resolve conflicts, fix local changes

author: djm <> 2010-10-01 22:59:01 +0000
committer: djm <> 2010-10-01 22:59:01 +0000
commit: 8922d4bc4a8b8893d72a48deb2cdf58215f98505 (patch)
tree: 939b752540947d33507b3acc48d76a8bfb7c3dc3 /src/lib/libcrypto/aes/aes_core.c
parent: 76262f7bf9262f965142b1b2b2105cb279c5c696 (diff)
download: openbsd-8922d4bc4a8b8893d72a48deb2cdf58215f98505.tar.gz
openbsd-8922d4bc4a8b8893d72a48deb2cdf58215f98505.tar.bz2
openbsd-8922d4bc4a8b8893d72a48deb2cdf58215f98505.zip
1 files changed, 200 insertions, 9 deletions
diff --git a/src/lib/libcrypto/aes/aes_core.c b/src/lib/libcrypto/aes/aes_core.c
index cffdd4daec..a7ec54f4da 100644
--- a/src/lib/libcrypto/aes/aes_core.c
+++ b/src/lib/libcrypto/aes/aes_core.c
@@ -37,12 +37,9 @@
 #include <stdlib.h>
 #include <openssl/aes.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 #include "aes_locl.h"
+#ifndef AES_ASM
 /*
 Te0[x] = S [x].[02, 01, 01, 03];
 Te1[x] = S [x].[03, 02, 01, 01];
@@ -635,10 +632,6 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
        int i = 0;
        u32 temp;
-#ifdef OPENSSL_FIPS
-        FIPS_selftest_check();
-#endif
        if (!userKey || !key)
                return -1;
        if (bits != 128 && bits != 192 && bits != 256)
@@ -781,7 +774,6 @@ int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
        return 0;
 }
-#ifndef AES_ASM
 /*
 * Encrypt a single block
 * in and out can overlap
@@ -1164,4 +1156,203 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
        PUTU32(out + 12, s3);
 }
+#else /* AES_ASM */
+static const u8 Te4[256] = {
+    0x63U, 0x7cU, 0x77U, 0x7bU, 0xf2U, 0x6bU, 0x6fU, 0xc5U,
+    0x30U, 0x01U, 0x67U, 0x2bU, 0xfeU, 0xd7U, 0xabU, 0x76U,
+    0xcaU, 0x82U, 0xc9U, 0x7dU, 0xfaU, 0x59U, 0x47U, 0xf0U,
+    0xadU, 0xd4U, 0xa2U, 0xafU, 0x9cU, 0xa4U, 0x72U, 0xc0U,
+    0xb7U, 0xfdU, 0x93U, 0x26U, 0x36U, 0x3fU, 0xf7U, 0xccU,
+    0x34U, 0xa5U, 0xe5U, 0xf1U, 0x71U, 0xd8U, 0x31U, 0x15U,
+    0x04U, 0xc7U, 0x23U, 0xc3U, 0x18U, 0x96U, 0x05U, 0x9aU,
+    0x07U, 0x12U, 0x80U, 0xe2U, 0xebU, 0x27U, 0xb2U, 0x75U,
+    0x09U, 0x83U, 0x2cU, 0x1aU, 0x1bU, 0x6eU, 0x5aU, 0xa0U,
+    0x52U, 0x3bU, 0xd6U, 0xb3U, 0x29U, 0xe3U, 0x2fU, 0x84U,
+    0x53U, 0xd1U, 0x00U, 0xedU, 0x20U, 0xfcU, 0xb1U, 0x5bU,
+    0x6aU, 0xcbU, 0xbeU, 0x39U, 0x4aU, 0x4cU, 0x58U, 0xcfU,
+    0xd0U, 0xefU, 0xaaU, 0xfbU, 0x43U, 0x4dU, 0x33U, 0x85U,
+    0x45U, 0xf9U, 0x02U, 0x7fU, 0x50U, 0x3cU, 0x9fU, 0xa8U,
+    0x51U, 0xa3U, 0x40U, 0x8fU, 0x92U, 0x9dU, 0x38U, 0xf5U,
+    0xbcU, 0xb6U, 0xdaU, 0x21U, 0x10U, 0xffU, 0xf3U, 0xd2U,
+    0xcdU, 0x0cU, 0x13U, 0xecU, 0x5fU, 0x97U, 0x44U, 0x17U,
+    0xc4U, 0xa7U, 0x7eU, 0x3dU, 0x64U, 0x5dU, 0x19U, 0x73U,
+    0x60U, 0x81U, 0x4fU, 0xdcU, 0x22U, 0x2aU, 0x90U, 0x88U,
+    0x46U, 0xeeU, 0xb8U, 0x14U, 0xdeU, 0x5eU, 0x0bU, 0xdbU,
+    0xe0U, 0x32U, 0x3aU, 0x0aU, 0x49U, 0x06U, 0x24U, 0x5cU,
+    0xc2U, 0xd3U, 0xacU, 0x62U, 0x91U, 0x95U, 0xe4U, 0x79U,
+    0xe7U, 0xc8U, 0x37U, 0x6dU, 0x8dU, 0xd5U, 0x4eU, 0xa9U,
+    0x6cU, 0x56U, 0xf4U, 0xeaU, 0x65U, 0x7aU, 0xaeU, 0x08U,
+    0xbaU, 0x78U, 0x25U, 0x2eU, 0x1cU, 0xa6U, 0xb4U, 0xc6U,
+    0xe8U, 0xddU, 0x74U, 0x1fU, 0x4bU, 0xbdU, 0x8bU, 0x8aU,
+    0x70U, 0x3eU, 0xb5U, 0x66U, 0x48U, 0x03U, 0xf6U, 0x0eU,
+    0x61U, 0x35U, 0x57U, 0xb9U, 0x86U, 0xc1U, 0x1dU, 0x9eU,
+    0xe1U, 0xf8U, 0x98U, 0x11U, 0x69U, 0xd9U, 0x8eU, 0x94U,
+    0x9bU, 0x1eU, 0x87U, 0xe9U, 0xceU, 0x55U, 0x28U, 0xdfU,
+    0x8cU, 0xa1U, 0x89U, 0x0dU, 0xbfU, 0xe6U, 0x42U, 0x68U,
+    0x41U, 0x99U, 0x2dU, 0x0fU, 0xb0U, 0x54U, 0xbbU, 0x16U
+};
+static const u32 rcon[] = {
+        0x01000000, 0x02000000, 0x04000000, 0x08000000,
+        0x10000000, 0x20000000, 0x40000000, 0x80000000,
+        0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
+};
+/**
+ * Expand the cipher key into the encryption key schedule.
+ */
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key) {
+        u32 *rk;
+        int i = 0;
+        u32 temp;
+        if (!userKey || !key)
+                return -1;
+        if (bits != 128 && bits != 192 && bits != 256)
+                return -2;
+        rk = key->rd_key;
+        if (bits==128)
+                key->rounds = 10;
+        else if (bits==192)
+                key->rounds = 12;
+        else
+                key->rounds = 14;
+        rk[0] = GETU32(userKey     );
+        rk[1] = GETU32(userKey +  4);
+        rk[2] = GETU32(userKey +  8);
+        rk[3] = GETU32(userKey + 12);
+        if (bits == 128) {
+                while (1) {
+                        temp  = rk[3];
+                        rk[4] = rk[0] ^
+                                (Te4[(temp >> 16) & 0xff] << 24) ^
+                                (Te4[(temp >>  8) & 0xff] << 16) ^
+                                (Te4[(temp      ) & 0xff] << 8) ^
+                                (Te4[(temp >> 24)       ]) ^
+                                rcon[i];
+                        rk[5] = rk[1] ^ rk[4];
+                        rk[6] = rk[2] ^ rk[5];
+                        rk[7] = rk[3] ^ rk[6];
+                        if (++i == 10) {
+                                return 0;
+                        }
+                        rk += 4;
+                }
+        }
+        rk[4] = GETU32(userKey + 16);
+        rk[5] = GETU32(userKey + 20);
+        if (bits == 192) {
+                while (1) {
+                        temp = rk[ 5];
+                        rk[ 6] = rk[ 0] ^
+                                (Te4[(temp >> 16) & 0xff] << 24) ^
+                                (Te4[(temp >>  8) & 0xff] << 16) ^
+                                (Te4[(temp      ) & 0xff] << 8) ^
+                                (Te4[(temp >> 24)       ]) ^
+                                rcon[i];
+                        rk[ 7] = rk[ 1] ^ rk[ 6];
+                        rk[ 8] = rk[ 2] ^ rk[ 7];
+                        rk[ 9] = rk[ 3] ^ rk[ 8];
+                        if (++i == 8) {
+                                return 0;
+                        }
+                        rk[10] = rk[ 4] ^ rk[ 9];
+                        rk[11] = rk[ 5] ^ rk[10];
+                        rk += 6;
+                }
+        }
+        rk[6] = GETU32(userKey + 24);
+        rk[7] = GETU32(userKey + 28);
+        if (bits == 256) {
+                while (1) {
+                        temp = rk[ 7];
+                        rk[ 8] = rk[ 0] ^
+                                (Te4[(temp >> 16) & 0xff] << 24) ^
+                                (Te4[(temp >>  8) & 0xff] << 16) ^
+                                (Te4[(temp      ) & 0xff] << 8) ^
+                                (Te4[(temp >> 24)       ]) ^
+                                rcon[i];
+                        rk[ 9] = rk[ 1] ^ rk[ 8];
+                        rk[10] = rk[ 2] ^ rk[ 9];
+                        rk[11] = rk[ 3] ^ rk[10];
+                        if (++i == 7) {
+                                return 0;
+                        }
+                        temp = rk[11];
+                        rk[12] = rk[ 4] ^
+                                (Te4[(temp >> 24)       ] << 24) ^
+                                (Te4[(temp >> 16) & 0xff] << 16) ^
+                                (Te4[(temp >>  8) & 0xff] << 8) ^
+                                (Te4[(temp      ) & 0xff]);
+                        rk[13] = rk[ 5] ^ rk[12];
+                        rk[14] = rk[ 6] ^ rk[13];
+                        rk[15] = rk[ 7] ^ rk[14];
+                        rk += 8;
+                }
+        }
+        return 0;
+}
+/**
+ * Expand the cipher key into the decryption key schedule.
+ */
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+                         AES_KEY *key) {
+        u32 *rk;
+        int i, j, status;
+        u32 temp;
+        /* first, start with an encryption schedule */
+        status = AES_set_encrypt_key(userKey, bits, key);
+        if (status < 0)
+                return status;
+        rk = key->rd_key;
+        /* invert the order of the round keys: */
+        for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
+                temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
+                temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
+                temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
+                temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
+        }
+        /* apply the inverse MixColumn transform to all round keys but the first and the last: */
+        for (i = 1; i < (key->rounds); i++) {
+                rk += 4;
+                for (j = 0; j < 4; j++) {
+                        u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m;
+                        tp1 = rk[j];
+                        m = tp1 & 0x80808080;
+                        tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^
+                                ((m - (m >> 7)) & 0x1b1b1b1b);
+                        m = tp2 & 0x80808080;
+                        tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^
+                                ((m - (m >> 7)) & 0x1b1b1b1b);
+                        m = tp4 & 0x80808080;
+                        tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^
+                                ((m - (m >> 7)) & 0x1b1b1b1b);
+                        tp9 = tp8 ^ tp1;
+                        tpb = tp9 ^ tp2;
+                        tpd = tp9 ^ tp4;
+                        tpe = tp8 ^ tp4 ^ tp2;
+#if defined(ROTATE)
+                        rk[j] = tpe ^ ROTATE(tpd,16) ^
+                                ROTATE(tp9,24) ^ ROTATE(tpb,8);
+#else
+                        rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ 
+                                (tp9 >> 8) ^ (tp9 << 24) ^
+                                (tpb >> 24) ^ (tpb << 8);
+#endif
+                }
+        }
+        return 0;
+}
 #endif /* AES_ASM */
author	djm <>	2010-10-01 22:59:01 +0000
committer	djm <>	2010-10-01 22:59:01 +0000
commit	8922d4bc4a8b8893d72a48deb2cdf58215f98505 (patch)
tree	939b752540947d33507b3acc48d76a8bfb7c3dc3 /src/lib/libcrypto/aes/aes_core.c
parent	76262f7bf9262f965142b1b2b2105cb279c5c696 (diff)
download	openbsd-8922d4bc4a8b8893d72a48deb2cdf58215f98505.tar.gz openbsd-8922d4bc4a8b8893d72a48deb2cdf58215f98505.tar.bz2 openbsd-8922d4bc4a8b8893d72a48deb2cdf58215f98505.zip

diff --git a/src/lib/libcrypto/aes/aes_core.c b/src/lib/libcrypto/aes/aes_core.c index cffdd4daec..a7ec54f4da 100644 --- a/src/lib/libcrypto/aes/aes_core.c +++ b/src/lib/libcrypto/aes/aes_core.c
@@ -37,12 +37,9 @@
37		37
38	#include <stdlib.h>	38	#include <stdlib.h>
39	#include <openssl/aes.h>	39	#include <openssl/aes.h>
40	#ifdef OPENSSL_FIPS
41	#include <openssl/fips.h>
42	#endif
43
44	#include "aes_locl.h"	40	#include "aes_locl.h"
45		41
		42	#ifndef AES_ASM
46	/*	43	/*
47	Te0[x] = S [x].[02, 01, 01, 03];	44	Te0[x] = S [x].[02, 01, 01, 03];
48	Te1[x] = S [x].[03, 02, 01, 01];	45	Te1[x] = S [x].[03, 02, 01, 01];
@@ -635,10 +632,6 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
635	int i = 0;	632	int i = 0;
636	u32 temp;	633	u32 temp;
637		634
638	#ifdef OPENSSL_FIPS
639	FIPS_selftest_check();
640	#endif
641
642	if (!userKey \|\| !key)	635	if (!userKey \|\| !key)
643	return -1;	636	return -1;
644	if (bits != 128 && bits != 192 && bits != 256)	637	if (bits != 128 && bits != 192 && bits != 256)
@@ -781,7 +774,6 @@ int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
781	return 0;	774	return 0;
782	}	775	}
783		776
784	#ifndef AES_ASM
785	/*	777	/*
786	* Encrypt a single block	778	* Encrypt a single block
787	* in and out can overlap	779	* in and out can overlap
@@ -1164,4 +1156,203 @@ void AES_decrypt(const unsigned char in, unsigned char out,
1164	PUTU32(out + 12, s3);	1156	PUTU32(out + 12, s3);
1165	}	1157	}
1166		1158
		1159	#else /* AES_ASM */
		1160
		1161	static const u8 Te4[256] = {
		1162	0x63U, 0x7cU, 0x77U, 0x7bU, 0xf2U, 0x6bU, 0x6fU, 0xc5U,
		1163	0x30U, 0x01U, 0x67U, 0x2bU, 0xfeU, 0xd7U, 0xabU, 0x76U,
		1164	0xcaU, 0x82U, 0xc9U, 0x7dU, 0xfaU, 0x59U, 0x47U, 0xf0U,
		1165	0xadU, 0xd4U, 0xa2U, 0xafU, 0x9cU, 0xa4U, 0x72U, 0xc0U,
		1166	0xb7U, 0xfdU, 0x93U, 0x26U, 0x36U, 0x3fU, 0xf7U, 0xccU,
		1167	0x34U, 0xa5U, 0xe5U, 0xf1U, 0x71U, 0xd8U, 0x31U, 0x15U,
		1168	0x04U, 0xc7U, 0x23U, 0xc3U, 0x18U, 0x96U, 0x05U, 0x9aU,
		1169	0x07U, 0x12U, 0x80U, 0xe2U, 0xebU, 0x27U, 0xb2U, 0x75U,
		1170	0x09U, 0x83U, 0x2cU, 0x1aU, 0x1bU, 0x6eU, 0x5aU, 0xa0U,
		1171	0x52U, 0x3bU, 0xd6U, 0xb3U, 0x29U, 0xe3U, 0x2fU, 0x84U,
		1172	0x53U, 0xd1U, 0x00U, 0xedU, 0x20U, 0xfcU, 0xb1U, 0x5bU,
		1173	0x6aU, 0xcbU, 0xbeU, 0x39U, 0x4aU, 0x4cU, 0x58U, 0xcfU,
		1174	0xd0U, 0xefU, 0xaaU, 0xfbU, 0x43U, 0x4dU, 0x33U, 0x85U,
		1175	0x45U, 0xf9U, 0x02U, 0x7fU, 0x50U, 0x3cU, 0x9fU, 0xa8U,
		1176	0x51U, 0xa3U, 0x40U, 0x8fU, 0x92U, 0x9dU, 0x38U, 0xf5U,
		1177	0xbcU, 0xb6U, 0xdaU, 0x21U, 0x10U, 0xffU, 0xf3U, 0xd2U,
		1178	0xcdU, 0x0cU, 0x13U, 0xecU, 0x5fU, 0x97U, 0x44U, 0x17U,
		1179	0xc4U, 0xa7U, 0x7eU, 0x3dU, 0x64U, 0x5dU, 0x19U, 0x73U,
		1180	0x60U, 0x81U, 0x4fU, 0xdcU, 0x22U, 0x2aU, 0x90U, 0x88U,
		1181	0x46U, 0xeeU, 0xb8U, 0x14U, 0xdeU, 0x5eU, 0x0bU, 0xdbU,
		1182	0xe0U, 0x32U, 0x3aU, 0x0aU, 0x49U, 0x06U, 0x24U, 0x5cU,
		1183	0xc2U, 0xd3U, 0xacU, 0x62U, 0x91U, 0x95U, 0xe4U, 0x79U,
		1184	0xe7U, 0xc8U, 0x37U, 0x6dU, 0x8dU, 0xd5U, 0x4eU, 0xa9U,
		1185	0x6cU, 0x56U, 0xf4U, 0xeaU, 0x65U, 0x7aU, 0xaeU, 0x08U,
		1186	0xbaU, 0x78U, 0x25U, 0x2eU, 0x1cU, 0xa6U, 0xb4U, 0xc6U,
		1187	0xe8U, 0xddU, 0x74U, 0x1fU, 0x4bU, 0xbdU, 0x8bU, 0x8aU,
		1188	0x70U, 0x3eU, 0xb5U, 0x66U, 0x48U, 0x03U, 0xf6U, 0x0eU,
		1189	0x61U, 0x35U, 0x57U, 0xb9U, 0x86U, 0xc1U, 0x1dU, 0x9eU,
		1190	0xe1U, 0xf8U, 0x98U, 0x11U, 0x69U, 0xd9U, 0x8eU, 0x94U,
		1191	0x9bU, 0x1eU, 0x87U, 0xe9U, 0xceU, 0x55U, 0x28U, 0xdfU,
		1192	0x8cU, 0xa1U, 0x89U, 0x0dU, 0xbfU, 0xe6U, 0x42U, 0x68U,
		1193	0x41U, 0x99U, 0x2dU, 0x0fU, 0xb0U, 0x54U, 0xbbU, 0x16U
		1194	};
		1195	static const u32 rcon[] = {
		1196	0x01000000, 0x02000000, 0x04000000, 0x08000000,
		1197	0x10000000, 0x20000000, 0x40000000, 0x80000000,
		1198	0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
		1199	};
		1200
		1201	/**
		1202	* Expand the cipher key into the encryption key schedule.
		1203	*/
		1204	int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
		1205	AES_KEY *key) {
		1206	u32 *rk;
		1207	int i = 0;
		1208	u32 temp;
		1209
		1210	if (!userKey \|\| !key)
		1211	return -1;
		1212	if (bits != 128 && bits != 192 && bits != 256)
		1213	return -2;
		1214
		1215	rk = key->rd_key;
		1216
		1217	if (bits==128)
		1218	key->rounds = 10;
		1219	else if (bits==192)
		1220	key->rounds = 12;
		1221	else
		1222	key->rounds = 14;
		1223
		1224	rk[0] = GETU32(userKey );
		1225	rk[1] = GETU32(userKey + 4);
		1226	rk[2] = GETU32(userKey + 8);
		1227	rk[3] = GETU32(userKey + 12);
		1228	if (bits == 128) {
		1229	while (1) {
		1230	temp = rk[3];
		1231	rk[4] = rk[0] ^
		1232	(Te4[(temp >> 16) & 0xff] << 24) ^
		1233	(Te4[(temp >> 8) & 0xff] << 16) ^
		1234	(Te4[(temp ) & 0xff] << 8) ^
		1235	(Te4[(temp >> 24) ]) ^
		1236	rcon[i];
		1237	rk[5] = rk[1] ^ rk[4];
		1238	rk[6] = rk[2] ^ rk[5];
		1239	rk[7] = rk[3] ^ rk[6];
		1240	if (++i == 10) {
		1241	return 0;
		1242	}
		1243	rk += 4;
		1244	}
		1245	}
		1246	rk[4] = GETU32(userKey + 16);
		1247	rk[5] = GETU32(userKey + 20);
		1248	if (bits == 192) {
		1249	while (1) {
		1250	temp = rk[ 5];
		1251	rk[ 6] = rk[ 0] ^
		1252	(Te4[(temp >> 16) & 0xff] << 24) ^
		1253	(Te4[(temp >> 8) & 0xff] << 16) ^
		1254	(Te4[(temp ) & 0xff] << 8) ^
		1255	(Te4[(temp >> 24) ]) ^
		1256	rcon[i];
		1257	rk[ 7] = rk[ 1] ^ rk[ 6];
		1258	rk[ 8] = rk[ 2] ^ rk[ 7];
		1259	rk[ 9] = rk[ 3] ^ rk[ 8];
		1260	if (++i == 8) {
		1261	return 0;
		1262	}
		1263	rk[10] = rk[ 4] ^ rk[ 9];
		1264	rk[11] = rk[ 5] ^ rk[10];
		1265	rk += 6;
		1266	}
		1267	}
		1268	rk[6] = GETU32(userKey + 24);
		1269	rk[7] = GETU32(userKey + 28);
		1270	if (bits == 256) {
		1271	while (1) {
		1272	temp = rk[ 7];
		1273	rk[ 8] = rk[ 0] ^
		1274	(Te4[(temp >> 16) & 0xff] << 24) ^
		1275	(Te4[(temp >> 8) & 0xff] << 16) ^
		1276	(Te4[(temp ) & 0xff] << 8) ^
		1277	(Te4[(temp >> 24) ]) ^
		1278	rcon[i];
		1279	rk[ 9] = rk[ 1] ^ rk[ 8];
		1280	rk[10] = rk[ 2] ^ rk[ 9];
		1281	rk[11] = rk[ 3] ^ rk[10];
		1282	if (++i == 7) {
		1283	return 0;
		1284	}
		1285	temp = rk[11];
		1286	rk[12] = rk[ 4] ^
		1287	(Te4[(temp >> 24) ] << 24) ^
		1288	(Te4[(temp >> 16) & 0xff] << 16) ^
		1289	(Te4[(temp >> 8) & 0xff] << 8) ^
		1290	(Te4[(temp ) & 0xff]);
		1291	rk[13] = rk[ 5] ^ rk[12];
		1292	rk[14] = rk[ 6] ^ rk[13];
		1293	rk[15] = rk[ 7] ^ rk[14];
		1294
		1295	rk += 8;
		1296	}
		1297	}
		1298	return 0;
		1299	}
		1300
		1301	/**
		1302	* Expand the cipher key into the decryption key schedule.
		1303	*/
		1304	int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
		1305	AES_KEY *key) {
		1306
		1307	u32 *rk;
		1308	int i, j, status;
		1309	u32 temp;
		1310
		1311	/* first, start with an encryption schedule */
		1312	status = AES_set_encrypt_key(userKey, bits, key);
		1313	if (status < 0)
		1314	return status;
		1315
		1316	rk = key->rd_key;
		1317
		1318	/* invert the order of the round keys: */
		1319	for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
		1320	temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp;
		1321	temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
		1322	temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
		1323	temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
		1324	}
		1325	/* apply the inverse MixColumn transform to all round keys but the first and the last: */
		1326	for (i = 1; i < (key->rounds); i++) {
		1327	rk += 4;
		1328	for (j = 0; j < 4; j++) {
		1329	u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m;
		1330
		1331	tp1 = rk[j];
		1332	m = tp1 & 0x80808080;
		1333	tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^
		1334	((m - (m >> 7)) & 0x1b1b1b1b);
		1335	m = tp2 & 0x80808080;
		1336	tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^
		1337	((m - (m >> 7)) & 0x1b1b1b1b);
		1338	m = tp4 & 0x80808080;
		1339	tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^
		1340	((m - (m >> 7)) & 0x1b1b1b1b);
		1341	tp9 = tp8 ^ tp1;
		1342	tpb = tp9 ^ tp2;
		1343	tpd = tp9 ^ tp4;
		1344	tpe = tp8 ^ tp4 ^ tp2;
		1345	#if defined(ROTATE)
		1346	rk[j] = tpe ^ ROTATE(tpd,16) ^
		1347	ROTATE(tp9,24) ^ ROTATE(tpb,8);
		1348	#else
		1349	rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^
		1350	(tp9 >> 8) ^ (tp9 << 24) ^
		1351	(tpb >> 24) ^ (tpb << 8);
		1352	#endif
		1353	}
		1354	}
		1355	return 0;
		1356	}
		1357
1167	#endif /* AES_ASM */	1358	#endif /* AES_ASM */