Add basic aria and camellia ciphers modes to default provider

The aes code has been refactored into generic and algorithn specific parts,
so that most of the code can be shared.
The cipher related files have been broken up into smaller parts.
Add chunked variant of mode ciphers - aria uses this (many other ciphers will use this new code instead of the
generic code used by aes).

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9451)

crypto/evp/e_aes.c

@@ -20,7 +20,7 @@
 #include "internal/cryptlib.h"
 #include "internal/modes_int.h"
 #include "internal/siv_int.h"
-#include "internal/aes_platform.h"
+#include "internal/ciphermode_platform.h"
 #include "evp_locl.h"
 
 typedef struct {

crypto/evp/e_camellia.c

@@ -19,6 +19,7 @@ NON_EMPTY_TRANSLATION_UNIT
 # include <openssl/camellia.h>
 # include "internal/evp_int.h"
 # include "internal/modes_int.h"
+# include "internal/ciphermode_platform.h"
 
 static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                              const unsigned char *iv, int enc);
@@ -43,34 +44,6 @@ typedef struct {
  * assembler support was in general requested... */
 #  include "sparc_arch.h"
 
-extern unsigned int OPENSSL_sparcv9cap_P[];
-
-#  define SPARC_CMLL_CAPABLE      (OPENSSL_sparcv9cap_P[1] & CFR_CAMELLIA)
-
-void cmll_t4_set_key(const unsigned char *key, int bits, CAMELLIA_KEY *ks);
-void cmll_t4_encrypt(const unsigned char *in, unsigned char *out,
-                     const CAMELLIA_KEY *key);
-void cmll_t4_decrypt(const unsigned char *in, unsigned char *out,
-                     const CAMELLIA_KEY *key);
-
-void cmll128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
-                            size_t len, const CAMELLIA_KEY *key,
-                            unsigned char *ivec);
-void cmll128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
-                            size_t len, const CAMELLIA_KEY *key,
-                            unsigned char *ivec);
-void cmll256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
-                            size_t len, const CAMELLIA_KEY *key,
-                            unsigned char *ivec);
-void cmll256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
-                            size_t len, const CAMELLIA_KEY *key,
-                            unsigned char *ivec);
-void cmll128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
-                              size_t blocks, const CAMELLIA_KEY *key,
-                              unsigned char *ivec);
-void cmll256_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
-                              size_t blocks, const CAMELLIA_KEY *key,
-                              unsigned char *ivec);
 
 static int cmll_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                             const unsigned char *iv, int enc)

crypto/evp/evp_enc.c

@@ -175,6 +175,48 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
         case NID_aria_256_ccm:
         case NID_aria_192_ccm:
         case NID_aria_128_ccm:
+        case NID_aria_256_ecb:
+        case NID_aria_192_ecb:
+        case NID_aria_128_ecb:
+        case NID_aria_256_cbc:
+        case NID_aria_192_cbc:
+        case NID_aria_128_cbc:
+        case NID_aria_256_ofb128:
+        case NID_aria_192_ofb128:
+        case NID_aria_128_ofb128:
+        case NID_aria_256_cfb128:
+        case NID_aria_192_cfb128:
+        case NID_aria_128_cfb128:
+        case NID_aria_256_cfb1:
+        case NID_aria_192_cfb1:
+        case NID_aria_128_cfb1:
+        case NID_aria_256_cfb8:
+        case NID_aria_192_cfb8:
+        case NID_aria_128_cfb8:
+        case NID_aria_256_ctr:
+        case NID_aria_192_ctr:
+        case NID_aria_128_ctr:
+        case NID_camellia_256_ecb:
+        case NID_camellia_192_ecb:
+        case NID_camellia_128_ecb:
+        case NID_camellia_256_cbc:
+        case NID_camellia_192_cbc:
+        case NID_camellia_128_cbc:
+        case NID_camellia_256_ofb128:
+        case NID_camellia_192_ofb128:
+        case NID_camellia_128_ofb128:
+        case NID_camellia_256_cfb128:
+        case NID_camellia_192_cfb128:
+        case NID_camellia_128_cfb128:
+        case NID_camellia_256_cfb1:
+        case NID_camellia_192_cfb1:
+        case NID_camellia_128_cfb1:
+        case NID_camellia_256_cfb8:
+        case NID_camellia_192_cfb8:
+        case NID_camellia_128_cfb8:
+        case NID_camellia_256_ctr:
+        case NID_camellia_192_ctr:
+        case NID_camellia_128_ctr:
             break;
         default:
             goto legacy;

crypto/include/internal/ciphermode_platform.h

@@ -7,8 +7,10 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef HEADER_INTERNAL_AES_PLATFORM_H
-# define HEADER_INTERNAL_AES_PLATFORM_H
+#ifndef HEADER_INTERNAL_CIPHERMODE_PLATFORM_H
+# define HEADER_INTERNAL_CIPHERMODE_PLATFORM_H
+
+# include "openssl/aes.h"
 
 # ifdef VPAES_ASM
 int vpaes_set_encrypt_key(const unsigned char *userKey, int bits,
@@ -189,6 +191,37 @@ void gcm_ghash_avx(u64 Xi[2], const u128 Htable[16], const u8 *in, size_t len);
 /* Fujitsu SPARC64 X support */
 extern unsigned int OPENSSL_sparcv9cap_P[];
 #  include "sparc_arch.h"
+
+#  ifndef OPENSSL_NO_CAMELLIA
+#   define SPARC_CMLL_CAPABLE      (OPENSSL_sparcv9cap_P[1] & CFR_CAMELLIA)
+
+void cmll_t4_set_key(const unsigned char *key, int bits, CAMELLIA_KEY *ks);
+void cmll_t4_encrypt(const unsigned char *in, unsigned char *out,
+                     const CAMELLIA_KEY *key);
+void cmll_t4_decrypt(const unsigned char *in, unsigned char *out,
+                     const CAMELLIA_KEY *key);
+
+void cmll128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                            size_t len, const CAMELLIA_KEY *key,
+                            unsigned char *ivec);
+void cmll128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
+                            size_t len, const CAMELLIA_KEY *key,
+                            unsigned char *ivec);
+void cmll256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                            size_t len, const CAMELLIA_KEY *key,
+                            unsigned char *ivec);
+void cmll256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
+                            size_t len, const CAMELLIA_KEY *key,
+                            unsigned char *ivec);
+void cmll128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
+                              size_t blocks, const CAMELLIA_KEY *key,
+                              unsigned char *ivec);
+void cmll256_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
+                              size_t blocks, const CAMELLIA_KEY *key,
+                              unsigned char *ivec);
+#  endif /* OPENSSL_NO_CAMELLIA */
+
+
 #  define SPARC_AES_CAPABLE       (OPENSSL_sparcv9cap_P[1] & CFR_AES)
 #  define HWAES_CAPABLE           (OPENSSL_sparcv9cap_P[0] & SPARCV9_FJAESX)
 #  define HWAES_set_encrypt_key aes_fx_set_encrypt_key
@@ -398,4 +431,4 @@ void HWAES_ocb_decrypt(const unsigned char *in, unsigned char *out,
 
 # endif /* HWAES_CAPABLE */
 
-#endif /* HEADER_INTERNAL_AES_PLATFORM_H */
+#endif /* HEADER_INTERNAL_CIPHERMODE_PLATFORM_H */

providers/common/ciphers/aes.c

@@ -1,458 +0,0 @@
-/*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/core_numbers.h>
-#include <openssl/core_names.h>
-#include <openssl/evp.h>
-#include <openssl/params.h>
-#include <openssl/rand.h>
-#include "internal/cryptlib.h"
-#include "internal/provider_algs.h"
-#include "ciphers_locl.h"
-#include "internal/providercommonerr.h"
-
-static OSSL_OP_cipher_encrypt_init_fn aes_einit;
-static OSSL_OP_cipher_decrypt_init_fn aes_dinit;
-static OSSL_OP_cipher_update_fn aes_block_update;
-static OSSL_OP_cipher_final_fn aes_block_final;
-static OSSL_OP_cipher_update_fn aes_stream_update;
-static OSSL_OP_cipher_final_fn aes_stream_final;
-static OSSL_OP_cipher_cipher_fn aes_cipher;
-static OSSL_OP_cipher_freectx_fn aes_freectx;
-static OSSL_OP_cipher_dupctx_fn aes_dupctx;
-static OSSL_OP_cipher_get_ctx_params_fn aes_get_ctx_params;
-static OSSL_OP_cipher_set_ctx_params_fn aes_set_ctx_params;
-
-static int PROV_AES_KEY_generic_init(PROV_AES_KEY *ctx,
-                                      const unsigned char *iv,
-                                      size_t ivlen,
-                                      int enc)
-{
-    if (iv != NULL && ctx->mode != EVP_CIPH_ECB_MODE) {
-        if (ivlen != AES_BLOCK_SIZE) {
-            ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
-            return 0;
-        }
-        memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
-    }
-    ctx->enc = enc;
-
-    return 1;
-}
-
-static int aes_einit(void *vctx, const unsigned char *key, size_t keylen,
-                           const unsigned char *iv, size_t ivlen)
-{
-    PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
-
-    if (!PROV_AES_KEY_generic_init(ctx, iv, ivlen, 1)) {
-        /* ERR_raise already called */
-        return 0;
-    }
-    if (key != NULL) {
-        if (keylen != ctx->keylen) {
-            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
-            return 0;
-        }
-        return ctx->ciph->init(ctx, key, ctx->keylen);
-    }
-
-    return 1;
-}
-
-static int aes_dinit(void *vctx, const unsigned char *key, size_t keylen,
-                     const unsigned char *iv, size_t ivlen)
-{
-    PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
-
-    if (!PROV_AES_KEY_generic_init(ctx, iv, ivlen, 0)) {
-        /* ERR_raise already called */
-        return 0;
-    }
-    if (key != NULL) {
-        if (keylen != ctx->keylen) {
-            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
-            return 0;
-        }
-        return ctx->ciph->init(ctx, key, ctx->keylen);
-    }
-
-    return 1;
-}
-
-static int aes_block_update(void *vctx, unsigned char *out, size_t *outl,
-                            size_t outsize, const unsigned char *in, size_t inl)
-{
-    PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
-    size_t nextblocks = fillblock(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE, &in,
-                                  &inl);
-    size_t outlint = 0;
-
-    /*
-     * If we're decrypting and we end an update on a block boundary we hold
-     * the last block back in case this is the last update call and the last
-     * block is padded.
-     */
-    if (ctx->bufsz == AES_BLOCK_SIZE
-            && (ctx->enc || inl > 0 || !ctx->pad)) {
-        if (outsize < AES_BLOCK_SIZE) {
-            ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
-            return 0;
-        }
-        if (!ctx->ciph->cipher(ctx, out, ctx->buf, AES_BLOCK_SIZE)) {
-            ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
-            return 0;
-        }
-        ctx->bufsz = 0;
-        outlint = AES_BLOCK_SIZE;
-        out += AES_BLOCK_SIZE;
-    }
-    if (nextblocks > 0) {
-        if (!ctx->enc && ctx->pad && nextblocks == inl) {
-            if (!ossl_assert(inl >= AES_BLOCK_SIZE)) {
-                ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
-                return 0;
-            }
-            nextblocks -= AES_BLOCK_SIZE;
-        }
-        outlint += nextblocks;
-        if (outsize < outlint) {
-            ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
-            return 0;
-        }
-        if (!ctx->ciph->cipher(ctx, out, in, nextblocks)) {
-            ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
-            return 0;
-        }
-        in += nextblocks;
-        inl -= nextblocks;
-    }
-    if (!trailingdata(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE, &in, &inl)) {
-        /* ERR_raise already called */
-        return 0;
-    }
-
-    *outl = outlint;
-    return inl == 0;
-}
-
-static int aes_block_final(void *vctx, unsigned char *out, size_t *outl,
-                           size_t outsize)
-{
-    PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
-
-    if (ctx->enc) {
-        if (ctx->pad) {
-            padblock(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE);
-        } else if (ctx->bufsz == 0) {
-            *outl = 0;
-            return 1;
-        } else if (ctx->bufsz != AES_BLOCK_SIZE) {
-            ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_FINAL_BLOCK_LENGTH);
-            return 0;
-        }
-
-        if (outsize < AES_BLOCK_SIZE) {
-            ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
-            return 0;
-        }
-        if (!ctx->ciph->cipher(ctx, out, ctx->buf, AES_BLOCK_SIZE)) {
-            ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
-            return 0;
-        }
-        ctx->bufsz = 0;
-        *outl = AES_BLOCK_SIZE;
-        return 1;
-    }
-
-    /* Decrypting */
-    if (ctx->bufsz != AES_BLOCK_SIZE) {
-        if (ctx->bufsz == 0 && !ctx->pad) {
-            *outl = 0;
-            return 1;
-        }
-        ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_FINAL_BLOCK_LENGTH);
-        return 0;
-    }
-
-    if (!ctx->ciph->cipher(ctx, ctx->buf, ctx->buf, AES_BLOCK_SIZE)) {
-        ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
-        return 0;
-    }
-
-    if (ctx->pad && !unpadblock(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE)) {
-        /* ERR_raise already called */
-        return 0;
-    }
-
-    if (outsize < ctx->bufsz) {
-        ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
-        return 0;
-    }
-    memcpy(out, ctx->buf, ctx->bufsz);
-    *outl = ctx->bufsz;
-    ctx->bufsz = 0;
-    return 1;
-}
-
-static int aes_stream_update(void *vctx, unsigned char *out, size_t *outl,
-                             size_t outsize, const unsigned char *in,
-                             size_t inl)
-{
-    PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
-
-    if (outsize < inl) {
-        ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
-        return 0;
-    }
-
-    if (!ctx->ciph->cipher(ctx, out, in, inl)) {
-        ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
-        return 0;
-    }
-
-    *outl = inl;
-    return 1;
-}
-static int aes_stream_final(void *vctx, unsigned char *out, size_t *outl,
-                            size_t outsize)
-{
-    *outl = 0;
-    return 1;
-}
-
-static int aes_cipher(void *vctx,
-                      unsigned char *out, size_t *outl, size_t outsize,
-                      const unsigned char *in, size_t inl)
-{
-    PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
-
-    if (outsize < inl) {
-        ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
-        return 0;
-    }
-
-    if (!ctx->ciph->cipher(ctx, out, in, inl)) {
-        ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
-        return 0;
-    }
-
-    *outl = inl;
-    return 1;
-}
-
-static void *aes_new_ctx(void *provctx, size_t mode, size_t kbits,
-                         const PROV_AES_CIPHER *ciph)
-{
-    PROV_AES_KEY *ctx = OPENSSL_zalloc(sizeof(*ctx));
-
-    ctx->pad = 1;
-    ctx->keylen = kbits / 8;
-    ctx->ciph = ciph;
-    ctx->mode = mode;
-    return ctx;
-}
-
-static void aes_freectx(void *vctx)
-{
-    PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
-
-    OPENSSL_clear_free(ctx,  sizeof(*ctx));
-}
-
-static void *aes_dupctx(void *ctx)
-{
-    PROV_AES_KEY *in = (PROV_AES_KEY *)ctx;
-    PROV_AES_KEY *ret = OPENSSL_malloc(sizeof(*ret));
-
-    if (ret == NULL) {
-        ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
-        return NULL;
-    }
-    *ret = *in;
-
-    return ret;
-}
-
-static int aes_get_ctx_params(void *vctx, OSSL_PARAM params[])
-{
-    PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
-    OSSL_PARAM *p;
-
-    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
-    if (p != NULL && !OSSL_PARAM_set_int(p, AES_BLOCK_SIZE)) {
-        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
-        return 0;
-    }
-    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_PADDING);
-    if (p != NULL && !OSSL_PARAM_set_int(p, ctx->pad)) {
-        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
-        return 0;
-    }
-    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
-    if (p != NULL
-        && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, AES_BLOCK_SIZE)
-        && !OSSL_PARAM_set_octet_string(p, &ctx->iv, AES_BLOCK_SIZE)) {
-        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
-        return 0;
-    }
-    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_NUM);
-    if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->num)) {
-        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
-        return 0;
-    }
-    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
-    if (p != NULL && !OSSL_PARAM_set_int(p, ctx->keylen)) {
-        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
-        return 0;
-    }
-
-    return 1;
-}
-
-static int aes_set_ctx_params(void *vctx, const OSSL_PARAM params[])
-{
-    PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
-    const OSSL_PARAM *p;
-
-    p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_PADDING);
-    if (p != NULL) {
-        int pad;
-
-        if (!OSSL_PARAM_get_int(p, &pad)) {
-            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
-            return 0;
-        }
-        ctx->pad = pad ? 1 : 0;
-    }
-    p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_NUM);
-    if (p != NULL) {
-        int num;
-
-        if (!OSSL_PARAM_get_int(p, &num)) {
-            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
-            return 0;
-        }
-        ctx->num = num;
-    }
-    p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
-    if (p != NULL) {
-        int keylen;
-
-        if (!OSSL_PARAM_get_int(p, &keylen)) {
-            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
-            return 0;
-        }
-        ctx->keylen = keylen;
-    }
-    return 1;
-}
-
-#define IMPLEMENT_cipher(lcmode, UCMODE, flags, kbits, blkbits, ivbits)        \
-    static OSSL_OP_cipher_get_params_fn aes_##kbits##_##lcmode##_get_params;   \
-    static int aes_##kbits##_##lcmode##_get_params(OSSL_PARAM params[])        \
-    {                                                                          \
-        return cipher_default_get_params(params, EVP_CIPH_##UCMODE##_MODE,     \
-                                         flags, kbits, blkbits, ivbits);       \
-    }                                                                          \
-    static OSSL_OP_cipher_newctx_fn aes_##kbits##_##lcmode##_newctx;           \
-    static void *aes_##kbits##_##lcmode##_newctx(void *provctx)                \
-    {                                                                          \
-        return aes_new_ctx(provctx, EVP_CIPH_##UCMODE##_MODE, kbits,           \
-                           PROV_AES_CIPHER_##lcmode(kbits / 8));               \
-    }
-
-/* ECB */
-IMPLEMENT_cipher(ecb, ECB, 0, 256, 128, 0)
-IMPLEMENT_cipher(ecb, ECB, 0, 192, 128, 0)
-IMPLEMENT_cipher(ecb, ECB, 0, 128, 128, 0)
-
-/* CBC */
-IMPLEMENT_cipher(cbc, CBC, 0, 256, 128, 128)
-IMPLEMENT_cipher(cbc, CBC, 0, 192, 128, 128)
-IMPLEMENT_cipher(cbc, CBC, 0, 128, 128, 128)
-
-/* OFB */
-IMPLEMENT_cipher(ofb, OFB, 0, 256, 8, 128)
-IMPLEMENT_cipher(ofb, OFB, 0, 192, 8, 128)
-IMPLEMENT_cipher(ofb, OFB, 0, 128, 8, 128)
-
-/* CFB */
-IMPLEMENT_cipher(cfb, CFB, 0, 256, 8, 128)
-IMPLEMENT_cipher(cfb, CFB, 0, 192, 8, 128)
-IMPLEMENT_cipher(cfb, CFB, 0, 128, 8, 128)
-IMPLEMENT_cipher(cfb1, CFB, 0, 256, 8, 128)
-IMPLEMENT_cipher(cfb1, CFB, 0, 192, 8, 128)
-IMPLEMENT_cipher(cfb1, CFB, 0, 128, 8, 128)
-IMPLEMENT_cipher(cfb8, CFB, 0, 256, 8, 128)
-IMPLEMENT_cipher(cfb8, CFB, 0, 192, 8, 128)
-IMPLEMENT_cipher(cfb8, CFB, 0, 128, 8, 128)
-
-/* CTR */
-IMPLEMENT_cipher(ctr, CTR, 0, 256, 8, 128)
-IMPLEMENT_cipher(ctr, CTR, 0, 192, 8, 128)
-IMPLEMENT_cipher(ctr, CTR, 0, 128, 8, 128)
-
-#define IMPLEMENT_funcs(mode, kbits, type)                                     \
-const OSSL_DISPATCH aes##kbits##mode##_functions[] = {                         \
-    { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))aes_##kbits##_##mode##_newctx },\
-    { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_einit },              \
-    { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_dinit },              \
-    { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))aes_##type##_update },          \
-    { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))aes_##type##_final },            \
-    { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))aes_cipher },                   \
-    { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_freectx },                 \
-    { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_dupctx },                   \
-    { OSSL_FUNC_CIPHER_GET_PARAMS,                                             \
-      (void (*)(void))aes_##kbits##_##mode##_get_params },                     \
-    { OSSL_FUNC_CIPHER_GET_CTX_PARAMS,                                         \
-      (void (*)(void))aes_get_ctx_params },                                    \
-    { OSSL_FUNC_CIPHER_SET_CTX_PARAMS,                                         \
-      (void (*)(void))aes_set_ctx_params },                                    \
-    { OSSL_FUNC_CIPHER_GETTABLE_PARAMS,                                        \
-      (void (*)(void))cipher_default_gettable_params },                        \
-    { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS,                                    \
-      (void (*)(void))cipher_default_gettable_ctx_params },                    \
-    { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS,                                    \
-      (void (*)(void))cipher_default_settable_ctx_params },                    \
-    { 0, NULL }                                                                \
-};
-
-/* ECB */
-IMPLEMENT_funcs(ecb, 256, block)
-IMPLEMENT_funcs(ecb, 192, block)
-IMPLEMENT_funcs(ecb, 128, block)
-
-/* CBC */
-IMPLEMENT_funcs(cbc, 256, block)
-IMPLEMENT_funcs(cbc, 192, block)
-IMPLEMENT_funcs(cbc, 128, block)
-
-/* OFB */
-IMPLEMENT_funcs(ofb, 256, stream)
-IMPLEMENT_funcs(ofb, 192, stream)
-IMPLEMENT_funcs(ofb, 128, stream)
-
-/* CFB */
-IMPLEMENT_funcs(cfb, 256, stream)
-IMPLEMENT_funcs(cfb, 192, stream)
-IMPLEMENT_funcs(cfb, 128, stream)
-IMPLEMENT_funcs(cfb1, 256, stream)
-IMPLEMENT_funcs(cfb1, 192, stream)
-IMPLEMENT_funcs(cfb1, 128, stream)
-IMPLEMENT_funcs(cfb8, 256, stream)
-IMPLEMENT_funcs(cfb8, 192, stream)
-IMPLEMENT_funcs(cfb8, 128, stream)
-
-/* CTR */
-IMPLEMENT_funcs(ctr, 256, stream)
-IMPLEMENT_funcs(ctr, 192, stream)
-IMPLEMENT_funcs(ctr, 128, stream)

providers/common/ciphers/aes_basic.c

@@ -1,629 +0,0 @@
-/*
- * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-#include <string.h>
-#include <assert.h>
-#include <openssl/opensslconf.h>
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-#include <openssl/aes.h>
-#include <openssl/rand.h>
-#include <openssl/cmac.h>
-#include "ciphers_locl.h"
-#include "internal/evp_int.h"
-#include "internal/providercommonerr.h"
-#include "internal/aes_platform.h"
-
-#define MAXBITCHUNK     ((size_t)1 << (sizeof(size_t) * 8 - 4))
-
-#if defined(AESNI_CAPABLE)
-
-/* AES-NI section. */
-
-static int aesni_init_key(PROV_AES_KEY *dat, const unsigned char *key,
-                          size_t keylen)
-{
-    int ret;
-
-    if ((dat->mode == EVP_CIPH_ECB_MODE || dat->mode == EVP_CIPH_CBC_MODE)
-        && !dat->enc) {
-        ret = aesni_set_decrypt_key(key, keylen * 8, &dat->ks.ks);
-        dat->block = (block128_f) aesni_decrypt;
-        dat->stream.cbc = dat->mode == EVP_CIPH_CBC_MODE ?
-            (cbc128_f) aesni_cbc_encrypt : NULL;
-    } else {
-        ret = aesni_set_encrypt_key(key, keylen * 8, &dat->ks.ks);
-        dat->block = (block128_f) aesni_encrypt;
-        if (dat->mode == EVP_CIPH_CBC_MODE)
-            dat->stream.cbc = (cbc128_f) aesni_cbc_encrypt;
-        else if (dat->mode == EVP_CIPH_CTR_MODE)
-            dat->stream.ctr = (ctr128_f) aesni_ctr32_encrypt_blocks;
-        else
-            dat->stream.cbc = NULL;
-    }
-
-    if (ret < 0) {
-        ERR_raise(ERR_LIB_PROV, PROV_R_AES_KEY_SETUP_FAILED);
-        return 0;
-    }
-
-    return 1;
-}
-
-static int aesni_cbc_cipher(PROV_AES_KEY *ctx, unsigned char *out,
-                            const unsigned char *in, size_t len)
-{
-    aesni_cbc_encrypt(in, out, len, &ctx->ks.ks, ctx->iv, ctx->enc);
-
-    return 1;
-}
-
-static int aesni_ecb_cipher(PROV_AES_KEY *ctx, unsigned char *out,
-                            const unsigned char *in, size_t len)
-{
-    if (len < AES_BLOCK_SIZE)
-        return 1;
-
-    aesni_ecb_encrypt(in, out, len, &ctx->ks.ks, ctx->enc);
-
-    return 1;
-}
-
-# define aesni_ofb_cipher aes_ofb_cipher
-static int aesni_ofb_cipher(PROV_AES_KEY *ctx, unsigned char *out,
-                            const unsigned char *in, size_t len);
-
-# define aesni_cfb_cipher aes_cfb_cipher
-static int aesni_cfb_cipher(PROV_AES_KEY *ctx, unsigned char *out,
-                            const unsigned char *in, size_t len);
-
-# define aesni_cfb8_cipher aes_cfb8_cipher
-static int aesni_cfb8_cipher(PROV_AES_KEY *ctx, unsigned char *out,
-                             const unsigned char *in, size_t len);
-
-# define aesni_cfb1_cipher aes_cfb1_cipher
-static int aesni_cfb1_cipher(PROV_AES_KEY *ctx, unsigned char *out,
-                             const unsigned char *in, size_t len);
-
-# define aesni_ctr_cipher aes_ctr_cipher
-static int aesni_ctr_cipher(PROV_AES_KEY *ctx, unsigned char *out,
-                            const unsigned char *in, size_t len);
-
-# define BLOCK_CIPHER_generic_prov(mode) \
-static const PROV_AES_CIPHER aesni_##mode = { \
-        aesni_init_key,                 \
-        aesni_##mode##_cipher};         \
-static const PROV_AES_CIPHER aes_##mode = { \
-        aes_init_key,                   \
-        aes_##mode##_cipher}; \
-const PROV_AES_CIPHER *PROV_AES_CIPHER_##mode(size_t keylen) \
-{ return AESNI_CAPABLE?&aesni_##mode:&aes_##mode; }
-
-
-#elif defined(SPARC_AES_CAPABLE)
-
-static int aes_t4_init_key(PROV_AES_KEY *dat, const unsigned char *key,
-                           size_t keylen)
-{
-    int ret, bits;
-
-    bits = keylen * 8;
-    if ((dat->mode == EVP_CIPH_ECB_MODE || dat->mode == EVP_CIPH_CBC_MODE)
-        && !dat->enc) {
-        ret = 0;
-        aes_t4_set_decrypt_key(key, bits, &dat->ks.ks);
-        dat->block = (block128_f) aes_t4_decrypt;
-        switch (bits) {
-        case 128:
-            dat->stream.cbc = dat->mode == EVP_CIPH_CBC_MODE ?
-                (cbc128_f) aes128_t4_cbc_decrypt : NULL;
-            break;
-        case 192:
-            dat->stream.cbc = dat->mode == EVP_CIPH_CBC_MODE ?
-                (cbc128_f) aes192_t4_cbc_decrypt : NULL;
-            break;
-        case 256:
-            dat->stream.cbc = dat->mode == EVP_CIPH_CBC_MODE ?
-                (cbc128_f) aes256_t4_cbc_decrypt : NULL;
-            break;
-        default:
-            ret = -1;
-        }
-    } else {
-        ret = 0;
-        aes_t4_set_encrypt_key(key, bits, &dat->ks.ks);
-        dat->block = (block128_f)aes_t4_encrypt;
-        switch (bits) {
-        case 128:
-            if (dat->mode == EVP_CIPH_CBC_MODE)
-                dat->stream.cbc = (cbc128_f)aes128_t4_cbc_encrypt;
-            else if (dat->mode == EVP_CIPH_CTR_MODE)
-                dat->stream.ctr = (ctr128_f)aes128_t4_ctr32_encrypt;
-            else
-                dat->stream.cbc = NULL;
-            break;
-        case 192:
-            if (dat->mode == EVP_CIPH_CBC_MODE)
-                dat->stream.cbc = (cbc128_f)aes192_t4_cbc_encrypt;
-            else if (dat->mode == EVP_CIPH_CTR_MODE)
-                dat->stream.ctr = (ctr128_f)aes192_t4_ctr32_encrypt;
-            else
-                dat->stream.cbc = NULL;
-            break;
-        case 256:
-            if (dat->mode == EVP_CIPH_CBC_MODE)
-                dat->stream.cbc = (cbc128_f)aes256_t4_cbc_encrypt;
-            else if (dat->mode == EVP_CIPH_CTR_MODE)
-                dat->stream.ctr = (ctr128_f)aes256_t4_ctr32_encrypt;
-            else
-                dat->stream.cbc = NULL;
-            break;
-        default:
-            ret = -1;
-        }
-    }
-
-    if (ret < 0) {
-        ERR_raise(ERR_LIB_PROV, PROV_R_AES_KEY_SETUP_FAILED);
-        return 0;
-    }
-
-    return 1;
-}
-
-# define aes_t4_cbc_cipher aes_cbc_cipher
-static int aes_t4_cbc_cipher(PROV_AES_KEY *ctx, unsigned char *out,
-                             const unsigned char *in, size_t len);
-
-# define aes_t4_ecb_cipher aes_ecb_cipher
-static int aes_t4_ecb_cipher(PROV_AES_KEY *ctx, unsigned char *out,
-                             const unsigned char *in, size_t len);
-
-# define aes_t4_ofb_cipher aes_ofb_cipher
-static int aes_t4_ofb_cipher(PROV_AES_KEY *ctx, unsigned char *out,
-                             const unsigned char *in, size_t len);
-
-# define aes_t4_cfb_cipher aes_cfb_cipher
-static int aes_t4_cfb_cipher(PROV_AES_KEY *ctx, unsigned char *out,
-                             const unsigned char *in, size_t len);
-
-# define aes_t4_cfb8_cipher aes_cfb8_cipher
-static int aes_t4_cfb8_cipher(PROV_AES_KEY *ctx, unsigned char *out,
-                              const unsigned char *in, size_t len);
-
-# define aes_t4_cfb1_cipher aes_cfb1_cipher
-static int aes_t4_cfb1_cipher(PROV_AES_KEY *ctx, unsigned char *out,
-                              const unsigned char *in, size_t len);
-
-# define aes_t4_ctr_cipher aes_ctr_cipher
-static int aes_t4_ctr_cipher(PROV_AES_KEY *ctx, unsigned char *out,
-                             const unsigned char *in, size_t len);
-
-# define BLOCK_CIPHER_generic_prov(mode) \
-static const PROV_AES_CIPHER aes_t4_##mode = { \
-        aes_t4_init_key,                 \
-        aes_t4_##mode##_cipher};         \
-static const PROV_AES_CIPHER aes_##mode = { \
-        aes_init_key,                   \
-        aes_##mode##_cipher}; \
-const PROV_AES_CIPHER *PROV_AES_CIPHER_##mode(size_t keylen) \
-{ return SPARC_AES_CAPABLE?&aes_t4_##mode:&aes_##mode; }
-
-
-#elif defined(S390X_aes_128_CAPABLE)
-/*
- * IBM S390X support
- */
-# include "s390x_arch.h"
-
-# define s390x_aes_init_key aes_init_key
-static int s390x_aes_init_key(PROV_AES_KEY *dat, const unsigned char *key,
-                              size_t keylen);
-# define S390X_AES_CBC_CTX          PROV_AES_KEY
-
-# define s390x_aes_cbc_init_key aes_init_key
-
-# define s390x_aes_cbc_cipher aes_cbc_cipher
-static int s390x_aes_cbc_cipher(PROV_AES_KEY *dat, unsigned char *out,
-                                const unsigned char *in, size_t len);
-
-static int s390x_aes_ecb_init_key(PROV_AES_KEY *dat, const unsigned char *key,
-                                  size_t keylen)
-{
-    dat->plat.s390x.fc = S390X_AES_FC(keylen);
-    if (!dat->enc)
-        dat->plat.s390x.fc |= S390X_DECRYPT;
-
-    memcpy(dat->plat.s390x.param.km.k, key, keylen);
-    return 1;
-}
-
-static int s390x_aes_ecb_cipher(PROV_AES_KEY *dat, unsigned char *out,
-                                const unsigned char *in, size_t len)
-{
-    s390x_km(in, len, out, dat->plat.s390x.fc,
-             &dat->plat.s390x.param.km);
-    return 1;
-}
-
-static int s390x_aes_ofb_init_key(PROV_AES_KEY *dat, const unsigned char *key,
-                                  size_t keylen)
-{
-    memcpy(dat->plat.s390x.param.kmo_kmf.cv, dat->iv, AES_BLOCK_SIZE);
-    memcpy(dat->plat.s390x.param.kmo_kmf.k, key, keylen);
-    dat->plat.s390x.fc = S390X_AES_FC(keylen);
-    dat->plat.s390x.res = 0;
-    return 1;
-}
-
-static int s390x_aes_ofb_cipher(PROV_AES_KEY *dat, unsigned char *out,
-                                const unsigned char *in, size_t len)
-{
-    int n = dat->plat.s390x.res;
-    int rem;
-
-    while (n && len) {
-        *out = *in ^ dat->plat.s390x.param.kmo_kmf.cv[n];
-        n = (n + 1) & 0xf;
-        --len;
-        ++in;
-        ++out;
-    }
-
-    rem = len & 0xf;
-
-    len &= ~(size_t)0xf;
-    if (len) {
-        s390x_kmo(in, len, out, dat->plat.s390x.fc,
-                  &dat->plat.s390x.param.kmo_kmf);
-
-        out += len;
-        in += len;
-    }
-
-    if (rem) {
-        s390x_km(dat->plat.s390x.param.kmo_kmf.cv, 16,
-                 dat->plat.s390x.param.kmo_kmf.cv, dat->plat.s390x.fc,
-                 dat->plat.s390x.param.kmo_kmf.k);
-
-        while (rem--) {
-            out[n] = in[n] ^ dat->plat.s390x.param.kmo_kmf.cv[n];
-            ++n;
-        }
-    }
-
-    dat->plat.s390x.res = n;
-    return 1;
-}
-
-static int s390x_aes_cfb_init_key(PROV_AES_KEY *dat, const unsigned char *key,
-                                  size_t keylen)
-{
-    dat->plat.s390x.fc = S390X_AES_FC(keylen);
-    dat->plat.s390x.fc |= 16 << 24;   /* 16 bytes cipher feedback */
-    if (!dat->enc)
-        dat->plat.s390x.fc |= S390X_DECRYPT;
-
-    dat->plat.s390x.res = 0;
-    memcpy(dat->plat.s390x.param.kmo_kmf.cv, dat->iv, AES_BLOCK_SIZE);
-    memcpy(dat->plat.s390x.param.kmo_kmf.k, key, keylen);
-    return 1;
-}
-
-static int s390x_aes_cfb_cipher(PROV_AES_KEY *dat, unsigned char *out,
-                                const unsigned char *in, size_t len)
-{
-    int n = dat->plat.s390x.res;
-    int rem;
-    unsigned char tmp;
-
-    while (n && len) {
-        tmp = *in;
-        *out = dat->plat.s390x.param.kmo_kmf.cv[n] ^ tmp;
-        dat->plat.s390x.param.kmo_kmf.cv[n] = dat->enc ? *out : tmp;
-        n = (n + 1) & 0xf;
-        --len;
-        ++in;
-        ++out;
-    }
-
-    rem = len & 0xf;
-
-    len &= ~(size_t)0xf;
-    if (len) {
-        s390x_kmf(in, len, out, dat->plat.s390x.fc,
-                  &dat->plat.s390x.param.kmo_kmf);
-
-        out += len;
-        in += len;
-    }
-
-    if (rem) {
-        s390x_km(dat->plat.s390x.param.kmo_kmf.cv, 16,
-                 dat->plat.s390x.param.kmo_kmf.cv,
-                 S390X_AES_FC(dat->keylen), dat->plat.s390x.param.kmo_kmf.k);
-
-        while (rem--) {
-            tmp = in[n];
-            out[n] = dat->plat.s390x.param.kmo_kmf.cv[n] ^ tmp;
-            dat->plat.s390x.param.kmo_kmf.cv[n] = dat->enc ? out[n] : tmp;
-            ++n;
-        }
-    }
-
-    dat->plat.s390x.res = n;
-    return 1;
-}
-
-static int s390x_aes_cfb8_init_key(PROV_AES_KEY *dat, const unsigned char *key,
-                                  size_t keylen)
-{
-    dat->plat.s390x.fc = S390X_AES_FC(keylen);
-    dat->plat.s390x.fc |= 1 << 24;   /* 1 byte cipher feedback */
-    if (!dat->enc)
-        dat->plat.s390x.fc |= S390X_DECRYPT;
-
-    memcpy(dat->plat.s390x.param.kmo_kmf.cv, dat->iv, AES_BLOCK_SIZE);
-    memcpy(dat->plat.s390x.param.kmo_kmf.k, key, keylen);
-    return 1;
-}
-
-static int s390x_aes_cfb8_cipher(PROV_AES_KEY *dat, unsigned char *out,
-                                 const unsigned char *in, size_t len)
-{
-    s390x_kmf(in, len, out, dat->plat.s390x.fc,
-              &dat->plat.s390x.param.kmo_kmf);
-    return 1;
-}
-
-# define s390x_aes_cfb1_init_key aes_init_key
-
-# define s390x_aes_cfb1_cipher aes_cfb1_cipher
-static int s390x_aes_cfb1_cipher(PROV_AES_KEY *dat, unsigned char *out,
-                                 const unsigned char *in, size_t len);
-# define S390X_AES_CTR_CTX          PROV_AES_KEY
-
-# define s390x_aes_ctr_init_key aes_init_key
-
-# define s390x_aes_ctr_cipher aes_ctr_cipher
-static int s390x_aes_ctr_cipher(PROV_AES_KEY *dat, unsigned char *out,
-                                const unsigned char *in, size_t len);
-
-# define BLOCK_CIPHER_generic_prov(mode) \
-static const PROV_AES_CIPHER s390x_aes_##mode = { \
-        s390x_aes_##mode##_init_key,    \
-        s390x_aes_##mode##_cipher       \
-};  \
-static const PROV_AES_CIPHER aes_##mode = { \
-        aes_init_key,           \
-        aes_##mode##_cipher     \
-}; \
-const PROV_AES_CIPHER *PROV_AES_CIPHER_##mode(size_t keylen) \
-{   \
-    if ((keylen == 16 && S390X_aes_128_##mode##_CAPABLE)           \
-            || (keylen == 24 && S390X_aes_192_##mode##_CAPABLE)    \
-            || (keylen == 32 && S390X_aes_256_##mode##_CAPABLE))   \
-        return &s390x_aes_##mode;   \
-    \
-    return &aes_##mode; \
-}
-
-#else
-/* The generic case */
-# define BLOCK_CIPHER_generic_prov(mode) \
-static const PROV_AES_CIPHER aes_##mode = { \
-        aes_init_key,                   \
-        aes_##mode##_cipher}; \
-const PROV_AES_CIPHER *PROV_AES_CIPHER_##mode(size_t keylen) \
-{ return &aes_##mode; }
-
-#endif
-
-static int aes_init_key(PROV_AES_KEY *dat, const unsigned char *key,
-                        size_t keylen)
-{
-    int ret;
-
-    if ((dat->mode == EVP_CIPH_ECB_MODE || dat->mode == EVP_CIPH_CBC_MODE)
-        && !dat->enc) {
-#ifdef HWAES_CAPABLE
-        if (HWAES_CAPABLE) {
-            ret = HWAES_set_decrypt_key(key, keylen * 8, &dat->ks.ks);
-            dat->block = (block128_f)HWAES_decrypt;
-            dat->stream.cbc = NULL;
-# ifdef HWAES_cbc_encrypt
-            if (dat->mode == EVP_CIPH_CBC_MODE)
-                dat->stream.cbc = (cbc128_f)HWAES_cbc_encrypt;
-# endif
-        } else
-#endif
-#ifdef BSAES_CAPABLE
-        if (BSAES_CAPABLE && dat->mode == EVP_CIPH_CBC_MODE) {
-            ret = AES_set_decrypt_key(key, keylen * 8, &dat->ks.ks);
-            dat->block = (block128_f)AES_decrypt;
-            dat->stream.cbc = (cbc128_f)bsaes_cbc_encrypt;
-        } else
-#endif
-#ifdef VPAES_CAPABLE
-        if (VPAES_CAPABLE) {
-            ret = vpaes_set_decrypt_key(key, keylen * 8, &dat->ks.ks);
-            dat->block = (block128_f)vpaes_decrypt;
-            dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE)
-                              ?(cbc128_f)vpaes_cbc_encrypt : NULL;
-        } else
-#endif
-        {
-            ret = AES_set_decrypt_key(key, keylen * 8, &dat->ks.ks);
-            dat->block = (block128_f)AES_decrypt;
-            dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE)
-                              ? (cbc128_f)AES_cbc_encrypt : NULL;
-        }
-    } else
-#ifdef HWAES_CAPABLE
-    if (HWAES_CAPABLE) {
-        ret = HWAES_set_encrypt_key(key, keylen * 8, &dat->ks.ks);
-        dat->block = (block128_f)HWAES_encrypt;
-        dat->stream.cbc = NULL;
-# ifdef HWAES_cbc_encrypt
-        if (dat->mode == EVP_CIPH_CBC_MODE)
-            dat->stream.cbc = (cbc128_f)HWAES_cbc_encrypt;
-        else
-# endif
-# ifdef HWAES_ctr32_encrypt_blocks
-        if (dat->mode == EVP_CIPH_CTR_MODE)
-            dat->stream.ctr = (ctr128_f)HWAES_ctr32_encrypt_blocks;
-        else
-# endif
-            (void)0;            /* terminate potentially open 'else' */
-    } else
-#endif
-#ifdef BSAES_CAPABLE
-    if (BSAES_CAPABLE && dat->mode == EVP_CIPH_CTR_MODE) {
-        ret = AES_set_encrypt_key(key, keylen * 8, &dat->ks.ks);
-        dat->block = (block128_f)AES_encrypt;
-        dat->stream.ctr = (ctr128_f)bsaes_ctr32_encrypt_blocks;
-    } else
-#endif
-#ifdef VPAES_CAPABLE
-    if (VPAES_CAPABLE) {
-        ret = vpaes_set_encrypt_key(key, keylen * 8, &dat->ks.ks);
-        dat->block = (block128_f)vpaes_encrypt;
-        dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE)
-                          ? (cbc128_f)vpaes_cbc_encrypt : NULL;
-    } else
-#endif
-    {
-        ret = AES_set_encrypt_key(key, keylen * 8, &dat->ks.ks);
-        dat->block = (block128_f)AES_encrypt;
-        dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE)
-                          ? (cbc128_f)AES_cbc_encrypt : NULL;
-#ifdef AES_CTR_ASM
-        if (dat->mode == EVP_CIPH_CTR_MODE)
-            dat->stream.ctr = (ctr128_f)AES_ctr32_encrypt;
-#endif
-    }
-
-    if (ret < 0) {
-        ERR_raise(ERR_LIB_PROV, PROV_R_AES_KEY_SETUP_FAILED);
-        return 0;
-    }
-
-    return 1;
-}
-
-static int aes_cbc_cipher(PROV_AES_KEY *dat, unsigned char *out,
-                          const unsigned char *in, size_t len)
-{
-    if (dat->stream.cbc)
-        (*dat->stream.cbc) (in, out, len, &dat->ks, dat->iv, dat->enc);
-    else if (dat->enc)
-        CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, dat->iv, dat->block);
-    else
-        CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, dat->iv, dat->block);
-
-    return 1;
-}
-
-static int aes_ecb_cipher(PROV_AES_KEY *dat, unsigned char *out,
-                          const unsigned char *in, size_t len)
-{
-    size_t i;
-
-    if (len < AES_BLOCK_SIZE)
-        return 1;
-
-    for (i = 0, len -= AES_BLOCK_SIZE; i <= len; i += AES_BLOCK_SIZE)
-        (*dat->block) (in + i, out + i, &dat->ks);
-
-    return 1;
-}
-
-static int aes_ofb_cipher(PROV_AES_KEY *dat, unsigned char *out,
-                          const unsigned char *in, size_t len)
-{
-    int num = dat->num;
-    CRYPTO_ofb128_encrypt(in, out, len, &dat->ks, dat->iv, &num, dat->block);
-    dat->num = num;
-
-    return 1;
-}
-
-static int aes_cfb_cipher(PROV_AES_KEY *dat, unsigned char *out,
-                          const unsigned char *in, size_t len)
-{
-    int num = dat->num;
-    CRYPTO_cfb128_encrypt(in, out, len, &dat->ks, dat->iv, &num, dat->enc,
-                          dat->block);
-    dat->num = num;
-
-    return 1;
-}
-
-static int aes_cfb8_cipher(PROV_AES_KEY *dat, unsigned char *out,
-                           const unsigned char *in, size_t len)
-{
-    int num = dat->num;
-    CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks, dat->iv, &num, dat->enc,
-                            dat->block);
-    dat->num = num;
-
-    return 1;
-}
-
-static int aes_cfb1_cipher(PROV_AES_KEY *dat, unsigned char *out,
-                           const unsigned char *in, size_t len)
-{
-    int num = dat->num;
-
-    if ((dat->flags & EVP_CIPH_FLAG_LENGTH_BITS) != 0) {
-        CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks, dat->iv, &num,
-                                dat->enc, dat->block);
-        dat->num = num;
-        return 1;
-    }
-
-    while (len >= MAXBITCHUNK) {
-        CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks,
-                                dat->iv, &num, dat->enc, dat->block);
-        len -= MAXBITCHUNK;
-        out += MAXBITCHUNK;
-        in  += MAXBITCHUNK;
-    }
-    if (len)
-        CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks, dat->iv, &num,
-                                dat->enc, dat->block);
-
-    dat->num = num;
-
-    return 1;
-}
-
-static int aes_ctr_cipher(PROV_AES_KEY *dat, unsigned char *out,
-                          const unsigned char *in, size_t len)
-{
-    unsigned int num = dat->num;
-
-    if (dat->stream.ctr)
-        CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks, dat->iv, dat->buf,
-                                    &num, dat->stream.ctr);
-    else
-        CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, dat->iv, dat->buf,
-                              &num, dat->block);
-    dat->num = num;
-
-    return 1;
-}
-
-BLOCK_CIPHER_generic_prov(cbc)
-BLOCK_CIPHER_generic_prov(ecb)
-BLOCK_CIPHER_generic_prov(ofb)
-BLOCK_CIPHER_generic_prov(cfb)
-BLOCK_CIPHER_generic_prov(cfb1)
-BLOCK_CIPHER_generic_prov(cfb8)
-BLOCK_CIPHER_generic_prov(ctr)
-

providers/common/ciphers/block.c

@@ -7,12 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <string.h>
-#include <openssl/evp.h>
-#include <openssl/err.h>
-#include "ciphers_locl.h"
 #include <assert.h>
-#include "internal/providercommonerr.h"
+#include "cipher_locl.h"
 
 /*
  * Fills a single block of buffered data from the input, and returns the amount

providers/common/ciphers/build.info

@@ -1,10 +1,22 @@
 LIBS=../../../libcrypto
 
-$COMMON=block.c aes.c aes_basic.c gcm.c gcm_hw.c ciphers_common.c \
-        ccm.c ccm_hw.c
+$COMMON=cipher_common.c cipher_common_hw.c block.c \
+        cipher_aes.c cipher_aes_hw.c \
+        cipher_gcm.c cipher_aes_gcm.c cipher_gcm_hw.c \
+        cipher_ccm.c cipher_aes_ccm.c cipher_ccm_hw.c
 
 SOURCE[../../../libcrypto]=$COMMON
+IF[{- !$disabled{aria} -}]
+  SOURCE[../../../libcrypto]=\
+      cipher_aria.c cipher_aria_hw.c \
+      cipher_aria_gcm.c cipher_aria_ccm.c 
+ENDIF
+
+IF[{- !$disabled{camellia} -}]
+  SOURCE[../../../libcrypto]=\
+      cipher_camellia.c cipher_camellia_hw.c
+ENDIF
 INCLUDE[../../../libcrypto]=. ../../../crypto
 
 SOURCE[../../fips]=$COMMON
-INCLUDE[../../fips]=. ../../../crypto
+INCLUDE[../../fips]=. ../../../crypto

providers/common/ciphers/cipher_aes.c

@@ -0,0 +1,79 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Dispatch functions for AES cipher modes ecb, cbc, ofb, cfb, ctr */
+
+#include "cipher_locl.h"
+
+static OSSL_OP_cipher_freectx_fn aes_freectx;
+static OSSL_OP_cipher_dupctx_fn aes_dupctx;
+
+static void aes_freectx(void *vctx)
+{
+    PROV_AES_CTX *ctx = (PROV_AES_CTX *)vctx;
+
+    OPENSSL_clear_free(ctx,  sizeof(*ctx));
+}
+
+static void *aes_dupctx(void *ctx)
+{
+    PROV_AES_CTX *in = (PROV_AES_CTX *)ctx;
+    PROV_AES_CTX *ret = OPENSSL_malloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    *ret = *in;
+
+    return ret;
+}
+
+/* aes256ecb_functions */
+IMPLEMENT_generic_cipher(aes, AES, ecb, ECB, 0, 256, 128, 0, block)
+/* aes192ecb_functions */
+IMPLEMENT_generic_cipher(aes, AES, ecb, ECB, 0, 192, 128, 0, block)
+/* aes128ecb_functions */
+IMPLEMENT_generic_cipher(aes, AES, ecb, ECB, 0, 128, 128, 0, block)
+/* aes256cbc_functions */
+IMPLEMENT_generic_cipher(aes, AES, cbc, CBC, 0, 256, 128, 128, block)
+/* aes192cbc_functions */
+IMPLEMENT_generic_cipher(aes, AES, cbc, CBC, 0, 192, 128, 128, block)
+/* aes128cbc_functions */
+IMPLEMENT_generic_cipher(aes, AES, cbc, CBC, 0, 128, 128, 128, block)
+/* aes256ofb_functions */
+IMPLEMENT_generic_cipher(aes, AES, ofb, OFB, 0, 256, 8, 128, stream)
+/* aes192ofb_functions */
+IMPLEMENT_generic_cipher(aes, AES, ofb, OFB, 0, 192, 8, 128, stream)
+/* aes128ofb_functions */
+IMPLEMENT_generic_cipher(aes, AES, ofb, OFB, 0, 128, 8, 128, stream)
+/* aes256cfb_functions */
+IMPLEMENT_generic_cipher(aes, AES, cfb,  CFB, 0, 256, 8, 128, stream)
+/* aes192cfb_functions */
+IMPLEMENT_generic_cipher(aes, AES, cfb,  CFB, 0, 192, 8, 128, stream)
+/* aes128cfb_functions */
+IMPLEMENT_generic_cipher(aes, AES, cfb,  CFB, 0, 128, 8, 128, stream)
+/* aes256cfb1_functions */
+IMPLEMENT_generic_cipher(aes, AES, cfb1, CFB, 0, 256, 8, 128, stream)
+/* aes192cfb1_functions */
+IMPLEMENT_generic_cipher(aes, AES, cfb1, CFB, 0, 192, 8, 128, stream)
+/* aes128cfb1_functions */
+IMPLEMENT_generic_cipher(aes, AES, cfb1, CFB, 0, 128, 8, 128, stream)
+/* aes256cfb8_functions */
+IMPLEMENT_generic_cipher(aes, AES, cfb8, CFB, 0, 256, 8, 128, stream)
+/* aes192cfb8_functions */
+IMPLEMENT_generic_cipher(aes, AES, cfb8, CFB, 0, 192, 8, 128, stream)
+/* aes128cfb8_functions */
+IMPLEMENT_generic_cipher(aes, AES, cfb8, CFB, 0, 128, 8, 128, stream)
+/* aes256ctr_functions */
+IMPLEMENT_generic_cipher(aes, AES, ctr, CTR, 0, 256, 8, 128, stream)
+/* aes192ctr_functions */
+IMPLEMENT_generic_cipher(aes, AES, ctr, CTR, 0, 192, 8, 128, stream)
+/* aes128ctr_functions */
+IMPLEMENT_generic_cipher(aes, AES, ctr, CTR, 0, 128, 8, 128, stream)

providers/common/ciphers/cipher_aes.h

@@ -0,0 +1,61 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/aes.h>
+
+typedef struct prov_aes_ctx_st {
+    PROV_CIPHER_CTX base;      /* Must be first */
+    union {
+        OSSL_UNION_ALIGN;
+        AES_KEY ks;
+    } ks;
+
+    /* Platform specific data */
+    union {
+        int dummy;
+#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
+        struct {
+            union {
+                OSSL_UNION_ALIGN;
+                /*-
+                 * KM-AES parameter block - begin
+                 * (see z/Architecture Principles of Operation >= SA22-7832-06)
+                 */
+                struct {
+                    unsigned char k[32];
+                } km;
+                /* KM-AES parameter block - end */
+                /*-
+                 * KMO-AES/KMF-AES parameter block - begin
+                 * (see z/Architecture Principles of Operation >= SA22-7832-08)
+                 */
+                struct {
+                    unsigned char cv[16];
+                    unsigned char k[32];
+                } kmo_kmf;
+                /* KMO-AES/KMF-AES parameter block - end */
+            } param;
+            unsigned int fc;
+            int res;
+        } s390x;
+#endif /* defined(OPENSSL_CPUID_OBJ) && defined(__s390__) */
+    } plat;
+
+} PROV_AES_CTX;
+
+#define PROV_CIPHER_HW_aes_ofb PROV_CIPHER_HW_aes_ofb128
+#define PROV_CIPHER_HW_aes_cfb PROV_CIPHER_HW_aes_cfb128
+const PROV_CIPHER_HW *PROV_CIPHER_HW_aes_ecb(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_aes_cbc(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_aes_ofb128(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_aes_cfb128(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_aes_cfb1(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_aes_cfb8(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_aes_ctr(size_t keybits);
+

providers/common/ciphers/cipher_aes_ccm.c

@@ -0,0 +1,37 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Dispatch functions for AES CCM mode */
+
+#include "cipher_locl.h"
+
+static void *aes_ccm_newctx(void *provctx, size_t keybits)
+{
+    PROV_AES_CCM_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+    if (ctx != NULL)
+        ccm_initctx(&ctx->base, keybits, PROV_AES_HW_ccm(keybits));
+    return ctx;
+}
+
+static OSSL_OP_cipher_freectx_fn aes_ccm_freectx;
+static void aes_ccm_freectx(void *vctx)
+{
+    PROV_AES_CCM_CTX *ctx = (PROV_AES_CCM_CTX *)vctx;
+
+    ccm_finalctx((PROV_CCM_CTX *)ctx);
+    OPENSSL_clear_free(ctx,  sizeof(*ctx));
+}
+
+/* aes128ccm_functions */
+IMPLEMENT_aead_cipher(aes, ccm, CCM, AEAD_FLAGS, 128, 8, 96);
+/* aes192ccm_functions */
+IMPLEMENT_aead_cipher(aes, ccm, CCM, AEAD_FLAGS, 192, 8, 96);
+/* aes256ccm_functions */
+IMPLEMENT_aead_cipher(aes, ccm, CCM, AEAD_FLAGS, 256, 8, 96);

providers/common/ciphers/cipher_aes_ccm_hw_aesni.inc

@@ -0,0 +1,37 @@
+/*
+ * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * AES-NI support for AES CCM.
+ * This file is included by cipher_ccm_hw.c
+ */
+
+static int ccm_aesni_initkey(PROV_CCM_CTX *ctx, const unsigned char *key,
+                             size_t keylen)
+{
+    PROV_AES_CCM_CTX *actx = (PROV_AES_CCM_CTX *)ctx;
+
+    AES_CCM_SET_KEY_FN(aesni_set_encrypt_key, aesni_encrypt,
+                       aesni_ccm64_encrypt_blocks, aesni_ccm64_decrypt_blocks);
+    return 1;
+}
+
+static const PROV_CCM_HW aesni_ccm = {
+    ccm_aesni_initkey,
+    ccm_generic_setiv,
+    ccm_generic_setaad,
+    ccm_generic_auth_encrypt,
+    ccm_generic_auth_decrypt,
+    ccm_generic_gettag
+};
+
+const PROV_CCM_HW *PROV_AES_HW_ccm(size_t keybits)
+{
+    return AESNI_CAPABLE ? &aesni_ccm : &aes_ccm;
+}

providers/common/ciphers/cipher_aes_ccm_hw_s390x.inc

@@ -7,10 +7,15 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*-
+ * S390X support for AES CCM.
+ * This file is included by cipher_ccm_hw.c
+ */
+
 #define S390X_CCM_AAD_FLAG 0x40
 
-static int s390x_aes_ccm_init_key(PROV_CCM_CTX *ctx,
-                                  const unsigned char *key, size_t keylen)
+static int s390x_aes_ccm_initkey(PROV_CCM_CTX *ctx,
+                                 const unsigned char *key, size_t keylen)
 {
     PROV_AES_CCM_CTX *sctx = (PROV_AES_CCM_CTX *)ctx;
 
@@ -245,7 +250,7 @@ static int s390x_aes_ccm_auth_decrypt(PROV_CCM_CTX *ctx,
 }
 
 static const PROV_CCM_HW s390x_aes_ccm = {
-    s390x_aes_ccm_init_key,
+    s390x_aes_ccm_initkey,
     s390x_aes_ccm_setiv,
     s390x_aes_ccm_setaad,
     s390x_aes_ccm_auth_encrypt,

providers/common/ciphers/cipher_aes_ccm_hw_t4.inc

@@ -0,0 +1,36 @@
+/*
+ * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * Fujitsu SPARC64 X support for AES CCM.
+ * This file is included by cipher_ccm_hw.c
+ */
+
+static int ccm_t4_aes_initkey(PROV_CCM_CTX *ctx, const unsigned char *key,
+                              size_t keylen)
+{
+    PROV_AES_CCM_CTX *actx = (PROV_AES_CCM_CTX *)ctx;
+
+    AES_CCM_SET_KEY_FN(aes_t4_set_encrypt_key, aes_t4_encrypt, NULL, NULL);
+    return 1;
+}
+
+static const PROV_CCM_HW t4_aes_ccm = {
+    ccm_t4_aes_initkey,
+    ccm_generic_setiv,
+    ccm_generic_setaad,
+    ccm_generic_auth_encrypt,
+    ccm_generic_auth_decrypt,
+    ccm_generic_gettag
+};
+
+const PROV_CCM_HW *PROV_AES_HW_ccm(size_t keybits)
+{
+    return SPARC_AES_CAPABLE ? &t4_aes_ccm : &aes_ccm;
+}

providers/common/ciphers/cipher_aes_gcm.c

@@ -0,0 +1,37 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Dispatch functions for AES GCM mode */
+
+#include "cipher_locl.h"
+
+static void *aes_gcm_newctx(void *provctx, size_t keybits)
+{
+    PROV_AES_GCM_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+    if (ctx != NULL)
+        gcm_initctx(provctx, &ctx->base, keybits, PROV_AES_HW_gcm(keybits), 8);
+    return ctx;
+}
+
+static OSSL_OP_cipher_freectx_fn aes_gcm_freectx;
+static void aes_gcm_freectx(void *vctx)
+{
+    PROV_AES_GCM_CTX *ctx = (PROV_AES_GCM_CTX *)vctx;
+
+    gcm_deinitctx((PROV_GCM_CTX *)ctx);
+    OPENSSL_clear_free(ctx,  sizeof(*ctx));
+}
+
+/* aes128gcm_functions */
+IMPLEMENT_aead_cipher(aes, gcm, GCM, AEAD_FLAGS, 128, 8, 96);
+/* aes192gcm_functions */
+IMPLEMENT_aead_cipher(aes, gcm, GCM, AEAD_FLAGS, 192, 8, 96);
+/* aes256gcm_functions */
+IMPLEMENT_aead_cipher(aes, gcm, GCM, AEAD_FLAGS, 256, 8, 96);

providers/common/ciphers/cipher_aes_gcm_hw_aesni.inc

@@ -0,0 +1,39 @@
+/*
+ * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * AES-NI support for AES GCM.
+ * This file is included by cipher_gcm_hw.c
+ */
+
+static int aesni_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key,
+                             size_t keylen)
+{
+    PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx;
+    AES_KEY *ks = &actx->ks.ks;
+
+    SET_KEY_CTR_FN(ks, aesni_set_encrypt_key, aesni_encrypt,
+                   aesni_ctr32_encrypt_blocks);
+    return 1;
+}
+
+static const PROV_GCM_HW aesni_gcm = {
+    aesni_gcm_initkey,
+    gcm_setiv,
+    gcm_aad_update,
+    gcm_cipher_update,
+    gcm_cipher_final,
+    gcm_one_shot
+};
+
+const PROV_GCM_HW *PROV_AES_HW_gcm(size_t keybits)
+{
+    return AESNI_CAPABLE ? &aesni_gcm : &aes_gcm;
+}
+

providers/common/ciphers/cipher_aes_gcm_hw_s390x.inc

@@ -7,16 +7,16 @@
  * https://www.openssl.org/source/license.html
  */
 
-/*
- * IBM S390X AES GCM support
- * Note this file is included by aes_gcm_hw.c
+/*-
+ * IBM S390X support for AES GCM.
+ * This file is included by cipher_gcm_hw.c
  */
 
 /* iv + padding length for iv lengths != 12 */
 #define S390X_gcm_ivpadlen(i)  ((((i) + 15) >> 4 << 4) + 16)
 
-static int s390x_aes_gcm_init_key(PROV_GCM_CTX *ctx,
-                                  const unsigned char *key, size_t keylen)
+static int s390x_aes_gcm_initkey(PROV_GCM_CTX *ctx,
+                                 const unsigned char *key, size_t keylen)
 {
     PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx;
 
@@ -285,7 +285,7 @@ static int s390x_aes_gcm_cipher_update(PROV_GCM_CTX *ctx,
 }
 
 static const PROV_GCM_HW s390x_aes_gcm = {
-    s390x_aes_gcm_init_key,
+    s390x_aes_gcm_initkey,
     s390x_aes_gcm_setiv,
     s390x_aes_gcm_aad_update,
     s390x_aes_gcm_cipher_update,

providers/common/ciphers/cipher_aes_gcm_hw_t4.inc

@@ -0,0 +1,52 @@
+/*
+ * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * Fujitsu SPARC64 X support for AES GCM.
+ * This file is included by cipher_gcm_hw.c
+ */
+
+static int t4_aes_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key,
+                              size_t keylen)
+{
+    ctr128_f ctr;
+    PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx;
+    AES_KEY *ks = &actx->ks.ks;
+
+
+    switch (keylen) {
+    case 16:
+        ctr = (ctr128_f)aes128_t4_ctr32_encrypt;
+        break;
+    case 24:
+        ctr = (ctr128_f)aes192_t4_ctr32_encrypt;
+        break;
+    case 32:
+        ctr = (ctr128_f)aes256_t4_ctr32_encrypt;
+        break;
+    default:
+        return 0;
+    }
+
+    SET_KEY_CTR_FN(ks, aes_t4_set_encrypt_key, aes_t4_encrypt, ctr);
+    return 1;
+}
+
+static const PROV_GCM_HW t4_aes_gcm = {
+    t4_aes_gcm_initkey,
+    gcm_setiv,
+    gcm_aad_update,
+    gcm_cipher_update,
+    gcm_cipher_final,
+    gcm_one_shot
+};
+const PROV_GCM_HW *PROV_AES_HW_gcm(size_t keybits)
+{
+    return SPARC_AES_CAPABLE ? &t4_aes_gcm : &aes_gcm;
+}

providers/common/ciphers/cipher_aes_hw.c

@@ -0,0 +1,138 @@
+/*
+ * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "cipher_locl.h"
+
+static int cipher_hw_aes_initkey(PROV_CIPHER_CTX *dat,
+                                 const unsigned char *key, size_t keylen)
+{
+    int ret;
+    PROV_AES_CTX *adat = (PROV_AES_CTX *)dat;
+    AES_KEY *ks = &adat->ks.ks;
+
+    dat->ks = ks;
+
+    if ((dat->mode == EVP_CIPH_ECB_MODE || dat->mode == EVP_CIPH_CBC_MODE)
+        && !dat->enc) {
+#ifdef HWAES_CAPABLE
+        if (HWAES_CAPABLE) {
+            ret = HWAES_set_decrypt_key(key, keylen * 8, ks);
+            dat->block = (block128_f)HWAES_decrypt;
+            dat->stream.cbc = NULL;
+# ifdef HWAES_cbc_encrypt
+            if (dat->mode == EVP_CIPH_CBC_MODE)
+                dat->stream.cbc = (cbc128_f)HWAES_cbc_encrypt;
+# endif
+        } else
+#endif
+#ifdef BSAES_CAPABLE
+        if (BSAES_CAPABLE && dat->mode == EVP_CIPH_CBC_MODE) {
+            ret = AES_set_decrypt_key(key, keylen * 8, ks);
+            dat->block = (block128_f)AES_decrypt;
+            dat->stream.cbc = (cbc128_f)bsaes_cbc_encrypt;
+        } else
+#endif
+#ifdef VPAES_CAPABLE
+        if (VPAES_CAPABLE) {
+            ret = vpaes_set_decrypt_key(key, keylen * 8, ks);
+            dat->block = (block128_f)vpaes_decrypt;
+            dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE)
+                              ?(cbc128_f)vpaes_cbc_encrypt : NULL;
+        } else
+#endif
+        {
+            ret = AES_set_decrypt_key(key, keylen * 8, ks);
+            dat->block = (block128_f)AES_decrypt;
+            dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE)
+                              ? (cbc128_f)AES_cbc_encrypt : NULL;
+        }
+    } else
+#ifdef HWAES_CAPABLE
+    if (HWAES_CAPABLE) {
+        ret = HWAES_set_encrypt_key(key, keylen * 8, ks);
+        dat->block = (block128_f)HWAES_encrypt;
+        dat->stream.cbc = NULL;
+# ifdef HWAES_cbc_encrypt
+        if (dat->mode == EVP_CIPH_CBC_MODE)
+            dat->stream.cbc = (cbc128_f)HWAES_cbc_encrypt;
+        else
+# endif
+# ifdef HWAES_ctr32_encrypt_blocks
+        if (dat->mode == EVP_CIPH_CTR_MODE)
+            dat->stream.ctr = (ctr128_f)HWAES_ctr32_encrypt_blocks;
+        else
+# endif
+            (void)0;            /* terminate potentially open 'else' */
+    } else
+#endif
+#ifdef BSAES_CAPABLE
+    if (BSAES_CAPABLE && dat->mode == EVP_CIPH_CTR_MODE) {
+        ret = AES_set_encrypt_key(key, keylen * 8, ks);
+        dat->block = (block128_f)AES_encrypt;
+        dat->stream.ctr = (ctr128_f)bsaes_ctr32_encrypt_blocks;
+    } else
+#endif
+#ifdef VPAES_CAPABLE
+    if (VPAES_CAPABLE) {
+        ret = vpaes_set_encrypt_key(key, keylen * 8, ks);
+        dat->block = (block128_f)vpaes_encrypt;
+        dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE)
+                          ? (cbc128_f)vpaes_cbc_encrypt : NULL;
+    } else
+#endif
+    {
+        ret = AES_set_encrypt_key(key, keylen * 8, ks);
+        dat->block = (block128_f)AES_encrypt;
+        dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE)
+                          ? (cbc128_f)AES_cbc_encrypt : NULL;
+#ifdef AES_CTR_ASM
+        if (dat->mode == EVP_CIPH_CTR_MODE)
+            dat->stream.ctr = (ctr128_f)AES_ctr32_encrypt;
+#endif
+    }
+
+    if (ret < 0) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_AES_KEY_SETUP_FAILED);
+        return 0;
+    }
+
+    return 1;
+}
+
+#define PROV_CIPHER_HW_aes_mode(mode)                                          \
+static const PROV_CIPHER_HW aes_##mode = {                                     \
+    cipher_hw_aes_initkey,                                                     \
+    cipher_hw_generic_##mode                                                   \
+};                                                                             \
+PROV_CIPHER_HW_declare(mode)                                                   \
+const PROV_CIPHER_HW *PROV_CIPHER_HW_aes_##mode(size_t keybits)                \
+{                                                                              \
+    PROV_CIPHER_HW_select(mode)                                                \
+    return &aes_##mode;                                                        \
+}
+
+#if defined(AESNI_CAPABLE)
+# include "cipher_aes_hw_aesni.inc"
+#elif defined(SPARC_AES_CAPABLE)
+# include "cipher_aes_hw_t4.inc"
+#elif defined(S390X_aes_128_CAPABLE)
+# include "cipher_aes_hw_s390x.inc"
+#else
+/* The generic case */
+# define PROV_CIPHER_HW_declare(mode)
+# define PROV_CIPHER_HW_select(mode)
+#endif
+
+PROV_CIPHER_HW_aes_mode(cbc)
+PROV_CIPHER_HW_aes_mode(ecb)
+PROV_CIPHER_HW_aes_mode(ofb128)
+PROV_CIPHER_HW_aes_mode(cfb128)
+PROV_CIPHER_HW_aes_mode(cfb1)
+PROV_CIPHER_HW_aes_mode(cfb8)
+PROV_CIPHER_HW_aes_mode(ctr)

providers/common/ciphers/cipher_aes_hw_aesni.inc

@@ -0,0 +1,83 @@
+/*
+ * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * AES-NI support for AES modes ecb, cbc, ofb, cfb, ctr.
+ * This file is included by cipher_aes_hw.c
+ */
+
+#define cipher_hw_aesni_ofb128 cipher_hw_generic_ofb128
+#define cipher_hw_aesni_cfb128 cipher_hw_generic_cfb128
+#define cipher_hw_aesni_cfb8   cipher_hw_generic_cfb8
+#define cipher_hw_aesni_cfb1   cipher_hw_generic_cfb1
+#define cipher_hw_aesni_ctr    cipher_hw_generic_ctr
+
+static int cipher_hw_aesni_initkey(PROV_CIPHER_CTX *dat,
+                                   const unsigned char *key, size_t keylen)
+{
+    int ret;
+    PROV_AES_CTX *adat = (PROV_AES_CTX *)dat;
+    AES_KEY *ks = &adat->ks.ks;
+
+    dat->ks = ks;
+
+    if ((dat->mode == EVP_CIPH_ECB_MODE || dat->mode == EVP_CIPH_CBC_MODE)
+        && !dat->enc) {
+        ret = aesni_set_decrypt_key(key, keylen * 8, ks);
+        dat->block = (block128_f) aesni_decrypt;
+        dat->stream.cbc = dat->mode == EVP_CIPH_CBC_MODE ?
+            (cbc128_f) aesni_cbc_encrypt : NULL;
+    } else {
+        ret = aesni_set_encrypt_key(key, keylen * 8, ks);
+        dat->block = (block128_f) aesni_encrypt;
+        if (dat->mode == EVP_CIPH_CBC_MODE)
+            dat->stream.cbc = (cbc128_f) aesni_cbc_encrypt;
+        else if (dat->mode == EVP_CIPH_CTR_MODE)
+            dat->stream.ctr = (ctr128_f) aesni_ctr32_encrypt_blocks;
+        else
+            dat->stream.cbc = NULL;
+    }
+
+    if (ret < 0) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_AES_KEY_SETUP_FAILED);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int cipher_hw_aesni_cbc(PROV_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t len)
+{
+    const AES_KEY *ks = ctx->ks;
+
+    aesni_cbc_encrypt(in, out, len, ks, ctx->iv, ctx->enc);
+
+    return 1;
+}
+
+static int cipher_hw_aesni_ecb(PROV_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t len)
+{
+    if (len < ctx->blocksize)
+        return 1;
+
+    aesni_ecb_encrypt(in, out, len, ctx->ks, ctx->enc);
+
+    return 1;
+}
+
+#define PROV_CIPHER_HW_declare(mode)                                           \
+static const PROV_CIPHER_HW aesni_##mode = {                                   \
+    cipher_hw_aesni_initkey,                                                   \
+    cipher_hw_aesni_##mode                                                     \
+};
+#define PROV_CIPHER_HW_select(mode)                                            \
+if (AESNI_CAPABLE)                                                             \
+    return &aesni_##mode;

providers/common/ciphers/cipher_aes_hw_s390x.inc

@@ -0,0 +1,196 @@
+/*
+ * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * IBM S390X support for AES modes ecb, cbc, ofb, cfb, ctr.
+ * This file is included by cipher_aes_hw.c
+ */
+
+#include "s390x_arch.h"
+
+#define s390x_aes_cbc_initkey    cipher_hw_aes_initkey
+#define s390x_aes_cfb1_initkey   cipher_hw_aes_initkey
+#define s390x_aes_ctr_initkey    cipher_hw_aes_initkey
+#define s390x_aes_cbc_cipher_hw  cipher_hw_generic_cbc
+#define s390x_aes_cfb1_cipher_hw cipher_hw_generic_cfb1
+#define s390x_aes_ctr_cipher_hw  cipher_hw_generic_ctr
+
+static int s390x_aes_ecb_initkey(PROV_CIPHER_CTX *dat,
+                                 const unsigned char *key, size_t keylen)
+{
+    PROV_AES_CTX *adat = (PROV_AES_CTX *)dat;
+
+    adat->plat.s390x.fc = S390X_AES_FC(keylen);
+    if (!dat->enc)
+        adat->plat.s390x.fc |= S390X_DECRYPT;
+
+    memcpy(adat->plat.s390x.param.km.k, key, keylen);
+    return 1;
+}
+
+static int s390x_aes_ecb_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out,
+                                   const unsigned char *in, size_t len)
+{
+    PROV_AES_CTX *adat = (PROV_AES_CTX *)dat;
+
+    s390x_km(in, len, out, adat->plat.s390x.fc, &adat->plat.s390x.param.km);
+    return 1;
+}
+
+static int s390x_aes_ofb_initkey(PROV_CIPHER_CTX *dat,
+                                 const unsigned char *key, size_t keylen)
+{
+    PROV_AES_CTX *adat = (PROV_AES_CTX *)dat;
+
+    memcpy(adat->plat.s390x.param.kmo_kmf.cv, dat->iv, dat->blocksize);
+    memcpy(adat->plat.s390x.param.kmo_kmf.k, key, keylen);
+    adat->plat.s390x.fc = S390X_AES_FC(keylen);
+    adat->plat.s390x.res = 0;
+    return 1;
+}
+
+static int s390x_aes_ofb_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out,
+                                   const unsigned char *in, size_t len)
+{
+    PROV_AES_CTX *adat = (PROV_AES_CTX *)dat;
+    int n = adat->plat.s390x.res;
+    int rem;
+
+    while (n && len) {
+        *out = *in ^ adat->plat.s390x.param.kmo_kmf.cv[n];
+        n = (n + 1) & 0xf;
+        --len;
+        ++in;
+        ++out;
+    }
+
+    rem = len & 0xf;
+
+    len &= ~(size_t)0xf;
+    if (len) {
+        s390x_kmo(in, len, out, adat->plat.s390x.fc,
+                  &adat->plat.s390x.param.kmo_kmf);
+
+        out += len;
+        in += len;
+    }
+
+    if (rem) {
+        s390x_km(adat->plat.s390x.param.kmo_kmf.cv, 16,
+                 adat->plat.s390x.param.kmo_kmf.cv, adat->plat.s390x.fc,
+                 adat->plat.s390x.param.kmo_kmf.k);
+
+        while (rem--) {
+            out[n] = in[n] ^ adat->plat.s390x.param.kmo_kmf.cv[n];
+            ++n;
+        }
+    }
+
+    adat->plat.s390x.res = n;
+    return 1;
+}
+
+static int s390x_aes_cfb_initkey(PROV_CIPHER_CTX *dat,
+                                 const unsigned char *key, size_t keylen)
+{
+    PROV_AES_CTX *adat = (PROV_AES_CTX *)dat;
+
+    adat->plat.s390x.fc = S390X_AES_FC(keylen);
+    adat->plat.s390x.fc |= 16 << 24;   /* 16 bytes cipher feedback */
+    if (!dat->enc)
+        adat->plat.s390x.fc |= S390X_DECRYPT;
+
+    adat->plat.s390x.res = 0;
+    memcpy(adat->plat.s390x.param.kmo_kmf.cv, dat->iv, dat->blocksize);
+    memcpy(adat->plat.s390x.param.kmo_kmf.k, key, keylen);
+    return 1;
+}
+
+static int s390x_aes_cfb_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out,
+                                   const unsigned char *in, size_t len)
+{
+    PROV_AES_CTX *adat = (PROV_AES_CTX *)dat;
+    int n = adat->plat.s390x.res;
+    int rem;
+    unsigned char tmp;
+
+    while (n && len) {
+        tmp = *in;
+        *out = adat->plat.s390x.param.kmo_kmf.cv[n] ^ tmp;
+        adat->plat.s390x.param.kmo_kmf.cv[n] = dat->enc ? *out : tmp;
+        n = (n + 1) & 0xf;
+        --len;
+        ++in;
+        ++out;
+    }
+
+    rem = len & 0xf;
+
+    len &= ~(size_t)0xf;
+    if (len) {
+        s390x_kmf(in, len, out, adat->plat.s390x.fc,
+                  &adat->plat.s390x.param.kmo_kmf);
+
+        out += len;
+        in += len;
+    }
+
+    if (rem) {
+        s390x_km(adat->plat.s390x.param.kmo_kmf.cv, 16,
+                 adat->plat.s390x.param.kmo_kmf.cv,
+                 S390X_AES_FC(dat->keylen), adat->plat.s390x.param.kmo_kmf.k);
+
+        while (rem--) {
+            tmp = in[n];
+            out[n] = adat->plat.s390x.param.kmo_kmf.cv[n] ^ tmp;
+            adat->plat.s390x.param.kmo_kmf.cv[n] = dat->enc ? out[n] : tmp;
+            ++n;
+        }
+    }
+
+    adat->plat.s390x.res = n;
+    return 1;
+}
+
+static int s390x_aes_cfb8_initkey(PROV_CIPHER_CTX *dat,
+                                  const unsigned char *key, size_t keylen)
+{
+    PROV_AES_CTX *adat = (PROV_AES_CTX *)dat;
+
+    adat->plat.s390x.fc = S390X_AES_FC(keylen);
+    adat->plat.s390x.fc |= 1 << 24;   /* 1 byte cipher feedback */
+    if (!dat->enc)
+        adat->plat.s390x.fc |= S390X_DECRYPT;
+
+    memcpy(adat->plat.s390x.param.kmo_kmf.cv, dat->iv, dat->blocksize);
+    memcpy(adat->plat.s390x.param.kmo_kmf.k, key, keylen);
+    return 1;
+}
+
+static int s390x_aes_cfb8_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out,
+                                    const unsigned char *in, size_t len)
+{
+    PROV_AES_CTX *adat = (PROV_AES_CTX *)dat;
+
+    s390x_kmf(in, len, out, adat->plat.s390x.fc,
+              &adat->plat.s390x.param.kmo_kmf);
+    return 1;
+}
+
+#define PROV_CIPHER_HW_declare(mode)                                           \
+static const PROV_CIPHER_HW s390x_aes_##mode = {                               \
+    s390x_aes_##mode##_initkey,                                                \
+    s390x_aes_##mode##_cipher_hw                                               \
+};
+#define PROV_CIPHER_HW_select(mode)                                            \
+if ((keybits == 128 && S390X_aes_128_##mode##_CAPABLE)                         \
+     || (keybits == 192 && S390X_aes_192_##mode##_CAPABLE)                     \
+     || (keybits == 256 && S390X_aes_256_##mode##_CAPABLE))                    \
+    return &s390x_aes_##mode;
+

providers/common/ciphers/cipher_aes_hw_t4.inc

@@ -0,0 +1,94 @@
+/*
+ * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * Sparc t4 support for AES modes ecb, cbc, ofb, cfb, ctr.
+ * This file is included by cipher_aes_hw.c
+ */
+
+static int cipher_hw_aes_t4_initkey(PROV_CIPHER_CTX *dat,
+                                    const unsigned char *key, size_t keylen)
+{
+    int ret, bits;
+    PROV_AES_CTX *adat = (PROV_AES_CTX *)dat;
+
+    dat->ks = &adat->ks.ks;
+
+    bits = keylen * 8;
+    if ((dat->mode == EVP_CIPH_ECB_MODE || dat->mode == EVP_CIPH_CBC_MODE)
+        && !dat->enc) {
+        ret = 0;
+        aes_t4_set_decrypt_key(key, bits, dat->ks);
+        dat->block = (block128_f) aes_t4_decrypt;
+        switch (bits) {
+        case 128:
+            dat->stream.cbc = dat->mode == EVP_CIPH_CBC_MODE ?
+                (cbc128_f) aes128_t4_cbc_decrypt : NULL;
+            break;
+        case 192:
+            dat->stream.cbc = dat->mode == EVP_CIPH_CBC_MODE ?
+                (cbc128_f) aes192_t4_cbc_decrypt : NULL;
+            break;
+        case 256:
+            dat->stream.cbc = dat->mode == EVP_CIPH_CBC_MODE ?
+                (cbc128_f) aes256_t4_cbc_decrypt : NULL;
+            break;
+        default:
+            ret = -1;
+        }
+    } else {
+        ret = 0;
+        aes_t4_set_encrypt_key(key, bits, dat->ks);
+        dat->block = (block128_f)aes_t4_encrypt;
+        switch (bits) {
+        case 128:
+            if (dat->mode == EVP_CIPH_CBC_MODE)
+                dat->stream.cbc = (cbc128_f)aes128_t4_cbc_encrypt;
+            else if (dat->mode == EVP_CIPH_CTR_MODE)
+                dat->stream.ctr = (ctr128_f)aes128_t4_ctr32_encrypt;
+            else
+                dat->stream.cbc = NULL;
+            break;
+        case 192:
+            if (dat->mode == EVP_CIPH_CBC_MODE)
+                dat->stream.cbc = (cbc128_f)aes192_t4_cbc_encrypt;
+            else if (dat->mode == EVP_CIPH_CTR_MODE)
+                dat->stream.ctr = (ctr128_f)aes192_t4_ctr32_encrypt;
+            else
+                dat->stream.cbc = NULL;
+            break;
+        case 256:
+            if (dat->mode == EVP_CIPH_CBC_MODE)
+                dat->stream.cbc = (cbc128_f)aes256_t4_cbc_encrypt;
+            else if (dat->mode == EVP_CIPH_CTR_MODE)
+                dat->stream.ctr = (ctr128_f)aes256_t4_ctr32_encrypt;
+            else
+                dat->stream.cbc = NULL;
+            break;
+        default:
+            ret = -1;
+        }
+    }
+
+    if (ret < 0) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_AES_KEY_SETUP_FAILED);
+        return 0;
+    }
+
+    return 1;
+}
+
+#define PROV_CIPHER_HW_declare(mode)                                           \
+static const PROV_CIPHER_HW aes_t4_##mode = {                                  \
+    cipher_hw_aes_t4_initkey,                                                  \
+    cipher_hw_generic_##mode                                                   \
+};
+#define PROV_CIPHER_HW_select(mode)                                            \
+    if (SPARC_AES_CAPABLE)                                                     \
+        return aes_t4_##mode;

providers/common/ciphers/cipher_aria.c

@@ -0,0 +1,79 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Dispatch functions for ARIA cipher modes ecb, cbc, ofb, cfb, ctr */
+
+#include "cipher_locl.h"
+
+static OSSL_OP_cipher_freectx_fn aria_freectx;
+static OSSL_OP_cipher_dupctx_fn aria_dupctx;
+
+static void aria_freectx(void *vctx)
+{
+    PROV_ARIA_CTX *ctx = (PROV_ARIA_CTX *)vctx;
+
+    OPENSSL_clear_free(ctx,  sizeof(*ctx));
+}
+
+static void *aria_dupctx(void *ctx)
+{
+    PROV_ARIA_CTX *in = (PROV_ARIA_CTX *)ctx;
+    PROV_ARIA_CTX *ret = OPENSSL_malloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    *ret = *in;
+
+    return ret;
+}
+
+/* aria256ecb_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, ecb, ECB, 0, 256, 128, 0, block)
+/* aria192ecb_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, ecb, ECB, 0, 192, 128, 0, block)
+/* aria128ecb_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, ecb, ECB, 0, 128, 128, 0, block)
+/* aria256cbc_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, cbc, CBC, 0, 256, 128, 128, block)
+/* aria192cbc_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, cbc, CBC, 0, 192, 128, 128, block)
+/* aria128cbc_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, cbc, CBC, 0, 128, 128, 128, block)
+/* aria256ofb_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, ofb, OFB, 0, 256, 8, 128, stream)
+/* aria192ofb_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, ofb, OFB, 0, 192, 8, 128, stream)
+/* aria128ofb_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, ofb, OFB, 0, 128, 8, 128, stream)
+/* aria256cfb_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, cfb,  CFB, 0, 256, 8, 128, stream)
+/* aria192cfb_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, cfb,  CFB, 0, 192, 8, 128, stream)
+/* aria128cfb_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, cfb,  CFB, 0, 128, 8, 128, stream)
+/* aria256cfb1_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, cfb1, CFB, 0, 256, 8, 128, stream)
+/* aria192cfb1_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, cfb1, CFB, 0, 192, 8, 128, stream)
+/* aria128cfb1_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, cfb1, CFB, 0, 128, 8, 128, stream)
+/* aria256cfb8_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, cfb8, CFB, 0, 256, 8, 128, stream)
+/* aria192cfb8_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, cfb8, CFB, 0, 192, 8, 128, stream)
+/* aria128cfb8_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, cfb8, CFB, 0, 128, 8, 128, stream)
+/* aria256ctr_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, ctr, CTR, 0, 256, 8, 128, stream)
+/* aria192ctr_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, ctr, CTR, 0, 192, 8, 128, stream)
+/* aria128ctr_functions */
+IMPLEMENT_generic_cipher(aria, ARIA, ctr, CTR, 0, 128, 8, 128, stream)

providers/common/ciphers/cipher_aria.h

@@ -0,0 +1,31 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#if !defined(OPENSSL_NO_ARIA)
+# include "internal/aria.h"
+
+typedef struct prov_aria_ctx_st {
+    PROV_CIPHER_CTX base;      /* Must be first */
+    union {
+        OSSL_UNION_ALIGN;
+        ARIA_KEY ks;
+    } ks;
+} PROV_ARIA_CTX;
+
+# define PROV_CIPHER_HW_aria_ofb PROV_CIPHER_HW_aria_ofb128
+# define PROV_CIPHER_HW_aria_cfb PROV_CIPHER_HW_aria_cfb128
+const PROV_CIPHER_HW *PROV_CIPHER_HW_aria_ecb(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_aria_cbc(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_aria_ofb128(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_aria_cfb128(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_aria_cfb1(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_aria_cfb8(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_aria_ctr(size_t keybits);
+
+#endif /* OPENSSL_NO_ARIA */

providers/common/ciphers/cipher_aria_ccm.c

@@ -0,0 +1,38 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Dispatch functions for ARIA CCM mode */
+
+#include "cipher_locl.h"
+
+static void *aria_ccm_newctx(void *provctx, size_t keybits)
+{
+    PROV_ARIA_CCM_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+    if (ctx != NULL)
+        ccm_initctx(&ctx->base, keybits, PROV_ARIA_HW_ccm(keybits));
+    return ctx;
+}
+
+static OSSL_OP_cipher_freectx_fn aria_ccm_freectx;
+static void aria_ccm_freectx(void *vctx)
+{
+    PROV_ARIA_CCM_CTX *ctx = (PROV_ARIA_CCM_CTX *)vctx;
+
+    ccm_finalctx((PROV_CCM_CTX *)ctx);
+    OPENSSL_clear_free(ctx,  sizeof(*ctx));
+}
+
+/* aria128ccm functions */
+IMPLEMENT_aead_cipher(aria, ccm, CCM, AEAD_FLAGS, 128, 8, 96);
+/* aria192ccm functions */
+IMPLEMENT_aead_cipher(aria, ccm, CCM, AEAD_FLAGS, 192, 8, 96);
+/* aria256ccm functions */
+IMPLEMENT_aead_cipher(aria, ccm, CCM, AEAD_FLAGS, 256, 8, 96);
+

providers/common/ciphers/cipher_aria_ccm_hw.inc

@@ -0,0 +1,42 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * Generic support for ARIA CCM.
+ * This file is included by cipher_ccm_hw.c
+ */
+
+#if !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE)
+
+static int ccm_aria_initkey(PROV_CCM_CTX *ctx,
+                            const unsigned char *key, size_t keylen)
+{
+    PROV_ARIA_CCM_CTX *actx = (PROV_ARIA_CCM_CTX *)ctx;
+
+    aria_set_encrypt_key(key, keylen * 8, &actx->ks.ks);
+    CRYPTO_ccm128_init(&ctx->ccm_ctx, ctx->m, ctx->l, &actx->ks.ks,
+                       (block128_f)aria_encrypt);
+    ctx->str = NULL;
+    ctx->key_set = 1;
+    return 1;
+}
+
+static const PROV_CCM_HW ccm_aria = {
+    ccm_aria_initkey,
+    ccm_generic_setiv,
+    ccm_generic_setaad,
+    ccm_generic_auth_encrypt,
+    ccm_generic_auth_decrypt,
+    ccm_generic_gettag
+};
+const PROV_CCM_HW *PROV_ARIA_HW_ccm(size_t keybits)
+{
+    return &ccm_aria;
+}
+#endif /* OPENSSL_NO_ARIA */

providers/common/ciphers/cipher_aria_gcm.c

@@ -0,0 +1,38 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Dispatch functions for ARIA GCM mode */
+
+#include "cipher_locl.h"
+
+static void *aria_gcm_newctx(void *provctx, size_t keybits)
+{
+    PROV_ARIA_GCM_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+    if (ctx != NULL)
+        gcm_initctx(provctx, &ctx->base, keybits, PROV_ARIA_HW_gcm(keybits), 4);
+    return ctx;
+}
+
+static OSSL_OP_cipher_freectx_fn aria_gcm_freectx;
+static void aria_gcm_freectx(void *vctx)
+{
+    PROV_ARIA_GCM_CTX *ctx = (PROV_ARIA_GCM_CTX *)vctx;
+
+    gcm_deinitctx((PROV_GCM_CTX *)ctx);
+    OPENSSL_clear_free(ctx,  sizeof(*ctx));
+}
+
+/* aria128gcm_functions */
+IMPLEMENT_aead_cipher(aria, gcm, GCM, AEAD_FLAGS, 128, 8, 96);
+/* aria192gcm_functions */
+IMPLEMENT_aead_cipher(aria, gcm, GCM, AEAD_FLAGS, 192, 8, 96);
+/* aria256gcm_functions */
+IMPLEMENT_aead_cipher(aria, gcm, GCM, AEAD_FLAGS, 256, 8, 96);
+

providers/common/ciphers/cipher_aria_gcm_hw.inc

@@ -0,0 +1,53 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * Generic support for ARIA GCM.
+ * This file is included by cipher_gcm_hw.c
+ */
+
+#if !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE)
+
+static int aria_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key,
+                            size_t keylen)
+{
+    PROV_ARIA_GCM_CTX *actx = (PROV_ARIA_GCM_CTX *)ctx;
+    ARIA_KEY *ks = &actx->ks.ks;
+
+    SET_KEY_CTR_FN(ks, aria_set_encrypt_key, aria_encrypt, NULL);
+    return 1;
+}
+
+static int aria_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in,
+                              size_t len, unsigned char *out)
+{
+    if (ctx->enc) {
+        if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, len))
+            return 0;
+    } else {
+        if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, len))
+            return 0;
+    }
+    return 1;
+}
+
+static const PROV_GCM_HW aria_gcm = {
+    aria_gcm_initkey,
+    gcm_setiv,
+    gcm_aad_update,
+    aria_cipher_update,
+    gcm_cipher_final,
+    gcm_one_shot
+};
+const PROV_GCM_HW *PROV_ARIA_HW_gcm(size_t keybits)
+{
+    return &aria_gcm;
+}
+
+#endif /* !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE) */

providers/common/ciphers/cipher_aria_hw.c

@@ -0,0 +1,48 @@
+/*
+ * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "cipher_locl.h"
+
+static int cipher_hw_aria_initkey(PROV_CIPHER_CTX *dat,
+                                  const unsigned char *key, size_t keylen)
+{
+    int ret, mode = dat->mode;
+    PROV_ARIA_CTX *adat = (PROV_ARIA_CTX *)dat;
+    ARIA_KEY *ks = &adat->ks.ks;
+
+    if (dat->enc || (mode != EVP_CIPH_ECB_MODE && mode != EVP_CIPH_CBC_MODE))
+        ret = aria_set_encrypt_key(key, keylen * 8, ks);
+    else
+        ret = aria_set_decrypt_key(key, keylen * 8, ks);
+    if (ret < 0) {
+        ERR_raise(ERR_LIB_PROV, EVP_R_ARIA_KEY_SETUP_FAILED);
+        return 0;
+    }
+    dat->ks = ks;
+    dat->block = (block128_f)aria_encrypt;
+    return 1;
+}
+
+# define PROV_CIPHER_HW_aria_mode(mode)                                        \
+static const PROV_CIPHER_HW aria_##mode = {                                    \
+    cipher_hw_aria_initkey,                                                    \
+    cipher_hw_chunked_##mode                                                   \
+};                                                                             \
+const PROV_CIPHER_HW *PROV_CIPHER_HW_aria_##mode(size_t keybits)               \
+{                                                                              \
+    return &aria_##mode;                                                       \
+}
+
+PROV_CIPHER_HW_aria_mode(cbc)
+PROV_CIPHER_HW_aria_mode(ecb)
+PROV_CIPHER_HW_aria_mode(ofb128)
+PROV_CIPHER_HW_aria_mode(cfb128)
+PROV_CIPHER_HW_aria_mode(cfb1)
+PROV_CIPHER_HW_aria_mode(cfb8)
+PROV_CIPHER_HW_aria_mode(ctr)

providers/common/ciphers/cipher_camellia.c

@@ -0,0 +1,82 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Dispatch functions for CAMELLIA cipher modes ecb, cbc, ofb, cfb, ctr */
+
+#include "cipher_locl.h"
+
+#if !defined(OPENSSL_NO_CAMELLIA)
+static OSSL_OP_cipher_freectx_fn camellia_freectx;
+static OSSL_OP_cipher_dupctx_fn camellia_dupctx;
+
+static void camellia_freectx(void *vctx)
+{
+    PROV_CAMELLIA_CTX *ctx = (PROV_CAMELLIA_CTX *)vctx;
+
+    OPENSSL_clear_free(ctx,  sizeof(*ctx));
+}
+
+static void *camellia_dupctx(void *ctx)
+{
+    PROV_CAMELLIA_CTX *in = (PROV_CAMELLIA_CTX *)ctx;
+    PROV_CAMELLIA_CTX *ret = OPENSSL_malloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    *ret = *in;
+
+    return ret;
+}
+
+/* camellia256ecb_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, ecb, ECB, 0, 256, 128, 0, block)
+/* camellia192ecb_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, ecb, ECB, 0, 192, 128, 0, block)
+/* camellia128ecb_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, ecb, ECB, 0, 128, 128, 0, block)
+/* camellia256cbc_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, cbc, CBC, 0, 256, 128, 128, block)
+/* camellia192cbc_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, cbc, CBC, 0, 192, 128, 128, block)
+/* camellia128cbc_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, cbc, CBC, 0, 128, 128, 128, block)
+/* camellia256ofb_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, ofb, OFB, 0, 256, 8, 128, stream)
+/* camellia192ofb_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, ofb, OFB, 0, 192, 8, 128, stream)
+/* camellia128ofb_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, ofb, OFB, 0, 128, 8, 128, stream)
+/* camellia256cfb_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb,  CFB, 0, 256, 8, 128, stream)
+/* camellia192cfb_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb,  CFB, 0, 192, 8, 128, stream)
+/* camellia128cfb_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb,  CFB, 0, 128, 8, 128, stream)
+/* camellia256cfb1_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb1, CFB, 0, 256, 8, 128, stream)
+/* camellia192cfb1_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb1, CFB, 0, 192, 8, 128, stream)
+/* camellia128cfb1_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb1, CFB, 0, 128, 8, 128, stream)
+/* camellia256cfb8_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb8, CFB, 0, 256, 8, 128, stream)
+/* camellia192cfb8_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb8, CFB, 0, 192, 8, 128, stream)
+/* camellia128cfb8_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, cfb8, CFB, 0, 128, 8, 128, stream)
+/* camellia256ctr_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, ctr, CTR, 0, 256, 8, 128, stream)
+/* camellia192ctr_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, ctr, CTR, 0, 192, 8, 128, stream)
+/* camellia128ctr_functions */
+IMPLEMENT_generic_cipher(camellia, CAMELLIA, ctr, CTR, 0, 128, 8, 128, stream)
+
+#endif /* OPENSSL_NO_CAMELLIA */

providers/common/ciphers/cipher_camellia.h

@@ -0,0 +1,32 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_NO_CAMELLIA
+
+# include <openssl/camellia.h>
+
+typedef struct prov_camellia_ctx_st {
+    PROV_CIPHER_CTX base;      /* Must be first */
+    union {
+        OSSL_UNION_ALIGN;
+        CAMELLIA_KEY ks;
+    } ks;
+} PROV_CAMELLIA_CTX;
+
+# define PROV_CIPHER_HW_camellia_ofb PROV_CIPHER_HW_camellia_ofb128
+# define PROV_CIPHER_HW_camellia_cfb PROV_CIPHER_HW_camellia_cfb128
+const PROV_CIPHER_HW *PROV_CIPHER_HW_camellia_ecb(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_camellia_cbc(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_camellia_ofb128(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_camellia_cfb128(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_camellia_cfb1(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_camellia_cfb8(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_camellia_ctr(size_t keybits);
+
+#endif /* OPENSSL_NO_CAMELLIA */

providers/common/ciphers/cipher_camellia_hw.c

@@ -0,0 +1,65 @@
+/*
+ * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "cipher_locl.h"
+
+#if !defined(OPENSSL_NO_CAMELLIA)
+static int cipher_hw_camellia_initkey(PROV_CIPHER_CTX *dat,
+                                      const unsigned char *key, size_t keylen)
+{
+    int ret, mode = dat->mode;
+    PROV_CAMELLIA_CTX *adat = (PROV_CAMELLIA_CTX *)dat;
+    CAMELLIA_KEY *ks = &adat->ks.ks;
+
+    dat->ks = ks;
+    ret = Camellia_set_key(key, keylen * 8, ks);
+    if (ret < 0) {
+        ERR_raise(ERR_LIB_PROV, EVP_R_ARIA_KEY_SETUP_FAILED);
+        return 0;
+    }
+    if (dat->enc || (mode != EVP_CIPH_ECB_MODE && mode != EVP_CIPH_CBC_MODE)) {
+        dat->block = (block128_f) Camellia_encrypt;
+        dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+            (cbc128_f) Camellia_cbc_encrypt : NULL;
+    } else {
+        dat->block = (block128_f) Camellia_decrypt;
+        dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+            (cbc128_f) Camellia_cbc_encrypt : NULL;
+    }
+    return 1;
+}
+
+# if defined(SPARC_CMLL_CAPABLE)
+#  include "cipher_camellia_hw_t4.inc"
+# else
+/* The generic case */
+#  define PROV_CIPHER_HW_declare(mode)
+#  define PROV_CIPHER_HW_select(mode)
+# endif /* SPARC_CMLL_CAPABLE */
+
+#define PROV_CIPHER_HW_camellia_mode(mode)                                     \
+static const PROV_CIPHER_HW camellia_##mode = {                                \
+    cipher_hw_camellia_initkey,                                                \
+    cipher_hw_generic_##mode                                                   \
+};                                                                             \
+PROV_CIPHER_HW_declare(mode)                                                   \
+const PROV_CIPHER_HW *PROV_CIPHER_HW_camellia_##mode(size_t keybits)           \
+{                                                                              \
+    PROV_CIPHER_HW_select(mode)                                                \
+    return &camellia_##mode;                                                   \
+}
+
+PROV_CIPHER_HW_camellia_mode(cbc)
+PROV_CIPHER_HW_camellia_mode(ecb)
+PROV_CIPHER_HW_camellia_mode(ofb128)
+PROV_CIPHER_HW_camellia_mode(cfb128)
+PROV_CIPHER_HW_camellia_mode(cfb1)
+PROV_CIPHER_HW_camellia_mode(cfb8)
+PROV_CIPHER_HW_camellia_mode(ctr)
+#endif /* OPENSSL_NO_CAMELLIA */

providers/common/ciphers/cipher_camellia_hw_t4.inc

@@ -0,0 +1,83 @@
+/*
+ * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * Fujitsu SPARC64 X support for camellia modes.
+ * This file is included by cipher_camellia_hw.c
+ */
+
+static int cipher_hw_camellia_t4_initkey(PROV_CIPHER_CTX *dat,
+                                         const unsigned char *key,
+                                         size_t keylen)
+{
+    int ret = 0, bits, mode = dat->mode;
+    PROV_CAMELLIA_CTX *adat = (PROV_CAMELLIA_CTX *)dat;
+    CAMELLIA_KEY *ks = &adat->ks.ks;
+
+    dat->ks = ks;
+    bits = keylen * 8;
+
+    cmll_t4_set_key(key, bits, ks);
+
+    if (dat->enc || (mode != EVP_CIPH_ECB_MODE && mode != EVP_CIPH_CBC_MODE)) {
+        dat->block = (block128_f) cmll_t4_encrypt;
+        switch (bits) {
+        case 128:
+            if (mode == EVP_CIPH_CBC_MODE)
+                dat->stream.cbc = (cbc128_f) cmll128_t4_cbc_encrypt;
+            else if (mode == EVP_CIPH_CTR_MODE)
+                dat->stream.ctr = (ctr128_f) cmll128_t4_ctr32_encrypt;
+            else
+                dat->stream.cbc = NULL;
+            break;
+        case 192:
+        case 256:
+            if (mode == EVP_CIPH_CBC_MODE)
+                dat->stream.cbc = (cbc128_f) cmll256_t4_cbc_encrypt;
+            else if (mode == EVP_CIPH_CTR_MODE)
+                dat->stream.ctr = (ctr128_f) cmll256_t4_ctr32_encrypt;
+            else
+                dat->stream.cbc = NULL;
+            break;
+        default:
+            ret = -1;
+            break;
+        }
+    } else {
+        dat->block = (block128_f) cmll_t4_decrypt;
+        switch (bits) {
+        case 128:
+            dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+                (cbc128_f) cmll128_t4_cbc_decrypt : NULL;
+            break;
+        case 192:
+        case 256:
+            dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+                (cbc128_f) cmll256_t4_cbc_decrypt : NULL;
+            break;
+        default:
+            ret = -1;
+            break;
+        }
+    }
+    if (ret < 0) {
+        ERR_raise(ERR_LIB_PROV, EVP_R_CAMELLIA_KEY_SETUP_FAILED);
+        return 0;
+    }
+    return 1;
+}
+
+#define PROV_CIPHER_HW_declare(mode)                                           \
+static const PROV_CIPHER_HW t4_camellia_##mode = {                             \
+    cipher_hw_camellia_t4_initkey,                                             \
+    cipher_hw_generic_##mode                                                   \
+};
+#define PROV_CIPHER_HW_select(mode)                                            \
+if (SPARC_CMLL_CAPABLE)                                                        \
+    return &t4_camellia_##mode;

providers/common/ciphers/cipher_ccm.c

@@ -7,27 +7,9 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <openssl/core_numbers.h>
-#include <openssl/core_names.h>
-#include <openssl/evp.h>
-#include <openssl/params.h>
-#include "internal/provider_algs.h"
-#include "internal/providercommonerr.h"
-#include "ciphers_locl.h"
+/* Dispatch functions for ccm mode */
 
-/* TODO(3.0) Figure out what flags are really needed here */
-#define CCM_FLAGS (EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1      \
-                   | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER          \
-                   | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT            \
-                   | EVP_CIPH_CUSTOM_COPY)
-
-static OSSL_OP_cipher_encrypt_init_fn ccm_einit;
-static OSSL_OP_cipher_decrypt_init_fn ccm_dinit;
-static OSSL_OP_cipher_get_ctx_params_fn ccm_get_ctx_params;
-static OSSL_OP_cipher_set_ctx_params_fn ccm_set_ctx_params;
-static OSSL_OP_cipher_update_fn ccm_stream_update;
-static OSSL_OP_cipher_final_fn ccm_stream_final;
-static OSSL_OP_cipher_cipher_fn ccm_cipher;
+#include "cipher_locl.h"
 
 static int ccm_cipher_internal(PROV_CCM_CTX *ctx, unsigned char *out,
                                size_t *padlen, const unsigned char *in,
@@ -80,7 +62,7 @@ static size_t ccm_get_ivlen(PROV_CCM_CTX *ctx)
     return 15 - ctx->l;
 }
 
-static int ccm_set_ctx_params(void *vctx, const OSSL_PARAM params[])
+int ccm_set_ctx_params(void *vctx, const OSSL_PARAM params[])
 {
     PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;
     const OSSL_PARAM *p;
@@ -153,7 +135,7 @@ static int ccm_set_ctx_params(void *vctx, const OSSL_PARAM params[])
     return 1;
 }
 
-static int ccm_get_ctx_params(void *vctx, OSSL_PARAM params[])
+int ccm_get_ctx_params(void *vctx, OSSL_PARAM params[])
 {
     PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;
     OSSL_PARAM *p;
@@ -233,19 +215,19 @@ static int ccm_init(void *vctx, const unsigned char *key, size_t keylen,
     return 1;
 }
 
-static int ccm_einit(void *vctx, const unsigned char *key, size_t keylen,
+int ccm_einit(void *vctx, const unsigned char *key, size_t keylen,
                      const unsigned char *iv, size_t ivlen)
 {
     return ccm_init(vctx, key, keylen, iv, ivlen, 1);
 }
 
-static int ccm_dinit(void *vctx, const unsigned char *key, size_t keylen,
+int ccm_dinit(void *vctx, const unsigned char *key, size_t keylen,
                      const unsigned char *iv, size_t ivlen)
 {
     return ccm_init(vctx, key, keylen, iv, ivlen, 0);
 }
 
-static int ccm_stream_update(void *vctx, unsigned char *out, size_t *outl,
+int ccm_stream_update(void *vctx, unsigned char *out, size_t *outl,
                              size_t outsize, const unsigned char *in,
                              size_t inl)
 {
@@ -263,7 +245,7 @@ static int ccm_stream_update(void *vctx, unsigned char *out, size_t *outl,
     return 1;
 }
 
-static int ccm_stream_final(void *vctx, unsigned char *out, size_t *outl,
+int ccm_stream_final(void *vctx, unsigned char *out, size_t *outl,
                             size_t outsize)
 {
     PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx;
@@ -277,7 +259,7 @@ static int ccm_stream_final(void *vctx, unsigned char *out, size_t *outl,
     return 1;
 }
 
-static int ccm_cipher(void *vctx,
+int ccm_cipher(void *vctx,
                       unsigned char *out, size_t *outl, size_t outsize,
                       const unsigned char *in, size_t inl)
 {
@@ -412,8 +394,7 @@ err:
     return rv;
 }
 
-static void ccm_initctx(PROV_CCM_CTX *ctx, size_t keybits,
-                        const PROV_CCM_HW *hw)
+void ccm_initctx(PROV_CCM_CTX *ctx, size_t keybits, const PROV_CCM_HW *hw)
 {
     ctx->keylen = keybits / 8;
     ctx->key_set = 0;
@@ -426,61 +407,7 @@ static void ccm_initctx(PROV_CCM_CTX *ctx, size_t keybits,
     ctx->hw = hw;
 }
 
-static void ccm_finalctx(PROV_CCM_CTX *ctx)
+void ccm_finalctx(PROV_CCM_CTX *ctx)
 {
     OPENSSL_cleanse(ctx->iv, sizeof(ctx->iv));
 }
-
-/*- Algorithm specific methods for CCM mode */
-
-static void *aes_ccm_newctx(void *provctx, size_t keybits)
-{
-    PROV_AES_CCM_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
-
-    ccm_initctx(&ctx->base, keybits, PROV_AES_HW_ccm(keybits));
-    return ctx;
-}
-
-static OSSL_OP_cipher_freectx_fn aes_ccm_freectx;
-static void aes_ccm_freectx(void *vctx)
-{
-    PROV_AES_CCM_CTX *ctx = (PROV_AES_CCM_CTX *)vctx;
-
-    ccm_finalctx((PROV_CCM_CTX *)ctx);
-    OPENSSL_clear_free(ctx,  sizeof(*ctx));
-}
-
-/*- CCM Dispatch macros */
-
-/* aes128ccm_functions */
-IMPLEMENT_aead_cipher(aes, ccm, CCM, CCM_FLAGS, 128, 8, 96);
-/* aes192ccm_functions */
-IMPLEMENT_aead_cipher(aes, ccm, CCM, CCM_FLAGS, 192, 8, 96);
-/* aes256ccm_functions */
-IMPLEMENT_aead_cipher(aes, ccm, CCM, CCM_FLAGS, 256, 8, 96);
-
-#if !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE)
-static void *aria_ccm_newctx(void *provctx, size_t keybits)
-{
-    PROV_ARIA_CCM_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
-
-    ccm_initctx(&ctx->base, keybits, PROV_ARIA_HW_ccm(keybits));
-    return ctx;
-}
-
-static OSSL_OP_cipher_freectx_fn aria_ccm_freectx;
-static void aria_ccm_freectx(void *vctx)
-{
-    PROV_ARIA_CCM_CTX *ctx = (PROV_ARIA_CCM_CTX *)vctx;
-
-    ccm_finalctx((PROV_CCM_CTX *)ctx);
-    OPENSSL_clear_free(ctx,  sizeof(*ctx));
-}
-
-/* aria128ccm functions */
-IMPLEMENT_aead_cipher(aria, ccm, CCM, CCM_FLAGS, 128, 8, 96);
-/* aria192ccm functions */
-IMPLEMENT_aead_cipher(aria, ccm, CCM, CCM_FLAGS, 192, 8, 96);
-/* aria256ccm functions */
-IMPLEMENT_aead_cipher(aria, ccm, CCM, CCM_FLAGS, 256, 8, 96);
-#endif /* !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE) */

providers/common/ciphers/cipher_ccm.h

@@ -122,4 +122,15 @@ typedef struct prov_aria_ccm_ctx_st {
 } PROV_ARIA_CCM_CTX;
 
 const PROV_CCM_HW *PROV_ARIA_HW_ccm(size_t keylen);
+
 #endif /* !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE) */
+
+OSSL_OP_cipher_encrypt_init_fn ccm_einit;
+OSSL_OP_cipher_decrypt_init_fn ccm_dinit;
+OSSL_OP_cipher_get_ctx_params_fn ccm_get_ctx_params;
+OSSL_OP_cipher_set_ctx_params_fn ccm_set_ctx_params;
+OSSL_OP_cipher_update_fn ccm_stream_update;
+OSSL_OP_cipher_final_fn ccm_stream_final;
+OSSL_OP_cipher_cipher_fn ccm_cipher;
+void ccm_initctx(PROV_CCM_CTX *ctx, size_t keybits, const PROV_CCM_HW *hw);
+void ccm_finalctx(PROV_CCM_CTX *ctx);

providers/common/ciphers/cipher_ccm_hw.c

@@ -7,9 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <openssl/opensslconf.h>
-#include "ciphers_locl.h"
-#include "internal/aes_platform.h"
+#include "cipher_locl.h"
 
 #define AES_CCM_SET_KEY_FN(fn_set_enc_key, fn_blk, fn_ccm_enc, fn_ccm_dec)     \
     fn_set_enc_key(key, keylen * 8, &actx->ccm.ks.ks);                         \
@@ -18,8 +16,8 @@
     ctx->str = ctx->enc ? (ccm128_f)fn_ccm_enc : (ccm128_f)fn_ccm_dec;         \
     ctx->key_set = 1;
 
-static int ccm_generic_aes_init_key(PROV_CCM_CTX *ctx,
-                                    const unsigned char *key, size_t keylen)
+static int ccm_generic_aes_initkey(PROV_CCM_CTX *ctx, const unsigned char *key,
+                                   size_t keylen)
 {
     PROV_AES_CCM_CTX *actx = (PROV_AES_CCM_CTX *)ctx;
 
@@ -100,68 +98,19 @@ static int ccm_generic_auth_decrypt(PROV_CCM_CTX *ctx, const unsigned char *in,
 }
 
 static const PROV_CCM_HW aes_ccm = {
-    ccm_generic_aes_init_key,
+    ccm_generic_aes_initkey,
     ccm_generic_setiv,
     ccm_generic_setaad,
     ccm_generic_auth_encrypt,
     ccm_generic_auth_decrypt,
     ccm_generic_gettag
 };
-
 #if defined(S390X_aes_128_CAPABLE)
-# include "aes_ccm_s390x.c"
+# include "cipher_aes_ccm_hw_s390x.inc"
 #elif defined(AESNI_CAPABLE)
-
-/* AES-NI section */
-static int ccm_aesni_init_key(PROV_CCM_CTX *ctx,
-                              const unsigned char *key, size_t keylen)
-{
-    PROV_AES_CCM_CTX *actx = (PROV_AES_CCM_CTX *)ctx;
-
-    AES_CCM_SET_KEY_FN(aesni_set_encrypt_key, aesni_encrypt,
-                       aesni_ccm64_encrypt_blocks, aesni_ccm64_decrypt_blocks);
-    return 1;
-}
-
-static const PROV_CCM_HW aesni_ccm = {
-    ccm_aesni_init_key,
-    ccm_generic_setiv,
-    ccm_generic_setaad,
-    ccm_generic_auth_encrypt,
-    ccm_generic_auth_decrypt,
-    ccm_generic_gettag
-};
-
-const PROV_CCM_HW *PROV_AES_HW_ccm(size_t keybits)
-{
-    return AESNI_CAPABLE ? &aesni_ccm : &aes_ccm;
-}
-
+# include "cipher_aes_ccm_hw_aesni.inc"
 #elif defined(SPARC_AES_CAPABLE)
-/* Fujitsu SPARC64 X support */
-static int ccm_t4_aes_init_key(PROV_CCM_CTX *ctx,
-                               const unsigned char *key, size_t keylen)
-{
-    PROV_AES_CCM_CTX *actx = (PROV_AES_CCM_CTX *)ctx;
-
-    AES_CCM_SET_KEY_FN(aes_t4_set_encrypt_key, aes_t4_encrypt, NULL, NULL);
-    return 1;
-}
-
-static const PROV_CCM_HW t4_aes_ccm = {
-    ccm_t4_aes_init_key,
-    ccm_generic_setiv,
-    ccm_generic_setaad,
-    ccm_generic_auth_encrypt,
-    ccm_generic_auth_decrypt,
-    ccm_generic_gettag
-};
-
-const PROV_CCM_HW *PROV_AES_HW_ccm(size_t keybits)
-{
-    return SPARC_AES_CAPABLE ? &t4_aes_ccm : &aes_ccm;
-}
-
+# include "cipher_aes_ccm_hw_t4.inc"
 #else
 const PROV_CCM_HW *PROV_AES_HW_ccm(size_t keybits)
 {
@@ -169,31 +118,4 @@ const PROV_CCM_HW *PROV_AES_HW_ccm(size_t keybits)
 }
 #endif
 
-#if !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE)
-/* ARIA CCM Algorithm specific methods */
-static int ccm_aria_init_key(PROV_CCM_CTX *ctx,
-                             const unsigned char *key, size_t keylen)
-{
-    PROV_ARIA_CCM_CTX *actx = (PROV_ARIA_CCM_CTX *)ctx;
-
-    aria_set_encrypt_key(key, keylen * 8, &actx->ks.ks);
-    CRYPTO_ccm128_init(&ctx->ccm_ctx, ctx->m, ctx->l, &actx->ks.ks,
-                       (block128_f)aria_encrypt);
-    ctx->str = NULL;
-    ctx->key_set = 1;
-    return 1;
-}
-
-static const PROV_CCM_HW ccm_aria = {
-    ccm_aria_init_key,
-    ccm_generic_setiv,
-    ccm_generic_setaad,
-    ccm_generic_auth_encrypt,
-    ccm_generic_auth_decrypt,
-    ccm_generic_gettag
-};
-const PROV_CCM_HW *PROV_ARIA_HW_ccm(size_t keybits)
-{
-    return &ccm_aria;
-}
-#endif /* OPENSSL_NO_ARIA */
+#include "cipher_aria_ccm_hw.inc"

providers/common/ciphers/cipher_common.c

@@ -0,0 +1,403 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Generic dispatch table functions for ciphers.
+ */
+
+#include "cipher_locl.h"
+
+#define MAXCHUNK    ((size_t)1 << (sizeof(long) * 8 - 2))
+#define MAXBITCHUNK ((size_t)1 << (sizeof(size_t) * 8 - 4))
+
+/*-
+ * Default cipher functions for OSSL_PARAM gettables and settables
+ */
+static const OSSL_PARAM cipher_known_gettable_params[] = {
+    OSSL_PARAM_int(OSSL_CIPHER_PARAM_MODE, NULL),
+    OSSL_PARAM_int(OSSL_CIPHER_PARAM_KEYLEN, NULL),
+    OSSL_PARAM_int(OSSL_CIPHER_PARAM_IVLEN, NULL),
+    OSSL_PARAM_int(OSSL_CIPHER_PARAM_BLOCK_SIZE, NULL),
+    OSSL_PARAM_END
+};
+const OSSL_PARAM *cipher_default_gettable_params(void)
+{
+    return cipher_known_gettable_params;
+}
+
+int cipher_default_get_params(OSSL_PARAM params[], int md, unsigned long flags,
+                              int kbits, int blkbits, int ivbits)
+{
+    OSSL_PARAM *p;
+
+    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_MODE);
+    if (p != NULL && !OSSL_PARAM_set_int(p, md)) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+        return 0;
+    }
+    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_FLAGS);
+    if (p != NULL && !OSSL_PARAM_set_ulong(p, flags)) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+        return 0;
+    }
+    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
+    if (p != NULL && !OSSL_PARAM_set_int(p, kbits / 8)) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+        return 0;
+    }
+    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_BLOCK_SIZE);
+    if (p != NULL && !OSSL_PARAM_set_int(p, blkbits / 8)) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+        return 0;
+    }
+    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
+    if (p != NULL && !OSSL_PARAM_set_int(p, ivbits / 8)) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+        return 0;
+    }
+    return 1;
+}
+
+static const OSSL_PARAM cipher_known_gettable_ctx_params[] = {
+    OSSL_PARAM_int(OSSL_CIPHER_PARAM_KEYLEN, NULL),
+    OSSL_PARAM_int(OSSL_CIPHER_PARAM_IVLEN, NULL),
+    OSSL_PARAM_int(OSSL_CIPHER_PARAM_PADDING, NULL),
+    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_NUM, NULL),
+    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),
+    OSSL_PARAM_END
+};
+const OSSL_PARAM *cipher_default_gettable_ctx_params(void)
+{
+    return cipher_known_gettable_ctx_params;
+}
+
+static const OSSL_PARAM cipher_known_settable_ctx_params[] = {
+    OSSL_PARAM_int(OSSL_CIPHER_PARAM_KEYLEN, NULL),
+    OSSL_PARAM_int(OSSL_CIPHER_PARAM_PADDING, NULL),
+    OSSL_PARAM_int(OSSL_CIPHER_PARAM_NUM, NULL),
+    OSSL_PARAM_END
+};
+const OSSL_PARAM *cipher_default_settable_ctx_params(void)
+{
+    return cipher_known_settable_ctx_params;
+}
+
+/*-
+ * AEAD cipher functions for OSSL_PARAM gettables and settables
+ */
+static const OSSL_PARAM cipher_aead_known_gettable_ctx_params[] = {
+    OSSL_PARAM_int(OSSL_CIPHER_PARAM_KEYLEN, NULL),
+    OSSL_PARAM_int(OSSL_CIPHER_PARAM_IVLEN, NULL),
+    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),
+    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
+    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL),
+    OSSL_PARAM_END
+};
+const OSSL_PARAM *cipher_aead_gettable_ctx_params(void)
+{
+    return cipher_aead_known_gettable_ctx_params;
+}
+
+static const OSSL_PARAM cipher_aead_known_settable_ctx_params[] = {
+    OSSL_PARAM_int(OSSL_CIPHER_PARAM_KEYLEN, NULL),
+    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, NULL),
+    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
+    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD, NULL, 0),
+    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED, NULL, 0),
+    OSSL_PARAM_END
+};
+const OSSL_PARAM *cipher_aead_settable_ctx_params(void)
+{
+    return cipher_aead_known_settable_ctx_params;
+}
+
+static int cipher_generic_init_internal(PROV_CIPHER_CTX *ctx,
+                                        const unsigned char *key, size_t keylen,
+                                        const unsigned char *iv, size_t ivlen,
+                                        int enc)
+{
+    ctx->enc = enc;
+
+    if (iv != NULL && ctx->mode != EVP_CIPH_ECB_MODE) {
+        if (ivlen != GENERIC_BLOCK_SIZE) {
+            ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        memcpy(ctx->iv, iv, GENERIC_BLOCK_SIZE);
+    }
+    if (key != NULL) {
+        if (keylen != ctx->keylen) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEYLEN);
+            return 0;
+        }
+        return ctx->hw->init(ctx, key, ctx->keylen);
+    }
+    return 1;
+}
+
+int cipher_generic_einit(void *vctx, const unsigned char *key, size_t keylen,
+                         const unsigned char *iv, size_t ivlen)
+{
+    return cipher_generic_init_internal((PROV_CIPHER_CTX *)vctx, key, keylen,
+                                        iv, ivlen, 1);
+}
+
+int cipher_generic_dinit(void *vctx, const unsigned char *key, size_t keylen,
+                         const unsigned char *iv, size_t ivlen)
+{
+    return cipher_generic_init_internal((PROV_CIPHER_CTX *)vctx, key, keylen,
+                                        iv, ivlen, 0);
+}
+
+int cipher_generic_block_update(void *vctx, unsigned char *out, size_t *outl,
+                                size_t outsize, const unsigned char *in,
+                                size_t inl)
+{
+    size_t outlint = 0;
+    PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
+    size_t nextblocks = fillblock(ctx->buf, &ctx->bufsz, GENERIC_BLOCK_SIZE, &in,
+                                  &inl);
+
+    /*
+     * If we're decrypting and we end an update on a block boundary we hold
+     * the last block back in case this is the last update call and the last
+     * block is padded.
+     */
+    if (ctx->bufsz == GENERIC_BLOCK_SIZE && (ctx->enc || inl > 0 || !ctx->pad)) {
+        if (outsize < GENERIC_BLOCK_SIZE) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
+            return 0;
+        }
+        if (!ctx->hw->cipher(ctx, out, ctx->buf, GENERIC_BLOCK_SIZE)) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
+            return 0;
+        }
+        ctx->bufsz = 0;
+        outlint = GENERIC_BLOCK_SIZE;
+        out += GENERIC_BLOCK_SIZE;
+    }
+    if (nextblocks > 0) {
+        if (!ctx->enc && ctx->pad && nextblocks == inl) {
+            if (!ossl_assert(inl >= GENERIC_BLOCK_SIZE)) {
+                ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
+                return 0;
+            }
+            nextblocks -= GENERIC_BLOCK_SIZE;
+        }
+        outlint += nextblocks;
+        if (outsize < outlint) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
+            return 0;
+        }
+        if (!ctx->hw->cipher(ctx, out, in, nextblocks)) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
+            return 0;
+        }
+        in += nextblocks;
+        inl -= nextblocks;
+    }
+    if (!trailingdata(ctx->buf, &ctx->bufsz, GENERIC_BLOCK_SIZE, &in, &inl)) {
+        /* ERR_raise already called */
+        return 0;
+    }
+
+    *outl = outlint;
+    return inl == 0;
+}
+
+int cipher_generic_block_final(void *vctx, unsigned char *out, size_t *outl,
+                               size_t outsize)
+{
+    PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
+
+    if (ctx->enc) {
+        if (ctx->pad) {
+            padblock(ctx->buf, &ctx->bufsz, GENERIC_BLOCK_SIZE);
+        } else if (ctx->bufsz == 0) {
+            *outl = 0;
+            return 1;
+        } else if (ctx->bufsz != GENERIC_BLOCK_SIZE) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_FINAL_BLOCK_LENGTH);
+            return 0;
+        }
+
+        if (outsize < GENERIC_BLOCK_SIZE) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
+            return 0;
+        }
+        if (!ctx->hw->cipher(ctx, out, ctx->buf, GENERIC_BLOCK_SIZE)) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
+            return 0;
+        }
+        ctx->bufsz = 0;
+        *outl = GENERIC_BLOCK_SIZE;
+        return 1;
+    }
+
+    /* Decrypting */
+    if (ctx->bufsz != GENERIC_BLOCK_SIZE) {
+        if (ctx->bufsz == 0 && !ctx->pad) {
+            *outl = 0;
+            return 1;
+        }
+        ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_FINAL_BLOCK_LENGTH);
+        return 0;
+    }
+
+    if (!ctx->hw->cipher(ctx, ctx->buf, ctx->buf, GENERIC_BLOCK_SIZE)) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
+        return 0;
+    }
+
+    if (ctx->pad && !unpadblock(ctx->buf, &ctx->bufsz, GENERIC_BLOCK_SIZE)) {
+        /* ERR_raise already called */
+        return 0;
+    }
+
+    if (outsize < ctx->bufsz) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
+        return 0;
+    }
+    memcpy(out, ctx->buf, ctx->bufsz);
+    *outl = ctx->bufsz;
+    ctx->bufsz = 0;
+    return 1;
+}
+
+int cipher_generic_stream_update(void *vctx, unsigned char *out, size_t *outl,
+                                 size_t outsize, const unsigned char *in,
+                                 size_t inl)
+{
+    PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
+
+    if (outsize < inl) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
+        return 0;
+    }
+
+    if (!ctx->hw->cipher(ctx, out, in, inl)) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
+        return 0;
+    }
+
+    *outl = inl;
+    return 1;
+}
+int cipher_generic_stream_final(void *vctx, unsigned char *out, size_t *outl,
+                                size_t outsize)
+{
+    *outl = 0;
+    return 1;
+}
+
+int cipher_generic_cipher(void *vctx,
+                          unsigned char *out, size_t *outl, size_t outsize,
+                          const unsigned char *in, size_t inl)
+{
+    PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
+
+    if (outsize < inl) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
+        return 0;
+    }
+
+    if (!ctx->hw->cipher(ctx, out, in, inl)) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
+        return 0;
+    }
+
+    *outl = inl;
+    return 1;
+}
+
+int cipher_generic_get_ctx_params(void *vctx, OSSL_PARAM params[])
+{
+    PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
+    OSSL_PARAM *p;
+
+    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
+    if (p != NULL && !OSSL_PARAM_set_int(p, GENERIC_BLOCK_SIZE)) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+        return 0;
+    }
+    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_PADDING);
+    if (p != NULL && !OSSL_PARAM_set_int(p, ctx->pad)) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+        return 0;
+    }
+    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
+    if (p != NULL
+        && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, GENERIC_BLOCK_SIZE)
+        && !OSSL_PARAM_set_octet_string(p, &ctx->iv, GENERIC_BLOCK_SIZE)) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+        return 0;
+    }
+    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_NUM);
+    if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->num)) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+        return 0;
+    }
+    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
+    if (p != NULL && !OSSL_PARAM_set_int(p, ctx->keylen)) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+        return 0;
+    }
+
+    return 1;
+}
+
+int cipher_generic_set_ctx_params(void *vctx, const OSSL_PARAM params[])
+{
+    PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
+    const OSSL_PARAM *p;
+
+    p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_PADDING);
+    if (p != NULL) {
+        int pad;
+
+        if (!OSSL_PARAM_get_int(p, &pad)) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
+            return 0;
+        }
+        ctx->pad = pad ? 1 : 0;
+    }
+    p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_NUM);
+    if (p != NULL) {
+        int num;
+
+        if (!OSSL_PARAM_get_int(p, &num)) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
+            return 0;
+        }
+        ctx->num = num;
+    }
+    p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
+    if (p != NULL) {
+        int keylen;
+
+        if (!OSSL_PARAM_get_int(p, &keylen)) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
+            return 0;
+        }
+        ctx->keylen = keylen;
+    }
+    return 1;
+}
+
+void cipher_generic_initkey(void *vctx, int kbits, int blkbits, int mode,
+                            const PROV_CIPHER_HW *hw)
+{
+    PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
+
+    ctx->pad = 1;
+    ctx->keylen = ((kbits) / 8);
+    ctx->hw = hw;
+    ctx->mode = mode;
+    ctx->blocksize = blkbits/8;
+}

providers/common/ciphers/cipher_common_hw.c

@@ -0,0 +1,192 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "cipher_locl.h"
+
+#define MAXCHUNK    ((size_t)1 << (sizeof(long) * 8 - 2))
+#define MAXBITCHUNK ((size_t)1 << (sizeof(size_t) * 8 - 4))
+
+/*-
+ * The generic cipher functions for cipher modes cbc, ecb, ofb, cfb and ctr.
+ * Used if there is no special hardware implementations.
+ */
+int cipher_hw_generic_cbc(PROV_CIPHER_CTX *dat, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    if (dat->stream.cbc)
+        (*dat->stream.cbc) (in, out, len, dat->ks, dat->iv, dat->enc);
+    else if (dat->enc)
+        CRYPTO_cbc128_encrypt(in, out, len, dat->ks, dat->iv, dat->block);
+    else
+        CRYPTO_cbc128_decrypt(in, out, len, dat->ks, dat->iv, dat->block);
+
+    return 1;
+}
+
+int cipher_hw_generic_ecb(PROV_CIPHER_CTX *dat, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    size_t i, bl = dat->blocksize;
+
+    if (len < bl)
+        return 1;
+
+    for (i = 0, len -= bl; i <= len; i += bl)
+        (*dat->block) (in + i, out + i, dat->ks);
+
+    return 1;
+}
+
+int cipher_hw_generic_ofb128(PROV_CIPHER_CTX *dat, unsigned char *out,
+                             const unsigned char *in, size_t len)
+{
+    int num = dat->num;
+
+    CRYPTO_ofb128_encrypt(in, out, len, dat->ks, dat->iv, &num, dat->block);
+    dat->num = num;
+
+    return 1;
+}
+
+int cipher_hw_generic_cfb128(PROV_CIPHER_CTX *dat, unsigned char *out,
+                             const unsigned char *in, size_t len)
+{
+    int num = dat->num;
+
+    CRYPTO_cfb128_encrypt(in, out, len, dat->ks, dat->iv, &num, dat->enc,
+                          dat->block);
+    dat->num = num;
+
+    return 1;
+}
+
+int cipher_hw_generic_cfb8(PROV_CIPHER_CTX *dat, unsigned char *out,
+                           const unsigned char *in, size_t len)
+{
+    int num = dat->num;
+
+    CRYPTO_cfb128_8_encrypt(in, out, len, dat->ks, dat->iv, &num, dat->enc,
+                            dat->block);
+    dat->num = num;
+
+    return 1;
+}
+
+int cipher_hw_generic_cfb1(PROV_CIPHER_CTX *dat, unsigned char *out,
+                           const unsigned char *in, size_t len)
+{
+    int num = dat->num;
+
+    if ((dat->flags & EVP_CIPH_FLAG_LENGTH_BITS) != 0) {
+        CRYPTO_cfb128_1_encrypt(in, out, len, dat->ks, dat->iv, &num,
+                                dat->enc, dat->block);
+        dat->num = num;
+        return 1;
+    }
+
+    while (len >= MAXBITCHUNK) {
+        CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, dat->ks,
+                                dat->iv, &num, dat->enc, dat->block);
+        len -= MAXBITCHUNK;
+        out += MAXBITCHUNK;
+        in  += MAXBITCHUNK;
+    }
+    if (len)
+        CRYPTO_cfb128_1_encrypt(in, out, len * 8, dat->ks, dat->iv, &num,
+                                dat->enc, dat->block);
+
+    dat->num = num;
+
+    return 1;
+}
+
+int cipher_hw_generic_ctr(PROV_CIPHER_CTX *dat, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    unsigned int num = dat->num;
+
+    if (dat->stream.ctr)
+        CRYPTO_ctr128_encrypt_ctr32(in, out, len, dat->ks, dat->iv, dat->buf,
+                                    &num, dat->stream.ctr);
+    else
+        CRYPTO_ctr128_encrypt(in, out, len, dat->ks, dat->iv, dat->buf,
+                              &num, dat->block);
+    dat->num = num;
+
+    return 1;
+}
+
+/*-
+ * The chunked cipher functions for cipher modes cbc, ecb, ofb, cfb and ctr.
+ * Used if there is no special hardware implementations.
+ */
+
+int cipher_hw_chunked_cbc(PROV_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t inl)
+{
+    while (inl >= MAXCHUNK) {
+        cipher_hw_generic_cbc(ctx, out, in, MAXCHUNK);
+        inl -= MAXCHUNK;
+        in  += MAXCHUNK;
+        out += MAXCHUNK;
+    }
+    if (inl > 0)
+        cipher_hw_generic_cbc(ctx, out, in, inl);
+    return 1;
+}
+
+int cipher_hw_chunked_cfb8(PROV_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t inl)
+{
+    size_t chunk = MAXCHUNK;
+
+    if (inl < chunk)
+        chunk = inl;
+    while (inl > 0 && inl >= chunk) {
+        cipher_hw_generic_cfb8(ctx, out, in, inl);
+        inl -= chunk;
+        in += chunk;
+        out += chunk;
+        if (inl < chunk)
+            chunk = inl;
+    }
+    return 1;
+}
+
+int cipher_hw_chunked_cfb128(PROV_CIPHER_CTX *ctx, unsigned char *out,
+                             const unsigned char *in, size_t inl)
+{
+    size_t chunk = MAXCHUNK;
+
+    if (inl < chunk)
+        chunk = inl;
+    while (inl > 0 && inl >= chunk) {
+        cipher_hw_generic_cfb128(ctx, out, in, inl);
+        inl -= chunk;
+        in += chunk;
+        out += chunk;
+        if (inl < chunk)
+            chunk = inl;
+    }
+    return 1;
+}
+
+int cipher_hw_chunked_ofb128(PROV_CIPHER_CTX *ctx, unsigned char *out,
+                             const unsigned char *in, size_t inl)
+{
+    while (inl >= MAXCHUNK) {
+        cipher_hw_generic_ofb128(ctx, out, in, MAXCHUNK);
+        inl -= MAXCHUNK;
+        in  += MAXCHUNK;
+        out += MAXCHUNK;
+    }
+    if (inl > 0)
+        cipher_hw_generic_ofb128(ctx, out, in, inl);
+    return 1;
+}

providers/common/ciphers/cipher_gcm.c

@@ -7,29 +7,11 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <openssl/evp.h>
-#include <openssl/params.h>
-#include <openssl/core_numbers.h>
-#include <openssl/core_names.h>
+/* Dispatch functions for gcm mode */
+
+#include "cipher_locl.h"
 #include "internal/rand_int.h"
-#include "internal/provider_algs.h"
 #include "internal/provider_ctx.h"
-#include "internal/providercommonerr.h"
-#include "ciphers_locl.h"
-
-/* TODO(3.0) Figure out what flags are really needed */
-#define AEAD_GCM_FLAGS (EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1 \
-                       | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER      \
-                       | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT        \
-                       | EVP_CIPH_CUSTOM_COPY)
-
-static OSSL_OP_cipher_encrypt_init_fn gcm_einit;
-static OSSL_OP_cipher_decrypt_init_fn gcm_dinit;
-static OSSL_OP_cipher_get_ctx_params_fn gcm_get_ctx_params;
-static OSSL_OP_cipher_set_ctx_params_fn gcm_set_ctx_params;
-static OSSL_OP_cipher_cipher_fn gcm_cipher;
-static OSSL_OP_cipher_update_fn gcm_stream_update;
-static OSSL_OP_cipher_final_fn gcm_stream_final;
 
 static int gcm_tls_init(PROV_GCM_CTX *dat, unsigned char *aad, size_t aad_len);
 static int gcm_tls_iv_set_fixed(PROV_GCM_CTX *ctx, unsigned char *iv,
@@ -40,8 +22,8 @@ static int gcm_cipher_internal(PROV_GCM_CTX *ctx, unsigned char *out,
                                size_t *padlen, const unsigned char *in,
                                size_t len);
 
-static void gcm_initctx(void *provctx, PROV_GCM_CTX *ctx, size_t keybits,
-                        const PROV_GCM_HW *hw, size_t ivlen_min)
+void gcm_initctx(void *provctx, PROV_GCM_CTX *ctx, size_t keybits,
+                 const PROV_GCM_HW *hw, size_t ivlen_min)
 {
     ctx->pad = 1;
     ctx->mode = EVP_CIPH_GCM_MODE;
@@ -54,7 +36,7 @@ static void gcm_initctx(void *provctx, PROV_GCM_CTX *ctx, size_t keybits,
     ctx->libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
 }
 
-static void gcm_deinitctx(PROV_GCM_CTX *ctx)
+void gcm_deinitctx(PROV_GCM_CTX *ctx)
 {
     OPENSSL_cleanse(ctx->iv, sizeof(ctx->iv));
 }
@@ -86,19 +68,19 @@ static int gcm_init(void *vctx, const unsigned char *key, size_t keylen,
     return 1;
 }
 
-static int gcm_einit(void *vctx, const unsigned char *key, size_t keylen,
-                     const unsigned char *iv, size_t ivlen)
+int gcm_einit(void *vctx, const unsigned char *key, size_t keylen,
+              const unsigned char *iv, size_t ivlen)
 {
     return gcm_init(vctx, key, keylen, iv, ivlen, 1);
 }
 
-static int gcm_dinit(void *vctx, const unsigned char *key, size_t keylen,
-                     const unsigned char *iv, size_t ivlen)
+int gcm_dinit(void *vctx, const unsigned char *key, size_t keylen,
+              const unsigned char *iv, size_t ivlen)
 {
     return gcm_init(vctx, key, keylen, iv, ivlen, 0);
 }
 
-static int gcm_get_ctx_params(void *vctx, OSSL_PARAM params[])
+int gcm_get_ctx_params(void *vctx, OSSL_PARAM params[])
 {
     PROV_GCM_CTX *ctx = (PROV_GCM_CTX *)vctx;
     OSSL_PARAM *p;
@@ -149,7 +131,7 @@ static int gcm_get_ctx_params(void *vctx, OSSL_PARAM params[])
     return 1;
 }
 
-static int gcm_set_ctx_params(void *vctx, const OSSL_PARAM params[])
+int gcm_set_ctx_params(void *vctx, const OSSL_PARAM params[])
 {
     PROV_GCM_CTX *ctx = (PROV_GCM_CTX *)vctx;
     const OSSL_PARAM *p;
@@ -231,9 +213,8 @@ static int gcm_set_ctx_params(void *vctx, const OSSL_PARAM params[])
     return 1;
 }
 
-static int gcm_stream_update(void *vctx, unsigned char *out, size_t *outl,
-                             size_t outsize, const unsigned char *in,
-                             size_t inl)
+int gcm_stream_update(void *vctx, unsigned char *out, size_t *outl,
+                      size_t outsize, const unsigned char *in, size_t inl)
 {
     PROV_GCM_CTX *ctx = (PROV_GCM_CTX *)vctx;
 
@@ -249,8 +230,8 @@ static int gcm_stream_update(void *vctx, unsigned char *out, size_t *outl,
     return 1;
 }
 
-static int gcm_stream_final(void *vctx, unsigned char *out, size_t *outl,
-                            size_t outsize)
+int gcm_stream_final(void *vctx, unsigned char *out, size_t *outl,
+                     size_t outsize)
 {
     PROV_GCM_CTX *ctx = (PROV_GCM_CTX *)vctx;
     int i;
@@ -263,9 +244,9 @@ static int gcm_stream_final(void *vctx, unsigned char *out, size_t *outl,
     return 1;
 }
 
-static int gcm_cipher(void *vctx,
-                      unsigned char *out, size_t *outl, size_t outsize,
-                      const unsigned char *in, size_t inl)
+int gcm_cipher(void *vctx,
+               unsigned char *out, size_t *outl, size_t outsize,
+               const unsigned char *in, size_t inl)
 {
     PROV_GCM_CTX *ctx = (PROV_GCM_CTX *)vctx;
 
@@ -512,59 +493,3 @@ err:
     *padlen = plen;
     return rv;
 }
-
-static void *aes_gcm_newctx(void *provctx, size_t keybits)
-{
-    PROV_AES_GCM_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
-
-    if (ctx != NULL)
-        gcm_initctx(provctx, (PROV_GCM_CTX *)ctx, keybits,
-                    PROV_AES_HW_gcm(keybits), 8);
-    return ctx;
-}
-
-static OSSL_OP_cipher_freectx_fn aes_gcm_freectx;
-static void aes_gcm_freectx(void *vctx)
-{
-    PROV_AES_GCM_CTX *ctx = (PROV_AES_GCM_CTX *)vctx;
-
-    gcm_deinitctx((PROV_GCM_CTX *)ctx);
-    OPENSSL_clear_free(ctx,  sizeof(*ctx));
-}
-
-/* aes128gcm_functions */
-IMPLEMENT_aead_cipher(aes, gcm, GCM, AEAD_GCM_FLAGS, 128, 8, 96);
-/* aes192gcm_functions */
-IMPLEMENT_aead_cipher(aes, gcm, GCM, AEAD_GCM_FLAGS, 192, 8, 96);
-/* aes256gcm_functions */
-IMPLEMENT_aead_cipher(aes, gcm, GCM, AEAD_GCM_FLAGS, 256, 8, 96);
-
-#if !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE)
-
-static void *aria_gcm_newctx(void *provctx, size_t keybits)
-{
-    PROV_ARIA_GCM_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
-
-    if (ctx != NULL)
-        gcm_initctx(provctx, (PROV_GCM_CTX *)ctx, keybits,
-                    PROV_ARIA_HW_gcm(keybits), 4);
-    return ctx;
-}
-
-static OSSL_OP_cipher_freectx_fn aria_gcm_freectx;
-static void aria_gcm_freectx(void *vctx)
-{
-    PROV_ARIA_GCM_CTX *ctx = (PROV_ARIA_GCM_CTX *)vctx;
-
-    gcm_deinitctx((PROV_GCM_CTX *)ctx);
-    OPENSSL_clear_free(ctx,  sizeof(*ctx));
-}
-
-/* aria128gcm_functions */
-IMPLEMENT_aead_cipher(aria, gcm, GCM, AEAD_GCM_FLAGS, 128, 8, 96);
-/* aria192gcm_functions */
-IMPLEMENT_aead_cipher(aria, gcm, GCM, AEAD_GCM_FLAGS, 192, 8, 96);
-/* aria256gcm_functions */
-IMPLEMENT_aead_cipher(aria, gcm, GCM, AEAD_GCM_FLAGS, 256, 8, 96);
-
-#endif /* !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE) */

providers/common/ciphers/cipher_gcm.h

@@ -16,6 +16,11 @@ typedef struct prov_gcm_hw_st PROV_GCM_HW;
 #define GCM_IV_MAX_SIZE     64
 #define GCM_TAG_MAX_SIZE    16
 
+/* TODO(3.0) Figure out what flags are really needed */
+#define AEAD_FLAGS (EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1     \
+                       | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER      \
+                       | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT        \
+                       | EVP_CIPH_CUSTOM_COPY)
 
 #if defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
 /*-
@@ -146,3 +151,15 @@ typedef struct prov_aria_gcm_ctx_st {
 const PROV_GCM_HW *PROV_ARIA_HW_gcm(size_t keybits);
 
 #endif /* !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE) */
+
+OSSL_OP_cipher_encrypt_init_fn gcm_einit;
+OSSL_OP_cipher_decrypt_init_fn gcm_dinit;
+OSSL_OP_cipher_get_ctx_params_fn gcm_get_ctx_params;
+OSSL_OP_cipher_set_ctx_params_fn gcm_set_ctx_params;
+OSSL_OP_cipher_cipher_fn gcm_cipher;
+OSSL_OP_cipher_update_fn gcm_stream_update;
+OSSL_OP_cipher_final_fn gcm_stream_final;
+void gcm_deinitctx(PROV_GCM_CTX *ctx);
+void gcm_initctx(void *provctx, PROV_GCM_CTX *ctx, size_t keybits,
+                 const PROV_GCM_HW *hw, size_t ivlen_min);
+

providers/common/ciphers/cipher_gcm_hw.c

@@ -7,8 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "ciphers_locl.h"
-#include "internal/aes_platform.h"
+#include "cipher_locl.h"
 
 static const PROV_GCM_HW aes_gcm;
 
@@ -30,78 +29,11 @@ static int gcm_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in,
     ctx->key_set = 1;
 
 #if defined(AESNI_CAPABLE)
-
-/* AES-NI section */
-static int aesni_gcm_init_key(PROV_GCM_CTX *ctx, const unsigned char *key,
-                              size_t keylen)
-{
-    PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx;
-    AES_KEY *ks = &actx->ks.ks;
-
-    SET_KEY_CTR_FN(ks, aesni_set_encrypt_key, aesni_encrypt,
-                   aesni_ctr32_encrypt_blocks);
-    return 1;
-}
-
-static const PROV_GCM_HW aesni_gcm = {
-    aesni_gcm_init_key,
-    gcm_setiv,
-    gcm_aad_update,
-    gcm_cipher_update,
-    gcm_cipher_final,
-    gcm_one_shot
-};
-
-const PROV_GCM_HW *PROV_AES_HW_gcm(size_t keybits)
-{
-    return AESNI_CAPABLE ? &aesni_gcm : &aes_gcm;
-}
-
+# include "cipher_aes_gcm_hw_aesni.inc"
 #elif defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
-
-/* Fujitsu SPARC64 X support */
-
-static int t4_aes_gcm_init_key(PROV_GCM_CTX *ctx, const unsigned char *key,
-                               size_t keylen)
-{
-    ctr128_f ctr;
-    PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx;
-    AES_KEY *ks = &actx->ks.ks;
-
-
-    switch (keylen) {
-    case 16:
-        ctr = (ctr128_f)aes128_t4_ctr32_encrypt;
-        break;
-    case 24:
-        ctr = (ctr128_f)aes192_t4_ctr32_encrypt;
-        break;
-    case 32:
-        ctr = (ctr128_f)aes256_t4_ctr32_encrypt;
-        break;
-    default:
-        return 0;
-    }
-
-    SET_KEY_CTR_FN(ks, aes_t4_set_encrypt_key, aes_t4_encrypt, ctr);
-    return 1;
-}
-
-static const PROV_GCM_HW t4_aes_gcm = {
-    t4_aes_gcm_init_key,
-    gcm_setiv,
-    gcm_aad_update,
-    gcm_cipher_update,
-    gcm_cipher_final,
-    gcm_one_shot
-};
-const PROV_GCM_HW *PROV_AES_HW_gcm(size_t keybits)
-{
-    return SPARC_AES_CAPABLE ? &t4_aes_gcm : &aes_gcm;
-}
-
+# include "cipher_aes_gcm_hw_t4.inc"
 #elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
-# include "gcm_s390x.c"
+# include "cipher_aes_gcm_hw_s390x.inc"
 #else
 const PROV_GCM_HW *PROV_AES_HW_gcm(size_t keybits)
 {
@@ -109,8 +41,8 @@ const PROV_GCM_HW *PROV_AES_HW_gcm(size_t keybits)
 }
 #endif
 
-static int generic_aes_gcm_init_key(PROV_GCM_CTX *ctx, const unsigned char *key,
-                                    size_t keylen)
+static int generic_aes_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key,
+                                   size_t keylen)
 {
     PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx;
     AES_KEY *ks = &actx->ks.ks;
@@ -258,7 +190,7 @@ err:
 }
 
 static const PROV_GCM_HW aes_gcm = {
-    generic_aes_gcm_init_key,
+    generic_aes_gcm_initkey,
     gcm_setiv,
     gcm_aad_update,
     gcm_cipher_update,
@@ -266,42 +198,4 @@ static const PROV_GCM_HW aes_gcm = {
     gcm_one_shot
 };
 
-#if !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE)
-
-static int aria_gcm_init_key(PROV_GCM_CTX *ctx, const unsigned char *key,
-                             size_t keylen)
-{
-    PROV_ARIA_GCM_CTX *actx = (PROV_ARIA_GCM_CTX *)ctx;
-    ARIA_KEY *ks = &actx->ks.ks;
-
-    SET_KEY_CTR_FN(ks, aria_set_encrypt_key, aria_encrypt, NULL);
-    return 1;
-}
-
-static int aria_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in,
-                              size_t len, unsigned char *out)
-{
-    if (ctx->enc) {
-        if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, len))
-            return 0;
-    } else {
-        if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, len))
-            return 0;
-    }
-    return 1;
-}
-
-static const PROV_GCM_HW aria_gcm = {
-    aria_gcm_init_key,
-    gcm_setiv,
-    gcm_aad_update,
-    aria_cipher_update,
-    gcm_cipher_final,
-    gcm_one_shot
-};
-const PROV_GCM_HW *PROV_ARIA_HW_gcm(size_t keybits)
-{
-    return &aria_gcm;
-}
-
-#endif /* !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE) */
+#include "cipher_aria_gcm_hw.inc"

providers/common/ciphers/cipher_locl.h

@@ -0,0 +1,193 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/opensslconf.h>
+#include <openssl/params.h>
+#include <openssl/core_numbers.h>
+#include <openssl/core_names.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include "internal/cryptlib.h"
+#include "internal/modes_int.h"
+#include "internal/provider_algs.h"
+#include "internal/providercommonerr.h"
+#include "internal/ciphermode_platform.h"
+
+#define GENERIC_BLOCK_SIZE 16
+#define IV_STATE_UNINITIALISED 0  /* initial state is not initialized */
+#define IV_STATE_BUFFERED      1  /* iv has been copied to the iv buffer */
+#define IV_STATE_COPIED        2  /* iv has been copied from the iv buffer */
+#define IV_STATE_FINISHED      3  /* the iv has been used - so don't reuse it */
+
+#define PROV_CIPHER_FUNC(type, name, args) typedef type (* OSSL_##name##_fn)args
+
+typedef struct prov_cipher_hw_st PROV_CIPHER_HW;
+typedef struct prov_cipher_ctx_st PROV_CIPHER_CTX;
+
+typedef int (PROV_CIPHER_HW_FN)(PROV_CIPHER_CTX *dat, unsigned char *out,
+                                const unsigned char *in, size_t len);
+
+struct prov_cipher_ctx_st {
+    block128_f block;
+    union {
+        cbc128_f cbc;
+        ctr128_f ctr;
+    } stream;
+
+    /*
+     * num contains the number of bytes of |iv| which are valid for modes that
+     * manage partial blocks themselves.
+     */
+    size_t num;
+
+    int mode;
+    int enc;              /* Set to 1 for encrypt, or 0 otherwise */
+    size_t bufsz;         /* Number of bytes in buf */
+    size_t keylen;        /* key size (in bytes) */
+    size_t blocksize;
+    uint64_t flags;
+    unsigned int pad : 1; /* Whether padding should be used or not */
+
+    /* Buffer of partial blocks processed via update calls */
+    unsigned char buf[GENERIC_BLOCK_SIZE];
+    unsigned char iv[GENERIC_BLOCK_SIZE];
+    const PROV_CIPHER_HW *hw; /* hardware specific functions */
+    const void *ks; /* Pointer to algorithm specific key data */
+};
+
+struct prov_cipher_hw_st {
+    int (*init)(PROV_CIPHER_CTX *dat, const uint8_t *key, size_t keylen);
+    PROV_CIPHER_HW_FN *cipher;
+};
+
+OSSL_OP_cipher_encrypt_init_fn cipher_generic_einit;
+OSSL_OP_cipher_decrypt_init_fn cipher_generic_dinit;
+OSSL_OP_cipher_update_fn cipher_generic_block_update;
+OSSL_OP_cipher_final_fn cipher_generic_block_final;
+OSSL_OP_cipher_update_fn cipher_generic_stream_update;
+OSSL_OP_cipher_final_fn cipher_generic_stream_final;
+OSSL_OP_cipher_cipher_fn cipher_generic_cipher;
+OSSL_OP_cipher_get_ctx_params_fn cipher_generic_get_ctx_params;
+OSSL_OP_cipher_set_ctx_params_fn cipher_generic_set_ctx_params;
+OSSL_OP_cipher_gettable_params_fn     cipher_default_gettable_params;
+OSSL_OP_cipher_gettable_ctx_params_fn cipher_default_gettable_ctx_params;
+OSSL_OP_cipher_settable_ctx_params_fn cipher_default_settable_ctx_params;
+OSSL_OP_cipher_gettable_ctx_params_fn cipher_aead_gettable_ctx_params;
+OSSL_OP_cipher_settable_ctx_params_fn cipher_aead_settable_ctx_params;
+int cipher_default_get_params(OSSL_PARAM params[], int md, unsigned long flags,
+                              int kbits, int blkbits, int ivbits);
+void cipher_generic_initkey(void *vctx, int kbits, int blkbits, int mode,
+                            const PROV_CIPHER_HW *ciph);
+
+size_t fillblock(unsigned char *buf, size_t *buflen, size_t blocksize,
+                 const unsigned char **in, size_t *inlen);
+int trailingdata(unsigned char *buf, size_t *buflen, size_t blocksize,
+                 const unsigned char **in, size_t *inlen);
+void padblock(unsigned char *buf, size_t *buflen, size_t blocksize);
+int unpadblock(unsigned char *buf, size_t *buflen, size_t blocksize);
+
+#include "cipher_aes.h"
+#include "cipher_aria.h"
+#include "cipher_camellia.h"
+#include "cipher_gcm.h"
+#include "cipher_ccm.h"
+
+#define IMPLEMENT_generic_cipher(alg, UCALG, lcmode, UCMODE, flags, kbits,     \
+                                 blkbits, ivbits, typ)                         \
+static OSSL_OP_cipher_get_params_fn alg##_##kbits##_##lcmode##_get_params;     \
+static int alg##_##kbits##_##lcmode##_get_params(OSSL_PARAM params[])          \
+{                                                                              \
+    return cipher_default_get_params(params, EVP_CIPH_##UCMODE##_MODE, flags,  \
+                                     kbits, blkbits, ivbits);                  \
+}                                                                              \
+static OSSL_OP_cipher_newctx_fn alg##_##kbits##_##lcmode##_newctx;             \
+static void * alg##_##kbits##_##lcmode##_newctx(void *provctx)                 \
+{                                                                              \
+     PROV_##UCALG##_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));                   \
+     if (ctx != NULL) {                                                        \
+         cipher_generic_initkey(ctx, kbits, blkbits, EVP_CIPH_##UCMODE##_MODE, \
+                                PROV_CIPHER_HW_##alg##_##lcmode(kbits));       \
+     }                                                                         \
+     return ctx;                                                               \
+}                                                                              \
+const OSSL_DISPATCH alg##kbits##lcmode##_functions[] = {                       \
+    { OSSL_FUNC_CIPHER_NEWCTX,                                                 \
+      (void (*)(void)) alg##_##kbits##_##lcmode##_newctx },                    \
+    { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void)) alg##_freectx },              \
+    { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void)) alg##_dupctx },                \
+    { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))cipher_generic_einit },   \
+    { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))cipher_generic_dinit },   \
+    { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))cipher_generic_##typ##_update },\
+    { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))cipher_generic_##typ##_final },  \
+    { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))cipher_generic_cipher },        \
+    { OSSL_FUNC_CIPHER_GET_PARAMS,                                             \
+      (void (*)(void)) alg##_##kbits##_##lcmode##_get_params },                \
+    { OSSL_FUNC_CIPHER_GET_CTX_PARAMS,                                         \
+      (void (*)(void))cipher_generic_get_ctx_params },                         \
+    { OSSL_FUNC_CIPHER_SET_CTX_PARAMS,                                         \
+      (void (*)(void))cipher_generic_set_ctx_params },                         \
+    { OSSL_FUNC_CIPHER_GETTABLE_PARAMS,                                        \
+      (void (*)(void))cipher_default_gettable_params },                        \
+    { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS,                                    \
+      (void (*)(void))cipher_default_gettable_ctx_params },                    \
+    { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS,                                    \
+     (void (*)(void))cipher_default_settable_ctx_params },                     \
+    { 0, NULL }                                                                \
+};
+
+#define IMPLEMENT_aead_cipher(alg, lc, UCMODE, flags, kbits, blkbits, ivbits)  \
+static OSSL_OP_cipher_get_params_fn alg##_##kbits##_##lc##_get_params;         \
+static int alg##_##kbits##_##lc##_get_params(OSSL_PARAM params[])              \
+{                                                                              \
+    return cipher_default_get_params(params, EVP_CIPH_##UCMODE##_MODE,         \
+                                     flags, kbits, blkbits, ivbits);           \
+}                                                                              \
+static OSSL_OP_cipher_newctx_fn alg##kbits##lc##_newctx;                       \
+static void * alg##kbits##lc##_newctx(void *provctx)                           \
+{                                                                              \
+    return alg##_##lc##_newctx(provctx, kbits);                                \
+}                                                                              \
+const OSSL_DISPATCH alg##kbits##lc##_functions[] = {                           \
+    { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))alg##kbits##lc##_newctx },      \
+    { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))alg##_##lc##_freectx },        \
+    { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void)) lc##_einit },            \
+    { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void)) lc##_dinit },            \
+    { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void)) lc##_stream_update },          \
+    { OSSL_FUNC_CIPHER_FINAL, (void (*)(void)) lc##_stream_final },            \
+    { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void)) lc##_cipher },                 \
+    { OSSL_FUNC_CIPHER_GET_PARAMS,                                             \
+      (void (*)(void)) alg##_##kbits##_##lc##_get_params },                    \
+    { OSSL_FUNC_CIPHER_GET_CTX_PARAMS,                                         \
+      (void (*)(void)) lc##_get_ctx_params },                                  \
+    { OSSL_FUNC_CIPHER_SET_CTX_PARAMS,                                         \
+      (void (*)(void)) lc##_set_ctx_params },                                  \
+    { OSSL_FUNC_CIPHER_GETTABLE_PARAMS,                                        \
+      (void (*)(void))cipher_default_gettable_params },                        \
+    { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS,                                    \
+      (void (*)(void))cipher_aead_gettable_ctx_params },                       \
+    { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS,                                    \
+      (void (*)(void))cipher_aead_settable_ctx_params },                       \
+    { 0, NULL }                                                                \
+}
+
+PROV_CIPHER_HW_FN cipher_hw_generic_cbc;
+PROV_CIPHER_HW_FN cipher_hw_generic_ecb;
+PROV_CIPHER_HW_FN cipher_hw_generic_ofb128;
+PROV_CIPHER_HW_FN cipher_hw_generic_cfb128;
+PROV_CIPHER_HW_FN cipher_hw_generic_cfb8;
+PROV_CIPHER_HW_FN cipher_hw_generic_cfb1;
+PROV_CIPHER_HW_FN cipher_hw_generic_ctr;
+PROV_CIPHER_HW_FN cipher_hw_chunked_cbc;
+PROV_CIPHER_HW_FN cipher_hw_chunked_cfb8;
+PROV_CIPHER_HW_FN cipher_hw_chunked_cfb128;
+PROV_CIPHER_HW_FN cipher_hw_chunked_ofb128;
+#define cipher_hw_chunked_ecb  cipher_hw_generic_ecb
+#define cipher_hw_chunked_ctr  cipher_hw_generic_ctr
+#define cipher_hw_chunked_cfb1 cipher_hw_generic_cfb1

providers/common/ciphers/ciphers_common.c

@@ -1,115 +0,0 @@
-/*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <openssl/core_names.h>
-#include <openssl/params.h>
-#include "ciphers_locl.h"
-#include "internal/provider_algs.h"
-#include "internal/providercommonerr.h"
-
-/*-
- * Default cipher functions for OSSL_PARAM gettables and settables
- */
-static const OSSL_PARAM cipher_known_gettable_params[] = {
-    OSSL_PARAM_int(OSSL_CIPHER_PARAM_MODE, NULL),
-    OSSL_PARAM_int(OSSL_CIPHER_PARAM_KEYLEN, NULL),
-    OSSL_PARAM_int(OSSL_CIPHER_PARAM_IVLEN, NULL),
-    OSSL_PARAM_int(OSSL_CIPHER_PARAM_BLOCK_SIZE, NULL),
-    OSSL_PARAM_END
-};
-const OSSL_PARAM *cipher_default_gettable_params(void)
-{
-    return cipher_known_gettable_params;
-}
-
-int cipher_default_get_params(OSSL_PARAM params[], int md, unsigned long flags,
-                              int kbits, int blkbits, int ivbits)
-{
-    OSSL_PARAM *p;
-
-    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_MODE);
-    if (p != NULL && !OSSL_PARAM_set_int(p, md)) {
-        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
-        return 0;
-    }
-    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_FLAGS);
-    if (p != NULL && !OSSL_PARAM_set_ulong(p, flags)) {
-        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
-        return 0;
-    }
-    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
-    if (p != NULL && !OSSL_PARAM_set_int(p, kbits / 8)) {
-        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
-        return 0;
-    }
-    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_BLOCK_SIZE);
-    if (p != NULL && !OSSL_PARAM_set_int(p, blkbits / 8)) {
-        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
-        return 0;
-    }
-    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
-    if (p != NULL && !OSSL_PARAM_set_int(p, ivbits / 8)) {
-        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
-        return 0;
-    }
-    return 1;
-}
-
-static const OSSL_PARAM cipher_known_gettable_ctx_params[] = {
-    OSSL_PARAM_int(OSSL_CIPHER_PARAM_KEYLEN, NULL),
-    OSSL_PARAM_int(OSSL_CIPHER_PARAM_IVLEN, NULL),
-    OSSL_PARAM_int(OSSL_CIPHER_PARAM_PADDING, NULL),
-    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_NUM, NULL),
-    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),
-    OSSL_PARAM_END
-};
-const OSSL_PARAM *cipher_default_gettable_ctx_params(void)
-{
-    return cipher_known_gettable_ctx_params;
-}
-
-static const OSSL_PARAM cipher_known_settable_ctx_params[] = {
-    OSSL_PARAM_int(OSSL_CIPHER_PARAM_KEYLEN, NULL),
-    OSSL_PARAM_int(OSSL_CIPHER_PARAM_PADDING, NULL),
-    OSSL_PARAM_int(OSSL_CIPHER_PARAM_NUM, NULL),
-    OSSL_PARAM_END
-};
-const OSSL_PARAM *cipher_default_settable_ctx_params(void)
-{
-    return cipher_known_settable_ctx_params;
-}
-
-/*-
- * AEAD cipher functions for OSSL_PARAM gettables and settables
- */
-static const OSSL_PARAM cipher_aead_known_gettable_ctx_params[] = {
-    OSSL_PARAM_int(OSSL_CIPHER_PARAM_KEYLEN, NULL),
-    OSSL_PARAM_int(OSSL_CIPHER_PARAM_IVLEN, NULL),
-    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),
-    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
-    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL),
-    OSSL_PARAM_END
-};
-const OSSL_PARAM *cipher_aead_gettable_ctx_params(void)
-{
-    return cipher_aead_known_gettable_ctx_params;
-}
-
-static const OSSL_PARAM cipher_aead_known_settable_ctx_params[] = {
-    OSSL_PARAM_int(OSSL_CIPHER_PARAM_KEYLEN, NULL),
-    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, NULL),
-    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
-    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD, NULL, 0),
-    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED, NULL, 0),
-    OSSL_PARAM_END
-};
-const OSSL_PARAM *cipher_aead_settable_ctx_params(void)
-{
-    return cipher_aead_known_settable_ctx_params;
-}

providers/common/ciphers/ciphers_locl.h

@@ -1,165 +0,0 @@
-/*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <openssl/opensslconf.h>
-#include <openssl/aes.h>
-#include <openssl/params.h>
-#include <openssl/core_numbers.h>
-#include "internal/cryptlib.h"
-#include "internal/modes_int.h"
-
-#define IV_STATE_UNINITIALISED 0  /* initial state is not initialized */
-#define IV_STATE_BUFFERED      1  /* iv has been copied to the iv buffer */
-#define IV_STATE_COPIED        2  /* iv has been copied from the iv buffer */
-#define IV_STATE_FINISHED      3  /* the iv has been used - so don't reuse it */
-
-#define PROV_CIPHER_FUNC(type, name, args) typedef type (* OSSL_##name##_fn)args
-
-typedef struct prov_aes_cipher_st PROV_AES_CIPHER;
-
-typedef struct prov_aes_key_st {
-    union {
-        OSSL_UNION_ALIGN;
-        AES_KEY ks;
-    } ks;
-    block128_f block;
-    union {
-        cbc128_f cbc;
-        ctr128_f ctr;
-    } stream;
-
-    /* Platform specific data */
-    union {
-        int dummy;
-#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
-        struct {
-            union {
-                OSSL_UNION_ALIGN;
-                /*-
-                 * KM-AES parameter block - begin
-                 * (see z/Architecture Principles of Operation >= SA22-7832-06)
-                 */
-                struct {
-                    unsigned char k[32];
-                } km;
-                /* KM-AES parameter block - end */
-                /*-
-                 * KMO-AES/KMF-AES parameter block - begin
-                 * (see z/Architecture Principles of Operation >= SA22-7832-08)
-                 */
-                struct {
-                    unsigned char cv[16];
-                    unsigned char k[32];
-                } kmo_kmf;
-                /* KMO-AES/KMF-AES parameter block - end */
-            } param;
-            unsigned int fc;
-            int res;
-        } s390x;
-#endif /* defined(OPENSSL_CPUID_OBJ) && defined(__s390__) */
-    } plat;
-
-    /* The cipher functions we are going to use */
-    const PROV_AES_CIPHER *ciph;
-
-    /* The mode that we are using */
-    int mode;
-
-    /* Set to 1 if we are encrypting or 0 otherwise */
-    int enc;
-
-    unsigned char iv[AES_BLOCK_SIZE];
-
-    /*
-     * num contains the number of bytes of |iv| which are valid for modes that
-     * manage partial blocks themselves.
-     */
-    size_t num;
-
-    /* Buffer of partial blocks processed via update calls */
-    unsigned char buf[AES_BLOCK_SIZE];
-
-    /* Number of bytes in buf */
-    size_t bufsz;
-
-    uint64_t flags;
-
-    size_t keylen;
-
-    /* Whether padding should be used or not */
-    unsigned int pad : 1;
-} PROV_AES_KEY;
-
-struct prov_aes_cipher_st {
-    int (*init)(PROV_AES_KEY *dat, const uint8_t *key, size_t keylen);
-    int (*cipher)(PROV_AES_KEY *dat, uint8_t *out, const uint8_t *in,
-                size_t inl);
-};
-
-#include "ciphers_gcm.h"
-#include "ciphers_ccm.h"
-
-const PROV_AES_CIPHER *PROV_AES_CIPHER_ecb(size_t keylen);
-const PROV_AES_CIPHER *PROV_AES_CIPHER_cbc(size_t keylen);
-const PROV_AES_CIPHER *PROV_AES_CIPHER_ofb(size_t keylen);
-const PROV_AES_CIPHER *PROV_AES_CIPHER_cfb(size_t keylen);
-const PROV_AES_CIPHER *PROV_AES_CIPHER_cfb1(size_t keylen);
-const PROV_AES_CIPHER *PROV_AES_CIPHER_cfb8(size_t keylen);
-const PROV_AES_CIPHER *PROV_AES_CIPHER_ctr(size_t keylen);
-
-size_t fillblock(unsigned char *buf, size_t *buflen, size_t blocksize,
-                 const unsigned char **in, size_t *inlen);
-int trailingdata(unsigned char *buf, size_t *buflen, size_t blocksize,
-                 const unsigned char **in, size_t *inlen);
-void padblock(unsigned char *buf, size_t *buflen, size_t blocksize);
-int unpadblock(unsigned char *buf, size_t *buflen, size_t blocksize);
-
-OSSL_OP_cipher_gettable_params_fn     cipher_default_gettable_params;
-OSSL_OP_cipher_gettable_ctx_params_fn cipher_default_gettable_ctx_params;
-OSSL_OP_cipher_settable_ctx_params_fn cipher_default_settable_ctx_params;
-OSSL_OP_cipher_gettable_ctx_params_fn cipher_aead_gettable_ctx_params;
-OSSL_OP_cipher_settable_ctx_params_fn cipher_aead_settable_ctx_params;
-
-int cipher_default_get_params(OSSL_PARAM params[], int md, unsigned long flags,
-                              int kbits, int blkbits, int ivbits);
-
-#define IMPLEMENT_aead_cipher(alg, lc, UCMODE, flags, kbits, blkbits, ivbits)  \
-    static OSSL_OP_cipher_get_params_fn alg##_##kbits##_##lc##_get_params;     \
-    static int alg##_##kbits##_##lc##_get_params(OSSL_PARAM params[])          \
-    {                                                                          \
-        return cipher_default_get_params(params, EVP_CIPH_##UCMODE##_MODE,     \
-                                         flags, kbits, blkbits, ivbits);       \
-    }                                                                          \
-    static OSSL_OP_cipher_newctx_fn alg##kbits##lc##_newctx;                   \
-    static void * alg##kbits##lc##_newctx(void *provctx)                       \
-    {                                                                          \
-        return alg##_##lc##_newctx(provctx, kbits);                            \
-    }                                                                          \
-    const OSSL_DISPATCH alg##kbits##lc##_functions[] = {                       \
-        { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))alg##kbits##lc##_newctx },  \
-        { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))alg##_##lc##_freectx },    \
-        { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void)) lc##_einit },        \
-        { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void)) lc##_dinit },        \
-        { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void)) lc##_stream_update },      \
-        { OSSL_FUNC_CIPHER_FINAL, (void (*)(void)) lc##_stream_final },        \
-        { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void)) lc##_cipher },             \
-        { OSSL_FUNC_CIPHER_GET_PARAMS,                                         \
-            (void (*)(void)) alg##_##kbits##_##lc##_get_params },              \
-        { OSSL_FUNC_CIPHER_GET_CTX_PARAMS,                                     \
-            (void (*)(void)) lc##_get_ctx_params },                            \
-        { OSSL_FUNC_CIPHER_SET_CTX_PARAMS,                                     \
-            (void (*)(void)) lc##_set_ctx_params },                            \
-        { OSSL_FUNC_CIPHER_GETTABLE_PARAMS,                                    \
-                (void (*)(void))cipher_default_gettable_params },              \
-        { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS,                                \
-                (void (*)(void))cipher_aead_gettable_ctx_params },             \
-        { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS,                                \
-                (void (*)(void))cipher_aead_settable_ctx_params },             \
-        { 0, NULL }                                                            \
-    }

providers/common/include/internal/provider_algs.h

@@ -69,7 +69,51 @@ extern const OSSL_DISPATCH aria128gcm_functions[];
 extern const OSSL_DISPATCH aria256ccm_functions[];
 extern const OSSL_DISPATCH aria192ccm_functions[];
 extern const OSSL_DISPATCH aria128ccm_functions[];
+extern const OSSL_DISPATCH aria256ecb_functions[];
+extern const OSSL_DISPATCH aria192ecb_functions[];
+extern const OSSL_DISPATCH aria128ecb_functions[];
+extern const OSSL_DISPATCH aria256cbc_functions[];
+extern const OSSL_DISPATCH aria192cbc_functions[];
+extern const OSSL_DISPATCH aria128cbc_functions[];
+extern const OSSL_DISPATCH aria256ofb_functions[];
+extern const OSSL_DISPATCH aria192ofb_functions[];
+extern const OSSL_DISPATCH aria128ofb_functions[];
+extern const OSSL_DISPATCH aria256cfb_functions[];
+extern const OSSL_DISPATCH aria192cfb_functions[];
+extern const OSSL_DISPATCH aria128cfb_functions[];
+extern const OSSL_DISPATCH aria256cfb1_functions[];
+extern const OSSL_DISPATCH aria192cfb1_functions[];
+extern const OSSL_DISPATCH aria128cfb1_functions[];
+extern const OSSL_DISPATCH aria256cfb8_functions[];
+extern const OSSL_DISPATCH aria192cfb8_functions[];
+extern const OSSL_DISPATCH aria128cfb8_functions[];
+extern const OSSL_DISPATCH aria256ctr_functions[];
+extern const OSSL_DISPATCH aria192ctr_functions[];
+extern const OSSL_DISPATCH aria128ctr_functions[];
 #endif /* OPENSSL_NO_ARIA */
+#ifndef OPENSSL_NO_CAMELLIA
+extern const OSSL_DISPATCH camellia256ecb_functions[];
+extern const OSSL_DISPATCH camellia192ecb_functions[];
+extern const OSSL_DISPATCH camellia128ecb_functions[];
+extern const OSSL_DISPATCH camellia256cbc_functions[];
+extern const OSSL_DISPATCH camellia192cbc_functions[];
+extern const OSSL_DISPATCH camellia128cbc_functions[];
+extern const OSSL_DISPATCH camellia256ofb_functions[];
+extern const OSSL_DISPATCH camellia192ofb_functions[];
+extern const OSSL_DISPATCH camellia128ofb_functions[];
+extern const OSSL_DISPATCH camellia256cfb_functions[];
+extern const OSSL_DISPATCH camellia192cfb_functions[];
+extern const OSSL_DISPATCH camellia128cfb_functions[];
+extern const OSSL_DISPATCH camellia256cfb1_functions[];
+extern const OSSL_DISPATCH camellia192cfb1_functions[];
+extern const OSSL_DISPATCH camellia128cfb1_functions[];
+extern const OSSL_DISPATCH camellia256cfb8_functions[];
+extern const OSSL_DISPATCH camellia192cfb8_functions[];
+extern const OSSL_DISPATCH camellia128cfb8_functions[];
+extern const OSSL_DISPATCH camellia256ctr_functions[];
+extern const OSSL_DISPATCH camellia192ctr_functions[];
+extern const OSSL_DISPATCH camellia128ctr_functions[];
+#endif /* OPENSSL_NO_CAMELLIA */
 
 /* MACs */
 extern const OSSL_DISPATCH blake2bmac_functions[];

providers/common/include/internal/providercommonerr.h

@@ -41,7 +41,7 @@ int ERR_load_PROV_strings(void);
 #  define PROV_F_GMAC_SET_PARAMS                           0
 #  define PROV_F_KMAC_SET_PARAMS                           0
 #  define PROV_F_POLY1305_SET_PARAMS                       0
-#  define PROV_F_PROV_AES_KEY_GENERIC_INIT                 0
+#  define PROV_F_PROV_AES_CTX_GENERIC_INIT                 0
 #  define PROV_F_TRAILINGDATA                              0
 #  define PROV_F_UNPADBLOCK                                0
 # endif

providers/default/defltprov.c

@@ -128,7 +128,51 @@ static const OSSL_ALGORITHM deflt_ciphers[] = {
     { "ARIA-256-CCM", "default=yes", aria256ccm_functions },
     { "ARIA-192-CCM", "default=yes", aria192ccm_functions },
     { "ARIA-128-CCM", "default=yes", aria128ccm_functions },
+    { "ARIA-256-ECB", "default=yes", aria256ecb_functions },
+    { "ARIA-192-ECB", "default=yes", aria192ecb_functions },
+    { "ARIA-128-ECB", "default=yes", aria128ecb_functions },
+    { "ARIA-256-CBC", "default=yes", aria256cbc_functions },
+    { "ARIA-192-CBC", "default=yes", aria192cbc_functions },
+    { "ARIA-128-CBC", "default=yes", aria128cbc_functions },
+    { "ARIA-256-OFB", "default=yes", aria256ofb_functions },
+    { "ARIA-192-OFB", "default=yes", aria192ofb_functions },
+    { "ARIA-128-OFB", "default=yes", aria128ofb_functions },
+    { "ARIA-256-CFB", "default=yes", aria256cfb_functions },
+    { "ARIA-192-CFB", "default=yes", aria192cfb_functions },
+    { "ARIA-128-CFB", "default=yes", aria128cfb_functions },
+    { "ARIA-256-CFB1", "default=yes", aria256cfb1_functions },
+    { "ARIA-192-CFB1", "default=yes", aria192cfb1_functions },
+    { "ARIA-128-CFB1", "default=yes", aria128cfb1_functions },
+    { "ARIA-256-CFB8", "default=yes", aria256cfb8_functions },
+    { "ARIA-192-CFB8", "default=yes", aria192cfb8_functions },
+    { "ARIA-128-CFB8", "default=yes", aria128cfb8_functions },
+    { "ARIA-256-CTR", "default=yes", aria256ctr_functions },
+    { "ARIA-192-CTR", "default=yes", aria192ctr_functions },
+    { "ARIA-128-CTR", "default=yes", aria128ctr_functions },
 #endif /* OPENSSL_NO_ARIA */
+#ifndef OPENSSL_NO_CAMELLIA
+    { "CAMELLIA-256-ECB", "default=yes", camellia256ecb_functions },
+    { "CAMELLIA-192-ECB", "default=yes", camellia192ecb_functions },
+    { "CAMELLIA-128-ECB", "default=yes", camellia128ecb_functions },
+    { "CAMELLIA-256-CBC", "default=yes", camellia256cbc_functions },
+    { "CAMELLIA-192-CBC", "default=yes", camellia192cbc_functions },
+    { "CAMELLIA-128-CBC", "default=yes", camellia128cbc_functions },
+    { "CAMELLIA-256-OFB", "default=yes", camellia256ofb_functions },
+    { "CAMELLIA-192-OFB", "default=yes", camellia192ofb_functions },
+    { "CAMELLIA-128-OFB", "default=yes", camellia128ofb_functions },
+    { "CAMELLIA-256-CFB", "default=yes", camellia256cfb_functions },
+    { "CAMELLIA-192-CFB", "default=yes", camellia192cfb_functions },
+    { "CAMELLIA-128-CFB", "default=yes", camellia128cfb_functions },
+    { "CAMELLIA-256-CFB1", "default=yes", camellia256cfb1_functions },
+    { "CAMELLIA-192-CFB1", "default=yes", camellia192cfb1_functions },
+    { "CAMELLIA-128-CFB1", "default=yes", camellia128cfb1_functions },
+    { "CAMELLIA-256-CFB8", "default=yes", camellia256cfb8_functions },
+    { "CAMELLIA-192-CFB8", "default=yes", camellia192cfb8_functions },
+    { "CAMELLIA-128-CFB8", "default=yes", camellia128cfb8_functions },
+    { "CAMELLIA-256-CTR", "default=yes", camellia256ctr_functions },
+    { "CAMELLIA-192-CTR", "default=yes", camellia192ctr_functions },
+    { "CAMELLIA-128-CTR", "default=yes", camellia128ctr_functions },
+#endif /* OPENSSL_NO_CAMELLIA */
     { NULL, NULL, NULL }
 };
 

test/recipes/30-test_evp_data/evpciph.txt

@@ -1550,34 +1550,40 @@ Title = Camellia tests from RFC3713
 # For all ECB encrypts and decrypts, the transformed sequence is
 #   CAMELLIA-bits-ECB:key::plaintext:ciphertext:encdec
 Cipher = CAMELLIA-128-ECB
+Availablein = default
 Key = 0123456789abcdeffedcba9876543210
 Plaintext = 0123456789abcdeffedcba9876543210
 Ciphertext = 67673138549669730857065648eabe43
 
 Cipher = CAMELLIA-192-ECB
+Availablein = default
 Key = 0123456789abcdeffedcba98765432100011223344556677
 Plaintext = 0123456789abcdeffedcba9876543210
 Ciphertext = b4993401b3e996f84ee5cee7d79b09b9
 
 Cipher = CAMELLIA-256-ECB
+Availablein = default
 Key = 0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff
 Plaintext = 0123456789abcdeffedcba9876543210
 Ciphertext = 9acc237dff16d76c20ef7c919e3a7509
 
 # ECB-CAMELLIA128.Encrypt
 Cipher = CAMELLIA-128-ECB
+Availablein = default
 Key = 000102030405060708090A0B0C0D0E0F
 Operation = ENCRYPT
 Plaintext = 00112233445566778899AABBCCDDEEFF
 Ciphertext = 77CF412067AF8270613529149919546F
 
 Cipher = CAMELLIA-192-ECB
+Availablein = default
 Key = 000102030405060708090A0B0C0D0E0F1011121314151617
 Operation = ENCRYPT
 Plaintext = 00112233445566778899AABBCCDDEEFF
 Ciphertext = B22F3C36B72D31329EEE8ADDC2906C68
 
 Cipher = CAMELLIA-256-ECB
+Availablein = default
 Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
 Operation = ENCRYPT
 Plaintext = 00112233445566778899AABBCCDDEEFF
@@ -1586,21 +1592,25 @@ Ciphertext = 2EDF1F3418D53B88841FC8985FB1ECF2
 
 # ECB-CAMELLIA128.Encrypt and ECB-CAMELLIA128.Decrypt
 Cipher = CAMELLIA-128-ECB
+Availablein = default
 Key = 2B7E151628AED2A6ABF7158809CF4F3C
 Plaintext = 6BC1BEE22E409F96E93D7E117393172A
 Ciphertext = 432FC5DCD628115B7C388D770B270C96
 
 Cipher = CAMELLIA-128-ECB
+Availablein = default
 Key = 2B7E151628AED2A6ABF7158809CF4F3C
 Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
 Ciphertext = 0BE1F14023782A22E8384C5ABB7FAB2B
 
 Cipher = CAMELLIA-128-ECB
+Availablein = default
 Key = 2B7E151628AED2A6ABF7158809CF4F3C
 Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
 Ciphertext = A0A1ABCD1893AB6FE0FE5B65DF5F8636
 
 Cipher = CAMELLIA-128-ECB
+Availablein = default
 Key = 2B7E151628AED2A6ABF7158809CF4F3C
 Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
 Ciphertext = E61925E0D5DFAA9BB29F815B3076E51A
@@ -1608,21 +1618,25 @@ Ciphertext = E61925E0D5DFAA9BB29F815B3076E51A
 
 # ECB-CAMELLIA192.Encrypt and ECB-CAMELLIA192.Decrypt
 Cipher = CAMELLIA-192-ECB
+Availablein = default
 Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
 Plaintext = 6BC1BEE22E409F96E93D7E117393172A
 Ciphertext = CCCC6C4E138B45848514D48D0D3439D3
 
 Cipher = CAMELLIA-192-ECB
+Availablein = default
 Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
 Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
 Ciphertext = 5713C62C14B2EC0F8393B6AFD6F5785A
 
 Cipher = CAMELLIA-192-ECB
+Availablein = default
 Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
 Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
 Ciphertext = B40ED2B60EB54D09D030CF511FEEF366
 
 Cipher = CAMELLIA-192-ECB
+Availablein = default
 Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
 Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
 Ciphertext = 909DBD95799096748CB27357E73E1D26
@@ -1630,21 +1644,25 @@ Ciphertext = 909DBD95799096748CB27357E73E1D26
 
 # ECB-CAMELLIA256.Encrypt and ECB-CAMELLIA256.Decrypt
 Cipher = CAMELLIA-256-ECB
+Availablein = default
 Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
 Plaintext = 6BC1BEE22E409F96E93D7E117393172A
 Ciphertext = BEFD219B112FA00098919CD101C9CCFA
 
 Cipher = CAMELLIA-256-ECB
+Availablein = default
 Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
 Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
 Ciphertext = C91D3A8F1AEA08A9386CF4B66C0169EA
 
 Cipher = CAMELLIA-256-ECB
+Availablein = default
 Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
 Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
 Ciphertext = A623D711DC5F25A51BB8A80D56397D28
 
 Cipher = CAMELLIA-256-ECB
+Availablein = default
 Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
 Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
 Ciphertext = 7960109FB6DC42947FCFE59EA3C5EB6B
@@ -1654,24 +1672,28 @@ Ciphertext = 7960109FB6DC42947FCFE59EA3C5EB6B
 #   CAMELLIA-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec
 # CBC-CAMELLIA128.Encrypt and CBC-CAMELLIA128.Decrypt
 Cipher = CAMELLIA-128-CBC
+Availablein = default
 Key = 2B7E151628AED2A6ABF7158809CF4F3C
 IV = 000102030405060708090A0B0C0D0E0F
 Plaintext = 6BC1BEE22E409F96E93D7E117393172A
 Ciphertext = 1607CF494B36BBF00DAEB0B503C831AB
 
 Cipher = CAMELLIA-128-CBC
+Availablein = default
 Key = 2B7E151628AED2A6ABF7158809CF4F3C
 IV = 1607CF494B36BBF00DAEB0B503C831AB
 Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
 Ciphertext = A2F2CF671629EF7840C5A5DFB5074887
 
 Cipher = CAMELLIA-128-CBC
+Availablein = default
 Key = 2B7E151628AED2A6ABF7158809CF4F3C
 IV = A2F2CF671629EF7840C5A5DFB5074887
 Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
 Ciphertext = 0F06165008CF8B8B5A63586362543E54
 
 Cipher = CAMELLIA-128-CBC
+Availablein = default
 Key = 2B7E151628AED2A6ABF7158809CF4F3C
 IV = 36A84CDAFD5F9A85ADA0F0A993D6D577
 Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
@@ -1680,24 +1702,28 @@ Ciphertext = 74C64268CDB8B8FAF5B34E8AF3732980
 
 # CBC-CAMELLIA192.Encrypt and CBC-CAMELLIA192.Decrypt
 Cipher = CAMELLIA-192-CBC
+Availablein = default
 Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
 IV = 000102030405060708090A0B0C0D0E0F
 Plaintext = 6BC1BEE22E409F96E93D7E117393172A
 Ciphertext = 2A4830AB5AC4A1A2405955FD2195CF93
 
 Cipher = CAMELLIA-192-CBC
+Availablein = default
 Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
 IV = 2A4830AB5AC4A1A2405955FD2195CF93
 Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
 Ciphertext = 5D5A869BD14CE54264F892A6DD2EC3D5
 
 Cipher = CAMELLIA-192-CBC
+Availablein = default
 Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
 IV = 5D5A869BD14CE54264F892A6DD2EC3D5
 Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
 Ciphertext = 37D359C3349836D884E310ADDF68C449
 
 Cipher = CAMELLIA-192-CBC
+Availablein = default
 Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
 IV = 37D359C3349836D884E310ADDF68C449
 Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
@@ -1706,24 +1732,28 @@ Ciphertext = 01FAAA930B4AB9916E9668E1428C6B08
 
 # CBC-CAMELLIA256.Encrypt and CBC-CAMELLIA256.Decrypt
 Cipher = CAMELLIA-256-CBC
+Availablein = default
 Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
 IV = 000102030405060708090A0B0C0D0E0F
 Plaintext = 6BC1BEE22E409F96E93D7E117393172A
 Ciphertext = E6CFA35FC02B134A4D2C0B6737AC3EDA
 
 Cipher = CAMELLIA-256-CBC
+Availablein = default
 Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
 IV = E6CFA35FC02B134A4D2C0B6737AC3EDA
 Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
 Ciphertext = 36CBEB73BD504B4070B1B7DE2B21EB50
 
 Cipher = CAMELLIA-256-CBC
+Availablein = default
 Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
 IV = 36CBEB73BD504B4070B1B7DE2B21EB50
 Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
 Ciphertext = E31A6055297D96CA3330CDF1B1860A83
 
 Cipher = CAMELLIA-256-CBC
+Availablein = default
 Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
 IV = E31A6055297D96CA3330CDF1B1860A83
 Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
@@ -1735,6 +1765,7 @@ Ciphertext = 5D563F6D1CCCF236051C0C5C1C58F28F
 #   CAMELLIA-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec
 # CFB128-CAMELLIA128.Encrypt
 Cipher = CAMELLIA-128-CFB
+Availablein = default
 Key = 2B7E151628AED2A6ABF7158809CF4F3C
 IV = 000102030405060708090A0B0C0D0E0F
 Operation = ENCRYPT
@@ -1742,6 +1773,7 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A
 Ciphertext = 14F7646187817EB586599146B82BD719
 
 Cipher = CAMELLIA-128-CFB
+Availablein = default
 Key = 2B7E151628AED2A6ABF7158809CF4F3C
 IV = 14F7646187817EB586599146B82BD719
 Operation = ENCRYPT
@@ -1749,6 +1781,7 @@ Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
 Ciphertext = A53D28BB82DF741103EA4F921A44880B
 
 Cipher = CAMELLIA-128-CFB
+Availablein = default
 Key = 2B7E151628AED2A6ABF7158809CF4F3C
 IV = A53D28BB82DF741103EA4F921A44880B
 Operation = ENCRYPT
@@ -1756,6 +1789,7 @@ Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
 Ciphertext = 9C2157A664626D1DEF9EA420FDE69B96
 
 Cipher = CAMELLIA-128-CFB
+Availablein = default
 Key = 2B7E151628AED2A6ABF7158809CF4F3C
 IV = 9C2157A664626D1DEF9EA420FDE69B96
 Operation = ENCRYPT
@@ -1765,6 +1799,7 @@ Ciphertext = 742A25F0542340C7BAEF24CA8482BB09
 
 # CFB128-CAMELLIA128.Decrypt
 Cipher = CAMELLIA-128-CFB
+Availablein = default
 Key = 2B7E151628AED2A6ABF7158809CF4F3C
 IV = 000102030405060708090A0B0C0D0E0F
 Operation = DECRYPT
@@ -1772,6 +1807,7 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A
 Ciphertext = 14F7646187817EB586599146B82BD719
 
 Cipher = CAMELLIA-128-CFB
+Availablein = default
 Key = 2B7E151628AED2A6ABF7158809CF4F3C
 IV = 14F7646187817EB586599146B82BD719
 Operation = DECRYPT
@@ -1779,6 +1815,7 @@ Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
 Ciphertext = A53D28BB82DF741103EA4F921A44880B
 
 Cipher = CAMELLIA-128-CFB
+Availablein = default
 Key = 2B7E151628AED2A6ABF7158809CF4F3C
 IV = A53D28BB82DF741103EA4F921A44880B
 Operation = DECRYPT
@@ -1786,6 +1823,7 @@ Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
 Ciphertext = 9C2157A664626D1DEF9EA420FDE69B96
 
 Cipher = CAMELLIA-128-CFB
+Availablein = default
 Key = 2B7E151628AED2A6ABF7158809CF4F3C
 IV = 9C2157A664626D1DEF9EA420FDE69B96
 Operation = DECRYPT
@@ -1795,6 +1833,7 @@ Ciphertext = 742A25F0542340C7BAEF24CA8482BB09
 
 # CFB128-CAMELLIA192.Encrypt
 Cipher = CAMELLIA-192-CFB
+Availablein = default
 Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
 IV = 000102030405060708090A0B0C0D0E0F
 Operation = ENCRYPT
@@ -1802,6 +1841,7 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A
 Ciphertext = C832BB9780677DAA82D9B6860DCD565E
 
 Cipher = CAMELLIA-192-CFB
+Availablein = default
 Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
 IV = C832BB9780677DAA82D9B6860DCD565E
 Operation = ENCRYPT
@@ -1809,6 +1849,7 @@ Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
 Ciphertext = 86F8491627906D780C7A6D46EA331F98
 
 Cipher = CAMELLIA-192-CFB
+Availablein = default
 Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
 IV = 86F8491627906D780C7A6D46EA331F98
 Operation = ENCRYPT
@@ -1816,6 +1857,7 @@ Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
 Ciphertext = 69511CCE594CF710CB98BB63D7221F01
 
 Cipher = CAMELLIA-192-CFB
+Availablein = default
 Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
 IV = 69511CCE594CF710CB98BB63D7221F01
 Operation = ENCRYPT
@@ -1825,6 +1867,7 @@ Ciphertext = D5B5378A3ABED55803F25565D8907B84
 
 # CFB128-CAMELLIA192.Decrypt
 Cipher = CAMELLIA-192-CFB
+Availablein = default
 Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
 IV = 000102030405060708090A0B0C0D0E0F
 Operation = DECRYPT
@@ -1832,6 +1875,7 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A
 Ciphertext = C832BB9780677DAA82D9B6860DCD565E
 
 Cipher = CAMELLIA-192-CFB
+Availablein = default
 Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
 IV = C832BB9780677DAA82D9B6860DCD565E
 Operation = DECRYPT
@@ -1839,6 +1883,7 @@ Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
 Ciphertext = 86F8491627906D780C7A6D46EA331F98
 
 Cipher = CAMELLIA-192-CFB
+Availablein = default
 Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
 IV = 86F8491627906D780C7A6D46EA331F98
 Operation = DECRYPT
@@ -1846,6 +1891,7 @@ Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
 Ciphertext = 69511CCE594CF710CB98BB63D7221F01
 
 Cipher = CAMELLIA-192-CFB
+Availablein = default
 Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
 IV = 69511CCE594CF710CB98BB63D7221F01
 Operation = DECRYPT
@@ -1855,6 +1901,7 @@ Ciphertext = D5B5378A3ABED55803F25565D8907B84
 
 # CFB128-CAMELLIA256.Encrypt
 Cipher = CAMELLIA-256-CFB
+Availablein = default
 Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
 IV = 000102030405060708090A0B0C0D0E0F
 Operation = ENCRYPT
@@ -1862,6 +1909,7 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A
 Ciphertext = CF6107BB0CEA7D7FB1BD31F5E7B06C93
 
 Cipher = CAMELLIA-256-CFB
+Availablein = default
 Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
 IV = CF6107BB0CEA7D7FB1BD31F5E7B06C93
 Operation = ENCRYPT
@@ -1869,6 +1917,7 @@ Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
 Ciphertext = 89BEDB4CCDD864EA11BA4CBE849B5E2B
 
 Cipher = CAMELLIA-256-CFB
+Availablein = default
 Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
 IV = 89BEDB4CCDD864EA11BA4CBE849B5E2B
 Operation = ENCRYPT
@@ -1876,6 +1925,7 @@ Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
 Ciphertext = 555FC3F34BDD2D54C62D9E3BF338C1C4
 
 Cipher = CAMELLIA-256-CFB
+Availablein = default
 Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
 IV = 555FC3F34BDD2D54C62D9E3BF338C1C4
 Operation = ENCRYPT
@@ -1885,6 +1935,7 @@ Ciphertext = 5953ADCE14DB8C7F39F1BD39F359BFFA
 
 # CFB128-CAMELLIA256.Decrypt
 Cipher = CAMELLIA-256-CFB
+Availablein = default
 Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
 IV = 000102030405060708090A0B0C0D0E0F
 Operation = DECRYPT
@@ -1892,6 +1943,7 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A
 Ciphertext = CF6107BB0CEA7D7FB1BD31F5E7B06C93
 
 Cipher = CAMELLIA-256-CFB
+Availablein = default
 Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
 IV = CF6107BB0CEA7D7FB1BD31F5E7B06C93
 Operation = DECRYPT
@@ -1899,6 +1951,7 @@ Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
 Ciphertext = 89BEDB4CCDD864EA11BA4CBE849B5E2B
 
 Cipher = CAMELLIA-256-CFB
+Availablein = default
 Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
 IV = 89BEDB4CCDD864EA11BA4CBE849B5E2B
 Operation = DECRYPT
@@ -1906,6 +1959,7 @@ Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
 Ciphertext = 555FC3F34BDD2D54C62D9E3BF338C1C4
 
 Cipher = CAMELLIA-256-CFB
+Availablein = default
 Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
 IV = 555FC3F34BDD2D54C62D9E3BF338C1C4
 Operation = DECRYPT
@@ -1917,6 +1971,7 @@ Ciphertext = 5953ADCE14DB8C7F39F1BD39F359BFFA
 #   CAMELLIA-bits-OFB:key:IV/output':plaintext:ciphertext:encdec
 # OFB-CAMELLIA128.Encrypt
 Cipher = CAMELLIA-128-OFB
+Availablein = default
 Key = 2B7E151628AED2A6ABF7158809CF4F3C
 IV = 000102030405060708090A0B0C0D0E0F
 Operation = ENCRYPT
@@ -1924,6 +1979,7 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A
 Ciphertext = 14F7646187817EB586599146B82BD719
 
 Cipher = CAMELLIA-128-OFB
+Availablein = default
 Key = 2B7E151628AED2A6ABF7158809CF4F3C
 IV = 50FE67CC996D32B6DA0937E99BAFEC60
 Operation = ENCRYPT
@@ -1931,6 +1987,7 @@ Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
 Ciphertext = 25623DB569CA51E01482649977E28D84
 
 Cipher = CAMELLIA-128-OFB
+Availablein = default
 Key = 2B7E151628AED2A6ABF7158809CF4F3C
 IV = D9A4DADA0892239F6B8B3D7680E15674
 Operation = ENCRYPT
@@ -1938,6 +1995,7 @@ Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
 Ciphertext = C776634A60729DC657D12B9FCA801E98
 
 Cipher = CAMELLIA-128-OFB
+Availablein = default
 Key = 2B7E151628AED2A6ABF7158809CF4F3C
 IV = A78819583F0308E7A6BF36B1386ABF23
 Operation = ENCRYPT
@@ -1947,6 +2005,7 @@ Ciphertext = D776379BE0E50825E681DA1A4C980E8E
 
 # OFB-CAMELLIA128.Decrypt
 Cipher = CAMELLIA-128-OFB
+Availablein = default
 Key = 2B7E151628AED2A6ABF7158809CF4F3C
 IV = 000102030405060708090A0B0C0D0E0F
 Operation = DECRYPT
@@ -1954,6 +2013,7 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A
 Ciphertext = 14F7646187817EB586599146B82BD719
 
 Cipher = CAMELLIA-128-OFB
+Availablein = default
 Key = 2B7E151628AED2A6ABF7158809CF4F3C
 IV = 50FE67CC996D32B6DA0937E99BAFEC60
 Operation = DECRYPT
@@ -1961,6 +2021,7 @@ Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
 Ciphertext = 25623DB569CA51E01482649977E28D84
 
 Cipher = CAMELLIA-128-OFB
+Availablein = default
 Key = 2B7E151628AED2A6ABF7158809CF4F3C
 IV = D9A4DADA0892239F6B8B3D7680E15674
 Operation = DECRYPT
@@ -1968,6 +2029,7 @@ Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
 Ciphertext = C776634A60729DC657D12B9FCA801E98
 
 Cipher = CAMELLIA-128-OFB
+Availablein = default
 Key = 2B7E151628AED2A6ABF7158809CF4F3C
 IV = A78819583F0308E7A6BF36B1386ABF23
 Operation = DECRYPT
@@ -1977,6 +2039,7 @@ Ciphertext = D776379BE0E50825E681DA1A4C980E8E
 
 # OFB-CAMELLIA192.Encrypt
 Cipher = CAMELLIA-192-OFB
+Availablein = default
 Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
 IV = 000102030405060708090A0B0C0D0E0F
 Operation = ENCRYPT
@@ -1984,6 +2047,7 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A
 Ciphertext = C832BB9780677DAA82D9B6860DCD565E
 
 Cipher = CAMELLIA-192-OFB
+Availablein = default
 Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
 IV = A609B38DF3B1133DDDFF2718BA09565E
 Operation = ENCRYPT
@@ -1991,6 +2055,7 @@ Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
 Ciphertext = 8ECEB7D0350D72C7F78562AEBDF99339
 
 Cipher = CAMELLIA-192-OFB
+Availablein = default
 Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
 IV = 52EF01DA52602FE0975F78AC84BF8A50
 Operation = ENCRYPT
@@ -1998,6 +2063,7 @@ Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
 Ciphertext = BDD62DBBB9700846C53B507F544696F0
 
 Cipher = CAMELLIA-192-OFB
+Availablein = default
 Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
 IV = BD5286AC63AABD7EB067AC54B553F71D
 Operation = ENCRYPT
@@ -2007,6 +2073,7 @@ Ciphertext = E28014E046B802F385C4C2E13EAD4A72
 
 # OFB-CAMELLIA192.Decrypt
 Cipher = CAMELLIA-192-OFB
+Availablein = default
 Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
 IV = 000102030405060708090A0B0C0D0E0F
 Operation = DECRYPT
@@ -2014,6 +2081,7 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A
 Ciphertext = C832BB9780677DAA82D9B6860DCD565E
 
 Cipher = CAMELLIA-192-OFB
+Availablein = default
 Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
 IV = A609B38DF3B1133DDDFF2718BA09565E
 Operation = DECRYPT
@@ -2021,6 +2089,7 @@ Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
 Ciphertext = 8ECEB7D0350D72C7F78562AEBDF99339
 
 Cipher = CAMELLIA-192-OFB
+Availablein = default
 Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
 IV = 52EF01DA52602FE0975F78AC84BF8A50
 Operation = DECRYPT
@@ -2028,6 +2097,7 @@ Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
 Ciphertext = BDD62DBBB9700846C53B507F544696F0
 
 Cipher = CAMELLIA-192-OFB
+Availablein = default
 Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
 IV = BD5286AC63AABD7EB067AC54B553F71D
 Operation = DECRYPT
@@ -2037,6 +2107,7 @@ Ciphertext = E28014E046B802F385C4C2E13EAD4A72
 
 # OFB-CAMELLIA256.Encrypt
 Cipher = CAMELLIA-256-OFB
+Availablein = default
 Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
 IV = 000102030405060708090A0B0C0D0E0F
 Operation = ENCRYPT
@@ -2044,6 +2115,7 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A
 Ciphertext = CF6107BB0CEA7D7FB1BD31F5E7B06C93
 
 Cipher = CAMELLIA-256-OFB
+Availablein = default
 Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
 IV = B7BF3A5DF43989DD97F0FA97EBCE2F4A
 Operation = ENCRYPT
@@ -2051,6 +2123,7 @@ Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
 Ciphertext = 127AD97E8E3994E4820027D7BA109368
 
 Cipher = CAMELLIA-256-OFB
+Availablein = default
 Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
 IV = E1C656305ED1A7A6563805746FE03EDC
 Operation = ENCRYPT
@@ -2058,6 +2131,7 @@ Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
 Ciphertext = 6BFF6265A6A6B7A535BC65A80B17214E
 
 Cipher = CAMELLIA-256-OFB
+Availablein = default
 Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
 IV = 41635BE625B48AFC1666DD42A09D96E7
 Operation = ENCRYPT
@@ -2067,6 +2141,7 @@ Ciphertext = 0A4A0404E26AA78A27CB271E8BF3CF20
 
 # OFB-CAMELLIA256.Decrypt
 Cipher = CAMELLIA-256-OFB
+Availablein = default
 Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
 IV = 000102030405060708090A0B0C0D0E0F
 Operation = DECRYPT
@@ -2074,6 +2149,7 @@ Plaintext = 6BC1BEE22E409F96E93D7E117393172A
 Ciphertext = CF6107BB0CEA7D7FB1BD31F5E7B06C93
 
 Cipher = CAMELLIA-256-OFB
+Availablein = default
 Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
 IV = B7BF3A5DF43989DD97F0FA97EBCE2F4A
 Operation = DECRYPT
@@ -2081,6 +2157,7 @@ Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
 Ciphertext = 127AD97E8E3994E4820027D7BA109368
 
 Cipher = CAMELLIA-256-OFB
+Availablein = default
 Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
 IV = E1C656305ED1A7A6563805746FE03EDC
 Operation = DECRYPT
@@ -2088,6 +2165,7 @@ Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
 Ciphertext = 6BFF6265A6A6B7A535BC65A80B17214E
 
 Cipher = CAMELLIA-256-OFB
+Availablein = default
 Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
 IV = 41635BE625B48AFC1666DD42A09D96E7
 Operation = DECRYPT
@@ -2097,6 +2175,7 @@ Ciphertext = 0A4A0404E26AA78A27CB271E8BF3CF20
 
 # Camellia test vectors from RFC5528
 Cipher = CAMELLIA-128-CTR
+Availablein = default
 Key = AE6852F8121067CC4BF7A5765577F39E
 IV = 00000030000000000000000000000001
 Operation = ENCRYPT
@@ -2104,6 +2183,7 @@ Plaintext = 53696E676C6520626C6F636B206D7367
 Ciphertext = D09DC29A8214619A20877C76DB1F0B3F
 
 Cipher = CAMELLIA-128-CTR
+Availablein = default
 Key = 7E24067817FAE0D743D6CE1F32539163
 IV = 006CB6DBC0543B59DA48D90B00000001
 Operation = ENCRYPT
@@ -2111,6 +2191,7 @@ Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
 Ciphertext = DBF3C78DC08396D4DA7C907765BBCB442B8E8E0F31F0DCA72C7417E35360E048
 
 Cipher = CAMELLIA-128-CTR
+Availablein = default
 Key = 7691BE035E5020A8AC6E618529F9A0DC
 IV = 00E0017B27777F3F4A1786F000000001
 Operation = ENCRYPT
@@ -2118,6 +2199,7 @@ Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021
 Ciphertext = B19D1FCDCB75EB882F849CE24D85CF739CE64B2B5C9D73F14F2D5D9DCE9889CDDF508696
 
 Cipher = CAMELLIA-192-CTR
+Availablein = default
 Key = 16AF5B145FC9F579C175F93E3BFB0EED863D06CCFDB78515
 IV = 0000004836733C147D6D93CB00000001
 Operation = ENCRYPT
@@ -2125,6 +2207,7 @@ Plaintext = 53696E676C6520626C6F636B206D7367
 Ciphertext = 2379399E8A8D2B2B16702FC78B9E9696
 
 Cipher = CAMELLIA-192-CTR
+Availablein = default
 Key = 7C5CB2401B3DC33C19E7340819E0F69C678C3DB8E6F6A91A
 IV = 0096B03B020C6EADC2CB500D00000001
 Operation = ENCRYPT
@@ -2132,6 +2215,7 @@ Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
 Ciphertext = 7DEF34F7A5D0E415674B7FFCAE67C75DD018B86FF23051E056392A99F35A4CED
 
 Cipher = CAMELLIA-192-CTR
+Availablein = default
 Key = 02BF391EE8ECB159B959617B0965279BF59B60A786D3E0FE
 IV = 0007BDFD5CBD60278DCC091200000001
 Operation = ENCRYPT
@@ -2139,6 +2223,7 @@ Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021
 Ciphertext = 5710E556E1487A20B5AC0E73F19E4E7876F37FDC91B1EF4D4DADE8E666A64D0ED557AB57
 
 Cipher = CAMELLIA-256-CTR
+Availablein = default
 Key = 776BEFF2851DB06F4C8A0542C8696F6C6A81AF1EEC96B4D37FC1D689E6C1C104
 IV = 00000060DB5672C97AA8F0B200000001
 Operation = ENCRYPT
@@ -2146,6 +2231,7 @@ Plaintext = 53696E676C6520626C6F636B206D7367
 Ciphertext = 3401F9C8247EFFCEBD6994714C1BBB11
 
 Cipher = CAMELLIA-256-CTR
+Availablein = default
 Key = F6D66D6BD52D59BB0796365879EFF886C66DD51A5B6A99744B50590C87A23884
 IV = 00FAAC24C1585EF15A43D87500000001
 Operation = ENCRYPT
@@ -2153,6 +2239,7 @@ Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
 Ciphertext = D6C30392246F7808A83C2B22A8839E45E51CD48A1CDF406EBC9CC2D3AB834108
 
 Cipher = CAMELLIA-256-CTR
+Availablein = default
 Key = FF7A617CE69148E4F1726E2F43581DE2AA62D9F805532EDFF1EED687FB54153D
 IV = 001CC5B751A51D70A1C1114800000001
 Operation = ENCRYPT
@@ -2193,121 +2280,142 @@ Ciphertext = C2B4759E78AC3CF43D0852F4E8D5F9FD7256E8A5FCB65A350EE00630912E44492A0
 Title = ARIA test vectors from RFC5794 (and others)
 
 Cipher = ARIA-128-ECB
+Availablein = default
 Key = 000102030405060708090a0b0c0d0e0f
 Plaintext = 00112233445566778899aabbccddeeff
 Ciphertext = d718fbd6ab644c739da95f3be6451778
 
 Cipher = ARIA-192-ECB
+Availablein = default
 Key = 000102030405060708090a0b0c0d0e0f1011121314151617
 Plaintext = 00112233445566778899aabbccddeeff
 Ciphertext = 26449c1805dbe7aa25a468ce263a9e79
 
 Cipher = ARIA-256-ECB
+Availablein = default
 Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
 Plaintext = 00112233445566778899aabbccddeeff
 Ciphertext = f92bd7c79fb72e2f2b8f80c1972d24fc
 
 # Additional ARIA mode vectors from http://210.104.33.10/ARIA/doc/ARIA-testvector-e.pdf
 Cipher = ARIA-128-ECB
+Availablein = default
 Key = 00112233445566778899aabbccddeeff
 Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd
 Ciphertext = c6ecd08e22c30abdb215cf74e2075e6e29ccaac63448708d331b2f816c51b17d9e133d1528dbf0af5787c7f3a3f5c2bf6b6f345907a3055612ce072ff54de7d788424da6e8ccfe8172b391be499354165665ba7864917000a6eeb2ecb4a698edfc7887e7f556377614ab0a282293e6d884dbb84206cdb16ed1754e77a1f243fd086953f752cc1e46c7c794ae85537dcaec8dd721f55c93b6edfe2adea43873e8
 
 Cipher = ARIA-128-CBC
+Availablein = default
 Key = 00112233445566778899aabbccddeeff
 IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0
 Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd
 Ciphertext = 49d61860b14909109cef0d22a9268134fadf9fb23151e9645fba75018bdb1538b53334634bbf7d4cd4b5377033060c155fe3948ca75de1031e1d85619e0ad61eb419a866b3c2dbfd10a4ed18b22149f75897f0b8668b0c1c542c687778835fb7cd46e45f85eaa7072437dd9fa6793d6f8d4ccefc4eb1ac641ac1bd30b18c6d64c49bca137eb21c2e04da62712ca2b4f540c57112c38791852cfac7a5d19ed83a
 
 Cipher = ARIA-128-CFB
+Availablein = default
 Key = 00112233445566778899aabbccddeeff
 IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0
 Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd
 Ciphertext = 3720e53ba7d615383406b09f0a05a200c07c21e6370f413a5d132500a68285017c61b434c7b7ca9685a51071861e4d4bb873b599b479e2d573dddeafba89f812ac6a9e44d554078eb3be94839db4b33da3f59c063123a7ef6f20e10579fa4fd239100ca73b52d4fcafeadee73f139f78f9b7614c2b3b9dbe010f87db06a89a9435f79ce8121431371f4e87b984e0230c22a6dacb32fc42dcc6accef33285bf11
 
 Cipher = ARIA-128-CFB8
+Availablein = default
 Key = 00112233445566778899aabbccddeeff
 IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0
 Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd
 Ciphertext = 373c8f6a965599ec785cc8f8149f6c81b632ccb8e0c6eb6a9707ae52c59257a41f94701c1096933127a90195ed0c8e98690547572423bb45c3d70e4a18ee56b967c10e000ba4df5fba7c404134a343d8375d04b151d161ef83417fe1748447d30a6723c406733df7d18aa39a20752d2381942e244811bb97f72eae446b1815aa690cd1b1adcbd007c0088ecdc91cb2e2caf0e11e72459878137eea64ac62a9a1
 
 Cipher = ARIA-128-OFB
+Availablein = default
 Key = 00112233445566778899aabbccddeeff
 IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0
 Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd
 Ciphertext = 3720e53ba7d615383406b09f0a05a2000063063f0560083483faeb041c8adecef30cf80cefb002a0d280759168ec01db3d49f61aced260bd43eec0a2731730eec6fa4f2304319cf8ccac2d7be7833e4f8ae6ce967012c1c6badc5d28e7e4144f6bf5cebe01253ee202afce4bc61f28dec069a6f16f6c8a7dd2afae44148f6ff4d0029d5c607b5fa6b8c8a6301cde5c7033565cd0b8f0974ab490b236197ba04a
 
 Cipher = ARIA-128-CTR
+Availablein = default
 Key = 00112233445566778899aabbccddeeff
 IV = 00000000000000000000000000000000
 Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd
 Ciphertext = ac5d7de805a0bf1c57c854501af60fa11497e2a34519dea1569e91e5b5ccae2ff3bfa1bf975f4571f48be191613546c3911163c085f871f0e7ae5f2a085b81851c2a3ddf20ecb8fa51901aec8ee4ba32a35dab67bb72cd9140ad188a967ac0fbbdfa94ea6cce47dcf8525ab5a814cfeb2bb60ee2b126e2d9d847c1a9e96f9019e3e6a7fe40d3829afb73db1cc245646addb62d9b907baaafbe46a73dbc131d3d
 
 Cipher = ARIA-192-ECB
+Availablein = default
 Key = 00112233445566778899aabbccddeeff0011223344556677
 Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd
 Ciphertext = 8d1470625f59ebacb0e55b534b3e462b5f23d33bff78f46c3c15911f4a21809aaccad80b4bda915aa9dae6bcebe06a6c83f77fd5391acfe61de2f646b5d447edbfd5bb49b12fbb9145b227895a757b2af1f7188734863d7b8b6ede5a5b2f06a0a233c8523d2db778fb31b0e311f32700152f33861e9d040c83b5eb40cd88ea49975709dc629365a189f78a3ec40345fc6a5a307a8f9a4413091e007eca5645a0
 
 Cipher = ARIA-192-CBC
+Availablein = default
 Key = 00112233445566778899aabbccddeeff0011223344556677
 IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0
 Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd
 Ciphertext = afe6cf23974b533c672a826264ea785f4e4f7f780dc7f3f1e0962b80902386d514e9c3e77259de92dd1102ffab086c1ea52a71260db5920a83295c25320e421147ca45d532f327b856ea947cd2196ae2e040826548b4c891b0ed0ca6e714dbc4631998d548110d666b3d54c2a091955c6f05beb4f62309368696c9791fc4c551564a2637f194346ec45fbca6c72a5b4612e208d531d6c34cc5c64eac6bd0cf8c
 
 Cipher = ARIA-192-CFB
+Availablein = default
 Key = 00112233445566778899aabbccddeeff0011223344556677
 IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0
 Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd
 Ciphertext = 4171f7192bf4495494d2736129640f5c4d87a9a213664c9448477c6ecc2013598d9766952dd8c3868f17e36ef66fd84bfa45d1593d2d6ee3ea2115047d710d4fb66187caa3a315b3c8ea2d313962edcfe5a3e2028d5ba9a09fd5c65c19d3440e477f0cab0628ec6902c73ee02f1afee9f80115be7b9df82d1e28228e28581a20560e195cbb9e2b327bf56fd2d0ae5502e42c13e9b4015d4da42dc859252e7da4
 
 Cipher = ARIA-192-CFB8
+Availablein = default
 Key = 00112233445566778899aabbccddeeff0011223344556677
 IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0
 Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd
 Ciphertext = 411d3b4f57f705aa4d13c46e2cf426af7c8c916ed7923d889f0047bbf11471b6d54f8757ef519339105be3cb69babb976a57d5631fc23cc3051fe9d36e8b8e27a2b2c0c4d31928ccbf30ea8239b46ba1b77f6198e7ecd2ce27b35958148e826f06aaf385bd30362ff141583e7c1d8924d44d36a1133094074631e18adafa9d2e55de98f6895c89d4266ebd33f3d4be5153a96fa12132ece2e81e66e55baa7ade
 
 Cipher = ARIA-192-OFB
+Availablein = default
 Key = 00112233445566778899aabbccddeeff0011223344556677
 IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0
 Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd
 Ciphertext = 4171f7192bf4495494d2736129640f5cc224d26d364b5a06ddde13d0f1e74faa846de354c63cda77469d1a2d425c47ff41734c71b3fa1fcdc11e0b2de22bfeed54898e233df652c75ae136e61de6524e62b3f806fb2e8e616eb410a1b9500537e327ffb04f19f7f82fde2b122100261f81b82723bf936be7beaaf3067d1c036001f1ade71422268d274d7dc6c6ae1970b27a5f2c2f39c1d241fe8cac5ccd74e9
 
 Cipher = ARIA-192-CTR
+Availablein = default
 Key = 00112233445566778899aabbccddeeff0011223344556677
 IV = 00000000000000000000000000000000
 Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd
 Ciphertext = 08625ca8fe569c19ba7af3760a6ed1cef4d199263e999dde14082dbba7560b79a4c6b456b8707dce751f9854f18893dfdb3f4e5afa539733e6f1e70b98ba37891f8f81e95df8efc26c7ce043504cb18958b865e4e316cd2aa1c97f31bf23dc046ef326b95a692a191ba0f2a41c5fe9ae070f236ff7078e703b42666caafbdd20bad74ac4c20c0f46c7ca24c151716575c947da16c90cfe1bf217a41cfebe7531
 
 Cipher = ARIA-256-ECB
+Availablein = default
 Key = 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff
 Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd
 Ciphertext = 58a875e6044ad7fffa4f58420f7f442d8e191016f28e79aefc01e204773280d7018e5f7a938ec30711719953bae86542cd7ebc752474c1a5f6eaaace2a7e29462ee7dfa5afdb84177ead95ccd4b4bb6e1ed17b9534cff0a5fc2941429cfee2ee49c7adbeb7e9d1b0d2a8531d942079596a27ed79f5b1dd13ecd604b07a48885a3afa0627a0e4e60a3c703af292f1baa77b702f16c54aa74bc727ea95c7468b00
 
 Cipher = ARIA-256-CBC
+Availablein = default
 Key = 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff
 IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0
 Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd
 Ciphertext = 523a8a806ae621f155fdd28dbc34e1ab7b9b42432ad8b2efb96e23b13f0a6e52f36185d50ad002c5f601bee5493f118b243ee2e313642bffc3902e7b2efd9a12fa682edd2d23c8b9c5f043c18b17c1ec4b5867918270fbec1027c19ed6af833da5d620994668ca22f599791d292dd6273b2959082aafb7a996167cce1eec5f0cfd15f610d87e2dda9ba68ce1260ca54b222491418374294e7909b1e8551cd8de
 
 Cipher = ARIA-256-CFB
+Availablein = default
 Key = 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff
 IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0
 Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd
 Ciphertext = 26834705b0f2c0e2588d4a7f09009635f28bb93d8c31f870ec1e0bdb082b66fa402dd9c202be300c4517d196b14d4ce11dce97f7aaba54341b0d872cc9b63753a3e8556a14be6f7b3e27e3cfc39caf80f2a355aa50dc83c09c7b11828694f8e4aa726c528976b53f2c877f4991a3a8d28adb63bd751846ffb2350265e179d4990753ae8485ff9b4133ddad5875b84a90cbcfa62a045d726df71b6bda0eeca0be
 
 Cipher = ARIA-256-CFB8
+Availablein = default
 Key = 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff
 IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0
 Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd
 Ciphertext = 26baa33651e1f66434fec88ef27fd2b9a79e246dd89a3ffa00e8bdb37155433e6c24bd0b87d9a85baa9f485ccb984f5ec24d6a3ef5e3c81396177f039cf580dfdb55d6e1c47a28921dfe369e12fd357b289ad3a5544e1c1bd616d454db9c5f91f603373f29d5b2ed1b4b51de80f28537bbd43d5e3b5dd071dc91153cbbe732dfc325821b06ed8acaae656dcf2da9f13e4f29db671476f1e644ff06d9b67d6bd4
 
 Cipher = ARIA-256-OFB
+Availablein = default
 Key = 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff
 IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0
 Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd
 Ciphertext = 26834705b0f2c0e2588d4a7f0900963584c256815c4292b59f8d3f966a75b52345b4f5f98c785d3f368a8d5ff89b7f950ceab3cd63773c2621d652b8ef98b4196afb2c2b30496bc5b7d9e7f9084f9d855f63a511751c8909e7a6deadbe0a67a4fb89383ca5d209c6f66f793fc471195c476fb9c1eab2ac91e680e454b4f3ed9a67fb52f09c29b965b23cfa6f3f6bbb2a86c6cdbaa2857bf2486f543231892a52
 
 Cipher = ARIA-256-CTR
+Availablein = default
 Key = 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff
 IV = 00000000000000000000000000000000
 Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd