bcm_success(
+          BCM_aes_set_encrypt_key(kAESKey, 8 * sizeof(kAESKey), &aes_key))) {
+    fprintf(CRYPTO_get_stderr(), "BCM_aes_set_encrypt_key failed.\n");
     goto err;
   }
   AES_cbc_encrypt(kAESCBCEncPlaintext, output, sizeof(kAESCBCEncPlaintext),
@@ -752,8 +753,9 @@
       0xb2, 0x25, 0x6f, 0xa6, 0xd0, 0xd2, 0x0e, 0x6f, 0x19, 0xb5,
   };
   memcpy(aes_iv, kAESIV, sizeof(kAESIV));
-  if (AES_set_decrypt_key(kAESKey, 8 * sizeof(kAESKey), &aes_key) != 0) {
-    fprintf(CRYPTO_get_stderr(), "AES_set_decrypt_key failed.\n");
+  if (!bcm_success(
+          BCM_aes_set_decrypt_key(kAESKey, 8 * sizeof(kAESKey), &aes_key))) {
+    fprintf(CRYPTO_get_stderr(), "BCM_aes_set_decrypt_key failed.\n");
     goto err;
   }
   AES_cbc_encrypt(kAESCBCDecCiphertext, output, sizeof(kAESCBCDecCiphertext),