merge 0.9.7b with local changes; crank majors for libssl/libcrypto

9 files changed, 91 insertions, 31 deletions

diff --git a/src/lib/libcrypto/aes/Makefile.ssl b/src/lib/libcrypto/aes/Makefile.ssl
index 9358802a2e..f353aeb697 100644
--- a/src/lib/libcrypto/aes/Makefile.ssl
+++ b/src/lib/libcrypto/aes/Makefile.ssl
@@ -75,7 +75,7 @@ lint:
         lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-        $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
         $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --git a/src/lib/libcrypto/aes/aes.h b/src/lib/libcrypto/aes/aes.h
index e8da921ec5..8294a41a3a 100644
--- a/src/lib/libcrypto/aes/aes.h
+++ b/src/lib/libcrypto/aes/aes.h
@@ -56,8 +56,9 @@
 #error AES is disabled.
 #endif
 
-static const int AES_DECRYPT = 0;
-static const int AES_ENCRYPT = 1;
+#define AES_ENCRYPT     1
+#define AES_DECRYPT     0
+
 /* Because array size can't be a const in C, the following two are macros.
    Both sizes are in bytes. */
 #define AES_MAXNR 14
@@ -99,7 +100,9 @@ void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
         unsigned char *ivec, int *num);
 void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
         const unsigned long length, const AES_KEY *key,
-        unsigned char *counter, unsigned int *num);
+        unsigned char counter[AES_BLOCK_SIZE],
+        unsigned char ecount_buf[AES_BLOCK_SIZE],
+        unsigned int *num);
 
 
 #ifdef  __cplusplus
diff --git a/src/lib/libcrypto/aes/aes_cbc.c b/src/lib/libcrypto/aes/aes_cbc.c
index 3dfd7aba2a..de438306b1 100644
--- a/src/lib/libcrypto/aes/aes_cbc.c
+++ b/src/lib/libcrypto/aes/aes_cbc.c
@@ -49,7 +49,13 @@
  *
  */
 
+#ifndef AES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
 #include <assert.h>
+
 #include <openssl/aes.h>
 #include "aes_locl.h"
 
@@ -57,33 +63,49 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
                      const unsigned long length, const AES_KEY *key,
                      unsigned char *ivec, const int enc) {
 
-        int n;
+        unsigned long n;
         unsigned long len = length;
-        unsigned char tmp[16];
+        unsigned char tmp[AES_BLOCK_SIZE];
 
         assert(in && out && key && ivec);
-        assert(length % AES_BLOCK_SIZE == 0);
         assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
 
-        if (AES_ENCRYPT == enc)
-                while (len > 0) {
-                        for(n=0; n < 16; ++n)
+        if (AES_ENCRYPT == enc) {
+                while (len >= AES_BLOCK_SIZE) {
+                        for(n=0; n < sizeof tmp; ++n)
                                 tmp[n] = in[n] ^ ivec[n];
                         AES_encrypt(tmp, out, key);
-                        memcpy(ivec, out, 16);
-                        len -= 16;
-                        in += 16;
-                        out += 16;
+                        memcpy(ivec, out, AES_BLOCK_SIZE);
+                        len -= AES_BLOCK_SIZE;
+                        in += AES_BLOCK_SIZE;
+                        out += AES_BLOCK_SIZE;
                 }
-        else
-                while (len > 0) {
-                        memcpy(tmp, in, 16);
+                if (len) {
+                        for(n=0; n < len; ++n)
+                                tmp[n] = in[n] ^ ivec[n];
+                        for(n=len; n < AES_BLOCK_SIZE; ++n)
+                                tmp[n] = ivec[n];
+                        AES_encrypt(tmp, tmp, key);
+                        memcpy(out, tmp, len);
+                        memcpy(ivec, tmp, sizeof tmp);
+                }                       
+        } else {
+                while (len >= AES_BLOCK_SIZE) {
+                        memcpy(tmp, in, sizeof tmp);
                         AES_decrypt(in, out, key);
-                        for(n=0; n < 16; ++n)
+                        for(n=0; n < AES_BLOCK_SIZE; ++n)
                                 out[n] ^= ivec[n];
-                        memcpy(ivec, tmp, 16);
-                        len -= 16;
-                        in += 16;
-                        out += 16;
+                        memcpy(ivec, tmp, AES_BLOCK_SIZE);
+                        len -= AES_BLOCK_SIZE;
+                        in += AES_BLOCK_SIZE;
+                        out += AES_BLOCK_SIZE;
                 }
+                if (len) {
+                        memcpy(tmp, in, sizeof tmp);
+                        AES_decrypt(tmp, tmp, key);
+                        for(n=0; n < len; ++n)
+                                out[n] ^= ivec[n];
+                        memcpy(ivec, tmp, sizeof tmp);
+                }                       
+        }
 }
diff --git a/src/lib/libcrypto/aes/aes_cfb.c b/src/lib/libcrypto/aes/aes_cfb.c
index 41c2a5ec3d..9b569dda90 100644
--- a/src/lib/libcrypto/aes/aes_cfb.c
+++ b/src/lib/libcrypto/aes/aes_cfb.c
@@ -105,7 +105,13 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef AES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
 #include <assert.h>
+
 #include <openssl/aes.h>
 #include "aes_locl.h"
 
diff --git a/src/lib/libcrypto/aes/aes_core.c b/src/lib/libcrypto/aes/aes_core.c
index 937988dd8c..2f41a825f8 100644
--- a/src/lib/libcrypto/aes/aes_core.c
+++ b/src/lib/libcrypto/aes/aes_core.c
@@ -28,7 +28,13 @@
 /* Note: rewritten a little bit to provide error control and an OpenSSL-
    compatible API */
 
+#ifndef AES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
 #include <assert.h>
+
 #include <stdlib.h>
 #include <openssl/aes.h>
 #include "aes_locl.h"
@@ -744,7 +750,7 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
         rk[2] = GETU32(userKey +  8);
         rk[3] = GETU32(userKey + 12);
         if (bits == 128) {
-                for (;;) {
+                while (1) {
                         temp  = rk[3];
                         rk[4] = rk[0] ^
                                 (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
@@ -764,7 +770,7 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
         rk[4] = GETU32(userKey + 16);
         rk[5] = GETU32(userKey + 20);
         if (bits == 192) {
-                for (;;) {
+                while (1) {
                         temp = rk[ 5];
                         rk[ 6] = rk[ 0] ^
                                 (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
@@ -786,7 +792,7 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
         rk[6] = GETU32(userKey + 24);
         rk[7] = GETU32(userKey + 28);
         if (bits == 256) {
-                for (;;) {
+                while (1) {
                         temp = rk[ 7];
                         rk[ 8] = rk[ 0] ^
                                 (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
diff --git a/src/lib/libcrypto/aes/aes_ctr.c b/src/lib/libcrypto/aes/aes_ctr.c
index aea3db2092..59088499a0 100644
--- a/src/lib/libcrypto/aes/aes_ctr.c
+++ b/src/lib/libcrypto/aes/aes_ctr.c
@@ -49,7 +49,13 @@
  *
  */
 
+#ifndef AES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
 #include <assert.h>
+
 #include <openssl/aes.h>
 #include "aes_locl.h"
 
@@ -90,26 +96,31 @@ static void AES_ctr128_inc(unsigned char *counter) {
 
 /* The input encrypted as though 128bit counter mode is being
  * used.  The extra state information to record how much of the
- * 128bit block we have used is contained in *num;
+ * 128bit block we have used is contained in *num, and the
+ * encrypted counter is kept in ecount_buf.  Both *num and
+ * ecount_buf must be initialised with zeros before the first
+ * call to AES_ctr128_encrypt().
  */
 void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
         const unsigned long length, const AES_KEY *key,
-        unsigned char *counter, unsigned int *num) {
+        unsigned char counter[AES_BLOCK_SIZE],
+        unsigned char ecount_buf[AES_BLOCK_SIZE],
+        unsigned int *num) {
 
         unsigned int n;
         unsigned long l=length;
-        unsigned char tmp[AES_BLOCK_SIZE];
 
         assert(in && out && key && counter && num);
+        assert(*num < AES_BLOCK_SIZE);
 
         n = *num;
 
         while (l--) {
                 if (n == 0) {
-                        AES_encrypt(counter, tmp, key);
+                        AES_encrypt(counter, ecount_buf, key);
                         AES_ctr128_inc(counter);
                 }
-                *(out++) = *(in++) ^ tmp[n];
+                *(out++) = *(in++) ^ ecount_buf[n];
                 n = (n+1) % AES_BLOCK_SIZE;
         }
 
diff --git a/src/lib/libcrypto/aes/aes_ecb.c b/src/lib/libcrypto/aes/aes_ecb.c
index 1cb2e07d3d..28aa561c2d 100644
--- a/src/lib/libcrypto/aes/aes_ecb.c
+++ b/src/lib/libcrypto/aes/aes_ecb.c
@@ -49,7 +49,13 @@
  *
  */
 
+#ifndef AES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
 #include <assert.h>
+
 #include <openssl/aes.h>
 #include "aes_locl.h"
 
diff --git a/src/lib/libcrypto/aes/aes_locl.h b/src/lib/libcrypto/aes/aes_locl.h
index 18fc2d0747..f290946058 100644
--- a/src/lib/libcrypto/aes/aes_locl.h
+++ b/src/lib/libcrypto/aes/aes_locl.h
@@ -62,7 +62,7 @@
 #include <stdlib.h>
 #include <string.h>
 
-#ifdef _MSC_VER
+#if defined(_MSC_VER) && !defined(OPENSSL_SYS_WINCE)
 # define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
 # define GETU32(p) SWAP(*((u32 *)(p)))
 # define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); }
diff --git a/src/lib/libcrypto/aes/aes_ofb.c b/src/lib/libcrypto/aes/aes_ofb.c
index e33bdaea28..f358bb39e2 100644
--- a/src/lib/libcrypto/aes/aes_ofb.c
+++ b/src/lib/libcrypto/aes/aes_ofb.c
@@ -105,7 +105,13 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef AES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
 #include <assert.h>
+
 #include <openssl/aes.h>
 #include "aes_locl.h"