Move the public SIV mode functions from public headers to internal ones

SIV mode is accessible via EVP. There should be no reason to make the low level SIV functions from the modes directory part of the public API. Since these functions do not exist in 1.1.1 we are still able to make this change. This also reduces the list of newly added undocumented symbols from issue #9095. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9232)
2025-03-19 19:50:42 +08:00 · 2019-06-24 16:07:30 +01:00 · 2019-06-24 16:07:30 +01:00 · 743694a6c2
commit 743694a6c2
parent 29948ac80c
5 changed files with 52 additions and 42 deletions
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@ -7,18 +7,19 @@
 * https://www.openssl.org/source/license.html
 */

+#include <string.h>
+#include <assert.h>
 #include <openssl/opensslconf.h>
 #include <openssl/crypto.h>
 #include <openssl/evp.h>
 #include <openssl/err.h>
-#include <string.h>
-#include <assert.h>
 #include <openssl/aes.h>
-#include "internal/evp_int.h"
-#include "internal/cryptlib.h"
-#include "modes_lcl.h"
 #include <openssl/rand.h>
 #include <openssl/cmac.h>
+#include "internal/evp_int.h"
+#include "internal/cryptlib.h"
+#include "internal/modes_int.h"
+#include "modes_lcl.h"
 #include "evp_locl.h"

 typedef struct {
--- a/crypto/include/internal/modes_int.h
+++ b/crypto/include/internal/modes_int.h
@ -0,0 +1,34 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_NO_SIV
+
+typedef struct siv128_context SIV128_CONTEXT;
+
+SIV128_CONTEXT *CRYPTO_siv128_new(const unsigned char *key, int klen,
+                                  EVP_CIPHER* cbc, EVP_CIPHER* ctr);
+int CRYPTO_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen,
+                       const EVP_CIPHER* cbc, const EVP_CIPHER* ctr);
+int CRYPTO_siv128_copy_ctx(SIV128_CONTEXT *dest, SIV128_CONTEXT *src);
+int CRYPTO_siv128_aad(SIV128_CONTEXT *ctx, const unsigned char *aad,
+                      size_t len);
+int CRYPTO_siv128_encrypt(SIV128_CONTEXT *ctx,
+                          const unsigned char *in, unsigned char *out,
+                          size_t len);
+int CRYPTO_siv128_decrypt(SIV128_CONTEXT *ctx,
+                          const unsigned char *in, unsigned char *out,
+                          size_t len);
+int CRYPTO_siv128_finish(SIV128_CONTEXT *ctx);
+int CRYPTO_siv128_set_tag(SIV128_CONTEXT *ctx, const unsigned char *tag,
+                          size_t len);
+int CRYPTO_siv128_get_tag(SIV128_CONTEXT *ctx, unsigned char *tag, size_t len);
+int CRYPTO_siv128_cleanup(SIV128_CONTEXT *ctx);
+int CRYPTO_siv128_speed(SIV128_CONTEXT *ctx, int arg);
+
+#endif /* OPENSSL_NO_SIV */
--- a/crypto/modes/siv128.c
+++ b/crypto/modes/siv128.c
@ -10,6 +10,7 @@
 #include <string.h>
 #include <stdlib.h>
 #include <openssl/crypto.h>
+#include "internal/modes_int.h"
 #include "modes_lcl.h"

 #ifndef OPENSSL_NO_SIV
--- a/include/openssl/modes.h
+++ b/include/openssl/modes.h
@ -202,32 +202,6 @@ int CRYPTO_ocb128_tag(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len);
 void CRYPTO_ocb128_cleanup(OCB128_CONTEXT *ctx);
 # endif                          /* OPENSSL_NO_OCB */

-# ifndef OPENSSL_NO_SIV
-
-typedef struct siv128_context SIV128_CONTEXT;
-
-#  define SIV_LEN 16
-
-SIV128_CONTEXT *CRYPTO_siv128_new(const unsigned char *key, int klen, EVP_CIPHER* cbc, EVP_CIPHER* ctr);
-int CRYPTO_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen,
-                       const EVP_CIPHER* cbc, const EVP_CIPHER* ctr);
-int CRYPTO_siv128_copy_ctx(SIV128_CONTEXT *dest, SIV128_CONTEXT *src);
-int CRYPTO_siv128_aad(SIV128_CONTEXT *ctx, const unsigned char *aad,
-                      size_t len);
-int CRYPTO_siv128_encrypt(SIV128_CONTEXT *ctx,
-                          const unsigned char *in, unsigned char *out,
-                          size_t len);
-int CRYPTO_siv128_decrypt(SIV128_CONTEXT *ctx,
-                          const unsigned char *in, unsigned char *out,
-                          size_t len);
-int CRYPTO_siv128_finish(SIV128_CONTEXT *ctx);
-int CRYPTO_siv128_set_tag(SIV128_CONTEXT *ctx, const unsigned char *tag, size_t len);
-int CRYPTO_siv128_get_tag(SIV128_CONTEXT *ctx, unsigned char *tag, size_t len);
-int CRYPTO_siv128_cleanup(SIV128_CONTEXT *ctx);
-int CRYPTO_siv128_speed(SIV128_CONTEXT *ctx, int arg);
-
-# endif                          /* OPENSSL_NO_SIV */
-
 # ifdef  __cplusplus
 }
 # endif
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@ -4609,17 +4609,17 @@ OPENSSL_version_build_metadata          4564	3_0_0	EXIST::FUNCTION:
 EVP_aes_128_siv                         4565	3_0_0	EXIST::FUNCTION:SIV
 EVP_aes_192_siv                         4566	3_0_0	EXIST::FUNCTION:SIV
 EVP_aes_256_siv                         4567	3_0_0	EXIST::FUNCTION:SIV
-CRYPTO_siv128_new                       4568	3_0_0	EXIST::FUNCTION:SIV
-CRYPTO_siv128_init                      4569	3_0_0	EXIST::FUNCTION:SIV
-CRYPTO_siv128_copy_ctx                  4570	3_0_0	EXIST::FUNCTION:SIV
-CRYPTO_siv128_aad                       4571	3_0_0	EXIST::FUNCTION:SIV
-CRYPTO_siv128_encrypt                   4572	3_0_0	EXIST::FUNCTION:SIV
-CRYPTO_siv128_decrypt                   4573	3_0_0	EXIST::FUNCTION:SIV
-CRYPTO_siv128_finish                    4574	3_0_0	EXIST::FUNCTION:SIV
-CRYPTO_siv128_set_tag                   4575	3_0_0	EXIST::FUNCTION:SIV
-CRYPTO_siv128_get_tag                   4576	3_0_0	EXIST::FUNCTION:SIV
-CRYPTO_siv128_cleanup                   4577	3_0_0	EXIST::FUNCTION:SIV
-CRYPTO_siv128_speed                     4578	3_0_0	EXIST::FUNCTION:SIV
+CRYPTO_siv128_new                       4568	3_0_0	NOEXIST::FUNCTION:SIV
+CRYPTO_siv128_init                      4569	3_0_0	NOEXIST::FUNCTION:SIV
+CRYPTO_siv128_copy_ctx                  4570	3_0_0	NOEXIST::FUNCTION:SIV
+CRYPTO_siv128_aad                       4571	3_0_0	NOEXIST::FUNCTION:SIV
+CRYPTO_siv128_encrypt                   4572	3_0_0	NOEXIST::FUNCTION:SIV
+CRYPTO_siv128_decrypt                   4573	3_0_0	NOEXIST::FUNCTION:SIV
+CRYPTO_siv128_finish                    4574	3_0_0	NOEXIST::FUNCTION:SIV
+CRYPTO_siv128_set_tag                   4575	3_0_0	NOEXIST::FUNCTION:SIV
+CRYPTO_siv128_get_tag                   4576	3_0_0	NOEXIST::FUNCTION:SIV
+CRYPTO_siv128_cleanup                   4577	3_0_0	NOEXIST::FUNCTION:SIV
+CRYPTO_siv128_speed                     4578	3_0_0	NOEXIST::FUNCTION:SIV
 OPENSSL_INIT_set_config_filename        4579	3_0_0	EXIST::FUNCTION:STDIO
 OPENSSL_INIT_set_config_file_flags      4580	3_0_0	EXIST::FUNCTION:STDIO
 ASYNC_WAIT_CTX_get_callback             4581	3_0_0	EXIST::FUNCTION: