Separate OpenSSL-based OCB implementation from others #1195
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Split src/crypto/ocb.cc into two files – one containing the AES-OCB implementation backed by OpenSSL, and the other containing implementations backed by Apple Common Crypto and Nettle. This paves the way for a new OpenSSL implementation that uses OpenSSL 1.1’s OCB support directly, rather than one that merely uses OpenSSL to provide the underlying block cipher.
Remove support for rijndael-alg-fst.c and compiler-provided AES intrinsics, since they’re not in use anymore. (Mosh can still use hardware-accelerated AES if it’s available; it just now relies exclusively on the underlying cryptography library to accelerate AES if possible.)
Update the build system to conditionally compile in either ocb_openssl.cc or ocb_internal.cc, depending on which cryptography
library you pass to
./configure
.To make this commit easy to audit, ocb_openssl.cc and ocb_internal.cc are trivially diffable against ocb.cc (now deleted). Expected diffs consist of a copyright notice update, a preprocessor check to ensure the appropriate cryptography implementation has been selected, and deletions to remove code that’s no longer in use. This does mean a substantial amount of code is duplicated between ocb_openssl.cc and ocb_internal.cc; however, ocb_openssl.cc should be completely replaced soon, so it won’t be an issue in the long term.
Bug: #1174