commit fdb48f98612e934eab339b4871484b1c987553e2
author David Benjamin <davidben@google.com> Sat Mar 02 18:47:59 2019 -0600
committer Adam Langley <agl@google.com> Thu Mar 14 21:43:58 2019 +0000
tree e259337342ed2afcf208a5b016479d7c7be2b773
parent d22578f36631dd009310aafd68181754a056f229

Drop some unused bsaes to aes_nohw dependencies.

When the CBC and CTR EVP_CIPHER implementations use bsaes, they never
call dat->block. Note this is *not* true of aes_ctr_set_key which is
used in contexts where it needs single-block operations.

Bug: 256
Change-Id: Ibea4f2117a2220cd5cb09f6cf12b7a50c28bf794
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/35168
Reviewed-by: Adam Langley <agl@google.com>

crypto/fipsmodule/cipher/e_aes.c

diff --git a/crypto/fipsmodule/cipher/e_aes.c b/crypto/fipsmodule/cipher/e_aes.c
index 51a1fb1..a1859d7 100644
--- a/crypto/fipsmodule/cipher/e_aes.c
+++ b/crypto/fipsmodule/cipher/e_aes.c
@@ -111,7 +111,8 @@
       }
     } else if (bsaes_capable() && mode == EVP_CIPH_CBC_MODE) {
       ret = aes_nohw_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks);
-      dat->block = aes_nohw_decrypt;
+      // If |dat->stream.cbc| is provided, |dat->block| is never used.
+      dat->block = NULL;
       dat->stream.cbc = bsaes_cbc_encrypt;
     } else if (vpaes_capable()) {
       ret = vpaes_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks);
@@ -138,7 +139,8 @@
     }
   } else if (bsaes_capable() && mode == EVP_CIPH_CTR_MODE) {
     ret = aes_nohw_set_encrypt_key(key, ctx->key_len * 8, &dat->ks.ks);
-    dat->block = aes_nohw_encrypt;
+    // If |dat->stream.ctr| is provided, |dat->block| is never used.
+    dat->block = NULL;
     dat->stream.ctr = bsaes_ctr32_encrypt_blocks;
   } else if (vpaes_capable()) {
     ret = vpaes_set_encrypt_key(key, ctx->key_len * 8, &dat->ks.ks);