Lines Matching refs:gctx
267 #define AES_GCM_ASM(gctx) \ argument
268 (gctx->ctr == aesni_ctr32_encrypt_blocks && gctx->gcm.ghash == gcm_ghash_avx)
471 EVP_AES_GCM_CTX *gctx = ctx->cipher_data; in aes_gcm_init_key() local
476 gctx->ctr = in aes_gcm_init_key()
477 aes_ctr_set_key(&gctx->ks.ks, &gctx->gcm, NULL, key, ctx->key_len); in aes_gcm_init_key()
479 if (iv == NULL && gctx->iv_set) { in aes_gcm_init_key()
480 iv = gctx->iv; in aes_gcm_init_key()
483 CRYPTO_gcm128_setiv(&gctx->gcm, &gctx->ks.ks, iv, gctx->ivlen); in aes_gcm_init_key()
484 gctx->iv_set = 1; in aes_gcm_init_key()
486 gctx->key_set = 1; in aes_gcm_init_key()
489 if (gctx->key_set) { in aes_gcm_init_key()
490 CRYPTO_gcm128_setiv(&gctx->gcm, &gctx->ks.ks, iv, gctx->ivlen); in aes_gcm_init_key()
492 memcpy(gctx->iv, iv, gctx->ivlen); in aes_gcm_init_key()
494 gctx->iv_set = 1; in aes_gcm_init_key()
495 gctx->iv_gen = 0; in aes_gcm_init_key()
501 EVP_AES_GCM_CTX *gctx = c->cipher_data; in aes_gcm_cleanup() local
502 OPENSSL_cleanse(&gctx->gcm, sizeof(gctx->gcm)); in aes_gcm_cleanup()
503 if (gctx->iv != c->iv) { in aes_gcm_cleanup()
504 OPENSSL_free(gctx->iv); in aes_gcm_cleanup()
525 EVP_AES_GCM_CTX *gctx = c->cipher_data; in aes_gcm_ctrl() local
528 gctx->key_set = 0; in aes_gcm_ctrl()
529 gctx->iv_set = 0; in aes_gcm_ctrl()
530 gctx->ivlen = c->cipher->iv_len; in aes_gcm_ctrl()
531 gctx->iv = c->iv; in aes_gcm_ctrl()
532 gctx->taglen = -1; in aes_gcm_ctrl()
533 gctx->iv_gen = 0; in aes_gcm_ctrl()
542 if (arg > EVP_MAX_IV_LENGTH && arg > gctx->ivlen) { in aes_gcm_ctrl()
543 if (gctx->iv != c->iv) { in aes_gcm_ctrl()
544 OPENSSL_free(gctx->iv); in aes_gcm_ctrl()
546 gctx->iv = OPENSSL_malloc(arg); in aes_gcm_ctrl()
547 if (!gctx->iv) { in aes_gcm_ctrl()
551 gctx->ivlen = arg; in aes_gcm_ctrl()
559 gctx->taglen = arg; in aes_gcm_ctrl()
563 if (arg <= 0 || arg > 16 || !c->encrypt || gctx->taglen < 0) { in aes_gcm_ctrl()
572 memcpy(gctx->iv, ptr, gctx->ivlen); in aes_gcm_ctrl()
573 gctx->iv_gen = 1; in aes_gcm_ctrl()
578 if (arg < 4 || (gctx->ivlen - arg) < 8) { in aes_gcm_ctrl()
582 memcpy(gctx->iv, ptr, arg); in aes_gcm_ctrl()
584 if (c->encrypt && !RAND_bytes(gctx->iv + arg, gctx->ivlen - arg)) { in aes_gcm_ctrl()
587 gctx->iv_gen = 1; in aes_gcm_ctrl()
591 if (gctx->iv_gen == 0 || gctx->key_set == 0) { in aes_gcm_ctrl()
594 CRYPTO_gcm128_setiv(&gctx->gcm, &gctx->ks.ks, gctx->iv, gctx->ivlen); in aes_gcm_ctrl()
595 if (arg <= 0 || arg > gctx->ivlen) { in aes_gcm_ctrl()
596 arg = gctx->ivlen; in aes_gcm_ctrl()
598 memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg); in aes_gcm_ctrl()
602 ctr64_inc(gctx->iv + gctx->ivlen - 8); in aes_gcm_ctrl()
603 gctx->iv_set = 1; in aes_gcm_ctrl()
607 if (gctx->iv_gen == 0 || gctx->key_set == 0 || c->encrypt) { in aes_gcm_ctrl()
610 memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg); in aes_gcm_ctrl()
611 CRYPTO_gcm128_setiv(&gctx->gcm, &gctx->ks.ks, gctx->iv, gctx->ivlen); in aes_gcm_ctrl()
612 gctx->iv_set = 1; in aes_gcm_ctrl()
618 if (gctx->iv == c->iv) { in aes_gcm_ctrl()
621 gctx_out->iv = OPENSSL_malloc(gctx->ivlen); in aes_gcm_ctrl()
625 memcpy(gctx_out->iv, gctx->iv, gctx->ivlen); in aes_gcm_ctrl()
637 EVP_AES_GCM_CTX *gctx = ctx->cipher_data; in aes_gcm_cipher() local
640 if (!gctx->key_set) { in aes_gcm_cipher()
643 if (!gctx->iv_set) { in aes_gcm_cipher()
649 if (!CRYPTO_gcm128_aad(&gctx->gcm, in, len)) { in aes_gcm_cipher()
653 if (gctx->ctr) { in aes_gcm_cipher()
656 if (len >= 32 && AES_GCM_ASM(gctx)) { in aes_gcm_cipher()
657 size_t res = (16 - gctx->gcm.mres) % 16; in aes_gcm_cipher()
659 if (!CRYPTO_gcm128_encrypt(&gctx->gcm, &gctx->ks.ks, in, out, res)) { in aes_gcm_cipher()
663 bulk = AES_gcm_encrypt(in + res, out + res, len - res, &gctx->ks.ks, in aes_gcm_cipher()
664 gctx->gcm.Yi.c, gctx->gcm.Xi.u); in aes_gcm_cipher()
665 gctx->gcm.len.u[1] += bulk; in aes_gcm_cipher()
669 if (!CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm, &gctx->ks.ks, in + bulk, in aes_gcm_cipher()
670 out + bulk, len - bulk, gctx->ctr)) { in aes_gcm_cipher()
675 if (!CRYPTO_gcm128_encrypt(&gctx->gcm, &gctx->ks.ks, in + bulk, in aes_gcm_cipher()
681 if (gctx->ctr) { in aes_gcm_cipher()
684 if (len >= 16 && AES_GCM_ASM(gctx)) { in aes_gcm_cipher()
685 size_t res = (16 - gctx->gcm.mres) % 16; in aes_gcm_cipher()
687 if (!CRYPTO_gcm128_decrypt(&gctx->gcm, &gctx->ks.ks, in, out, res)) { in aes_gcm_cipher()
691 bulk = AES_gcm_decrypt(in + res, out + res, len - res, &gctx->ks.ks, in aes_gcm_cipher()
692 gctx->gcm.Yi.c, gctx->gcm.Xi.u); in aes_gcm_cipher()
693 gctx->gcm.len.u[1] += bulk; in aes_gcm_cipher()
697 if (!CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm, &gctx->ks.ks, in + bulk, in aes_gcm_cipher()
698 out + bulk, len - bulk, gctx->ctr)) { in aes_gcm_cipher()
703 if (!CRYPTO_gcm128_decrypt(&gctx->gcm, &gctx->ks.ks, in + bulk, in aes_gcm_cipher()
712 if (gctx->taglen < 0 || in aes_gcm_cipher()
713 !CRYPTO_gcm128_finish(&gctx->gcm, ctx->buf, gctx->taglen)) { in aes_gcm_cipher()
716 gctx->iv_set = 0; in aes_gcm_cipher()
719 CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, 16); in aes_gcm_cipher()
720 gctx->taglen = 16; in aes_gcm_cipher()
722 gctx->iv_set = 0; in aes_gcm_cipher()
884 EVP_AES_GCM_CTX *gctx = ctx->cipher_data; in aesni_gcm_init_key() local
889 aesni_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); in aesni_gcm_init_key()
890 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f)aesni_encrypt); in aesni_gcm_init_key()
891 gctx->ctr = (ctr128_f)aesni_ctr32_encrypt_blocks; in aesni_gcm_init_key()
894 if (iv == NULL && gctx->iv_set) { in aesni_gcm_init_key()
895 iv = gctx->iv; in aesni_gcm_init_key()
898 CRYPTO_gcm128_setiv(&gctx->gcm, &gctx->ks.ks, iv, gctx->ivlen); in aesni_gcm_init_key()
899 gctx->iv_set = 1; in aesni_gcm_init_key()
901 gctx->key_set = 1; in aesni_gcm_init_key()
904 if (gctx->key_set) { in aesni_gcm_init_key()
905 CRYPTO_gcm128_setiv(&gctx->gcm, &gctx->ks.ks, iv, gctx->ivlen); in aesni_gcm_init_key()
907 memcpy(gctx->iv, iv, gctx->ivlen); in aesni_gcm_init_key()
909 gctx->iv_set = 1; in aesni_gcm_init_key()
910 gctx->iv_gen = 0; in aesni_gcm_init_key()