Lines Matching defs:gctx
139 # define AES_GCM_ASM2(gctx) (gctx->gcm.block==(block128_f)aesni_encrypt && \
140 gctx->gcm.ghash==gcm_ghash_avx)
226 EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
231 &gctx->ks.ks);
232 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f) aesni_encrypt);
233 gctx->ctr = (ctr128_f) aesni_ctr32_encrypt_blocks;
237 if (iv == NULL && gctx->iv_set)
238 iv = gctx->iv;
240 CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
241 gctx->iv_set = 1;
243 gctx->key_set = 1;
246 if (gctx->key_set)
247 CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
249 memcpy(gctx->iv, iv, gctx->ivlen);
250 gctx->iv_set = 1;
251 gctx->iv_gen = 0;
549 EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
554 aes_t4_set_encrypt_key(key, bits, &gctx->ks.ks);
555 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
559 gctx->ctr = (ctr128_f) aes128_t4_ctr32_encrypt;
562 gctx->ctr = (ctr128_f) aes192_t4_ctr32_encrypt;
565 gctx->ctr = (ctr128_f) aes256_t4_ctr32_encrypt;
573 if (iv == NULL && gctx->iv_set)
574 iv = gctx->iv;
576 CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
577 gctx->iv_set = 1;
579 gctx->key_set = 1;
582 if (gctx->key_set)
583 CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
585 memcpy(gctx->iv, iv, gctx->ivlen);
586 gctx->iv_set = 1;
587 gctx->iv_gen = 0;
1354 S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, c);
1363 gctx->key_set = 0;
1364 gctx->iv_set = 0;
1365 gctx->ivlen = ivlen;
1366 gctx->iv = c->iv;
1367 gctx->taglen = -1;
1368 gctx->iv_gen = 0;
1369 gctx->tls_aad_len = -1;
1373 *(int *)ptr = gctx->ivlen;
1384 if (gctx->ivlen == 12 || len > S390X_gcm_ivpadlen(gctx->ivlen)) {
1385 if (gctx->iv != c->iv)
1386 OPENSSL_free(gctx->iv);
1388 if ((gctx->iv = OPENSSL_malloc(len)) == NULL) {
1394 memset(gctx->iv + arg, 0, len - arg - 8);
1395 *((unsigned long long *)(gctx->iv + len - 8)) = arg << 3;
1397 gctx->ivlen = arg;
1407 gctx->taglen = arg;
1412 if (arg <= 0 || arg > 16 || !enc || gctx->taglen < 0)
1415 memcpy(ptr, gctx->kma.param.t.b, arg);
1421 memcpy(gctx->iv, ptr, gctx->ivlen);
1422 gctx->iv_gen = 1;
1429 if ((arg < 4) || (gctx->ivlen - arg) < 8)
1433 memcpy(gctx->iv, ptr, arg);
1436 if (enc && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0)
1439 gctx->iv_gen = 1;
1443 if (gctx->iv_gen == 0 || gctx->key_set == 0)
1446 s390x_aes_gcm_setiv(gctx, gctx->iv);
1448 if (arg <= 0 || arg > gctx->ivlen)
1449 arg = gctx->ivlen;
1451 memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg);
1456 ctr64_inc(gctx->iv + gctx->ivlen - 8);
1457 gctx->iv_set = 1;
1462 if (gctx->iv_gen == 0 || gctx->key_set == 0 || enc)
1465 memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg);
1466 s390x_aes_gcm_setiv(gctx, gctx->iv);
1467 gctx->iv_set = 1;
1477 gctx->tls_aad_len = arg;
1478 gctx->tls_enc_records = 0;
1502 if (gctx->iv == c->iv) {
1505 len = S390X_gcm_ivpadlen(gctx->ivlen);
1512 memcpy(gctx_out->iv, gctx->iv, len);
1528 S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx);
1536 memcpy(&gctx->kma.param.k, key, keylen);
1538 gctx->fc = S390X_AES_FC(keylen);
1540 gctx->fc |= S390X_DECRYPT;
1542 if (iv == NULL && gctx->iv_set)
1543 iv = gctx->iv;
1546 s390x_aes_gcm_setiv(gctx, iv);
1547 gctx->iv_set = 1;
1549 gctx->key_set = 1;
1551 if (gctx->key_set)
1552 s390x_aes_gcm_setiv(gctx, iv);
1554 memcpy(gctx->iv, iv, gctx->ivlen);
1556 gctx->iv_set = 1;
1557 gctx->iv_gen = 0;
1569 S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx);
1583 if (ctx->encrypt && ++gctx->tls_enc_records == 0) {
1597 gctx->kma.param.taadl = gctx->tls_aad_len << 3;
1598 gctx->kma.param.tpcl = len << 3;
1599 s390x_kma(buf, gctx->tls_aad_len, in, len, out,
1600 gctx->fc | S390X_KMA_LAAD | S390X_KMA_LPC, &gctx->kma.param);
1603 memcpy(out + len, gctx->kma.param.t.b, EVP_GCM_TLS_TAG_LEN);
1606 if (CRYPTO_memcmp(gctx->kma.param.t.b, in + len,
1614 gctx->iv_set = 0;
1615 gctx->tls_aad_len = -1;
1628 S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx);
1632 if (!gctx->key_set)
1635 if (gctx->tls_aad_len >= 0)
1638 if (!gctx->iv_set)
1643 if (s390x_aes_gcm_aad(gctx, in, len))
1646 if (s390x_aes_gcm(gctx, in, out, len))
1651 gctx->kma.param.taadl <<= 3;
1652 gctx->kma.param.tpcl <<= 3;
1653 s390x_kma(gctx->ares, gctx->areslen, gctx->mres, gctx->mreslen, tmp,
1654 gctx->fc | S390X_KMA_LAAD | S390X_KMA_LPC, &gctx->kma.param);
1655 /* recall that we already did en-/decrypt gctx->mres
1657 OPENSSL_cleanse(tmp, gctx->mreslen);
1658 gctx->iv_set = 0;
1662 gctx->taglen = 16;
1664 if (gctx->taglen < 0)
1668 if (CRYPTO_memcmp(buf, gctx->kma.param.t.b, gctx->taglen))
1677 S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, c);
1679 if (gctx == NULL)
1682 if (gctx->iv != c->iv)
1683 OPENSSL_free(gctx->iv);
1685 OPENSSL_cleanse(gctx, sizeof(*gctx));
2559 EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,c);
2560 if (gctx == NULL)
2562 OPENSSL_cleanse(&gctx->gcm, sizeof(gctx->gcm));
2563 if (gctx->iv != c->iv)
2564 OPENSSL_free(gctx->iv);
2570 EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,c);
2573 gctx->key_set = 0;
2574 gctx->iv_set = 0;
2575 gctx->ivlen = EVP_CIPHER_get_iv_length(c->cipher);
2576 gctx->iv = c->iv;
2577 gctx->taglen = -1;
2578 gctx->iv_gen = 0;
2579 gctx->tls_aad_len = -1;
2583 *(int *)ptr = gctx->ivlen;
2590 if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) {
2591 if (gctx->iv != c->iv)
2592 OPENSSL_free(gctx->iv);
2593 if ((gctx->iv = OPENSSL_malloc(arg)) == NULL) {
2598 gctx->ivlen = arg;
2605 gctx->taglen = arg;
2610 || gctx->taglen < 0)
2618 memcpy(gctx->iv, ptr, gctx->ivlen);
2619 gctx->iv_gen = 1;
2626 if ((arg < 4) || (gctx->ivlen - arg) < 8)
2629 memcpy(gctx->iv, ptr, arg);
2630 if (c->encrypt && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0)
2632 gctx->iv_gen = 1;
2636 if (gctx->iv_gen == 0 || gctx->key_set == 0)
2638 CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen);
2639 if (arg <= 0 || arg > gctx->ivlen)
2640 arg = gctx->ivlen;
2641 memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg);
2646 ctr64_inc(gctx->iv + gctx->ivlen - 8);
2647 gctx->iv_set = 1;
2651 if (gctx->iv_gen == 0 || gctx->key_set == 0 || c->encrypt)
2653 memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg);
2654 CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen);
2655 gctx->iv_set = 1;
2663 gctx->tls_aad_len = arg;
2664 gctx->tls_enc_records = 0;
2687 if (gctx->gcm.key) {
2688 if (gctx->gcm.key != &gctx->ks)
2692 if (gctx->iv == c->iv)
2695 if ((gctx_out->iv = OPENSSL_malloc(gctx->ivlen)) == NULL) {
2699 memcpy(gctx_out->iv, gctx->iv, gctx->ivlen);
2713 EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
2720 HWAES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
2721 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
2724 gctx->ctr = (ctr128_f) HWAES_ctr32_encrypt_blocks;
2726 gctx->ctr = NULL;
2733 AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
2734 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
2736 gctx->ctr = (ctr128_f) ossl_bsaes_ctr32_encrypt_blocks;
2742 vpaes_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
2743 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
2745 gctx->ctr = NULL;
2751 AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
2752 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
2755 gctx->ctr = (ctr128_f) AES_ctr32_encrypt;
2757 gctx->ctr = NULL;
2764 if (iv == NULL && gctx->iv_set)
2765 iv = gctx->iv;
2767 CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
2768 gctx->iv_set = 1;
2770 gctx->key_set = 1;
2773 if (gctx->key_set)
2774 CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
2776 memcpy(gctx->iv, iv, gctx->ivlen);
2777 gctx->iv_set = 1;
2778 gctx->iv_gen = 0;
2793 EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
2806 if (ctx->encrypt && ++gctx->tls_enc_records == 0) {
2820 if (CRYPTO_gcm128_aad(&gctx->gcm, ctx->buf, gctx->tls_aad_len))
2828 if (gctx->ctr) {
2831 if (len >= 32 && AES_GCM_ASM(gctx)) {
2832 if (CRYPTO_gcm128_encrypt(&gctx->gcm, NULL, NULL, 0))
2836 gctx->gcm.key,
2837 gctx->gcm.Yi.c, gctx->gcm.Xi.u);
2838 gctx->gcm.len.u[1] += bulk;
2841 if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm,
2844 len - bulk, gctx->ctr))
2849 if (len >= 32 && AES_GCM_ASM2(gctx)) {
2850 if (CRYPTO_gcm128_encrypt(&gctx->gcm, NULL, NULL, 0))
2854 gctx->gcm.key,
2855 gctx->gcm.Yi.c, gctx->gcm.Xi.u);
2856 gctx->gcm.len.u[1] += bulk;
2859 if (CRYPTO_gcm128_encrypt(&gctx->gcm,
2865 CRYPTO_gcm128_tag(&gctx->gcm, out, EVP_GCM_TLS_TAG_LEN);
2869 if (gctx->ctr) {
2872 if (len >= 16 && AES_GCM_ASM(gctx)) {
2873 if (CRYPTO_gcm128_decrypt(&gctx->gcm, NULL, NULL, 0))
2877 gctx->gcm.key,
2878 gctx->gcm.Yi.c, gctx->gcm.Xi.u);
2879 gctx->gcm.len.u[1] += bulk;
2882 if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm,
2885 len - bulk, gctx->ctr))
2890 if (len >= 16 && AES_GCM_ASM2(gctx)) {
2891 if (CRYPTO_gcm128_decrypt(&gctx->gcm, NULL, NULL, 0))
2895 gctx->gcm.key,
2896 gctx->gcm.Yi.c, gctx->gcm.Xi.u);
2897 gctx->gcm.len.u[1] += bulk;
2900 if (CRYPTO_gcm128_decrypt(&gctx->gcm,
2905 CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, EVP_GCM_TLS_TAG_LEN);
2915 gctx->iv_set = 0;
2916 gctx->tls_aad_len = -1;
2929 static int aes_gcm_iv_generate(EVP_AES_GCM_CTX *gctx, int offset)
2931 int sz = gctx->ivlen - offset;
2934 if (sz <= 0 || gctx->ivlen < 12)
2938 if (RAND_bytes(gctx->iv + offset, sz) <= 0)
2947 EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
2950 if (!gctx->key_set)
2953 if (gctx->tls_aad_len >= 0)
2963 if (!gctx->iv_set) {
2964 if (!ctx->encrypt || !aes_gcm_iv_generate(gctx, 0))
2966 CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen);
2967 gctx->iv_set = 1;
2968 gctx->iv_gen_rand = 1;
2971 if (!gctx->iv_set)
2977 if (CRYPTO_gcm128_aad(&gctx->gcm, in, len))
2980 if (gctx->ctr) {
2983 if (len >= 32 && AES_GCM_ASM(gctx)) {
2984 size_t res = (16 - gctx->gcm.mres) % 16;
2986 if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, res))
2991 gctx->gcm.key, gctx->gcm.Yi.c,
2992 gctx->gcm.Xi.u);
2993 gctx->gcm.len.u[1] += bulk;
2997 if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm,
3000 len - bulk, gctx->ctr))
3005 if (len >= 32 && AES_GCM_ASM2(gctx)) {
3006 size_t res = (16 - gctx->gcm.mres) % 16;
3008 if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, res))
3013 gctx->gcm.key, gctx->gcm.Yi.c,
3014 gctx->gcm.Xi.u);
3015 gctx->gcm.len.u[1] += bulk;
3019 if (CRYPTO_gcm128_encrypt(&gctx->gcm,
3024 if (gctx->ctr) {
3027 if (len >= 16 && AES_GCM_ASM(gctx)) {
3028 size_t res = (16 - gctx->gcm.mres) % 16;
3030 if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, res))
3035 gctx->gcm.key,
3036 gctx->gcm.Yi.c, gctx->gcm.Xi.u);
3037 gctx->gcm.len.u[1] += bulk;
3041 if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm,
3044 len - bulk, gctx->ctr))
3049 if (len >= 16 && AES_GCM_ASM2(gctx)) {
3050 size_t res = (16 - gctx->gcm.mres) % 16;
3052 if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, res))
3057 gctx->gcm.key,
3058 gctx->gcm.Yi.c, gctx->gcm.Xi.u);
3059 gctx->gcm.len.u[1] += bulk;
3063 if (CRYPTO_gcm128_decrypt(&gctx->gcm,
3071 if (gctx->taglen < 0)
3073 if (CRYPTO_gcm128_finish(&gctx->gcm, ctx->buf, gctx->taglen) != 0)
3075 gctx->iv_set = 0;
3078 CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, 16);
3079 gctx->taglen = 16;
3081 gctx->iv_set = 0;