summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/evp/e_aes.c1020
-rw-r--r--src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c521
-rw-r--r--src/lib/libcrypto/evp/e_bf.c37
-rw-r--r--src/lib/libcrypto/evp/e_camellia.c74
-rw-r--r--src/lib/libcrypto/evp/e_cast.c41
-rw-r--r--src/lib/libcrypto/evp/e_chacha.c2
-rw-r--r--src/lib/libcrypto/evp/e_des.c221
-rw-r--r--src/lib/libcrypto/evp/e_des3.c300
-rw-r--r--src/lib/libcrypto/evp/e_idea.c63
-rw-r--r--src/lib/libcrypto/evp/e_null.c53
-rw-r--r--src/lib/libcrypto/evp/e_old.c57
-rw-r--r--src/lib/libcrypto/evp/e_rc2.c193
-rw-r--r--src/lib/libcrypto/evp/e_rc4.c79
-rw-r--r--src/lib/libcrypto/evp/e_rc4_hmac_md5.c226
-rw-r--r--src/lib/libcrypto/evp/e_rc5.c60
-rw-r--r--src/lib/libcrypto/evp/e_xcbc_d.c96
-rw-r--r--src/lib/libssl/src/crypto/evp/e_aes.c1020
-rw-r--r--src/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c521
-rw-r--r--src/lib/libssl/src/crypto/evp/e_bf.c37
-rw-r--r--src/lib/libssl/src/crypto/evp/e_camellia.c74
-rw-r--r--src/lib/libssl/src/crypto/evp/e_cast.c41
-rw-r--r--src/lib/libssl/src/crypto/evp/e_chacha.c2
-rw-r--r--src/lib/libssl/src/crypto/evp/e_des.c221
-rw-r--r--src/lib/libssl/src/crypto/evp/e_des3.c300
-rw-r--r--src/lib/libssl/src/crypto/evp/e_idea.c63
-rw-r--r--src/lib/libssl/src/crypto/evp/e_null.c53
-rw-r--r--src/lib/libssl/src/crypto/evp/e_old.c57
-rw-r--r--src/lib/libssl/src/crypto/evp/e_rc2.c193
-rw-r--r--src/lib/libssl/src/crypto/evp/e_rc4.c79
-rw-r--r--src/lib/libssl/src/crypto/evp/e_rc4_hmac_md5.c226
-rw-r--r--src/lib/libssl/src/crypto/evp/e_rc5.c60
-rw-r--r--src/lib/libssl/src/crypto/evp/e_xcbc_d.c96
32 files changed, 3088 insertions, 2998 deletions
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index d6f0124a94..db0fdf85c8 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -6,7 +6,7 @@
6 * are met: 6 * are met:
7 * 7 *
8 * 1. Redistributions of source code must retain the above copyright 8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * 10 *
11 * 2. Redistributions in binary form must reproduce the above copyright 11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in 12 * notice, this list of conditions and the following disclaimer in
@@ -60,18 +60,16 @@
60#include "modes_lcl.h" 60#include "modes_lcl.h"
61#include <openssl/rand.h> 61#include <openssl/rand.h>
62 62
63typedef struct 63typedef struct {
64 {
65 AES_KEY ks; 64 AES_KEY ks;
66 block128_f block; 65 block128_f block;
67 union { 66 union {
68 cbc128_f cbc; 67 cbc128_f cbc;
69 ctr128_f ctr; 68 ctr128_f ctr;
70 } stream; 69 } stream;
71 } EVP_AES_KEY; 70} EVP_AES_KEY;
72 71
73typedef struct 72typedef struct {
74 {
75 AES_KEY ks; /* AES key schedule to use */ 73 AES_KEY ks; /* AES key schedule to use */
76 int key_set; /* Set if key initialised */ 74 int key_set; /* Set if key initialised */
77 int iv_set; /* Set if an iv is set */ 75 int iv_set; /* Set if an iv is set */
@@ -82,20 +80,17 @@ typedef struct
82 int iv_gen; /* It is OK to generate IVs */ 80 int iv_gen; /* It is OK to generate IVs */
83 int tls_aad_len; /* TLS AAD length */ 81 int tls_aad_len; /* TLS AAD length */
84 ctr128_f ctr; 82 ctr128_f ctr;
85 } EVP_AES_GCM_CTX; 83} EVP_AES_GCM_CTX;
86 84
87typedef struct 85typedef struct {
88 {
89 AES_KEY ks1, ks2; /* AES key schedules to use */ 86 AES_KEY ks1, ks2; /* AES key schedules to use */
90 XTS128_CONTEXT xts; 87 XTS128_CONTEXT xts;
91 void (*stream)(const unsigned char *in, 88 void (*stream)(const unsigned char *in, unsigned char *out,
92 unsigned char *out, size_t length, 89 size_t length, const AES_KEY *key1, const AES_KEY *key2,
93 const AES_KEY *key1, const AES_KEY *key2, 90 const unsigned char iv[16]);
94 const unsigned char iv[16]); 91} EVP_AES_XTS_CTX;
95 } EVP_AES_XTS_CTX; 92
96 93typedef struct {
97typedef struct
98 {
99 AES_KEY ks; /* AES key schedule to use */ 94 AES_KEY ks; /* AES key schedule to use */
100 int key_set; /* Set if key initialised */ 95 int key_set; /* Set if key initialised */
101 int iv_set; /* Set if an iv is set */ 96 int iv_set; /* Set if an iv is set */
@@ -104,53 +99,46 @@ typedef struct
104 int L, M; /* L and M parameters from RFC3610 */ 99 int L, M; /* L and M parameters from RFC3610 */
105 CCM128_CONTEXT ccm; 100 CCM128_CONTEXT ccm;
106 ccm128_f str; 101 ccm128_f str;
107 } EVP_AES_CCM_CTX; 102} EVP_AES_CCM_CTX;
108 103
109#define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4)) 104#define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4))
110 105
111#ifdef VPAES_ASM 106#ifdef VPAES_ASM
112int vpaes_set_encrypt_key(const unsigned char *userKey, int bits, 107int vpaes_set_encrypt_key(const unsigned char *userKey, int bits,
113 AES_KEY *key); 108 AES_KEY *key);
114int vpaes_set_decrypt_key(const unsigned char *userKey, int bits, 109int vpaes_set_decrypt_key(const unsigned char *userKey, int bits,
115 AES_KEY *key); 110 AES_KEY *key);
116 111
117void vpaes_encrypt(const unsigned char *in, unsigned char *out, 112void vpaes_encrypt(const unsigned char *in, unsigned char *out,
118 const AES_KEY *key); 113 const AES_KEY *key);
119void vpaes_decrypt(const unsigned char *in, unsigned char *out, 114void vpaes_decrypt(const unsigned char *in, unsigned char *out,
120 const AES_KEY *key); 115 const AES_KEY *key);
121 116
122void vpaes_cbc_encrypt(const unsigned char *in, 117void vpaes_cbc_encrypt(const unsigned char *in, unsigned char *out,
123 unsigned char *out, 118 size_t length, const AES_KEY *key, unsigned char *ivec, int enc);
124 size_t length,
125 const AES_KEY *key,
126 unsigned char *ivec, int enc);
127#endif 119#endif
128#ifdef BSAES_ASM 120#ifdef BSAES_ASM
129void bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out, 121void bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out,
130 size_t length, const AES_KEY *key, 122 size_t length, const AES_KEY *key, unsigned char ivec[16], int enc);
131 unsigned char ivec[16], int enc);
132void bsaes_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, 123void bsaes_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
133 size_t len, const AES_KEY *key, 124 size_t len, const AES_KEY *key, const unsigned char ivec[16]);
134 const unsigned char ivec[16]);
135void bsaes_xts_encrypt(const unsigned char *inp, unsigned char *out, 125void bsaes_xts_encrypt(const unsigned char *inp, unsigned char *out,
136 size_t len, const AES_KEY *key1, 126 size_t len, const AES_KEY *key1, const AES_KEY *key2,
137 const AES_KEY *key2, const unsigned char iv[16]); 127 const unsigned char iv[16]);
138void bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out, 128void bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out,
139 size_t len, const AES_KEY *key1, 129 size_t len, const AES_KEY *key1, const AES_KEY *key2,
140 const AES_KEY *key2, const unsigned char iv[16]); 130 const unsigned char iv[16]);
141#endif 131#endif
142#ifdef AES_CTR_ASM 132#ifdef AES_CTR_ASM
143void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out, 133void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
144 size_t blocks, const AES_KEY *key, 134 size_t blocks, const AES_KEY *key,
145 const unsigned char ivec[AES_BLOCK_SIZE]); 135 const unsigned char ivec[AES_BLOCK_SIZE]);
146#endif 136#endif
147#ifdef AES_XTS_ASM 137#ifdef AES_XTS_ASM
148void AES_xts_encrypt(const char *inp,char *out,size_t len, 138void AES_xts_encrypt(const char *inp, char *out, size_t len,
149 const AES_KEY *key1, const AES_KEY *key2, 139 const AES_KEY *key1, const AES_KEY *key2, const unsigned char iv[16]);
150 const unsigned char iv[16]); 140void AES_xts_decrypt(const char *inp, char *out, size_t len,
151void AES_xts_decrypt(const char *inp,char *out,size_t len, 141 const AES_KEY *key1, const AES_KEY *key2, const unsigned char iv[16]);
152 const AES_KEY *key1, const AES_KEY *key2,
153 const unsigned char iv[16]);
154#endif 142#endif
155 143
156#if defined(AES_ASM) && !defined(I386_ONLY) && ( \ 144#if defined(AES_ASM) && !defined(I386_ONLY) && ( \
@@ -174,160 +162,142 @@ extern unsigned int OPENSSL_ia32cap_P[2];
174#define AESNI_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(57-32))) 162#define AESNI_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(57-32)))
175 163
176int aesni_set_encrypt_key(const unsigned char *userKey, int bits, 164int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
177 AES_KEY *key); 165 AES_KEY *key);
178int aesni_set_decrypt_key(const unsigned char *userKey, int bits, 166int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
179 AES_KEY *key); 167 AES_KEY *key);
180 168
181void aesni_encrypt(const unsigned char *in, unsigned char *out, 169void aesni_encrypt(const unsigned char *in, unsigned char *out,
182 const AES_KEY *key); 170 const AES_KEY *key);
183void aesni_decrypt(const unsigned char *in, unsigned char *out, 171void aesni_decrypt(const unsigned char *in, unsigned char *out,
184 const AES_KEY *key); 172 const AES_KEY *key);
185 173
186void aesni_ecb_encrypt(const unsigned char *in, 174void aesni_ecb_encrypt(const unsigned char *in, unsigned char *out,
187 unsigned char *out, 175 size_t length, const AES_KEY *key, int enc);
188 size_t length, 176void aesni_cbc_encrypt(const unsigned char *in, unsigned char *out,
189 const AES_KEY *key, 177 size_t length, const AES_KEY *key, unsigned char *ivec, int enc);
190 int enc); 178
191void aesni_cbc_encrypt(const unsigned char *in, 179void aesni_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
192 unsigned char *out, 180 size_t blocks, const void *key, const unsigned char *ivec);
193 size_t length, 181
194 const AES_KEY *key, 182void aesni_xts_encrypt(const unsigned char *in, unsigned char *out,
195 unsigned char *ivec, int enc); 183 size_t length, const AES_KEY *key1, const AES_KEY *key2,
196 184 const unsigned char iv[16]);
197void aesni_ctr32_encrypt_blocks(const unsigned char *in, 185
198 unsigned char *out, 186void aesni_xts_decrypt(const unsigned char *in, unsigned char *out,
199 size_t blocks, 187 size_t length, const AES_KEY *key1, const AES_KEY *key2,
200 const void *key, 188 const unsigned char iv[16]);
201 const unsigned char *ivec); 189
202 190void aesni_ccm64_encrypt_blocks (const unsigned char *in, unsigned char *out,
203void aesni_xts_encrypt(const unsigned char *in, 191 size_t blocks, const void *key, const unsigned char ivec[16],
204 unsigned char *out, 192 unsigned char cmac[16]);
205 size_t length, 193
206 const AES_KEY *key1, const AES_KEY *key2, 194void aesni_ccm64_decrypt_blocks (const unsigned char *in, unsigned char *out,
207 const unsigned char iv[16]); 195 size_t blocks, const void *key, const unsigned char ivec[16],
208 196 unsigned char cmac[16]);
209void aesni_xts_decrypt(const unsigned char *in, 197
210 unsigned char *out, 198static int
211 size_t length, 199aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
212 const AES_KEY *key1, const AES_KEY *key2, 200 const unsigned char *iv, int enc)
213 const unsigned char iv[16]); 201{
214
215void aesni_ccm64_encrypt_blocks (const unsigned char *in,
216 unsigned char *out,
217 size_t blocks,
218 const void *key,
219 const unsigned char ivec[16],
220 unsigned char cmac[16]);
221
222void aesni_ccm64_decrypt_blocks (const unsigned char *in,
223 unsigned char *out,
224 size_t blocks,
225 const void *key,
226 const unsigned char ivec[16],
227 unsigned char cmac[16]);
228
229static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
230 const unsigned char *iv, int enc)
231 {
232 int ret, mode; 202 int ret, mode;
233 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; 203 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
234 204
235 mode = ctx->cipher->flags & EVP_CIPH_MODE; 205 mode = ctx->cipher->flags & EVP_CIPH_MODE;
236 if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) 206 if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) &&
237 && !enc) 207 !enc) {
238 { 208 ret = aesni_set_decrypt_key(key, ctx->key_len * 8,
239 ret = aesni_set_decrypt_key(key, ctx->key_len*8, ctx->cipher_data); 209 ctx->cipher_data);
240 dat->block = (block128_f)aesni_decrypt; 210 dat->block = (block128_f)aesni_decrypt;
241 dat->stream.cbc = mode==EVP_CIPH_CBC_MODE ? 211 dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
242 (cbc128_f)aesni_cbc_encrypt : 212 (cbc128_f)aesni_cbc_encrypt : NULL;
243 NULL; 213 } else {
244 } 214 ret = aesni_set_encrypt_key(key, ctx->key_len * 8,
245 else { 215 ctx->cipher_data);
246 ret = aesni_set_encrypt_key(key, ctx->key_len*8, ctx->cipher_data); 216 dat->block = (block128_f)aesni_encrypt;
247 dat->block = (block128_f)aesni_encrypt; 217 if (mode == EVP_CIPH_CBC_MODE)
248 if (mode==EVP_CIPH_CBC_MODE) 218 dat->stream.cbc = (cbc128_f)aesni_cbc_encrypt;
249 dat->stream.cbc = (cbc128_f)aesni_cbc_encrypt; 219 else if (mode == EVP_CIPH_CTR_MODE)
250 else if (mode==EVP_CIPH_CTR_MODE)
251 dat->stream.ctr = (ctr128_f)aesni_ctr32_encrypt_blocks; 220 dat->stream.ctr = (ctr128_f)aesni_ctr32_encrypt_blocks;
252 else 221 else
253 dat->stream.cbc = NULL; 222 dat->stream.cbc = NULL;
254 } 223 }
255 224
256 if(ret < 0) 225 if (ret < 0) {
257 { 226 EVPerr(EVP_F_AESNI_INIT_KEY, EVP_R_AES_KEY_SETUP_FAILED);
258 EVPerr(EVP_F_AESNI_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED);
259 return 0; 227 return 0;
260 } 228 }
261 229
262 return 1; 230 return 1;
263 } 231}
264 232
265static int aesni_cbc_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, 233static int
266 const unsigned char *in, size_t len) 234aesni_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
235 const unsigned char *in, size_t len)
267{ 236{
268 aesni_cbc_encrypt(in,out,len,ctx->cipher_data,ctx->iv,ctx->encrypt); 237 aesni_cbc_encrypt(in, out, len, ctx->cipher_data, ctx->iv,
238 ctx->encrypt);
269 239
270 return 1; 240 return 1;
271} 241}
272 242
273static int aesni_ecb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, 243static int
274 const unsigned char *in, size_t len) 244aesni_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
245 const unsigned char *in, size_t len)
275{ 246{
276 size_t bl = ctx->cipher->block_size; 247 size_t bl = ctx->cipher->block_size;
277 248
278 if (len<bl) return 1; 249 if (len < bl)
250 return 1;
279 251
280 aesni_ecb_encrypt(in,out,len,ctx->cipher_data,ctx->encrypt); 252 aesni_ecb_encrypt(in, out, len, ctx->cipher_data, ctx->encrypt);
281 253
282 return 1; 254 return 1;
283} 255}
284 256
285#define aesni_ofb_cipher aes_ofb_cipher 257#define aesni_ofb_cipher aes_ofb_cipher
286static int aesni_ofb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, 258static int aesni_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
287 const unsigned char *in,size_t len); 259 const unsigned char *in, size_t len);
288 260
289#define aesni_cfb_cipher aes_cfb_cipher 261#define aesni_cfb_cipher aes_cfb_cipher
290static int aesni_cfb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, 262static int aesni_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
291 const unsigned char *in,size_t len); 263 const unsigned char *in, size_t len);
292 264
293#define aesni_cfb8_cipher aes_cfb8_cipher 265#define aesni_cfb8_cipher aes_cfb8_cipher
294static int aesni_cfb8_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, 266static int aesni_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
295 const unsigned char *in,size_t len); 267 const unsigned char *in, size_t len);
296 268
297#define aesni_cfb1_cipher aes_cfb1_cipher 269#define aesni_cfb1_cipher aes_cfb1_cipher
298static int aesni_cfb1_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, 270static int aesni_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
299 const unsigned char *in,size_t len); 271 const unsigned char *in, size_t len);
300 272
301#define aesni_ctr_cipher aes_ctr_cipher 273#define aesni_ctr_cipher aes_ctr_cipher
302static int aesni_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 274static int aesni_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
303 const unsigned char *in, size_t len); 275 const unsigned char *in, size_t len);
304 276
305static int aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 277static int
306 const unsigned char *iv, int enc) 278aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
307 { 279 const unsigned char *iv, int enc)
280{
308 EVP_AES_GCM_CTX *gctx = ctx->cipher_data; 281 EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
282
309 if (!iv && !key) 283 if (!iv && !key)
310 return 1; 284 return 1;
311 if (key) 285 if (key) {
312 {
313 aesni_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks); 286 aesni_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
314 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, 287 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
315 (block128_f)aesni_encrypt); 288 (block128_f)aesni_encrypt);
316 gctx->ctr = (ctr128_f)aesni_ctr32_encrypt_blocks; 289 gctx->ctr = (ctr128_f)aesni_ctr32_encrypt_blocks;
317 /* If we have an iv can set it directly, otherwise use 290 /* If we have an iv can set it directly, otherwise use
318 * saved IV. 291 * saved IV.
319 */ 292 */
320 if (iv == NULL && gctx->iv_set) 293 if (iv == NULL && gctx->iv_set)
321 iv = gctx->iv; 294 iv = gctx->iv;
322 if (iv) 295 if (iv) {
323 {
324 CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); 296 CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
325 gctx->iv_set = 1; 297 gctx->iv_set = 1;
326 }
327 gctx->key_set = 1;
328 } 298 }
329 else 299 gctx->key_set = 1;
330 { 300 } else {
331 /* If key set use IV, otherwise copy */ 301 /* If key set use IV, otherwise copy */
332 if (gctx->key_set) 302 if (gctx->key_set)
333 CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); 303 CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
@@ -335,83 +305,82 @@ static int aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
335 memcpy(gctx->iv, iv, gctx->ivlen); 305 memcpy(gctx->iv, iv, gctx->ivlen);
336 gctx->iv_set = 1; 306 gctx->iv_set = 1;
337 gctx->iv_gen = 0; 307 gctx->iv_gen = 0;
338 }
339 return 1;
340 } 308 }
309 return 1;
310}
341 311
342#define aesni_gcm_cipher aes_gcm_cipher 312#define aesni_gcm_cipher aes_gcm_cipher
343static int aesni_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 313static int aesni_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
344 const unsigned char *in, size_t len); 314 const unsigned char *in, size_t len);
345 315
346static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 316static int
347 const unsigned char *iv, int enc) 317aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
348 { 318 const unsigned char *iv, int enc)
319{
349 EVP_AES_XTS_CTX *xctx = ctx->cipher_data; 320 EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
321
350 if (!iv && !key) 322 if (!iv && !key)
351 return 1; 323 return 1;
352 324
353 if (key) 325 if (key) {
354 {
355 /* key_len is two AES keys */ 326 /* key_len is two AES keys */
356 if (enc) 327 if (enc) {
357 { 328 aesni_set_encrypt_key(key, ctx->key_len * 4,
358 aesni_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1); 329 &xctx->ks1);
359 xctx->xts.block1 = (block128_f)aesni_encrypt; 330 xctx->xts.block1 = (block128_f)aesni_encrypt;
360 xctx->stream = aesni_xts_encrypt; 331 xctx->stream = aesni_xts_encrypt;
361 } 332 } else {
362 else 333 aesni_set_decrypt_key(key, ctx->key_len * 4,
363 { 334 &xctx->ks1);
364 aesni_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1);
365 xctx->xts.block1 = (block128_f)aesni_decrypt; 335 xctx->xts.block1 = (block128_f)aesni_decrypt;
366 xctx->stream = aesni_xts_decrypt; 336 xctx->stream = aesni_xts_decrypt;
367 } 337 }
368 338
369 aesni_set_encrypt_key(key + ctx->key_len/2, 339 aesni_set_encrypt_key(key + ctx->key_len / 2,
370 ctx->key_len * 4, &xctx->ks2); 340 ctx->key_len * 4, &xctx->ks2);
371 xctx->xts.block2 = (block128_f)aesni_encrypt; 341 xctx->xts.block2 = (block128_f)aesni_encrypt;
372 342
373 xctx->xts.key1 = &xctx->ks1; 343 xctx->xts.key1 = &xctx->ks1;
374 } 344 }
375 345
376 if (iv) 346 if (iv) {
377 {
378 xctx->xts.key2 = &xctx->ks2; 347 xctx->xts.key2 = &xctx->ks2;
379 memcpy(ctx->iv, iv, 16); 348 memcpy(ctx->iv, iv, 16);
380 } 349 }
381 350
382 return 1; 351 return 1;
383 } 352}
384 353
385#define aesni_xts_cipher aes_xts_cipher 354#define aesni_xts_cipher aes_xts_cipher
386static int aesni_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 355static int aesni_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
387 const unsigned char *in, size_t len); 356 const unsigned char *in, size_t len);
388 357
389static int aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 358static int
390 const unsigned char *iv, int enc) 359aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
391 { 360 const unsigned char *iv, int enc)
361{
392 EVP_AES_CCM_CTX *cctx = ctx->cipher_data; 362 EVP_AES_CCM_CTX *cctx = ctx->cipher_data;
363
393 if (!iv && !key) 364 if (!iv && !key)
394 return 1; 365 return 1;
395 if (key) 366 if (key) {
396 {
397 aesni_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks); 367 aesni_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks);
398 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, 368 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
399 &cctx->ks, (block128_f)aesni_encrypt); 369 &cctx->ks, (block128_f)aesni_encrypt);
400 cctx->str = enc?(ccm128_f)aesni_ccm64_encrypt_blocks : 370 cctx->str = enc ? (ccm128_f)aesni_ccm64_encrypt_blocks :
401 (ccm128_f)aesni_ccm64_decrypt_blocks; 371 (ccm128_f)aesni_ccm64_decrypt_blocks;
402 cctx->key_set = 1; 372 cctx->key_set = 1;
403 } 373 }
404 if (iv) 374 if (iv) {
405 {
406 memcpy(ctx->iv, iv, 15 - cctx->L); 375 memcpy(ctx->iv, iv, 15 - cctx->L);
407 cctx->iv_set = 1; 376 cctx->iv_set = 1;
408 }
409 return 1;
410 } 377 }
378 return 1;
379}
411 380
412#define aesni_ccm_cipher aes_ccm_cipher 381#define aesni_ccm_cipher aes_ccm_cipher
413static int aesni_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 382static int aesni_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
414 const unsigned char *in, size_t len); 383 const unsigned char *in, size_t len);
415 384
416#define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ 385#define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
417static const EVP_CIPHER aesni_##keylen##_##mode = { \ 386static const EVP_CIPHER aesni_##keylen##_##mode = { \
@@ -493,199 +462,205 @@ const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
493 BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags) \ 462 BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags) \
494 BLOCK_CIPHER_generic(nid,keylen,1,16,ctr,ctr,CTR,flags) 463 BLOCK_CIPHER_generic(nid,keylen,1,16,ctr,ctr,CTR,flags)
495 464
496static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 465static int
497 const unsigned char *iv, int enc) 466aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
498 { 467 const unsigned char *iv, int enc)
468{
499 int ret, mode; 469 int ret, mode;
500 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; 470 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
501 471
502 mode = ctx->cipher->flags & EVP_CIPH_MODE; 472 mode = ctx->cipher->flags & EVP_CIPH_MODE;
503 if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) 473 if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) &&
504 && !enc) 474 !enc)
505#ifdef BSAES_CAPABLE 475#ifdef BSAES_CAPABLE
506 if (BSAES_CAPABLE && mode==EVP_CIPH_CBC_MODE) 476 if (BSAES_CAPABLE && mode == EVP_CIPH_CBC_MODE) {
507 { 477 ret = AES_set_decrypt_key(key, ctx->key_len * 8,
508 ret = AES_set_decrypt_key(key,ctx->key_len*8,&dat->ks); 478 &dat->ks);
509 dat->block = (block128_f)AES_decrypt; 479 dat->block = (block128_f)AES_decrypt;
510 dat->stream.cbc = (cbc128_f)bsaes_cbc_encrypt; 480 dat->stream.cbc = (cbc128_f)bsaes_cbc_encrypt;
511 } 481 } else
512 else
513#endif 482#endif
514#ifdef VPAES_CAPABLE 483#ifdef VPAES_CAPABLE
515 if (VPAES_CAPABLE) 484 if (VPAES_CAPABLE) {
516 { 485 ret = vpaes_set_decrypt_key(key, ctx->key_len * 8,
517 ret = vpaes_set_decrypt_key(key,ctx->key_len*8,&dat->ks); 486 &dat->ks);
518 dat->block = (block128_f)vpaes_decrypt; 487 dat->block = (block128_f)vpaes_decrypt;
519 dat->stream.cbc = mode==EVP_CIPH_CBC_MODE ? 488 dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
520 (cbc128_f)vpaes_cbc_encrypt : 489 (cbc128_f)vpaes_cbc_encrypt : NULL;
521 NULL; 490 } else
522 }
523 else
524#endif 491#endif
525 { 492 {
526 ret = AES_set_decrypt_key(key,ctx->key_len*8,&dat->ks); 493 ret = AES_set_decrypt_key(key, ctx->key_len * 8,
527 dat->block = (block128_f)AES_decrypt; 494 &dat->ks);
528 dat->stream.cbc = mode==EVP_CIPH_CBC_MODE ? 495 dat->block = (block128_f)AES_decrypt;
529 (cbc128_f)AES_cbc_encrypt : 496 dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
530 NULL; 497 (cbc128_f)AES_cbc_encrypt : NULL;
531 } 498 } else
532 else
533#ifdef BSAES_CAPABLE 499#ifdef BSAES_CAPABLE
534 if (BSAES_CAPABLE && mode==EVP_CIPH_CTR_MODE) 500 if (BSAES_CAPABLE && mode == EVP_CIPH_CTR_MODE) {
535 { 501 ret = AES_set_encrypt_key(key, ctx->key_len * 8,
536 ret = AES_set_encrypt_key(key,ctx->key_len*8,&dat->ks); 502 &dat->ks);
537 dat->block = (block128_f)AES_encrypt; 503 dat->block = (block128_f)AES_encrypt;
538 dat->stream.ctr = (ctr128_f)bsaes_ctr32_encrypt_blocks; 504 dat->stream.ctr = (ctr128_f)bsaes_ctr32_encrypt_blocks;
539 } 505 } else
540 else
541#endif 506#endif
542#ifdef VPAES_CAPABLE 507#ifdef VPAES_CAPABLE
543 if (VPAES_CAPABLE) 508 if (VPAES_CAPABLE) {
544 { 509 ret = vpaes_set_encrypt_key(key, ctx->key_len * 8,
545 ret = vpaes_set_encrypt_key(key,ctx->key_len*8,&dat->ks); 510 &dat->ks);
546 dat->block = (block128_f)vpaes_encrypt; 511 dat->block = (block128_f)vpaes_encrypt;
547 dat->stream.cbc = mode==EVP_CIPH_CBC_MODE ? 512 dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
548 (cbc128_f)vpaes_cbc_encrypt : 513 (cbc128_f)vpaes_cbc_encrypt : NULL;
549 NULL; 514 } else
550 }
551 else
552#endif 515#endif
553 { 516 {
554 ret = AES_set_encrypt_key(key,ctx->key_len*8,&dat->ks); 517 ret = AES_set_encrypt_key(key, ctx->key_len * 8,
555 dat->block = (block128_f)AES_encrypt; 518 &dat->ks);
556 dat->stream.cbc = mode==EVP_CIPH_CBC_MODE ? 519 dat->block = (block128_f)AES_encrypt;
557 (cbc128_f)AES_cbc_encrypt : 520 dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
558 NULL; 521 (cbc128_f)AES_cbc_encrypt : NULL;
559#ifdef AES_CTR_ASM 522#ifdef AES_CTR_ASM
560 if (mode==EVP_CIPH_CTR_MODE) 523 if (mode == EVP_CIPH_CTR_MODE)
561 dat->stream.ctr = (ctr128_f)AES_ctr32_encrypt; 524 dat->stream.ctr = (ctr128_f)AES_ctr32_encrypt;
562#endif 525#endif
563 } 526 }
564 527
565 if(ret < 0) 528 if (ret < 0) {
566 { 529 EVPerr(EVP_F_AES_INIT_KEY, EVP_R_AES_KEY_SETUP_FAILED);
567 EVPerr(EVP_F_AES_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED);
568 return 0; 530 return 0;
569 } 531 }
570 532
571 return 1; 533 return 1;
572 } 534}
573 535
574static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, 536static int
575 const unsigned char *in, size_t len) 537aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
538 const unsigned char *in, size_t len)
576{ 539{
577 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; 540 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
578 541
579 if (dat->stream.cbc) 542 if (dat->stream.cbc)
580 (*dat->stream.cbc)(in,out,len,&dat->ks,ctx->iv,ctx->encrypt); 543 (*dat->stream.cbc)(in, out, len, &dat->ks, ctx->iv,
544 ctx->encrypt);
581 else if (ctx->encrypt) 545 else if (ctx->encrypt)
582 CRYPTO_cbc128_encrypt(in,out,len,&dat->ks,ctx->iv,dat->block); 546 CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, ctx->iv,
547 dat->block);
583 else 548 else
584 CRYPTO_cbc128_decrypt(in,out,len,&dat->ks,ctx->iv,dat->block); 549 CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, ctx->iv,
550 dat->block);
585 551
586 return 1; 552 return 1;
587} 553}
588 554
589static int aes_ecb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, 555static int
590 const unsigned char *in, size_t len) 556aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
557 const unsigned char *in, size_t len)
591{ 558{
592 size_t bl = ctx->cipher->block_size; 559 size_t bl = ctx->cipher->block_size;
593 size_t i; 560 size_t i;
594 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; 561 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
595 562
596 if (len<bl) return 1; 563 if (len < bl)
564 return 1;
597 565
598 for (i=0,len-=bl;i<=len;i+=bl) 566 for (i = 0, len -= bl; i <= len; i += bl)
599 (*dat->block)(in+i,out+i,&dat->ks); 567 (*dat->block)(in + i, out + i, &dat->ks);
600 568
601 return 1; 569 return 1;
602} 570}
603 571
604static int aes_ofb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, 572static int
605 const unsigned char *in,size_t len) 573aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
574 const unsigned char *in, size_t len)
606{ 575{
607 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; 576 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
608 577
609 CRYPTO_ofb128_encrypt(in,out,len,&dat->ks, 578 CRYPTO_ofb128_encrypt(in, out, len, &dat->ks, ctx->iv, &ctx->num,
610 ctx->iv,&ctx->num,dat->block); 579 dat->block);
611 return 1; 580 return 1;
612} 581}
613 582
614static int aes_cfb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, 583static int
615 const unsigned char *in,size_t len) 584aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
585 const unsigned char *in, size_t len)
616{ 586{
617 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; 587 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
618 588
619 CRYPTO_cfb128_encrypt(in,out,len,&dat->ks, 589 CRYPTO_cfb128_encrypt(in, out, len, &dat->ks, ctx->iv, &ctx->num,
620 ctx->iv,&ctx->num,ctx->encrypt,dat->block); 590 ctx->encrypt, dat->block);
621 return 1; 591 return 1;
622} 592}
623 593
624static int aes_cfb8_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, 594static int
625 const unsigned char *in,size_t len) 595aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
596 const unsigned char *in, size_t len)
626{ 597{
627 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; 598 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
628 599
629 CRYPTO_cfb128_8_encrypt(in,out,len,&dat->ks, 600 CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks, ctx->iv, &ctx->num,
630 ctx->iv,&ctx->num,ctx->encrypt,dat->block); 601 ctx->encrypt, dat->block);
631 return 1; 602 return 1;
632} 603}
633 604
634static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, 605static int
635 const unsigned char *in,size_t len) 606aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
607 const unsigned char *in, size_t len)
636{ 608{
637 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; 609 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
638 610
639 if (ctx->flags&EVP_CIPH_FLAG_LENGTH_BITS) { 611 if (ctx->flags&EVP_CIPH_FLAG_LENGTH_BITS) {
640 CRYPTO_cfb128_1_encrypt(in,out,len,&dat->ks, 612 CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks, ctx->iv,
641 ctx->iv,&ctx->num,ctx->encrypt,dat->block); 613 &ctx->num, ctx->encrypt, dat->block);
642 return 1; 614 return 1;
643 } 615 }
644 616
645 while (len>=MAXBITCHUNK) { 617 while (len >= MAXBITCHUNK) {
646 CRYPTO_cfb128_1_encrypt(in,out,MAXBITCHUNK*8,&dat->ks, 618 CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK*8, &dat->ks,
647 ctx->iv,&ctx->num,ctx->encrypt,dat->block); 619 ctx->iv, &ctx->num, ctx->encrypt, dat->block);
648 len-=MAXBITCHUNK; 620 len -= MAXBITCHUNK;
649 } 621 }
650 if (len) 622 if (len)
651 CRYPTO_cfb128_1_encrypt(in,out,len*8,&dat->ks, 623 CRYPTO_cfb128_1_encrypt(in, out, len*8, &dat->ks,
652 ctx->iv,&ctx->num,ctx->encrypt,dat->block); 624 ctx->iv, &ctx->num, ctx->encrypt, dat->block);
653 625
654 return 1; 626 return 1;
655} 627}
656 628
657static int aes_ctr_cipher (EVP_CIPHER_CTX *ctx, unsigned char *out, 629static int aes_ctr_cipher (EVP_CIPHER_CTX *ctx, unsigned char *out,
658 const unsigned char *in, size_t len) 630 const unsigned char *in, size_t len)
659{ 631{
660 unsigned int num = ctx->num; 632 unsigned int num = ctx->num;
661 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; 633 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
662 634
663 if (dat->stream.ctr) 635 if (dat->stream.ctr)
664 CRYPTO_ctr128_encrypt_ctr32(in,out,len,&dat->ks, 636 CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks,
665 ctx->iv,ctx->buf,&num,dat->stream.ctr); 637 ctx->iv, ctx->buf, &num, dat->stream.ctr);
666 else 638 else
667 CRYPTO_ctr128_encrypt(in,out,len,&dat->ks, 639 CRYPTO_ctr128_encrypt(in, out, len, &dat->ks,
668 ctx->iv,ctx->buf,&num,dat->block); 640 ctx->iv, ctx->buf, &num, dat->block);
669 ctx->num = (size_t)num; 641 ctx->num = (size_t)num;
670 return 1; 642 return 1;
671} 643}
672 644
673BLOCK_CIPHER_generic_pack(NID_aes,128,EVP_CIPH_FLAG_FIPS) 645BLOCK_CIPHER_generic_pack(NID_aes, 128, EVP_CIPH_FLAG_FIPS)
674BLOCK_CIPHER_generic_pack(NID_aes,192,EVP_CIPH_FLAG_FIPS) 646BLOCK_CIPHER_generic_pack(NID_aes, 192, EVP_CIPH_FLAG_FIPS)
675BLOCK_CIPHER_generic_pack(NID_aes,256,EVP_CIPH_FLAG_FIPS) 647BLOCK_CIPHER_generic_pack(NID_aes, 256, EVP_CIPH_FLAG_FIPS)
676 648
677static int aes_gcm_cleanup(EVP_CIPHER_CTX *c) 649static int
678 { 650aes_gcm_cleanup(EVP_CIPHER_CTX *c)
651{
679 EVP_AES_GCM_CTX *gctx = c->cipher_data; 652 EVP_AES_GCM_CTX *gctx = c->cipher_data;
653
680 OPENSSL_cleanse(&gctx->gcm, sizeof(gctx->gcm)); 654 OPENSSL_cleanse(&gctx->gcm, sizeof(gctx->gcm));
681 if (gctx->iv != c->iv) 655 if (gctx->iv != c->iv)
682 free(gctx->iv); 656 free(gctx->iv);
683 return 1; 657 return 1;
684 } 658}
685 659
686/* increment counter (64-bit int) by 1 */ 660/* increment counter (64-bit int) by 1 */
687static void ctr64_inc(unsigned char *counter) { 661static void
688 int n=8; 662ctr64_inc(unsigned char *counter) {
663 int n = 8;
689 unsigned char c; 664 unsigned char c;
690 665
691 do { 666 do {
@@ -693,15 +668,17 @@ static void ctr64_inc(unsigned char *counter) {
693 c = counter[n]; 668 c = counter[n];
694 ++c; 669 ++c;
695 counter[n] = c; 670 counter[n] = c;
696 if (c) return; 671 if (c)
672 return;
697 } while (n); 673 } while (n);
698} 674}
699 675
700static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) 676static int
701 { 677aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
678{
702 EVP_AES_GCM_CTX *gctx = c->cipher_data; 679 EVP_AES_GCM_CTX *gctx = c->cipher_data;
703 switch (type) 680
704 { 681 switch (type) {
705 case EVP_CTRL_INIT: 682 case EVP_CTRL_INIT:
706 gctx->key_set = 0; 683 gctx->key_set = 0;
707 gctx->iv_set = 0; 684 gctx->iv_set = 0;
@@ -716,19 +693,18 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
716 if (arg <= 0) 693 if (arg <= 0)
717 return 0; 694 return 0;
718#ifdef OPENSSL_FIPS 695#ifdef OPENSSL_FIPS
719 if (FIPS_module_mode() && !(c->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) 696 if (FIPS_module_mode() &&
720 && arg < 12) 697 !(c->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) && arg < 12)
721 return 0; 698 return 0;
722#endif 699#endif
723 /* Allocate memory for IV if needed */ 700 /* Allocate memory for IV if needed */
724 if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) 701 if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) {
725 {
726 if (gctx->iv != c->iv) 702 if (gctx->iv != c->iv)
727 free(gctx->iv); 703 free(gctx->iv);
728 gctx->iv = malloc(arg); 704 gctx->iv = malloc(arg);
729 if (!gctx->iv) 705 if (!gctx->iv)
730 return 0; 706 return 0;
731 } 707 }
732 gctx->ivlen = arg; 708 gctx->ivlen = arg;
733 return 1; 709 return 1;
734 710
@@ -747,12 +723,11 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
747 723
748 case EVP_CTRL_GCM_SET_IV_FIXED: 724 case EVP_CTRL_GCM_SET_IV_FIXED:
749 /* Special case: -1 length restores whole IV */ 725 /* Special case: -1 length restores whole IV */
750 if (arg == -1) 726 if (arg == -1) {
751 {
752 memcpy(gctx->iv, ptr, gctx->ivlen); 727 memcpy(gctx->iv, ptr, gctx->ivlen);
753 gctx->iv_gen = 1; 728 gctx->iv_gen = 1;
754 return 1; 729 return 1;
755 } 730 }
756 /* Fixed field must be at least 4 bytes and invocation field 731 /* Fixed field must be at least 4 bytes and invocation field
757 * at least 8. 732 * at least 8.
758 */ 733 */
@@ -761,7 +736,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
761 if (arg) 736 if (arg)
762 memcpy(gctx->iv, ptr, arg); 737 memcpy(gctx->iv, ptr, arg);
763 if (c->encrypt && 738 if (c->encrypt &&
764 RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0) 739 RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0)
765 return 0; 740 return 0;
766 gctx->iv_gen = 1; 741 gctx->iv_gen = 1;
767 return 1; 742 return 1;
@@ -795,63 +770,68 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
795 return 0; 770 return 0;
796 memcpy(c->buf, ptr, arg); 771 memcpy(c->buf, ptr, arg);
797 gctx->tls_aad_len = arg; 772 gctx->tls_aad_len = arg;
798 { 773 {
799 unsigned int len=c->buf[arg-2]<<8|c->buf[arg-1]; 774 unsigned int len = c->buf[arg - 2] << 8 |
775 c->buf[arg - 1];
776
800 /* Correct length for explicit IV */ 777 /* Correct length for explicit IV */
801 len -= EVP_GCM_TLS_EXPLICIT_IV_LEN; 778 len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
779
802 /* If decrypting correct for tag too */ 780 /* If decrypting correct for tag too */
803 if (!c->encrypt) 781 if (!c->encrypt)
804 len -= EVP_GCM_TLS_TAG_LEN; 782 len -= EVP_GCM_TLS_TAG_LEN;
805 c->buf[arg-2] = len>>8; 783 c->buf[arg - 2] = len >> 8;
806 c->buf[arg-1] = len & 0xff; 784 c->buf[arg - 1] = len & 0xff;
807 } 785 }
808 /* Extra padding: tag appended to record */ 786 /* Extra padding: tag appended to record */
809 return EVP_GCM_TLS_TAG_LEN; 787 return EVP_GCM_TLS_TAG_LEN;
810 788
811 default: 789 default:
812 return -1; 790 return -1;
813 791
814 }
815 } 792 }
793}
816 794
817static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 795static int
818 const unsigned char *iv, int enc) 796aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
819 { 797 const unsigned char *iv, int enc)
798{
820 EVP_AES_GCM_CTX *gctx = ctx->cipher_data; 799 EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
800
821 if (!iv && !key) 801 if (!iv && !key)
822 return 1; 802 return 1;
823 if (key) 803 if (key) {
824 { do { 804 do {
825#ifdef BSAES_CAPABLE 805#ifdef BSAES_CAPABLE
826 if (BSAES_CAPABLE) 806 if (BSAES_CAPABLE) {
827 { 807 AES_set_encrypt_key(key, ctx->key_len * 8,
828 AES_set_encrypt_key(key,ctx->key_len*8,&gctx->ks); 808 &gctx->ks);
829 CRYPTO_gcm128_init(&gctx->gcm,&gctx->ks, 809 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
830 (block128_f)AES_encrypt); 810 (block128_f)AES_encrypt);
831 gctx->ctr = (ctr128_f)bsaes_ctr32_encrypt_blocks; 811 gctx->ctr =
832 break; 812 (ctr128_f)bsaes_ctr32_encrypt_blocks;
833 } 813 break;
834 else 814 } else
835#endif 815#endif
836#ifdef VPAES_CAPABLE 816#ifdef VPAES_CAPABLE
837 if (VPAES_CAPABLE) 817 if (VPAES_CAPABLE) {
838 { 818 vpaes_set_encrypt_key(key, ctx->key_len * 8,
839 vpaes_set_encrypt_key(key,ctx->key_len*8,&gctx->ks); 819 &gctx->ks);
840 CRYPTO_gcm128_init(&gctx->gcm,&gctx->ks, 820 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
841 (block128_f)vpaes_encrypt); 821 (block128_f)vpaes_encrypt);
842 gctx->ctr = NULL; 822 gctx->ctr = NULL;
843 break; 823 break;
844 } 824 } else
845 else
846#endif 825#endif
847 (void)0; /* terminate potentially open 'else' */ 826 (void)0; /* terminate potentially open 'else' */
848 827
849 AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks); 828 AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
850 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f)AES_encrypt); 829 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
830 (block128_f)AES_encrypt);
851#ifdef AES_CTR_ASM 831#ifdef AES_CTR_ASM
852 gctx->ctr = (ctr128_f)AES_ctr32_encrypt; 832 gctx->ctr = (ctr128_f)AES_ctr32_encrypt;
853#else 833#else
854 gctx->ctr = NULL; 834 gctx->ctr = NULL;
855#endif 835#endif
856 } while (0); 836 } while (0);
857 837
@@ -860,15 +840,12 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
860 */ 840 */
861 if (iv == NULL && gctx->iv_set) 841 if (iv == NULL && gctx->iv_set)
862 iv = gctx->iv; 842 iv = gctx->iv;
863 if (iv) 843 if (iv) {
864 {
865 CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); 844 CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
866 gctx->iv_set = 1; 845 gctx->iv_set = 1;
867 }
868 gctx->key_set = 1;
869 } 846 }
870 else 847 gctx->key_set = 1;
871 { 848 } else {
872 /* If key set use IV, otherwise copy */ 849 /* If key set use IV, otherwise copy */
873 if (gctx->key_set) 850 if (gctx->key_set)
874 CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); 851 CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
@@ -876,9 +853,9 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
876 memcpy(gctx->iv, iv, gctx->ivlen); 853 memcpy(gctx->iv, iv, gctx->ivlen);
877 gctx->iv_set = 1; 854 gctx->iv_set = 1;
878 gctx->iv_gen = 0; 855 gctx->iv_gen = 0;
879 }
880 return 1;
881 } 856 }
857 return 1;
858}
882 859
883/* Handle TLS GCM packet format. This consists of the last portion of the IV 860/* Handle TLS GCM packet format. This consists of the last portion of the IV
884 * followed by the payload and finally the tag. On encrypt generate IV, 861 * followed by the payload and finally the tag. On encrypt generate IV,
@@ -886,83 +863,82 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
886 * and verify tag. 863 * and verify tag.
887 */ 864 */
888 865
889static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 866static int
890 const unsigned char *in, size_t len) 867aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
891 { 868 const unsigned char *in, size_t len)
869{
892 EVP_AES_GCM_CTX *gctx = ctx->cipher_data; 870 EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
893 int rv = -1; 871 int rv = -1;
872
894 /* Encrypt/decrypt must be performed in place */ 873 /* Encrypt/decrypt must be performed in place */
895 if (out != in || len < (EVP_GCM_TLS_EXPLICIT_IV_LEN+EVP_GCM_TLS_TAG_LEN)) 874 if (out != in ||
875 len < (EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN))
896 return -1; 876 return -1;
877
897 /* Set IV from start of buffer or generate IV and write to start 878 /* Set IV from start of buffer or generate IV and write to start
898 * of buffer. 879 * of buffer.
899 */ 880 */
900 if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ? 881 if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ?
901 EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV, 882 EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV,
902 EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0) 883 EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
903 goto err; 884 goto err;
885
904 /* Use saved AAD */ 886 /* Use saved AAD */
905 if (CRYPTO_gcm128_aad(&gctx->gcm, ctx->buf, gctx->tls_aad_len)) 887 if (CRYPTO_gcm128_aad(&gctx->gcm, ctx->buf, gctx->tls_aad_len))
906 goto err; 888 goto err;
889
907 /* Fix buffer and length to point to payload */ 890 /* Fix buffer and length to point to payload */
908 in += EVP_GCM_TLS_EXPLICIT_IV_LEN; 891 in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
909 out += EVP_GCM_TLS_EXPLICIT_IV_LEN; 892 out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
910 len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; 893 len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
911 if (ctx->encrypt) 894 if (ctx->encrypt) {
912 {
913 /* Encrypt payload */ 895 /* Encrypt payload */
914 if (gctx->ctr) 896 if (gctx->ctr) {
915 { 897 if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm, in, out,
916 if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm, 898 len, gctx->ctr))
917 in, out, len,
918 gctx->ctr))
919 goto err; 899 goto err;
920 } 900 } else {
921 else {
922 if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len)) 901 if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len))
923 goto err; 902 goto err;
924 } 903 }
925 out += len; 904 out += len;
905
926 /* Finally write tag */ 906 /* Finally write tag */
927 CRYPTO_gcm128_tag(&gctx->gcm, out, EVP_GCM_TLS_TAG_LEN); 907 CRYPTO_gcm128_tag(&gctx->gcm, out, EVP_GCM_TLS_TAG_LEN);
928 rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; 908 rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
929 } 909 } else {
930 else
931 {
932 /* Decrypt */ 910 /* Decrypt */
933 if (gctx->ctr) 911 if (gctx->ctr) {
934 { 912 if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm, in, out,
935 if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm, 913 len, gctx->ctr))
936 in, out, len,
937 gctx->ctr))
938 goto err; 914 goto err;
939 } 915 } else {
940 else {
941 if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len)) 916 if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len))
942 goto err; 917 goto err;
943 } 918 }
944 /* Retrieve tag */ 919 /* Retrieve tag */
945 CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, 920 CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, EVP_GCM_TLS_TAG_LEN);
946 EVP_GCM_TLS_TAG_LEN); 921
947 /* If tag mismatch wipe buffer */ 922 /* If tag mismatch wipe buffer */
948 if (memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) 923 if (memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) {
949 {
950 OPENSSL_cleanse(out, len); 924 OPENSSL_cleanse(out, len);
951 goto err; 925 goto err;
952 }
953 rv = len;
954 } 926 }
927 rv = len;
928 }
955 929
956 err: 930err:
957 gctx->iv_set = 0; 931 gctx->iv_set = 0;
958 gctx->tls_aad_len = -1; 932 gctx->tls_aad_len = -1;
959 return rv; 933 return rv;
960 } 934}
961 935
962static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 936static int
963 const unsigned char *in, size_t len) 937aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
964 { 938 const unsigned char *in, size_t len)
939{
965 EVP_AES_GCM_CTX *gctx = ctx->cipher_data; 940 EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
941
966 /* If not set up, return error */ 942 /* If not set up, return error */
967 if (!gctx->key_set) 943 if (!gctx->key_set)
968 return -1; 944 return -1;
@@ -972,95 +948,88 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
972 948
973 if (!gctx->iv_set) 949 if (!gctx->iv_set)
974 return -1; 950 return -1;
975 if (in) 951
976 { 952 if (in) {
977 if (out == NULL) 953 if (out == NULL) {
978 {
979 if (CRYPTO_gcm128_aad(&gctx->gcm, in, len)) 954 if (CRYPTO_gcm128_aad(&gctx->gcm, in, len))
980 return -1; 955 return -1;
981 } 956 } else if (ctx->encrypt) {
982 else if (ctx->encrypt) 957 if (gctx->ctr) {
983 {
984 if (gctx->ctr)
985 {
986 if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm, 958 if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm,
987 in, out, len, 959 in, out, len, gctx->ctr))
988 gctx->ctr))
989 return -1; 960 return -1;
990 } 961 } else {
991 else { 962 if (CRYPTO_gcm128_encrypt(&gctx->gcm,
992 if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len)) 963 in, out, len))
993 return -1; 964 return -1;
994 }
995 } 965 }
996 else 966 } else {
997 { 967 if (gctx->ctr) {
998 if (gctx->ctr)
999 {
1000 if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm, 968 if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm,
1001 in, out, len, 969 in, out, len, gctx->ctr))
1002 gctx->ctr))
1003 return -1; 970 return -1;
1004 } 971 } else {
1005 else { 972 if (CRYPTO_gcm128_decrypt(&gctx->gcm,
1006 if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len)) 973 in, out, len))
1007 return -1; 974 return -1;
1008 }
1009 } 975 }
1010 return len;
1011 } 976 }
1012 else 977 return len;
1013 { 978 } else {
1014 if (!ctx->encrypt) 979 if (!ctx->encrypt) {
1015 {
1016 if (gctx->taglen < 0) 980 if (gctx->taglen < 0)
1017 return -1; 981 return -1;
1018 if (CRYPTO_gcm128_finish(&gctx->gcm, 982 if (CRYPTO_gcm128_finish(&gctx->gcm, ctx->buf,
1019 ctx->buf, gctx->taglen) != 0) 983 gctx->taglen) != 0)
1020 return -1; 984 return -1;
1021 gctx->iv_set = 0; 985 gctx->iv_set = 0;
1022 return 0; 986 return 0;
1023 } 987 }
1024 CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, 16); 988 CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, 16);
1025 gctx->taglen = 16; 989 gctx->taglen = 16;
990
1026 /* Don't reuse the IV */ 991 /* Don't reuse the IV */
1027 gctx->iv_set = 0; 992 gctx->iv_set = 0;
1028 return 0; 993 return 0;
1029 }
1030
1031 } 994 }
1032 995
996}
997
1033#define CUSTOM_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \ 998#define CUSTOM_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \
1034 | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ 999 | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
1035 | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT) 1000 | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT)
1036 1001
1037BLOCK_CIPHER_custom(NID_aes,128,1,12,gcm,GCM, 1002BLOCK_CIPHER_custom(NID_aes, 128, 1,12, gcm, GCM,
1038 EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS) 1003 EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS)
1039BLOCK_CIPHER_custom(NID_aes,192,1,12,gcm,GCM, 1004BLOCK_CIPHER_custom(NID_aes, 192, 1,12, gcm, GCM,
1040 EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS) 1005 EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS)
1041BLOCK_CIPHER_custom(NID_aes,256,1,12,gcm,GCM, 1006BLOCK_CIPHER_custom(NID_aes, 256, 1,12, gcm, GCM,
1042 EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS) 1007 EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS)
1043 1008
1044static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) 1009static int
1045 { 1010aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
1011{
1046 EVP_AES_XTS_CTX *xctx = c->cipher_data; 1012 EVP_AES_XTS_CTX *xctx = c->cipher_data;
1013
1047 if (type != EVP_CTRL_INIT) 1014 if (type != EVP_CTRL_INIT)
1048 return -1; 1015 return -1;
1016
1049 /* key1 and key2 are used as an indicator both key and IV are set */ 1017 /* key1 and key2 are used as an indicator both key and IV are set */
1050 xctx->xts.key1 = NULL; 1018 xctx->xts.key1 = NULL;
1051 xctx->xts.key2 = NULL; 1019 xctx->xts.key2 = NULL;
1052 return 1; 1020 return 1;
1053 } 1021}
1054 1022
1055static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 1023static int
1056 const unsigned char *iv, int enc) 1024aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
1057 { 1025 const unsigned char *iv, int enc)
1026{
1058 EVP_AES_XTS_CTX *xctx = ctx->cipher_data; 1027 EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
1028
1059 if (!iv && !key) 1029 if (!iv && !key)
1060 return 1; 1030 return 1;
1061 1031
1062 if (key) do 1032 if (key) do {
1063 {
1064#ifdef AES_XTS_ASM 1033#ifdef AES_XTS_ASM
1065 xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt; 1034 xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt;
1066#else 1035#else
@@ -1069,100 +1038,98 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
1069 /* key_len is two AES keys */ 1038 /* key_len is two AES keys */
1070#ifdef BSAES_CAPABLE 1039#ifdef BSAES_CAPABLE
1071 if (BSAES_CAPABLE) 1040 if (BSAES_CAPABLE)
1072 xctx->stream = enc ? bsaes_xts_encrypt : bsaes_xts_decrypt; 1041 xctx->stream = enc ? bsaes_xts_encrypt :
1042 bsaes_xts_decrypt;
1073 else 1043 else
1074#endif 1044#endif
1075#ifdef VPAES_CAPABLE 1045#ifdef VPAES_CAPABLE
1076 if (VPAES_CAPABLE) 1046 if (VPAES_CAPABLE) {
1077 { 1047 if (enc) {
1078 if (enc) 1048 vpaes_set_encrypt_key(key, ctx->key_len * 4,
1079 { 1049 &xctx->ks1);
1080 vpaes_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1); 1050 xctx->xts.block1 = (block128_f)vpaes_encrypt;
1081 xctx->xts.block1 = (block128_f)vpaes_encrypt; 1051 } else {
1082 } 1052 vpaes_set_decrypt_key(key, ctx->key_len * 4,
1083 else 1053 &xctx->ks1);
1084 { 1054 xctx->xts.block1 = (block128_f)vpaes_decrypt;
1085 vpaes_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1);
1086 xctx->xts.block1 = (block128_f)vpaes_decrypt;
1087 } 1055 }
1088 1056
1089 vpaes_set_encrypt_key(key + ctx->key_len/2, 1057 vpaes_set_encrypt_key(key + ctx->key_len / 2,
1090 ctx->key_len * 4, &xctx->ks2); 1058 ctx->key_len * 4, &xctx->ks2);
1091 xctx->xts.block2 = (block128_f)vpaes_encrypt; 1059 xctx->xts.block2 = (block128_f)vpaes_encrypt;
1092 1060
1093 xctx->xts.key1 = &xctx->ks1; 1061 xctx->xts.key1 = &xctx->ks1;
1094 break; 1062 break;
1095 } 1063 } else
1096 else
1097#endif 1064#endif
1098 (void)0; /* terminate potentially open 'else' */ 1065 (void)0; /* terminate potentially open 'else' */
1099 1066
1100 if (enc) 1067 if (enc) {
1101 {
1102 AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1); 1068 AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);
1103 xctx->xts.block1 = (block128_f)AES_encrypt; 1069 xctx->xts.block1 = (block128_f)AES_encrypt;
1104 } 1070 } else {
1105 else
1106 {
1107 AES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1); 1071 AES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1);
1108 xctx->xts.block1 = (block128_f)AES_decrypt; 1072 xctx->xts.block1 = (block128_f)AES_decrypt;
1109 } 1073 }
1110 1074
1111 AES_set_encrypt_key(key + ctx->key_len/2, 1075 AES_set_encrypt_key(key + ctx->key_len / 2,
1112 ctx->key_len * 4, &xctx->ks2); 1076 ctx->key_len * 4, &xctx->ks2);
1113 xctx->xts.block2 = (block128_f)AES_encrypt; 1077 xctx->xts.block2 = (block128_f)AES_encrypt;
1114 1078
1115 xctx->xts.key1 = &xctx->ks1; 1079 xctx->xts.key1 = &xctx->ks1;
1116 } while (0); 1080 } while (0);
1117 1081
1118 if (iv) 1082 if (iv) {
1119 {
1120 xctx->xts.key2 = &xctx->ks2; 1083 xctx->xts.key2 = &xctx->ks2;
1121 memcpy(ctx->iv, iv, 16); 1084 memcpy(ctx->iv, iv, 16);
1122 } 1085 }
1123 1086
1124 return 1; 1087 return 1;
1125 } 1088}
1126 1089
1127static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 1090static int
1128 const unsigned char *in, size_t len) 1091aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1129 { 1092 const unsigned char *in, size_t len)
1093{
1130 EVP_AES_XTS_CTX *xctx = ctx->cipher_data; 1094 EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
1095
1131 if (!xctx->xts.key1 || !xctx->xts.key2) 1096 if (!xctx->xts.key1 || !xctx->xts.key2)
1132 return 0; 1097 return 0;
1133 if (!out || !in || len<AES_BLOCK_SIZE) 1098 if (!out || !in || len < AES_BLOCK_SIZE)
1134 return 0; 1099 return 0;
1100
1135#ifdef OPENSSL_FIPS 1101#ifdef OPENSSL_FIPS
1136 /* Requirement of SP800-38E */ 1102 /* Requirement of SP800-38E */
1137 if (FIPS_module_mode() && !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) && 1103 if (FIPS_module_mode() &&
1138 (len > (1UL<<20)*16)) 1104 !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) &&
1139 { 1105 (len > (1UL << 20) * 16)) {
1140 EVPerr(EVP_F_AES_XTS_CIPHER, EVP_R_TOO_LARGE); 1106 EVPerr(EVP_F_AES_XTS_CIPHER, EVP_R_TOO_LARGE);
1141 return 0; 1107 return 0;
1142 } 1108 }
1143#endif 1109#endif
1144 if (xctx->stream) 1110 if (xctx->stream)
1145 (*xctx->stream)(in, out, len, 1111 (*xctx->stream)(in, out, len, xctx->xts.key1, xctx->xts.key2,
1146 xctx->xts.key1, xctx->xts.key2, ctx->iv); 1112 ctx->iv);
1147 else if (CRYPTO_xts128_encrypt(&xctx->xts, ctx->iv, in, out, len, 1113 else if (CRYPTO_xts128_encrypt(&xctx->xts, ctx->iv, in, out, len,
1148 ctx->encrypt)) 1114 ctx->encrypt))
1149 return 0; 1115 return 0;
1150 return 1; 1116 return 1;
1151 } 1117}
1152 1118
1153#define aes_xts_cleanup NULL 1119#define aes_xts_cleanup NULL
1154 1120
1155#define XTS_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV \ 1121#define XTS_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV \
1156 | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT) 1122 | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT)
1157 1123
1158BLOCK_CIPHER_custom(NID_aes,128,1,16,xts,XTS,EVP_CIPH_FLAG_FIPS|XTS_FLAGS) 1124BLOCK_CIPHER_custom(NID_aes, 128, 1,16, xts, XTS, EVP_CIPH_FLAG_FIPS|XTS_FLAGS)
1159BLOCK_CIPHER_custom(NID_aes,256,1,16,xts,XTS,EVP_CIPH_FLAG_FIPS|XTS_FLAGS) 1125BLOCK_CIPHER_custom(NID_aes, 256, 1,16, xts, XTS, EVP_CIPH_FLAG_FIPS|XTS_FLAGS)
1160 1126
1161static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) 1127static int
1162 { 1128aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
1129{
1163 EVP_AES_CCM_CTX *cctx = c->cipher_data; 1130 EVP_AES_CCM_CTX *cctx = c->cipher_data;
1164 switch (type) 1131
1165 { 1132 switch (type) {
1166 case EVP_CTRL_INIT: 1133 case EVP_CTRL_INIT:
1167 cctx->key_set = 0; 1134 cctx->key_set = 0;
1168 cctx->iv_set = 0; 1135 cctx->iv_set = 0;
@@ -1174,6 +1141,7 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
1174 1141
1175 case EVP_CTRL_CCM_SET_IVLEN: 1142 case EVP_CTRL_CCM_SET_IVLEN:
1176 arg = 15 - arg; 1143 arg = 15 - arg;
1144
1177 case EVP_CTRL_CCM_SET_L: 1145 case EVP_CTRL_CCM_SET_L:
1178 if (arg < 2 || arg > 8) 1146 if (arg < 2 || arg > 8)
1179 return 0; 1147 return 0;
@@ -1185,18 +1153,17 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
1185 return 0; 1153 return 0;
1186 if ((c->encrypt && ptr) || (!c->encrypt && !ptr)) 1154 if ((c->encrypt && ptr) || (!c->encrypt && !ptr))
1187 return 0; 1155 return 0;
1188 if (ptr) 1156 if (ptr) {
1189 {
1190 cctx->tag_set = 1; 1157 cctx->tag_set = 1;
1191 memcpy(c->buf, ptr, arg); 1158 memcpy(c->buf, ptr, arg);
1192 } 1159 }
1193 cctx->M = arg; 1160 cctx->M = arg;
1194 return 1; 1161 return 1;
1195 1162
1196 case EVP_CTRL_CCM_GET_TAG: 1163 case EVP_CTRL_CCM_GET_TAG:
1197 if (!c->encrypt || !cctx->tag_set) 1164 if (!c->encrypt || !cctx->tag_set)
1198 return 0; 1165 return 0;
1199 if(!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg)) 1166 if (!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg))
1200 return 0; 1167 return 0;
1201 cctx->tag_set = 0; 1168 cctx->tag_set = 0;
1202 cctx->iv_set = 0; 1169 cctx->iv_set = 0;
@@ -1205,116 +1172,111 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
1205 1172
1206 default: 1173 default:
1207 return -1; 1174 return -1;
1208
1209 }
1210 } 1175 }
1176}
1211 1177
1212static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 1178static int
1213 const unsigned char *iv, int enc) 1179aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
1214 { 1180 const unsigned char *iv, int enc)
1181{
1215 EVP_AES_CCM_CTX *cctx = ctx->cipher_data; 1182 EVP_AES_CCM_CTX *cctx = ctx->cipher_data;
1183
1216 if (!iv && !key) 1184 if (!iv && !key)
1217 return 1; 1185 return 1;
1218 if (key) do 1186 if (key) do {
1219 {
1220#ifdef VPAES_CAPABLE 1187#ifdef VPAES_CAPABLE
1221 if (VPAES_CAPABLE) 1188 if (VPAES_CAPABLE) {
1222 {
1223 vpaes_set_encrypt_key(key, ctx->key_len*8, &cctx->ks); 1189 vpaes_set_encrypt_key(key, ctx->key_len*8, &cctx->ks);
1224 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, 1190 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
1225 &cctx->ks, (block128_f)vpaes_encrypt); 1191 &cctx->ks, (block128_f)vpaes_encrypt);
1226 cctx->str = NULL; 1192 cctx->str = NULL;
1227 cctx->key_set = 1; 1193 cctx->key_set = 1;
1228 break; 1194 break;
1229 } 1195 }
1230#endif 1196#endif
1231 AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks); 1197 AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks);
1232 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, 1198 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
1233 &cctx->ks, (block128_f)AES_encrypt); 1199 &cctx->ks, (block128_f)AES_encrypt);
1234 cctx->str = NULL; 1200 cctx->str = NULL;
1235 cctx->key_set = 1; 1201 cctx->key_set = 1;
1236 } while (0); 1202 } while (0);
1237 if (iv) 1203 if (iv) {
1238 {
1239 memcpy(ctx->iv, iv, 15 - cctx->L); 1204 memcpy(ctx->iv, iv, 15 - cctx->L);
1240 cctx->iv_set = 1; 1205 cctx->iv_set = 1;
1241 }
1242 return 1;
1243 } 1206 }
1207 return 1;
1208}
1244 1209
1245static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 1210static int
1246 const unsigned char *in, size_t len) 1211aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1247 { 1212 const unsigned char *in, size_t len)
1213{
1248 EVP_AES_CCM_CTX *cctx = ctx->cipher_data; 1214 EVP_AES_CCM_CTX *cctx = ctx->cipher_data;
1249 CCM128_CONTEXT *ccm = &cctx->ccm; 1215 CCM128_CONTEXT *ccm = &cctx->ccm;
1216
1250 /* If not set up, return error */ 1217 /* If not set up, return error */
1251 if (!cctx->iv_set && !cctx->key_set) 1218 if (!cctx->iv_set && !cctx->key_set)
1252 return -1; 1219 return -1;
1253 if (!ctx->encrypt && !cctx->tag_set) 1220 if (!ctx->encrypt && !cctx->tag_set)
1254 return -1; 1221 return -1;
1255 if (!out) 1222
1256 { 1223 if (!out) {
1257 if (!in) 1224 if (!in) {
1258 { 1225 if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L,
1259 if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L,len)) 1226 len))
1260 return -1; 1227 return -1;
1261 cctx->len_set = 1; 1228 cctx->len_set = 1;
1262 return len; 1229 return len;
1263 } 1230 }
1264 /* If have AAD need message length */ 1231 /* If have AAD need message length */
1265 if (!cctx->len_set && len) 1232 if (!cctx->len_set && len)
1266 return -1; 1233 return -1;
1267 CRYPTO_ccm128_aad(ccm, in, len); 1234 CRYPTO_ccm128_aad(ccm, in, len);
1268 return len; 1235 return len;
1269 } 1236 }
1270 /* EVP_*Final() doesn't return any data */ 1237 /* EVP_*Final() doesn't return any data */
1271 if (!in) 1238 if (!in)
1272 return 0; 1239 return 0;
1273 /* If not set length yet do it */ 1240 /* If not set length yet do it */
1274 if (!cctx->len_set) 1241 if (!cctx->len_set) {
1275 {
1276 if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len)) 1242 if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len))
1277 return -1; 1243 return -1;
1278 cctx->len_set = 1; 1244 cctx->len_set = 1;
1279 } 1245 }
1280 if (ctx->encrypt) 1246 if (ctx->encrypt) {
1281 {
1282 if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, 1247 if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len,
1283 cctx->str) : 1248 cctx->str) : CRYPTO_ccm128_encrypt(ccm, in, out, len))
1284 CRYPTO_ccm128_encrypt(ccm, in, out, len))
1285 return -1; 1249 return -1;
1286 cctx->tag_set = 1; 1250 cctx->tag_set = 1;
1287 return len; 1251 return len;
1288 } 1252 } else {
1289 else
1290 {
1291 int rv = -1; 1253 int rv = -1;
1292 if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, 1254 if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len,
1293 cctx->str) : 1255 cctx->str) : !CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
1294 !CRYPTO_ccm128_decrypt(ccm, in, out, len))
1295 {
1296 unsigned char tag[16]; 1256 unsigned char tag[16];
1297 if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) 1257 if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
1298 {
1299 if (!memcmp(tag, ctx->buf, cctx->M)) 1258 if (!memcmp(tag, ctx->buf, cctx->M))
1300 rv = len; 1259 rv = len;
1301 }
1302 } 1260 }
1261 }
1303 if (rv == -1) 1262 if (rv == -1)
1304 OPENSSL_cleanse(out, len); 1263 OPENSSL_cleanse(out, len);
1305 cctx->iv_set = 0; 1264 cctx->iv_set = 0;
1306 cctx->tag_set = 0; 1265 cctx->tag_set = 0;
1307 cctx->len_set = 0; 1266 cctx->len_set = 0;
1308 return rv; 1267 return rv;
1309 }
1310
1311 } 1268 }
1312 1269
1270}
1271
1313#define aes_ccm_cleanup NULL 1272#define aes_ccm_cleanup NULL
1314 1273
1315BLOCK_CIPHER_custom(NID_aes,128,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) 1274BLOCK_CIPHER_custom(NID_aes, 128, 1,12, ccm, CCM,
1316BLOCK_CIPHER_custom(NID_aes,192,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) 1275 EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS)
1317BLOCK_CIPHER_custom(NID_aes,256,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) 1276BLOCK_CIPHER_custom(NID_aes, 192, 1,12, ccm, CCM,
1277 EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS)
1278BLOCK_CIPHER_custom(NID_aes, 256, 1,12, ccm, CCM,
1279 EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS)
1318 1280
1319#endif 1281#endif
1320#endif 1282#endif
diff --git a/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c b/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c
index 4d76ec74d2..af0edb3dcf 100644
--- a/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c
@@ -72,16 +72,15 @@
72 72
73#define TLS1_1_VERSION 0x0302 73#define TLS1_1_VERSION 0x0302
74 74
75typedef struct 75typedef struct {
76 { 76 AES_KEY ks;
77 AES_KEY ks; 77 SHA_CTX head, tail, md;
78 SHA_CTX head,tail,md; 78 size_t payload_length; /* AAD length in decrypt case */
79 size_t payload_length; /* AAD length in decrypt case */ 79 union {
80 union { 80 unsigned int tls_ver;
81 unsigned int tls_ver; 81 unsigned char tls_aad[16]; /* 13 used */
82 unsigned char tls_aad[16]; /* 13 used */ 82 } aux;
83 } aux; 83} EVP_AES_HMAC_SHA1;
84 } EVP_AES_HMAC_SHA1;
85 84
86#define NO_PAYLOAD_LENGTH ((size_t)-1) 85#define NO_PAYLOAD_LENGTH ((size_t)-1)
87 86
@@ -97,43 +96,37 @@ typedef struct
97extern unsigned int OPENSSL_ia32cap_P[2]; 96extern unsigned int OPENSSL_ia32cap_P[2];
98#define AESNI_CAPABLE (1<<(57-32)) 97#define AESNI_CAPABLE (1<<(57-32))
99 98
100int aesni_set_encrypt_key(const unsigned char *userKey, int bits, 99int aesni_set_encrypt_key(const unsigned char *userKey, int bits, AES_KEY *key);
101 AES_KEY *key); 100int aesni_set_decrypt_key(const unsigned char *userKey, int bits, AES_KEY *key);
102int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
103 AES_KEY *key);
104 101
105void aesni_cbc_encrypt(const unsigned char *in, 102void aesni_cbc_encrypt(const unsigned char *in, unsigned char *out,
106 unsigned char *out, 103 size_t length, const AES_KEY *key, unsigned char *ivec, int enc);
107 size_t length,
108 const AES_KEY *key,
109 unsigned char *ivec, int enc);
110 104
111void aesni_cbc_sha1_enc (const void *inp, void *out, size_t blocks, 105void aesni_cbc_sha1_enc (const void *inp, void *out, size_t blocks,
112 const AES_KEY *key, unsigned char iv[16], 106 const AES_KEY *key, unsigned char iv[16], SHA_CTX *ctx, const void *in0);
113 SHA_CTX *ctx,const void *in0);
114 107
115#define data(ctx) ((EVP_AES_HMAC_SHA1 *)(ctx)->cipher_data) 108#define data(ctx) ((EVP_AES_HMAC_SHA1 *)(ctx)->cipher_data)
116 109
117static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, 110static int
118 const unsigned char *inkey, 111aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *inkey,
119 const unsigned char *iv, int enc) 112 const unsigned char *iv, int enc)
120 { 113{
121 EVP_AES_HMAC_SHA1 *key = data(ctx); 114 EVP_AES_HMAC_SHA1 *key = data(ctx);
122 int ret; 115 int ret;
123 116
124 if (enc) 117 if (enc)
125 ret=aesni_set_encrypt_key(inkey,ctx->key_len*8,&key->ks); 118 ret = aesni_set_encrypt_key(inkey, ctx->key_len * 8, &key->ks);
126 else 119 else
127 ret=aesni_set_decrypt_key(inkey,ctx->key_len*8,&key->ks); 120 ret = aesni_set_decrypt_key(inkey, ctx->key_len * 8, &key->ks);
128 121
129 SHA1_Init(&key->head); /* handy when benchmarking */ 122 SHA1_Init(&key->head); /* handy when benchmarking */
130 key->tail = key->head; 123 key->tail = key->head;
131 key->md = key->head; 124 key->md = key->head;
132 125
133 key->payload_length = NO_PAYLOAD_LENGTH; 126 key->payload_length = NO_PAYLOAD_LENGTH;
134 127
135 return ret<0?0:1; 128 return ret < 0 ? 0 : 1;
136 } 129}
137 130
138#define STITCHED_CALL 131#define STITCHED_CALL
139 132
@@ -141,16 +134,19 @@ static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
141#define aes_off 0 134#define aes_off 0
142#endif 135#endif
143 136
144void sha1_block_data_order (void *c,const void *p,size_t len); 137void sha1_block_data_order (void *c, const void *p, size_t len);
145 138
146static void sha1_update(SHA_CTX *c,const void *data,size_t len) 139static void
147{ const unsigned char *ptr = data; 140sha1_update(SHA_CTX *c, const void *data, size_t len)
141{
142 const unsigned char *ptr = data;
148 size_t res; 143 size_t res;
149 144
150 if ((res = c->num)) { 145 if ((res = c->num)) {
151 res = SHA_CBLOCK-res; 146 res = SHA_CBLOCK - res;
152 if (len<res) res=len; 147 if (len < res)
153 SHA1_Update (c,ptr,res); 148 res = len;
149 SHA1_Update(c, ptr, res);
154 ptr += res; 150 ptr += res;
155 len -= res; 151 len -= res;
156 } 152 }
@@ -159,16 +155,17 @@ static void sha1_update(SHA_CTX *c,const void *data,size_t len)
159 len -= res; 155 len -= res;
160 156
161 if (len) { 157 if (len) {
162 sha1_block_data_order(c,ptr,len/SHA_CBLOCK); 158 sha1_block_data_order(c, ptr, len / SHA_CBLOCK);
163 159
164 ptr += len; 160 ptr += len;
165 c->Nh += len>>29; 161 c->Nh += len >> 29;
166 c->Nl += len<<=3; 162 c->Nl += len <<= 3;
167 if (c->Nl<(unsigned int)len) c->Nh++; 163 if (c->Nl < (unsigned int)len)
164 c->Nh++;
168 } 165 }
169 166
170 if (res) 167 if (res)
171 SHA1_Update(c,ptr,res); 168 SHA1_Update(c, ptr, res);
172} 169}
173 170
174#ifdef SHA1_Update 171#ifdef SHA1_Update
@@ -176,96 +173,106 @@ static void sha1_update(SHA_CTX *c,const void *data,size_t len)
176#endif 173#endif
177#define SHA1_Update sha1_update 174#define SHA1_Update sha1_update
178 175
179static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 176static int
180 const unsigned char *in, size_t len) 177aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
181 { 178 const unsigned char *in, size_t len)
179{
182 EVP_AES_HMAC_SHA1 *key = data(ctx); 180 EVP_AES_HMAC_SHA1 *key = data(ctx);
183 unsigned int l; 181 unsigned int l;
184 size_t plen = key->payload_length, 182 size_t plen = key->payload_length,
185 iv = 0, /* explicit IV in TLS 1.1 and later */ 183 iv = 0, /* explicit IV in TLS 1.1 and later */
186 sha_off = 0; 184 sha_off = 0;
187#if defined(STITCHED_CALL) 185#if defined(STITCHED_CALL)
188 size_t aes_off = 0, 186 size_t aes_off = 0, blocks;
189 blocks;
190 187
191 sha_off = SHA_CBLOCK-key->md.num; 188 sha_off = SHA_CBLOCK - key->md.num;
192#endif 189#endif
193 190
194 key->payload_length = NO_PAYLOAD_LENGTH; 191 key->payload_length = NO_PAYLOAD_LENGTH;
195 192
196 if (len%AES_BLOCK_SIZE) return 0; 193 if (len % AES_BLOCK_SIZE)
194 return 0;
197 195
198 if (ctx->encrypt) { 196 if (ctx->encrypt) {
199 if (plen==NO_PAYLOAD_LENGTH) 197 if (plen == NO_PAYLOAD_LENGTH)
200 plen = len; 198 plen = len;
201 else if (len!=((plen+SHA_DIGEST_LENGTH+AES_BLOCK_SIZE)&-AES_BLOCK_SIZE)) 199 else if (len != ((plen + SHA_DIGEST_LENGTH + AES_BLOCK_SIZE) &
200 -AES_BLOCK_SIZE))
202 return 0; 201 return 0;
203 else if (key->aux.tls_ver >= TLS1_1_VERSION) 202 else if (key->aux.tls_ver >= TLS1_1_VERSION)
204 iv = AES_BLOCK_SIZE; 203 iv = AES_BLOCK_SIZE;
205 204
206#if defined(STITCHED_CALL) 205#if defined(STITCHED_CALL)
207 if (plen>(sha_off+iv) && (blocks=(plen-(sha_off+iv))/SHA_CBLOCK)) { 206 if (plen > (sha_off + iv) &&
208 SHA1_Update(&key->md,in+iv,sha_off); 207 (blocks = (plen - (sha_off + iv)) / SHA_CBLOCK)) {
208 SHA1_Update(&key->md, in + iv, sha_off);
209 209
210 aesni_cbc_sha1_enc(in,out,blocks,&key->ks, 210 aesni_cbc_sha1_enc(in, out, blocks, &key->ks,
211 ctx->iv,&key->md,in+iv+sha_off); 211 ctx->iv, &key->md, in + iv + sha_off);
212 blocks *= SHA_CBLOCK; 212 blocks *= SHA_CBLOCK;
213 aes_off += blocks; 213 aes_off += blocks;
214 sha_off += blocks; 214 sha_off += blocks;
215 key->md.Nh += blocks>>29; 215 key->md.Nh += blocks >> 29;
216 key->md.Nl += blocks<<=3; 216 key->md.Nl += blocks <<= 3;
217 if (key->md.Nl<(unsigned int)blocks) key->md.Nh++; 217 if (key->md.Nl < (unsigned int)blocks)
218 key->md.Nh++;
218 } else { 219 } else {
219 sha_off = 0; 220 sha_off = 0;
220 } 221 }
221#endif 222#endif
222 sha_off += iv; 223 sha_off += iv;
223 SHA1_Update(&key->md,in+sha_off,plen-sha_off); 224 SHA1_Update(&key->md, in + sha_off, plen - sha_off);
224 225
225 if (plen!=len) { /* "TLS" mode of operation */ 226 if (plen != len) { /* "TLS" mode of operation */
226 if (in!=out) 227 if (in != out)
227 memcpy(out+aes_off,in+aes_off,plen-aes_off); 228 memcpy(out + aes_off, in + aes_off,
229 plen - aes_off);
228 230
229 /* calculate HMAC and append it to payload */ 231 /* calculate HMAC and append it to payload */
230 SHA1_Final(out+plen,&key->md); 232 SHA1_Final(out + plen, &key->md);
231 key->md = key->tail; 233 key->md = key->tail;
232 SHA1_Update(&key->md,out+plen,SHA_DIGEST_LENGTH); 234 SHA1_Update(&key->md, out + plen, SHA_DIGEST_LENGTH);
233 SHA1_Final(out+plen,&key->md); 235 SHA1_Final(out + plen, &key->md);
234 236
235 /* pad the payload|hmac */ 237 /* pad the payload|hmac */
236 plen += SHA_DIGEST_LENGTH; 238 plen += SHA_DIGEST_LENGTH;
237 for (l=len-plen-1;plen<len;plen++) out[plen]=l; 239 for (l = len - plen - 1; plen < len; plen++)
240 out[plen] = l;
241
238 /* encrypt HMAC|padding at once */ 242 /* encrypt HMAC|padding at once */
239 aesni_cbc_encrypt(out+aes_off,out+aes_off,len-aes_off, 243 aesni_cbc_encrypt(out + aes_off, out + aes_off,
240 &key->ks,ctx->iv,1); 244 len - aes_off, &key->ks, ctx->iv, 1);
241 } else { 245 } else {
242 aesni_cbc_encrypt(in+aes_off,out+aes_off,len-aes_off, 246 aesni_cbc_encrypt(in + aes_off, out + aes_off,
243 &key->ks,ctx->iv,1); 247 len - aes_off, &key->ks, ctx->iv, 1);
244 } 248 }
245 } else { 249 } else {
246 union { unsigned int u[SHA_DIGEST_LENGTH/sizeof(unsigned int)]; 250 union {
247 unsigned char c[32+SHA_DIGEST_LENGTH]; } mac, *pmac; 251 unsigned int u[SHA_DIGEST_LENGTH/sizeof(unsigned int)];
252 unsigned char c[32 + SHA_DIGEST_LENGTH];
253 } mac, *pmac;
248 254
249 /* arrange cache line alignment */ 255 /* arrange cache line alignment */
250 pmac = (void *)(((size_t)mac.c+31)&((size_t)0-32)); 256 pmac = (void *)(((size_t)mac.c + 31) & ((size_t)0 - 32));
251 257
252 /* decrypt HMAC|padding at once */ 258 /* decrypt HMAC|padding at once */
253 aesni_cbc_encrypt(in,out,len, 259 aesni_cbc_encrypt(in, out, len, &key->ks, ctx->iv, 0);
254 &key->ks,ctx->iv,0);
255 260
256 if (plen) { /* "TLS" mode of operation */ 261 if (plen) { /* "TLS" mode of operation */
257 size_t inp_len, mask, j, i; 262 size_t inp_len, mask, j, i;
258 unsigned int res, maxpad, pad, bitlen; 263 unsigned int res, maxpad, pad, bitlen;
259 int ret = 1; 264 int ret = 1;
260 union { unsigned int u[SHA_LBLOCK]; 265 union {
261 unsigned char c[SHA_CBLOCK]; } 266 unsigned int u[SHA_LBLOCK];
262 *data = (void *)key->md.data; 267 unsigned char c[SHA_CBLOCK];
268 }
269 *data = (void *)key->md.data;
263 270
264 if ((key->aux.tls_aad[plen-4]<<8|key->aux.tls_aad[plen-3]) 271 if ((key->aux.tls_aad[plen - 4] << 8 |
265 >= TLS1_1_VERSION) 272 key->aux.tls_aad[plen - 3]) >= TLS1_1_VERSION)
266 iv = AES_BLOCK_SIZE; 273 iv = AES_BLOCK_SIZE;
267 274
268 if (len<(iv+SHA_DIGEST_LENGTH+1)) 275 if (len < (iv + SHA_DIGEST_LENGTH + 1))
269 return 0; 276 return 0;
270 277
271 /* omit explicit iv */ 278 /* omit explicit iv */
@@ -273,93 +280,102 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
273 len -= iv; 280 len -= iv;
274 281
275 /* figure out payload length */ 282 /* figure out payload length */
276 pad = out[len-1]; 283 pad = out[len - 1];
277 maxpad = len-(SHA_DIGEST_LENGTH+1); 284 maxpad = len - (SHA_DIGEST_LENGTH + 1);
278 maxpad |= (255-maxpad)>>(sizeof(maxpad)*8-8); 285 maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
279 maxpad &= 255; 286 maxpad &= 255;
280 287
281 inp_len = len - (SHA_DIGEST_LENGTH+pad+1); 288 inp_len = len - (SHA_DIGEST_LENGTH + pad + 1);
282 mask = (0-((inp_len-len)>>(sizeof(inp_len)*8-1))); 289 mask = (0 - ((inp_len - len) >>
290 (sizeof(inp_len) * 8 - 1)));
283 inp_len &= mask; 291 inp_len &= mask;
284 ret &= (int)mask; 292 ret &= (int)mask;
285 293
286 key->aux.tls_aad[plen-2] = inp_len>>8; 294 key->aux.tls_aad[plen - 2] = inp_len >> 8;
287 key->aux.tls_aad[plen-1] = inp_len; 295 key->aux.tls_aad[plen - 1] = inp_len;
288 296
289 /* calculate HMAC */ 297 /* calculate HMAC */
290 key->md = key->head; 298 key->md = key->head;
291 SHA1_Update(&key->md,key->aux.tls_aad,plen); 299 SHA1_Update(&key->md, key->aux.tls_aad, plen);
292 300
293#if 1 301#if 1
294 len -= SHA_DIGEST_LENGTH; /* amend mac */ 302 len -= SHA_DIGEST_LENGTH; /* amend mac */
295 if (len>=(256+SHA_CBLOCK)) { 303 if (len >= (256 + SHA_CBLOCK)) {
296 j = (len-(256+SHA_CBLOCK))&(0-SHA_CBLOCK); 304 j = (len - (256 + SHA_CBLOCK)) &
297 j += SHA_CBLOCK-key->md.num; 305 (0 - SHA_CBLOCK);
298 SHA1_Update(&key->md,out,j); 306 j += SHA_CBLOCK - key->md.num;
307 SHA1_Update(&key->md, out, j);
299 out += j; 308 out += j;
300 len -= j; 309 len -= j;
301 inp_len -= j; 310 inp_len -= j;
302 } 311 }
303 312
304 /* but pretend as if we hashed padded payload */ 313 /* but pretend as if we hashed padded payload */
305 bitlen = key->md.Nl+(inp_len<<3); /* at most 18 bits */ 314 bitlen = key->md.Nl + (inp_len << 3); /* at most 18 bits */
306#ifdef BSWAP 315#ifdef BSWAP
307 bitlen = BSWAP(bitlen); 316 bitlen = BSWAP(bitlen);
308#else 317#else
309 mac.c[0] = 0; 318 mac.c[0] = 0;
310 mac.c[1] = (unsigned char)(bitlen>>16); 319 mac.c[1] = (unsigned char)(bitlen >> 16);
311 mac.c[2] = (unsigned char)(bitlen>>8); 320 mac.c[2] = (unsigned char)(bitlen >> 8);
312 mac.c[3] = (unsigned char)bitlen; 321 mac.c[3] = (unsigned char)bitlen;
313 bitlen = mac.u[0]; 322 bitlen = mac.u[0];
314#endif 323#endif
315 324
316 pmac->u[0]=0; 325 pmac->u[0] = 0;
317 pmac->u[1]=0; 326 pmac->u[1] = 0;
318 pmac->u[2]=0; 327 pmac->u[2] = 0;
319 pmac->u[3]=0; 328 pmac->u[3] = 0;
320 pmac->u[4]=0; 329 pmac->u[4] = 0;
321 330
322 for (res=key->md.num, j=0;j<len;j++) { 331 for (res = key->md.num, j = 0; j < len; j++) {
323 size_t c = out[j]; 332 size_t c = out[j];
324 mask = (j-inp_len)>>(sizeof(j)*8-8); 333 mask = (j - inp_len) >> (sizeof(j) * 8 - 8);
325 c &= mask; 334 c &= mask;
326 c |= 0x80&~mask&~((inp_len-j)>>(sizeof(j)*8-8)); 335 c |= 0x80 & ~mask &
327 data->c[res++]=(unsigned char)c; 336 ~((inp_len - j) >> (sizeof(j) * 8 - 8));
337 data->c[res++] = (unsigned char)c;
328 338
329 if (res!=SHA_CBLOCK) continue; 339 if (res != SHA_CBLOCK)
340 continue;
330 341
331 /* j is not incremented yet */ 342 /* j is not incremented yet */
332 mask = 0-((inp_len+7-j)>>(sizeof(j)*8-1)); 343 mask = 0 - ((inp_len + 7 - j) >>
333 data->u[SHA_LBLOCK-1] |= bitlen&mask; 344 (sizeof(j) * 8 - 1));
334 sha1_block_data_order(&key->md,data,1); 345 data->u[SHA_LBLOCK - 1] |= bitlen&mask;
335 mask &= 0-((j-inp_len-72)>>(sizeof(j)*8-1)); 346 sha1_block_data_order(&key->md, data, 1);
347 mask &= 0 - ((j - inp_len - 72) >>
348 (sizeof(j) * 8 - 1));
336 pmac->u[0] |= key->md.h0 & mask; 349 pmac->u[0] |= key->md.h0 & mask;
337 pmac->u[1] |= key->md.h1 & mask; 350 pmac->u[1] |= key->md.h1 & mask;
338 pmac->u[2] |= key->md.h2 & mask; 351 pmac->u[2] |= key->md.h2 & mask;
339 pmac->u[3] |= key->md.h3 & mask; 352 pmac->u[3] |= key->md.h3 & mask;
340 pmac->u[4] |= key->md.h4 & mask; 353 pmac->u[4] |= key->md.h4 & mask;
341 res=0; 354 res = 0;
342 } 355 }
343 356
344 for(i=res;i<SHA_CBLOCK;i++,j++) data->c[i]=0; 357 for (i = res; i < SHA_CBLOCK; i++, j++)
358 data->c[i] = 0;
345 359
346 if (res>SHA_CBLOCK-8) { 360 if (res > SHA_CBLOCK - 8) {
347 mask = 0-((inp_len+8-j)>>(sizeof(j)*8-1)); 361 mask = 0 - ((inp_len + 8 - j) >>
348 data->u[SHA_LBLOCK-1] |= bitlen&mask; 362 (sizeof(j) * 8 - 1));
349 sha1_block_data_order(&key->md,data,1); 363 data->u[SHA_LBLOCK - 1] |= bitlen & mask;
350 mask &= 0-((j-inp_len-73)>>(sizeof(j)*8-1)); 364 sha1_block_data_order(&key->md, data, 1);
365 mask &= 0 - ((j - inp_len - 73) >>
366 (sizeof(j) * 8 - 1));
351 pmac->u[0] |= key->md.h0 & mask; 367 pmac->u[0] |= key->md.h0 & mask;
352 pmac->u[1] |= key->md.h1 & mask; 368 pmac->u[1] |= key->md.h1 & mask;
353 pmac->u[2] |= key->md.h2 & mask; 369 pmac->u[2] |= key->md.h2 & mask;
354 pmac->u[3] |= key->md.h3 & mask; 370 pmac->u[3] |= key->md.h3 & mask;
355 pmac->u[4] |= key->md.h4 & mask; 371 pmac->u[4] |= key->md.h4 & mask;
356 372
357 memset(data,0,SHA_CBLOCK); 373 memset(data, 0, SHA_CBLOCK);
358 j+=64; 374 j += 64;
359 } 375 }
360 data->u[SHA_LBLOCK-1] = bitlen; 376 data->u[SHA_LBLOCK - 1] = bitlen;
361 sha1_block_data_order(&key->md,data,1); 377 sha1_block_data_order(&key->md, data, 1);
362 mask = 0-((j-inp_len-73)>>(sizeof(j)*8-1)); 378 mask = 0 - ((j - inp_len - 73) >> (sizeof(j) * 8 - 1));
363 pmac->u[0] |= key->md.h0 & mask; 379 pmac->u[0] |= key->md.h0 & mask;
364 pmac->u[1] |= key->md.h1 & mask; 380 pmac->u[1] |= key->md.h1 & mask;
365 pmac->u[2] |= key->md.h2 & mask; 381 pmac->u[2] |= key->md.h2 & mask;
@@ -373,209 +389,218 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
373 pmac->u[3] = BSWAP(pmac->u[3]); 389 pmac->u[3] = BSWAP(pmac->u[3]);
374 pmac->u[4] = BSWAP(pmac->u[4]); 390 pmac->u[4] = BSWAP(pmac->u[4]);
375#else 391#else
376 for (i=0;i<5;i++) { 392 for (i = 0; i < 5; i++) {
377 res = pmac->u[i]; 393 res = pmac->u[i];
378 pmac->c[4*i+0]=(unsigned char)(res>>24); 394 pmac->c[4 * i + 0] = (unsigned char)(res >> 24);
379 pmac->c[4*i+1]=(unsigned char)(res>>16); 395 pmac->c[4 * i + 1] = (unsigned char)(res >> 16);
380 pmac->c[4*i+2]=(unsigned char)(res>>8); 396 pmac->c[4 * i + 2] = (unsigned char)(res >> 8);
381 pmac->c[4*i+3]=(unsigned char)res; 397 pmac->c[4 * i + 3] = (unsigned char)res;
382 } 398 }
383#endif 399#endif
384 len += SHA_DIGEST_LENGTH; 400 len += SHA_DIGEST_LENGTH;
385#else 401#else
386 SHA1_Update(&key->md,out,inp_len); 402 SHA1_Update(&key->md, out, inp_len);
387 res = key->md.num; 403 res = key->md.num;
388 SHA1_Final(pmac->c,&key->md); 404 SHA1_Final(pmac->c, &key->md);
389 405
390 { 406 {
391 unsigned int inp_blocks, pad_blocks; 407 unsigned int inp_blocks, pad_blocks;
392 408
393 /* but pretend as if we hashed padded payload */ 409 /* but pretend as if we hashed padded payload */
394 inp_blocks = 1+((SHA_CBLOCK-9-res)>>(sizeof(res)*8-1)); 410 inp_blocks = 1 + ((SHA_CBLOCK - 9 - res) >>
395 res += (unsigned int)(len-inp_len); 411 (sizeof(res) * 8 - 1));
396 pad_blocks = res / SHA_CBLOCK; 412 res += (unsigned int)(len - inp_len);
397 res %= SHA_CBLOCK; 413 pad_blocks = res / SHA_CBLOCK;
398 pad_blocks += 1+((SHA_CBLOCK-9-res)>>(sizeof(res)*8-1)); 414 res %= SHA_CBLOCK;
399 for (;inp_blocks<pad_blocks;inp_blocks++) 415 pad_blocks += 1 + ((SHA_CBLOCK - 9 - res) >>
400 sha1_block_data_order(&key->md,data,1); 416 (sizeof(res) * 8 - 1));
417 for (; inp_blocks < pad_blocks; inp_blocks++)
418 sha1_block_data_order(&key->md,
419 data, 1);
401 } 420 }
402#endif 421#endif
403 key->md = key->tail; 422 key->md = key->tail;
404 SHA1_Update(&key->md,pmac->c,SHA_DIGEST_LENGTH); 423 SHA1_Update(&key->md, pmac->c, SHA_DIGEST_LENGTH);
405 SHA1_Final(pmac->c,&key->md); 424 SHA1_Final(pmac->c, &key->md);
406 425
407 /* verify HMAC */ 426 /* verify HMAC */
408 out += inp_len; 427 out += inp_len;
409 len -= inp_len; 428 len -= inp_len;
410#if 1 429#if 1
411 { 430 {
412 unsigned char *p = out+len-1-maxpad-SHA_DIGEST_LENGTH; 431 unsigned char *p =
413 size_t off = out-p; 432 out + len - 1 - maxpad - SHA_DIGEST_LENGTH;
414 unsigned int c, cmask; 433 size_t off = out - p;
415 434 unsigned int c, cmask;
416 maxpad += SHA_DIGEST_LENGTH; 435
417 for (res=0,i=0,j=0;j<maxpad;j++) { 436 maxpad += SHA_DIGEST_LENGTH;
418 c = p[j]; 437 for (res = 0, i = 0, j = 0; j < maxpad; j++) {
419 cmask = ((int)(j-off-SHA_DIGEST_LENGTH))>>(sizeof(int)*8-1); 438 c = p[j];
420 res |= (c^pad)&~cmask; /* ... and padding */ 439 cmask = ((int)(j - off -
421 cmask &= ((int)(off-1-j))>>(sizeof(int)*8-1); 440 SHA_DIGEST_LENGTH)) >>
422 res |= (c^pmac->c[i])&cmask; 441 (sizeof(int) * 8 - 1);
423 i += 1&cmask; 442 res |= (c ^ pad) & ~cmask; /* ... and padding */
424 } 443 cmask &= ((int)(off - 1 - j)) >>
425 maxpad -= SHA_DIGEST_LENGTH; 444 (sizeof(int) * 8 - 1);
426 445 res |= (c ^ pmac->c[i]) & cmask;
427 res = 0-((0-res)>>(sizeof(res)*8-1)); 446 i += 1 & cmask;
428 ret &= (int)~res; 447 }
448 maxpad -= SHA_DIGEST_LENGTH;
449
450 res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
451 ret &= (int)~res;
429 } 452 }
430#else 453#else
431 for (res=0,i=0;i<SHA_DIGEST_LENGTH;i++) 454 for (res = 0, i = 0; i < SHA_DIGEST_LENGTH; i++)
432 res |= out[i]^pmac->c[i]; 455 res |= out[i] ^ pmac->c[i];
433 res = 0-((0-res)>>(sizeof(res)*8-1)); 456 res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
434 ret &= (int)~res; 457 ret &= (int)~res;
435 458
436 /* verify padding */ 459 /* verify padding */
437 pad = (pad&~res) | (maxpad&res); 460 pad = (pad & ~res) | (maxpad & res);
438 out = out+len-1-pad; 461 out = out + len - 1 - pad;
439 for (res=0,i=0;i<pad;i++) 462 for (res = 0, i = 0; i < pad; i++)
440 res |= out[i]^pad; 463 res |= out[i] ^ pad;
441 464
442 res = (0-res)>>(sizeof(res)*8-1); 465 res = (0 - res) >> (sizeof(res) * 8 - 1);
443 ret &= (int)~res; 466 ret &= (int)~res;
444#endif 467#endif
445 return ret; 468 return ret;
446 } else { 469 } else {
447 SHA1_Update(&key->md,out,len); 470 SHA1_Update(&key->md, out, len);
448 } 471 }
449 } 472 }
450 473
451 return 1; 474 return 1;
452 } 475}
453 476
454static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) 477static int
455 { 478aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
479{
456 EVP_AES_HMAC_SHA1 *key = data(ctx); 480 EVP_AES_HMAC_SHA1 *key = data(ctx);
457 481
458 switch (type) 482 switch (type) {
459 {
460 case EVP_CTRL_AEAD_SET_MAC_KEY: 483 case EVP_CTRL_AEAD_SET_MAC_KEY:
461 { 484 {
462 unsigned int i; 485 unsigned int i;
463 unsigned char hmac_key[64]; 486 unsigned char hmac_key[64];
464 487
465 memset (hmac_key,0,sizeof(hmac_key)); 488 memset (hmac_key, 0, sizeof(hmac_key));
466 489
467 if (arg > (int)sizeof(hmac_key)) { 490 if (arg > (int)sizeof(hmac_key)) {
468 SHA1_Init(&key->head); 491 SHA1_Init(&key->head);
469 SHA1_Update(&key->head,ptr,arg); 492 SHA1_Update(&key->head, ptr, arg);
470 SHA1_Final(hmac_key,&key->head); 493 SHA1_Final(hmac_key, &key->head);
471 } else { 494 } else {
472 memcpy(hmac_key,ptr,arg); 495 memcpy(hmac_key, ptr, arg);
473 } 496 }
474 497
475 for (i=0;i<sizeof(hmac_key);i++) 498 for (i = 0; i < sizeof(hmac_key); i++)
476 hmac_key[i] ^= 0x36; /* ipad */ 499 hmac_key[i] ^= 0x36; /* ipad */
477 SHA1_Init(&key->head); 500 SHA1_Init(&key->head);
478 SHA1_Update(&key->head,hmac_key,sizeof(hmac_key)); 501 SHA1_Update(&key->head, hmac_key, sizeof(hmac_key));
479 502
480 for (i=0;i<sizeof(hmac_key);i++) 503 for (i = 0; i < sizeof(hmac_key); i++)
481 hmac_key[i] ^= 0x36^0x5c; /* opad */ 504 hmac_key[i] ^= 0x36 ^ 0x5c; /* opad */
482 SHA1_Init(&key->tail); 505 SHA1_Init(&key->tail);
483 SHA1_Update(&key->tail,hmac_key,sizeof(hmac_key)); 506 SHA1_Update(&key->tail, hmac_key, sizeof(hmac_key));
484 507
485 OPENSSL_cleanse(hmac_key,sizeof(hmac_key)); 508 OPENSSL_cleanse(hmac_key, sizeof(hmac_key));
486 509
487 return 1; 510 return 1;
488 } 511 }
489 case EVP_CTRL_AEAD_TLS1_AAD: 512 case EVP_CTRL_AEAD_TLS1_AAD:
490 { 513 {
491 unsigned char *p=ptr; 514 unsigned char *p = ptr;
492 unsigned int len=p[arg-2]<<8|p[arg-1]; 515 unsigned int len = p[arg - 2] << 8 | p[arg - 1];
493 516
494 if (ctx->encrypt) 517 if (ctx->encrypt) {
495 { 518 key->payload_length = len;
496 key->payload_length = len; 519 if ((key->aux.tls_ver = p[arg - 4] << 8 |
497 if ((key->aux.tls_ver=p[arg-4]<<8|p[arg-3]) >= TLS1_1_VERSION) { 520 p[arg - 3]) >= TLS1_1_VERSION) {
498 len -= AES_BLOCK_SIZE; 521 len -= AES_BLOCK_SIZE;
499 p[arg-2] = len>>8; 522 p[arg - 2] = len >> 8;
500 p[arg-1] = len; 523 p[arg - 1] = len;
501 } 524 }
502 key->md = key->head; 525 key->md = key->head;
503 SHA1_Update(&key->md,p,arg); 526 SHA1_Update(&key->md, p, arg);
504 527
505 return (int)(((len+SHA_DIGEST_LENGTH+AES_BLOCK_SIZE)&-AES_BLOCK_SIZE) 528 return (int)(((len + SHA_DIGEST_LENGTH +
506 - len); 529 AES_BLOCK_SIZE) & -AES_BLOCK_SIZE) - len);
507 } 530 } else {
508 else 531 if (arg > 13)
509 { 532 arg = 13;
510 if (arg>13) arg = 13; 533 memcpy(key->aux.tls_aad, ptr, arg);
511 memcpy(key->aux.tls_aad,ptr,arg); 534 key->payload_length = arg;
512 key->payload_length = arg; 535
513 536 return SHA_DIGEST_LENGTH;
514 return SHA_DIGEST_LENGTH;
515 } 537 }
516 } 538 }
517 default: 539 default:
518 return -1; 540 return -1;
519 }
520 } 541 }
542}
521 543
522static EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher = 544static EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher = {
523 {
524#ifdef NID_aes_128_cbc_hmac_sha1 545#ifdef NID_aes_128_cbc_hmac_sha1
525 NID_aes_128_cbc_hmac_sha1, 546 NID_aes_128_cbc_hmac_sha1,
526#else 547#else
527 NID_undef, 548 NID_undef,
528#endif 549#endif
529 16,16,16, 550 16, 16, 16,
530 EVP_CIPH_CBC_MODE|EVP_CIPH_FLAG_DEFAULT_ASN1|EVP_CIPH_FLAG_AEAD_CIPHER, 551 EVP_CIPH_CBC_MODE|EVP_CIPH_FLAG_DEFAULT_ASN1|EVP_CIPH_FLAG_AEAD_CIPHER,
531 aesni_cbc_hmac_sha1_init_key, 552 aesni_cbc_hmac_sha1_init_key,
532 aesni_cbc_hmac_sha1_cipher, 553 aesni_cbc_hmac_sha1_cipher,
533 NULL, 554 NULL,
534 sizeof(EVP_AES_HMAC_SHA1), 555 sizeof(EVP_AES_HMAC_SHA1),
535 EVP_CIPH_FLAG_DEFAULT_ASN1?NULL:EVP_CIPHER_set_asn1_iv, 556 EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_set_asn1_iv,
536 EVP_CIPH_FLAG_DEFAULT_ASN1?NULL:EVP_CIPHER_get_asn1_iv, 557 EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_get_asn1_iv,
537 aesni_cbc_hmac_sha1_ctrl, 558 aesni_cbc_hmac_sha1_ctrl,
538 NULL 559 NULL
539 }; 560};
540 561
541static EVP_CIPHER aesni_256_cbc_hmac_sha1_cipher = 562static EVP_CIPHER aesni_256_cbc_hmac_sha1_cipher = {
542 {
543#ifdef NID_aes_256_cbc_hmac_sha1 563#ifdef NID_aes_256_cbc_hmac_sha1
544 NID_aes_256_cbc_hmac_sha1, 564 NID_aes_256_cbc_hmac_sha1,
545#else 565#else
546 NID_undef, 566 NID_undef,
547#endif 567#endif
548 16,32,16, 568 16, 32, 16,
549 EVP_CIPH_CBC_MODE|EVP_CIPH_FLAG_DEFAULT_ASN1|EVP_CIPH_FLAG_AEAD_CIPHER, 569 EVP_CIPH_CBC_MODE|EVP_CIPH_FLAG_DEFAULT_ASN1|EVP_CIPH_FLAG_AEAD_CIPHER,
550 aesni_cbc_hmac_sha1_init_key, 570 aesni_cbc_hmac_sha1_init_key,
551 aesni_cbc_hmac_sha1_cipher, 571 aesni_cbc_hmac_sha1_cipher,
552 NULL, 572 NULL,
553 sizeof(EVP_AES_HMAC_SHA1), 573 sizeof(EVP_AES_HMAC_SHA1),
554 EVP_CIPH_FLAG_DEFAULT_ASN1?NULL:EVP_CIPHER_set_asn1_iv, 574 EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_set_asn1_iv,
555 EVP_CIPH_FLAG_DEFAULT_ASN1?NULL:EVP_CIPHER_get_asn1_iv, 575 EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_get_asn1_iv,
556 aesni_cbc_hmac_sha1_ctrl, 576 aesni_cbc_hmac_sha1_ctrl,
557 NULL 577 NULL
558 }; 578};
559 579
560const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void) 580const EVP_CIPHER *
561 { 581EVP_aes_128_cbc_hmac_sha1(void)
562 return(OPENSSL_ia32cap_P[1]&AESNI_CAPABLE? 582{
563 &aesni_128_cbc_hmac_sha1_cipher:NULL); 583 return(OPENSSL_ia32cap_P[1] & AESNI_CAPABLE?
564 } 584 &aesni_128_cbc_hmac_sha1_cipher : NULL);
585}
565 586
566const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void) 587const EVP_CIPHER *
567 { 588EVP_aes_256_cbc_hmac_sha1(void)
568 return(OPENSSL_ia32cap_P[1]&AESNI_CAPABLE? 589{
569 &aesni_256_cbc_hmac_sha1_cipher:NULL); 590 return(OPENSSL_ia32cap_P[1] & AESNI_CAPABLE?
570 } 591 &aesni_256_cbc_hmac_sha1_cipher : NULL);
592}
571#else 593#else
572const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void) 594const EVP_CIPHER *
573 { 595EVP_aes_128_cbc_hmac_sha1(void)
574 return NULL; 596{
575 }
576const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void)
577 {
578 return NULL; 597 return NULL;
579 } 598}
599
600const EVP_CIPHER *
601EVP_aes_256_cbc_hmac_sha1(void)
602{
603 return NULL;
604}
580#endif 605#endif
581#endif 606#endif
diff --git a/src/lib/libcrypto/evp/e_bf.c b/src/lib/libcrypto/evp/e_bf.c
index cc224e5363..62194767c8 100644
--- a/src/lib/libcrypto/evp/e_bf.c
+++ b/src/lib/libcrypto/evp/e_bf.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -65,24 +65,23 @@
65#include <openssl/blowfish.h> 65#include <openssl/blowfish.h>
66 66
67static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 67static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
68 const unsigned char *iv, int enc); 68 const unsigned char *iv, int enc);
69 69
70typedef struct 70typedef struct {
71 {
72 BF_KEY ks; 71 BF_KEY ks;
73 } EVP_BF_KEY; 72} EVP_BF_KEY;
74 73
75#define data(ctx) EVP_C_DATA(EVP_BF_KEY,ctx) 74#define data(ctx) EVP_C_DATA(EVP_BF_KEY,ctx)
76 75
77IMPLEMENT_BLOCK_CIPHER(bf, ks, BF, EVP_BF_KEY, NID_bf, 8, 16, 8, 64, 76IMPLEMENT_BLOCK_CIPHER(bf, ks, BF, EVP_BF_KEY, NID_bf, 8, 16, 8, 64,
78 EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL, 77 EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL,
79 EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) 78 EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
80
81static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
82 const unsigned char *iv, int enc)
83 {
84 BF_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),key);
85 return 1;
86 }
87 79
80static int
81bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
82 const unsigned char *iv, int enc)
83{
84 BF_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key);
85 return 1;
86}
88#endif 87#endif
diff --git a/src/lib/libcrypto/evp/e_camellia.c b/src/lib/libcrypto/evp/e_camellia.c
index 8bb7c320d3..377d121b89 100644
--- a/src/lib/libcrypto/evp/e_camellia.c
+++ b/src/lib/libcrypto/evp/e_camellia.c
@@ -7,7 +7,7 @@
7 * are met: 7 * are met:
8 * 8 *
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
11 * 11 *
12 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in 13 * notice, this list of conditions and the following disclaimer in
@@ -63,63 +63,61 @@
63#include "evp_locl.h" 63#include "evp_locl.h"
64 64
65static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 65static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
66 const unsigned char *iv, int enc); 66 const unsigned char *iv, int enc);
67 67
68/* Camellia subkey Structure */ 68/* Camellia subkey Structure */
69typedef struct 69typedef struct {
70 {
71 CAMELLIA_KEY ks; 70 CAMELLIA_KEY ks;
72 } EVP_CAMELLIA_KEY; 71} EVP_CAMELLIA_KEY;
73 72
74/* Attribute operation for Camellia */ 73/* Attribute operation for Camellia */
75#define data(ctx) EVP_C_DATA(EVP_CAMELLIA_KEY,ctx) 74#define data(ctx) EVP_C_DATA(EVP_CAMELLIA_KEY,ctx)
76 75
77IMPLEMENT_BLOCK_CIPHER(camellia_128, ks, Camellia, EVP_CAMELLIA_KEY, 76IMPLEMENT_BLOCK_CIPHER(camellia_128, ks, Camellia, EVP_CAMELLIA_KEY,
78 NID_camellia_128, 16, 16, 16, 128, 77 NID_camellia_128, 16, 16, 16, 128,
79 0, camellia_init_key, NULL, 78 0, camellia_init_key, NULL,
80 EVP_CIPHER_set_asn1_iv, 79 EVP_CIPHER_set_asn1_iv,
81 EVP_CIPHER_get_asn1_iv, 80 EVP_CIPHER_get_asn1_iv,
82 NULL) 81 NULL)
83IMPLEMENT_BLOCK_CIPHER(camellia_192, ks, Camellia, EVP_CAMELLIA_KEY, 82IMPLEMENT_BLOCK_CIPHER(camellia_192, ks, Camellia, EVP_CAMELLIA_KEY,
84 NID_camellia_192, 16, 24, 16, 128, 83 NID_camellia_192, 16, 24, 16, 128,
85 0, camellia_init_key, NULL, 84 0, camellia_init_key, NULL,
86 EVP_CIPHER_set_asn1_iv, 85 EVP_CIPHER_set_asn1_iv,
87 EVP_CIPHER_get_asn1_iv, 86 EVP_CIPHER_get_asn1_iv,
88 NULL) 87 NULL)
89IMPLEMENT_BLOCK_CIPHER(camellia_256, ks, Camellia, EVP_CAMELLIA_KEY, 88IMPLEMENT_BLOCK_CIPHER(camellia_256, ks, Camellia, EVP_CAMELLIA_KEY,
90 NID_camellia_256, 16, 32, 16, 128, 89 NID_camellia_256, 16, 32, 16, 128,
91 0, camellia_init_key, NULL, 90 0, camellia_init_key, NULL,
92 EVP_CIPHER_set_asn1_iv, 91 EVP_CIPHER_set_asn1_iv,
93 EVP_CIPHER_get_asn1_iv, 92 EVP_CIPHER_get_asn1_iv,
94 NULL) 93 NULL)
95 94
96#define IMPLEMENT_CAMELLIA_CFBR(ksize,cbits) IMPLEMENT_CFBR(camellia,Camellia,EVP_CAMELLIA_KEY,ks,ksize,cbits,16) 95#define IMPLEMENT_CAMELLIA_CFBR(ksize,cbits) IMPLEMENT_CFBR(camellia,Camellia,EVP_CAMELLIA_KEY,ks,ksize,cbits,16)
97 96
98IMPLEMENT_CAMELLIA_CFBR(128,1) 97IMPLEMENT_CAMELLIA_CFBR(128, 1)
99IMPLEMENT_CAMELLIA_CFBR(192,1) 98IMPLEMENT_CAMELLIA_CFBR(192, 1)
100IMPLEMENT_CAMELLIA_CFBR(256,1) 99IMPLEMENT_CAMELLIA_CFBR(256, 1)
101 100
102IMPLEMENT_CAMELLIA_CFBR(128,8) 101IMPLEMENT_CAMELLIA_CFBR(128, 8)
103IMPLEMENT_CAMELLIA_CFBR(192,8) 102IMPLEMENT_CAMELLIA_CFBR(192, 8)
104IMPLEMENT_CAMELLIA_CFBR(256,8) 103IMPLEMENT_CAMELLIA_CFBR(256, 8)
105 104
106 105
107 106/* The subkey for Camellia is generated. */
108/* The subkey for Camellia is generated. */ 107static int
109static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 108camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
110 const unsigned char *iv, int enc) 109 const unsigned char *iv, int enc)
111 { 110{
112 int ret; 111 int ret;
113 112
114 ret=Camellia_set_key(key, ctx->key_len * 8, ctx->cipher_data); 113 ret = Camellia_set_key(key, ctx->key_len * 8, ctx->cipher_data);
115 114
116 if(ret < 0) 115 if (ret < 0) {
117 { 116 EVPerr(EVP_F_CAMELLIA_INIT_KEY,
118 EVPerr(EVP_F_CAMELLIA_INIT_KEY,EVP_R_CAMELLIA_KEY_SETUP_FAILED); 117 EVP_R_CAMELLIA_KEY_SETUP_FAILED);
119 return 0; 118 return 0;
120 }
121
122 return 1;
123 } 119 }
124 120
121 return 1;
122}
125#endif 123#endif
diff --git a/src/lib/libcrypto/evp/e_cast.c b/src/lib/libcrypto/evp/e_cast.c
index d77bcd9298..199c5bf48e 100644
--- a/src/lib/libcrypto/evp/e_cast.c
+++ b/src/lib/libcrypto/evp/e_cast.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -66,25 +66,24 @@
66#include <openssl/cast.h> 66#include <openssl/cast.h>
67 67
68static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 68static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
69 const unsigned char *iv,int enc); 69 const unsigned char *iv, int enc);
70 70
71typedef struct 71typedef struct {
72 {
73 CAST_KEY ks; 72 CAST_KEY ks;
74 } EVP_CAST_KEY; 73} EVP_CAST_KEY;
75 74
76#define data(ctx) EVP_C_DATA(EVP_CAST_KEY,ctx) 75#define data(ctx) EVP_C_DATA(EVP_CAST_KEY,ctx)
77 76
78IMPLEMENT_BLOCK_CIPHER(cast5, ks, CAST, EVP_CAST_KEY, 77IMPLEMENT_BLOCK_CIPHER(cast5, ks, CAST, EVP_CAST_KEY,
79 NID_cast5, 8, CAST_KEY_LENGTH, 8, 64, 78 NID_cast5, 8, CAST_KEY_LENGTH, 8, 64,
80 EVP_CIPH_VARIABLE_LENGTH, cast_init_key, NULL, 79 EVP_CIPH_VARIABLE_LENGTH, cast_init_key, NULL,
81 EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) 80 EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
82
83static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
84 const unsigned char *iv, int enc)
85 {
86 CAST_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),key);
87 return 1;
88 }
89 81
82static int
83cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
84 const unsigned char *iv, int enc)
85{
86 CAST_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key);
87 return 1;
88}
90#endif 89#endif
diff --git a/src/lib/libcrypto/evp/e_chacha.c b/src/lib/libcrypto/evp/e_chacha.c
index 4a20186006..0c32b99df4 100644
--- a/src/lib/libcrypto/evp/e_chacha.c
+++ b/src/lib/libcrypto/evp/e_chacha.c
@@ -41,7 +41,7 @@ static const EVP_CIPHER chacha20_cipher = {
41const EVP_CIPHER * 41const EVP_CIPHER *
42EVP_chacha20(void) 42EVP_chacha20(void)
43{ 43{
44 return(&chacha20_cipher); 44 return (&chacha20_cipher);
45} 45}
46 46
47static int 47static int
diff --git a/src/lib/libcrypto/evp/e_des.c b/src/lib/libcrypto/evp/e_des.c
index ca009f2c52..ac46ba6a96 100644
--- a/src/lib/libcrypto/evp/e_des.c
+++ b/src/lib/libcrypto/evp/e_des.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -66,150 +66,155 @@
66#include <openssl/rand.h> 66#include <openssl/rand.h>
67 67
68static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 68static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
69 const unsigned char *iv, int enc); 69 const unsigned char *iv, int enc);
70static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); 70static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
71 71
72/* Because of various casts and different names can't use IMPLEMENT_BLOCK_CIPHER */ 72/* Because of various casts and different names can't use IMPLEMENT_BLOCK_CIPHER */
73 73
74static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 74static int
75 const unsigned char *in, size_t inl) 75des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
76 const unsigned char *in, size_t inl)
76{ 77{
77 BLOCK_CIPHER_ecb_loop() 78 BLOCK_CIPHER_ecb_loop()
78 DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), ctx->cipher_data, ctx->encrypt); 79 DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i),
80 ctx->cipher_data, ctx->encrypt);
79 return 1; 81 return 1;
80} 82}
81 83
82static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 84static int
83 const unsigned char *in, size_t inl) 85des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
86 const unsigned char *in, size_t inl)
84{ 87{
85 while(inl>=EVP_MAXCHUNK) 88 while (inl >= EVP_MAXCHUNK) {
86 {
87 DES_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data, 89 DES_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data,
88 (DES_cblock *)ctx->iv, &ctx->num); 90 (DES_cblock *)ctx->iv, &ctx->num);
89 inl-=EVP_MAXCHUNK; 91 inl -= EVP_MAXCHUNK;
90 in +=EVP_MAXCHUNK; 92 in += EVP_MAXCHUNK;
91 out+=EVP_MAXCHUNK; 93 out += EVP_MAXCHUNK;
92 } 94 }
93 if (inl) 95 if (inl)
94 DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data, 96 DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data,
95 (DES_cblock *)ctx->iv, &ctx->num); 97 (DES_cblock *)ctx->iv, &ctx->num);
96 return 1; 98 return 1;
97} 99}
98 100
99static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 101static int
100 const unsigned char *in, size_t inl) 102des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
103 const unsigned char *in, size_t inl)
101{ 104{
102 while(inl>=EVP_MAXCHUNK) 105 while (inl >= EVP_MAXCHUNK) {
103 {
104 DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data, 106 DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data,
105 (DES_cblock *)ctx->iv, ctx->encrypt); 107 (DES_cblock *)ctx->iv, ctx->encrypt);
106 inl-=EVP_MAXCHUNK; 108 inl -= EVP_MAXCHUNK;
107 in +=EVP_MAXCHUNK; 109 in += EVP_MAXCHUNK;
108 out+=EVP_MAXCHUNK; 110 out += EVP_MAXCHUNK;
109 } 111 }
110 if (inl) 112 if (inl)
111 DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data, 113 DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data,
112 (DES_cblock *)ctx->iv, ctx->encrypt); 114 (DES_cblock *)ctx->iv, ctx->encrypt);
113 return 1; 115 return 1;
114} 116}
115 117
116static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 118static int
117 const unsigned char *in, size_t inl) 119des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
120 const unsigned char *in, size_t inl)
118{ 121{
119 while(inl>=EVP_MAXCHUNK) 122 while (inl >= EVP_MAXCHUNK) {
120 { 123 DES_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data,
121 DES_cfb64_encrypt(in,out, (long)EVP_MAXCHUNK, ctx->cipher_data, 124 (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
122 (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); 125 inl -= EVP_MAXCHUNK;
123 inl-=EVP_MAXCHUNK; 126 in += EVP_MAXCHUNK;
124 in +=EVP_MAXCHUNK; 127 out += EVP_MAXCHUNK;
125 out+=EVP_MAXCHUNK; 128 }
126 }
127 if (inl) 129 if (inl)
128 DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data, 130 DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data,
129 (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); 131 (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
130 return 1; 132 return 1;
131} 133}
132 134
133/* Although we have a CFB-r implementation for DES, it doesn't pack the right 135/* Although we have a CFB-r implementation for DES, it doesn't pack the right
134 way, so wrap it here */ 136 way, so wrap it here */
135static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 137static int
136 const unsigned char *in, size_t inl) 138des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
137 { 139 const unsigned char *in, size_t inl)
138 size_t n,chunk=EVP_MAXCHUNK/8; 140{
139 unsigned char c[1],d[1]; 141 size_t n, chunk = EVP_MAXCHUNK/8;
140 142 unsigned char c[1], d[1];
141 if (inl<chunk) chunk=inl; 143
142 144 if (inl < chunk)
143 while (inl && inl>=chunk) 145 chunk = inl;
144 { 146
145 for(n=0 ; n < chunk*8; ++n) 147 while (inl && inl >= chunk) {
146 { 148 for (n = 0; n < chunk*8; ++n) {
147 c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0; 149 c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
148 DES_cfb_encrypt(c,d,1,1,ctx->cipher_data,(DES_cblock *)ctx->iv, 150 DES_cfb_encrypt(c, d, 1, 1, ctx->cipher_data,
149 ctx->encrypt); 151 (DES_cblock *)ctx->iv, ctx->encrypt);
150 out[n/8]=(out[n/8]&~(0x80 >> (unsigned int)(n%8))) | 152 out[n / 8] = (out[n / 8] &
151 ((d[0]&0x80) >> (unsigned int)(n%8)); 153 ~(0x80 >> (unsigned int)(n % 8))) |
152 } 154 ((d[0] & 0x80) >> (unsigned int)(n % 8));
153 inl-=chunk; 155 }
154 in +=chunk; 156 inl -= chunk;
155 out+=chunk; 157 in += chunk;
156 if (inl<chunk) chunk=inl; 158 out += chunk;
159 if (inl < chunk)
160 chunk = inl;
157 } 161 }
158 162
159 return 1; 163 return 1;
160 } 164}
161 165
162static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 166static int
163 const unsigned char *in, size_t inl) 167des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
164 { 168 const unsigned char *in, size_t inl)
165 while (inl>=EVP_MAXCHUNK) 169{
166 { 170 while (inl >= EVP_MAXCHUNK) {
167 DES_cfb_encrypt(in,out,8,(long)EVP_MAXCHUNK,ctx->cipher_data, 171 DES_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK,
168 (DES_cblock *)ctx->iv,ctx->encrypt); 172 ctx->cipher_data, (DES_cblock *)ctx->iv, ctx->encrypt);
169 inl-=EVP_MAXCHUNK; 173 inl -= EVP_MAXCHUNK;
170 in +=EVP_MAXCHUNK; 174 in += EVP_MAXCHUNK;
171 out+=EVP_MAXCHUNK; 175 out += EVP_MAXCHUNK;
172 } 176 }
173 if (inl) 177 if (inl)
174 DES_cfb_encrypt(in,out,8,(long)inl,ctx->cipher_data, 178 DES_cfb_encrypt(in, out, 8,(long)inl, ctx->cipher_data,
175 (DES_cblock *)ctx->iv,ctx->encrypt); 179 (DES_cblock *)ctx->iv, ctx->encrypt);
176 return 1; 180 return 1;
177 } 181}
178 182
179BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64, 183BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64,
180 EVP_CIPH_RAND_KEY, des_init_key, NULL, 184 EVP_CIPH_RAND_KEY, des_init_key, NULL,
181 EVP_CIPHER_set_asn1_iv, 185 EVP_CIPHER_set_asn1_iv,
182 EVP_CIPHER_get_asn1_iv, 186 EVP_CIPHER_get_asn1_iv,
183 des_ctrl) 187 des_ctrl)
184 188
185BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1, 189BLOCK_CIPHER_def_cfb(des, DES_key_schedule, NID_des, 8,8, 1,
186 EVP_CIPH_RAND_KEY, des_init_key,NULL, 190 EVP_CIPH_RAND_KEY, des_init_key, NULL,
187 EVP_CIPHER_set_asn1_iv, 191 EVP_CIPHER_set_asn1_iv,
188 EVP_CIPHER_get_asn1_iv,des_ctrl) 192 EVP_CIPHER_get_asn1_iv, des_ctrl)
189 193
190BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8, 194BLOCK_CIPHER_def_cfb(des, DES_key_schedule, NID_des, 8,8, 8,
191 EVP_CIPH_RAND_KEY,des_init_key,NULL, 195 EVP_CIPH_RAND_KEY, des_init_key, NULL,
192 EVP_CIPHER_set_asn1_iv, 196 EVP_CIPHER_set_asn1_iv,
193 EVP_CIPHER_get_asn1_iv,des_ctrl) 197 EVP_CIPHER_get_asn1_iv, des_ctrl)
194 198
195static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 199static int
196 const unsigned char *iv, int enc) 200des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
197 { 201 const unsigned char *iv, int enc)
202{
198 DES_cblock *deskey = (DES_cblock *)key; 203 DES_cblock *deskey = (DES_cblock *)key;
204
199#ifdef EVP_CHECK_DES_KEY 205#ifdef EVP_CHECK_DES_KEY
200 if(DES_set_key_checked(deskey,ctx->cipher_data) != 0) 206 if (DES_set_key_checked(deskey, ctx->cipher_data) != 0)
201 return 0; 207 return 0;
202#else 208#else
203 DES_set_key_unchecked(deskey,ctx->cipher_data); 209 DES_set_key_unchecked(deskey, ctx->cipher_data);
204#endif 210#endif
205 return 1; 211 return 1;
206 } 212}
207 213
208static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) 214static int
209 { 215des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
210 216{
211 switch(type) 217 switch (type) {
212 {
213 case EVP_CTRL_RAND_KEY: 218 case EVP_CTRL_RAND_KEY:
214 if (RAND_bytes(ptr, 8) <= 0) 219 if (RAND_bytes(ptr, 8) <= 0)
215 return 0; 220 return 0;
@@ -218,7 +223,7 @@ static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
218 223
219 default: 224 default:
220 return -1; 225 return -1;
221 }
222 } 226 }
227}
223 228
224#endif 229#endif
diff --git a/src/lib/libcrypto/evp/e_des3.c b/src/lib/libcrypto/evp/e_des3.c
index 8d7b7de292..ddb069dda5 100644
--- a/src/lib/libcrypto/evp/e_des3.c
+++ b/src/lib/libcrypto/evp/e_des3.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -68,150 +68,147 @@
68#ifndef OPENSSL_FIPS 68#ifndef OPENSSL_FIPS
69 69
70static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 70static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
71 const unsigned char *iv,int enc); 71 const unsigned char *iv, int enc);
72 72
73static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 73static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
74 const unsigned char *iv,int enc); 74 const unsigned char *iv, int enc);
75 75
76static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); 76static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
77 77
78typedef struct 78typedef struct {
79 {
80 DES_key_schedule ks1;/* key schedule */ 79 DES_key_schedule ks1;/* key schedule */
81 DES_key_schedule ks2;/* key schedule (for ede) */ 80 DES_key_schedule ks2;/* key schedule (for ede) */
82 DES_key_schedule ks3;/* key schedule (for ede3) */ 81 DES_key_schedule ks3;/* key schedule (for ede3) */
83 } DES_EDE_KEY; 82} DES_EDE_KEY;
84 83
85#define data(ctx) ((DES_EDE_KEY *)(ctx)->cipher_data) 84#define data(ctx) ((DES_EDE_KEY *)(ctx)->cipher_data)
86 85
87/* Because of various casts and different args can't use IMPLEMENT_BLOCK_CIPHER */ 86/* Because of various casts and different args can't use IMPLEMENT_BLOCK_CIPHER */
88 87
89static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 88static int
90 const unsigned char *in, size_t inl) 89des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
90 const unsigned char *in, size_t inl)
91{ 91{
92 BLOCK_CIPHER_ecb_loop() 92 BLOCK_CIPHER_ecb_loop()
93 DES_ecb3_encrypt((const_DES_cblock *)(in + i), 93 DES_ecb3_encrypt((const_DES_cblock *)(in + i), (DES_cblock *)(out + i),
94 (DES_cblock *)(out + i), 94 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, ctx->encrypt);
95 &data(ctx)->ks1, &data(ctx)->ks2,
96 &data(ctx)->ks3,
97 ctx->encrypt);
98 return 1; 95 return 1;
99} 96}
100 97
101static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 98static int
102 const unsigned char *in, size_t inl) 99des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
100 const unsigned char *in, size_t inl)
103{ 101{
104 while (inl>=EVP_MAXCHUNK) 102 while (inl >= EVP_MAXCHUNK) {
105 {
106 DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, 103 DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK,
107 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, 104 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
108 (DES_cblock *)ctx->iv, &ctx->num); 105 (DES_cblock *)ctx->iv, &ctx->num);
109 inl-=EVP_MAXCHUNK; 106 inl -= EVP_MAXCHUNK;
110 in +=EVP_MAXCHUNK; 107 in += EVP_MAXCHUNK;
111 out+=EVP_MAXCHUNK; 108 out += EVP_MAXCHUNK;
112 } 109 }
113 if (inl) 110 if (inl)
114 DES_ede3_ofb64_encrypt(in, out, (long)inl, 111 DES_ede3_ofb64_encrypt(in, out, (long)inl,
115 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, 112 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
116 (DES_cblock *)ctx->iv, &ctx->num); 113 (DES_cblock *)ctx->iv, &ctx->num);
117 114
118 return 1; 115 return 1;
119} 116}
120 117
121static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 118static int
122 const unsigned char *in, size_t inl) 119des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
120 const unsigned char *in, size_t inl)
123{ 121{
124#ifdef KSSL_DEBUG 122#ifdef KSSL_DEBUG
125 { 123 {
126 int i; 124 int i;
127 char *cp; 125 char *cp;
128 printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", ctx, ctx->buf_len); 126 printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", ctx, ctx->buf_len);
129 printf("\t iv= "); 127 printf("\t iv= ");
130 for(i=0;i<8;i++) 128 for (i = 0; i < 8; i++)
131 printf("%02X",ctx->iv[i]); 129 printf("%02X",ctx->iv[i]);
132 printf("\n"); 130 printf("\n");
133 } 131 }
134#endif /* KSSL_DEBUG */ 132#endif /* KSSL_DEBUG */
135 while (inl>=EVP_MAXCHUNK) 133 while (inl >= EVP_MAXCHUNK) {
136 {
137 DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, 134 DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK,
138 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, 135 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
139 (DES_cblock *)ctx->iv, ctx->encrypt); 136 (DES_cblock *)ctx->iv, ctx->encrypt);
140 inl-=EVP_MAXCHUNK; 137 inl -= EVP_MAXCHUNK;
141 in +=EVP_MAXCHUNK; 138 in += EVP_MAXCHUNK;
142 out+=EVP_MAXCHUNK; 139 out += EVP_MAXCHUNK;
143 } 140 }
144 if (inl) 141 if (inl)
145 DES_ede3_cbc_encrypt(in, out, (long)inl, 142 DES_ede3_cbc_encrypt(in, out, (long)inl,
146 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, 143 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
147 (DES_cblock *)ctx->iv, ctx->encrypt); 144 (DES_cblock *)ctx->iv, ctx->encrypt);
148 return 1; 145 return 1;
149} 146}
150 147
151static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 148static int
152 const unsigned char *in, size_t inl) 149des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
150 const unsigned char *in, size_t inl)
153{ 151{
154 while (inl>=EVP_MAXCHUNK) 152 while (inl >= EVP_MAXCHUNK) {
155 { 153 DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK,
156 DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, 154 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
157 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, 155 (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
158 (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); 156 inl -= EVP_MAXCHUNK;
159 inl-=EVP_MAXCHUNK; 157 in += EVP_MAXCHUNK;
160 in +=EVP_MAXCHUNK; 158 out += EVP_MAXCHUNK;
161 out+=EVP_MAXCHUNK; 159 }
162 }
163 if (inl) 160 if (inl)
164 DES_ede3_cfb64_encrypt(in, out, (long)inl, 161 DES_ede3_cfb64_encrypt(in, out, (long)inl,
165 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, 162 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
166 (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); 163 (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
167 return 1; 164 return 1;
168} 165}
169 166
170/* Although we have a CFB-r implementation for 3-DES, it doesn't pack the right 167/* Although we have a CFB-r implementation for 3-DES, it doesn't pack the right
171 way, so wrap it here */ 168 way, so wrap it here */
172static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 169static int
173 const unsigned char *in, size_t inl) 170des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
174 { 171 const unsigned char *in, size_t inl)
175 size_t n; 172{
176 unsigned char c[1],d[1]; 173 size_t n;
174 unsigned char c[1], d[1];
177 175
178 for(n=0 ; n < inl ; ++n) 176 for (n = 0; n < inl; ++n) {
179 { 177 c[0] = (in[n/8]&(1 << (7 - n % 8))) ? 0x80 : 0;
180 c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0; 178 DES_ede3_cfb_encrypt(c, d, 1, 1,
181 DES_ede3_cfb_encrypt(c,d,1,1, 179 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
182 &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3, 180 (DES_cblock *)ctx->iv, ctx->encrypt);
183 (DES_cblock *)ctx->iv,ctx->encrypt); 181 out[n / 8] = (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8))) |
184 out[n/8]=(out[n/8]&~(0x80 >> (unsigned int)(n%8))) | 182 ((d[0] & 0x80) >> (unsigned int)(n % 8));
185 ((d[0]&0x80) >> (unsigned int)(n%8));
186 } 183 }
187 184
188 return 1; 185 return 1;
189 } 186}
190 187
191static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 188static int
192 const unsigned char *in, size_t inl) 189des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
193 { 190 const unsigned char *in, size_t inl)
194 while (inl>=EVP_MAXCHUNK) 191{
195 { 192 while (inl >= EVP_MAXCHUNK) {
196 DES_ede3_cfb_encrypt(in,out,8,(long)EVP_MAXCHUNK, 193 DES_ede3_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK,
197 &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3, 194 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
198 (DES_cblock *)ctx->iv,ctx->encrypt); 195 (DES_cblock *)ctx->iv, ctx->encrypt);
199 inl-=EVP_MAXCHUNK; 196 inl -= EVP_MAXCHUNK;
200 in +=EVP_MAXCHUNK; 197 in += EVP_MAXCHUNK;
201 out+=EVP_MAXCHUNK; 198 out += EVP_MAXCHUNK;
202 } 199 }
203 if (inl) 200 if (inl)
204 DES_ede3_cfb_encrypt(in,out,8,(long)inl, 201 DES_ede3_cfb_encrypt(in, out, 8, (long)inl,
205 &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3, 202 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
206 (DES_cblock *)ctx->iv,ctx->encrypt); 203 (DES_cblock *)ctx->iv, ctx->encrypt);
207 return 1; 204 return 1;
208 } 205}
209 206
210BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, 207BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
211 EVP_CIPH_RAND_KEY, des_ede_init_key, NULL, 208 EVP_CIPH_RAND_KEY, des_ede_init_key, NULL,
212 EVP_CIPHER_set_asn1_iv, 209 EVP_CIPHER_set_asn1_iv,
213 EVP_CIPHER_get_asn1_iv, 210 EVP_CIPHER_get_asn1_iv,
214 des3_ctrl) 211 des3_ctrl)
215 212
216#define des_ede3_cfb64_cipher des_ede_cfb64_cipher 213#define des_ede3_cfb64_cipher des_ede_cfb64_cipher
217#define des_ede3_ofb_cipher des_ede_ofb_cipher 214#define des_ede3_ofb_cipher des_ede_ofb_cipher
@@ -219,75 +216,78 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
219#define des_ede3_ecb_cipher des_ede_ecb_cipher 216#define des_ede3_ecb_cipher des_ede_ecb_cipher
220 217
221BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, 218BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
222 EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL, 219 EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL,
223 EVP_CIPHER_set_asn1_iv, 220 EVP_CIPHER_set_asn1_iv,
224 EVP_CIPHER_get_asn1_iv, 221 EVP_CIPHER_get_asn1_iv,
225 des3_ctrl) 222 des3_ctrl)
226
227BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1,
228 EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL,
229 EVP_CIPHER_set_asn1_iv,
230 EVP_CIPHER_get_asn1_iv,
231 des3_ctrl)
232
233BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8,
234 EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL,
235 EVP_CIPHER_set_asn1_iv,
236 EVP_CIPHER_get_asn1_iv,
237 des3_ctrl)
238 223
239static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 224BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1,
240 const unsigned char *iv, int enc) 225 EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL,
241 { 226 EVP_CIPHER_set_asn1_iv,
227 EVP_CIPHER_get_asn1_iv,
228 des3_ctrl)
229
230BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8,
231 EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL,
232 EVP_CIPHER_set_asn1_iv,
233 EVP_CIPHER_get_asn1_iv,
234 des3_ctrl)
235
236static int
237des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
238 const unsigned char *iv, int enc)
239{
242 DES_cblock *deskey = (DES_cblock *)key; 240 DES_cblock *deskey = (DES_cblock *)key;
241
243#ifdef EVP_CHECK_DES_KEY 242#ifdef EVP_CHECK_DES_KEY
244 if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1) 243 if (DES_set_key_checked(&deskey[0], &data(ctx)->ks1)
245 !! DES_set_key_checked(&deskey[1],&data(ctx)->ks2)) 244 !! DES_set_key_checked(&deskey[1], &data(ctx)->ks2))
246 return 0; 245 return 0;
247#else 246#else
248 DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1); 247 DES_set_key_unchecked(&deskey[0], &data(ctx)->ks1);
249 DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2); 248 DES_set_key_unchecked(&deskey[1], &data(ctx)->ks2);
250#endif 249#endif
251 memcpy(&data(ctx)->ks3,&data(ctx)->ks1, 250 memcpy(&data(ctx)->ks3, &data(ctx)->ks1,
252 sizeof(data(ctx)->ks1)); 251 sizeof(data(ctx)->ks1));
253 return 1; 252 return 1;
254 } 253}
255 254
256static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 255static int
257 const unsigned char *iv, int enc) 256des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
258 { 257 const unsigned char *iv, int enc)
258{
259 DES_cblock *deskey = (DES_cblock *)key; 259 DES_cblock *deskey = (DES_cblock *)key;
260
260#ifdef KSSL_DEBUG 261#ifdef KSSL_DEBUG
261 { 262 {
262 int i; 263 int i;
263 printf("des_ede3_init_key(ctx=%lx)\n", ctx); 264 printf("des_ede3_init_key(ctx=%lx)\n", ctx);
264 printf("\tKEY= "); 265 printf("\tKEY= ");
265 for(i=0;i<24;i++) printf("%02X",key[i]); printf("\n"); 266 for(i=0;i<24;i++) printf("%02X",key[i]); printf("\n");
266 printf("\t IV= "); 267 printf("\t IV= ");
267 for(i=0;i<8;i++) printf("%02X",iv[i]); printf("\n"); 268 for(i=0;i<8;i++) printf("%02X",iv[i]); printf("\n");
268 } 269 }
269#endif /* KSSL_DEBUG */ 270#endif /* KSSL_DEBUG */
270 271
271#ifdef EVP_CHECK_DES_KEY 272#ifdef EVP_CHECK_DES_KEY
272 if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1) 273 if (DES_set_key_checked(&deskey[0], &data(ctx)->ks1) ||
273 || DES_set_key_checked(&deskey[1],&data(ctx)->ks2) 274 DES_set_key_checked(&deskey[1], &data(ctx)->ks2) ||
274 || DES_set_key_checked(&deskey[2],&data(ctx)->ks3)) 275 DES_set_key_checked(&deskey[2], &data(ctx)->ks3))
275 return 0; 276 return 0;
276#else 277#else
277 DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1); 278 DES_set_key_unchecked(&deskey[0], &data(ctx)->ks1);
278 DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2); 279 DES_set_key_unchecked(&deskey[1], &data(ctx)->ks2);
279 DES_set_key_unchecked(&deskey[2],&data(ctx)->ks3); 280 DES_set_key_unchecked(&deskey[2], &data(ctx)->ks3);
280#endif 281#endif
281 return 1; 282 return 1;
282 } 283}
283
284static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
285 {
286 284
285static int
286des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
287{
287 DES_cblock *deskey = ptr; 288 DES_cblock *deskey = ptr;
288 289
289 switch(type) 290 switch (type) {
290 {
291 case EVP_CTRL_RAND_KEY: 291 case EVP_CTRL_RAND_KEY:
292 if (RAND_bytes(ptr, c->key_len) <= 0) 292 if (RAND_bytes(ptr, c->key_len) <= 0)
293 return 0; 293 return 0;
@@ -300,15 +300,17 @@ static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
300 300
301 default: 301 default:
302 return -1; 302 return -1;
303 }
304 } 303 }
304}
305 305
306const EVP_CIPHER *EVP_des_ede(void) 306const EVP_CIPHER *
307EVP_des_ede(void)
307{ 308{
308 return &des_ede_ecb; 309 return &des_ede_ecb;
309} 310}
310 311
311const EVP_CIPHER *EVP_des_ede3(void) 312const EVP_CIPHER *
313EVP_des_ede3(void)
312{ 314{
313 return &des_ede3_ecb; 315 return &des_ede3_ecb;
314} 316}
diff --git a/src/lib/libcrypto/evp/e_idea.c b/src/lib/libcrypto/evp/e_idea.c
index 806b080360..8b8a647a8c 100644
--- a/src/lib/libcrypto/evp/e_idea.c
+++ b/src/lib/libcrypto/evp/e_idea.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -66,53 +66,56 @@
66#include <openssl/idea.h> 66#include <openssl/idea.h>
67 67
68static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 68static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
69 const unsigned char *iv,int enc); 69 const unsigned char *iv, int enc);
70 70
71/* NB idea_ecb_encrypt doesn't take an 'encrypt' argument so we treat it as a special 71/* NB idea_ecb_encrypt doesn't take an 'encrypt' argument so we treat it as a special
72 * case 72 * case
73 */ 73 */
74 74
75static int idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 75static int
76 const unsigned char *in, size_t inl) 76idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
77 const unsigned char *in, size_t inl)
77{ 78{
78 BLOCK_CIPHER_ecb_loop() 79 BLOCK_CIPHER_ecb_loop()
79 idea_ecb_encrypt(in + i, out + i, ctx->cipher_data); 80 idea_ecb_encrypt(in + i, out + i, ctx->cipher_data);
80 return 1; 81 return 1;
81} 82}
82 83
83/* Can't use IMPLEMENT_BLOCK_CIPHER because idea_ecb_encrypt is different */ 84/* Can't use IMPLEMENT_BLOCK_CIPHER because idea_ecb_encrypt is different */
84 85
85typedef struct 86typedef struct {
86 {
87 IDEA_KEY_SCHEDULE ks; 87 IDEA_KEY_SCHEDULE ks;
88 } EVP_IDEA_KEY; 88} EVP_IDEA_KEY;
89 89
90BLOCK_CIPHER_func_cbc(idea, idea, EVP_IDEA_KEY, ks) 90BLOCK_CIPHER_func_cbc(idea, idea, EVP_IDEA_KEY, ks)
91BLOCK_CIPHER_func_ofb(idea, idea, 64, EVP_IDEA_KEY, ks) 91BLOCK_CIPHER_func_ofb(idea, idea, 64, EVP_IDEA_KEY, ks)
92BLOCK_CIPHER_func_cfb(idea, idea, 64, EVP_IDEA_KEY, ks) 92BLOCK_CIPHER_func_cfb(idea, idea, 64, EVP_IDEA_KEY, ks)
93 93
94BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64, 94BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64,
95 0, idea_init_key, NULL, 95 0, idea_init_key, NULL,
96 EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) 96 EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
97 97
98static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 98static int
99 const unsigned char *iv, int enc) 99idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
100 { 100 const unsigned char *iv, int enc)
101 if(!enc) { 101{
102 if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) enc = 1; 102 if (!enc) {
103 else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE) enc = 1; 103 if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE)
104 enc = 1;
105 else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE)
106 enc = 1;
104 } 107 }
105 if (enc) idea_set_encrypt_key(key,ctx->cipher_data); 108 if (enc)
106 else 109 idea_set_encrypt_key(key, ctx->cipher_data);
107 { 110 else {
108 IDEA_KEY_SCHEDULE tmp; 111 IDEA_KEY_SCHEDULE tmp;
109 112
110 idea_set_encrypt_key(key,&tmp); 113 idea_set_encrypt_key(key, &tmp);
111 idea_set_decrypt_key(&tmp,ctx->cipher_data); 114 idea_set_decrypt_key(&tmp, ctx->cipher_data);
112 OPENSSL_cleanse((unsigned char *)&tmp, 115 OPENSSL_cleanse((unsigned char *)&tmp,
113 sizeof(IDEA_KEY_SCHEDULE)); 116 sizeof(IDEA_KEY_SCHEDULE));
114 }
115 return 1;
116 } 117 }
118 return 1;
119}
117 120
118#endif 121#endif
diff --git a/src/lib/libcrypto/evp/e_null.c b/src/lib/libcrypto/evp/e_null.c
index 98a78499f9..d94751a07a 100644
--- a/src/lib/libcrypto/evp/e_null.c
+++ b/src/lib/libcrypto/evp/e_null.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -62,13 +62,13 @@
62#include <openssl/objects.h> 62#include <openssl/objects.h>
63 63
64static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 64static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
65 const unsigned char *iv,int enc); 65 const unsigned char *iv, int enc);
66static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 66static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
67 const unsigned char *in, size_t inl); 67 const unsigned char *in, size_t inl);
68static const EVP_CIPHER n_cipher= 68
69 { 69static const EVP_CIPHER n_cipher = {
70 NID_undef, 70 NID_undef,
71 1,0,0, 71 1, 0, 0,
72 0, 72 0,
73 null_init_key, 73 null_init_key,
74 null_cipher, 74 null_cipher,
@@ -78,24 +78,27 @@ static const EVP_CIPHER n_cipher=
78 NULL, 78 NULL,
79 NULL, 79 NULL,
80 NULL 80 NULL
81 }; 81};
82 82
83const EVP_CIPHER *EVP_enc_null(void) 83const EVP_CIPHER *
84 { 84EVP_enc_null(void)
85 return(&n_cipher); 85{
86 } 86 return (&n_cipher);
87}
87 88
88static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 89static int
89 const unsigned char *iv, int enc) 90null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
90 { 91 const unsigned char *iv, int enc)
92{
91 /* memset(&(ctx->c),0,sizeof(ctx->c));*/ 93 /* memset(&(ctx->c),0,sizeof(ctx->c));*/
92 return 1; 94 return 1;
93 } 95}
94 96
95static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 97static int
96 const unsigned char *in, size_t inl) 98null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
97 { 99 const unsigned char *in, size_t inl)
100{
98 if (in != out) 101 if (in != out)
99 memcpy((char *)out,(const char *)in,inl); 102 memcpy((char *)out, (const char *)in, inl);
100 return 1; 103 return 1;
101 } 104}
diff --git a/src/lib/libcrypto/evp/e_old.c b/src/lib/libcrypto/evp/e_old.c
index 1642af4869..c27b61a4bf 100644
--- a/src/lib/libcrypto/evp/e_old.c
+++ b/src/lib/libcrypto/evp/e_old.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -71,55 +71,88 @@ static void *dummy = &dummy;
71#ifndef OPENSSL_NO_BF 71#ifndef OPENSSL_NO_BF
72#undef EVP_bf_cfb 72#undef EVP_bf_cfb
73const EVP_CIPHER *EVP_bf_cfb(void); 73const EVP_CIPHER *EVP_bf_cfb(void);
74const EVP_CIPHER *EVP_bf_cfb(void) { return EVP_bf_cfb64(); } 74const EVP_CIPHER *EVP_bf_cfb(void)
75{
76 return EVP_bf_cfb64();
77}
75#endif 78#endif
76 79
77#ifndef OPENSSL_NO_DES 80#ifndef OPENSSL_NO_DES
78#undef EVP_des_cfb 81#undef EVP_des_cfb
79const EVP_CIPHER *EVP_des_cfb(void); 82const EVP_CIPHER *EVP_des_cfb(void);
80const EVP_CIPHER *EVP_des_cfb(void) { return EVP_des_cfb64(); } 83const EVP_CIPHER *EVP_des_cfb(void)
84{
85 return EVP_des_cfb64();
86}
81#undef EVP_des_ede3_cfb 87#undef EVP_des_ede3_cfb
82const EVP_CIPHER *EVP_des_ede3_cfb(void); 88const EVP_CIPHER *EVP_des_ede3_cfb(void);
83const EVP_CIPHER *EVP_des_ede3_cfb(void) { return EVP_des_ede3_cfb64(); } 89const EVP_CIPHER *EVP_des_ede3_cfb(void)
90{
91 return EVP_des_ede3_cfb64();
92}
84#undef EVP_des_ede_cfb 93#undef EVP_des_ede_cfb
85const EVP_CIPHER *EVP_des_ede_cfb(void); 94const EVP_CIPHER *EVP_des_ede_cfb(void);
86const EVP_CIPHER *EVP_des_ede_cfb(void) { return EVP_des_ede_cfb64(); } 95const EVP_CIPHER *EVP_des_ede_cfb(void)
96{
97 return EVP_des_ede_cfb64();
98}
87#endif 99#endif
88 100
89#ifndef OPENSSL_NO_IDEA 101#ifndef OPENSSL_NO_IDEA
90#undef EVP_idea_cfb 102#undef EVP_idea_cfb
91const EVP_CIPHER *EVP_idea_cfb(void); 103const EVP_CIPHER *EVP_idea_cfb(void);
92const EVP_CIPHER *EVP_idea_cfb(void) { return EVP_idea_cfb64(); } 104const EVP_CIPHER *EVP_idea_cfb(void)
105{
106 return EVP_idea_cfb64();
107}
93#endif 108#endif
94 109
95#ifndef OPENSSL_NO_RC2 110#ifndef OPENSSL_NO_RC2
96#undef EVP_rc2_cfb 111#undef EVP_rc2_cfb
97const EVP_CIPHER *EVP_rc2_cfb(void); 112const EVP_CIPHER *EVP_rc2_cfb(void);
98const EVP_CIPHER *EVP_rc2_cfb(void) { return EVP_rc2_cfb64(); } 113const EVP_CIPHER *EVP_rc2_cfb(void)
114{
115 return EVP_rc2_cfb64();
116}
99#endif 117#endif
100 118
101#ifndef OPENSSL_NO_CAST 119#ifndef OPENSSL_NO_CAST
102#undef EVP_cast5_cfb 120#undef EVP_cast5_cfb
103const EVP_CIPHER *EVP_cast5_cfb(void); 121const EVP_CIPHER *EVP_cast5_cfb(void);
104const EVP_CIPHER *EVP_cast5_cfb(void) { return EVP_cast5_cfb64(); } 122const EVP_CIPHER *EVP_cast5_cfb(void)
123{
124 return EVP_cast5_cfb64();
125}
105#endif 126#endif
106 127
107#ifndef OPENSSL_NO_RC5 128#ifndef OPENSSL_NO_RC5
108#undef EVP_rc5_32_12_16_cfb 129#undef EVP_rc5_32_12_16_cfb
109const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void); 130const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void);
110const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void) { return EVP_rc5_32_12_16_cfb64(); } 131const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void)
132{
133 return EVP_rc5_32_12_16_cfb64();
134}
111#endif 135#endif
112 136
113#ifndef OPENSSL_NO_AES 137#ifndef OPENSSL_NO_AES
114#undef EVP_aes_128_cfb 138#undef EVP_aes_128_cfb
115const EVP_CIPHER *EVP_aes_128_cfb(void); 139const EVP_CIPHER *EVP_aes_128_cfb(void);
116const EVP_CIPHER *EVP_aes_128_cfb(void) { return EVP_aes_128_cfb128(); } 140const EVP_CIPHER *EVP_aes_128_cfb(void)
141{
142 return EVP_aes_128_cfb128();
143}
117#undef EVP_aes_192_cfb 144#undef EVP_aes_192_cfb
118const EVP_CIPHER *EVP_aes_192_cfb(void); 145const EVP_CIPHER *EVP_aes_192_cfb(void);
119const EVP_CIPHER *EVP_aes_192_cfb(void) { return EVP_aes_192_cfb128(); } 146const EVP_CIPHER *EVP_aes_192_cfb(void)
147{
148 return EVP_aes_192_cfb128();
149}
120#undef EVP_aes_256_cfb 150#undef EVP_aes_256_cfb
121const EVP_CIPHER *EVP_aes_256_cfb(void); 151const EVP_CIPHER *EVP_aes_256_cfb(void);
122const EVP_CIPHER *EVP_aes_256_cfb(void) { return EVP_aes_256_cfb128(); } 152const EVP_CIPHER *EVP_aes_256_cfb(void)
153{
154 return EVP_aes_256_cfb128();
155}
123#endif 156#endif
124 157
125#endif 158#endif
diff --git a/src/lib/libcrypto/evp/e_rc2.c b/src/lib/libcrypto/evp/e_rc2.c
index d4c33b58d4..f6f4504890 100644
--- a/src/lib/libcrypto/evp/e_rc2.c
+++ b/src/lib/libcrypto/evp/e_rc2.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -67,37 +67,35 @@
67#include <openssl/rc2.h> 67#include <openssl/rc2.h>
68 68
69static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 69static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
70 const unsigned char *iv,int enc); 70 const unsigned char *iv, int enc);
71static int rc2_meth_to_magic(EVP_CIPHER_CTX *ctx); 71static int rc2_meth_to_magic(EVP_CIPHER_CTX *ctx);
72static int rc2_magic_to_meth(int i); 72static int rc2_magic_to_meth(int i);
73static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); 73static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
74static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); 74static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
75static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); 75static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
76 76
77typedef struct 77typedef struct {
78 {
79 int key_bits; /* effective key bits */ 78 int key_bits; /* effective key bits */
80 RC2_KEY ks; /* key schedule */ 79 RC2_KEY ks; /* key schedule */
81 } EVP_RC2_KEY; 80} EVP_RC2_KEY;
82 81
83#define data(ctx) ((EVP_RC2_KEY *)(ctx)->cipher_data) 82#define data(ctx) ((EVP_RC2_KEY *)(ctx)->cipher_data)
84 83
85IMPLEMENT_BLOCK_CIPHER(rc2, ks, RC2, EVP_RC2_KEY, NID_rc2, 84IMPLEMENT_BLOCK_CIPHER(rc2, ks, RC2, EVP_RC2_KEY, NID_rc2,
86 8, 85 8,
87 RC2_KEY_LENGTH, 8, 64, 86 RC2_KEY_LENGTH, 8, 64,
88 EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, 87 EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
89 rc2_init_key, NULL, 88 rc2_init_key, NULL,
90 rc2_set_asn1_type_and_iv, rc2_get_asn1_type_and_iv, 89 rc2_set_asn1_type_and_iv, rc2_get_asn1_type_and_iv,
91 rc2_ctrl) 90 rc2_ctrl)
92 91
93#define RC2_40_MAGIC 0xa0 92#define RC2_40_MAGIC 0xa0
94#define RC2_64_MAGIC 0x78 93#define RC2_64_MAGIC 0x78
95#define RC2_128_MAGIC 0x3a 94#define RC2_128_MAGIC 0x3a
96 95
97static const EVP_CIPHER r2_64_cbc_cipher= 96static const EVP_CIPHER r2_64_cbc_cipher = {
98 {
99 NID_rc2_64_cbc, 97 NID_rc2_64_cbc,
100 8,8 /* 64 bit */,8, 98 8, 8 /* 64 bit */, 8,
101 EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, 99 EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
102 rc2_init_key, 100 rc2_init_key,
103 rc2_cbc_cipher, 101 rc2_cbc_cipher,
@@ -107,12 +105,11 @@ static const EVP_CIPHER r2_64_cbc_cipher=
107 rc2_get_asn1_type_and_iv, 105 rc2_get_asn1_type_and_iv,
108 rc2_ctrl, 106 rc2_ctrl,
109 NULL 107 NULL
110 }; 108};
111 109
112static const EVP_CIPHER r2_40_cbc_cipher= 110static const EVP_CIPHER r2_40_cbc_cipher = {
113 {
114 NID_rc2_40_cbc, 111 NID_rc2_40_cbc,
115 8,5 /* 40 bit */,8, 112 8, 5 /* 40 bit */, 8,
116 EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, 113 EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
117 rc2_init_key, 114 rc2_init_key,
118 rc2_cbc_cipher, 115 rc2_cbc_cipher,
@@ -122,93 +119,105 @@ static const EVP_CIPHER r2_40_cbc_cipher=
122 rc2_get_asn1_type_and_iv, 119 rc2_get_asn1_type_and_iv,
123 rc2_ctrl, 120 rc2_ctrl,
124 NULL 121 NULL
125 }; 122};
126 123
127const EVP_CIPHER *EVP_rc2_64_cbc(void) 124const EVP_CIPHER *
128 { 125EVP_rc2_64_cbc(void)
129 return(&r2_64_cbc_cipher); 126{
130 } 127 return (&r2_64_cbc_cipher);
131 128}
132const EVP_CIPHER *EVP_rc2_40_cbc(void) 129
133 { 130const EVP_CIPHER *
134 return(&r2_40_cbc_cipher); 131EVP_rc2_40_cbc(void)
135 } 132{
136 133 return (&r2_40_cbc_cipher);
137static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 134}
138 const unsigned char *iv, int enc) 135
139 { 136static int
140 RC2_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx), 137rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
141 key,data(ctx)->key_bits); 138 const unsigned char *iv, int enc)
139{
140 RC2_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx),
141 key, data(ctx)->key_bits);
142 return 1; 142 return 1;
143 } 143}
144 144
145static int rc2_meth_to_magic(EVP_CIPHER_CTX *e) 145static int
146 { 146rc2_meth_to_magic(EVP_CIPHER_CTX *e)
147{
147 int i; 148 int i;
148 149
149 EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i); 150 EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i);
150 if (i == 128) return(RC2_128_MAGIC); 151 if (i == 128)
151 else if (i == 64) return(RC2_64_MAGIC); 152 return (RC2_128_MAGIC);
152 else if (i == 40) return(RC2_40_MAGIC); 153 else if (i == 64)
153 else return(0); 154 return (RC2_64_MAGIC);
154 } 155 else if (i == 40)
155 156 return (RC2_40_MAGIC);
156static int rc2_magic_to_meth(int i)
157 {
158 if (i == RC2_128_MAGIC) return 128;
159 else if (i == RC2_64_MAGIC) return 64;
160 else if (i == RC2_40_MAGIC) return 40;
161 else 157 else
162 { 158 return (0);
163 EVPerr(EVP_F_RC2_MAGIC_TO_METH,EVP_R_UNSUPPORTED_KEY_SIZE); 159}
164 return(0); 160
165 } 161static int
162rc2_magic_to_meth(int i)
163{
164 if (i == RC2_128_MAGIC)
165 return 128;
166 else if (i == RC2_64_MAGIC)
167 return 64;
168 else if (i == RC2_40_MAGIC)
169 return 40;
170 else {
171 EVPerr(EVP_F_RC2_MAGIC_TO_METH, EVP_R_UNSUPPORTED_KEY_SIZE);
172 return (0);
166 } 173 }
174}
167 175
168static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) 176static int
169 { 177rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
170 long num=0; 178{
171 int i=0; 179 long num = 0;
180 int i = 0;
172 int key_bits; 181 int key_bits;
173 unsigned int l; 182 unsigned int l;
174 unsigned char iv[EVP_MAX_IV_LENGTH]; 183 unsigned char iv[EVP_MAX_IV_LENGTH];
175 184
176 if (type != NULL) 185 if (type != NULL) {
177 { 186 l = EVP_CIPHER_CTX_iv_length(c);
178 l=EVP_CIPHER_CTX_iv_length(c);
179 OPENSSL_assert(l <= sizeof(iv)); 187 OPENSSL_assert(l <= sizeof(iv));
180 i=ASN1_TYPE_get_int_octetstring(type,&num,iv,l); 188 i = ASN1_TYPE_get_int_octetstring(type, &num, iv, l);
181 if (i != (int)l) 189 if (i != (int)l)
182 return(-1); 190 return (-1);
183 key_bits =rc2_magic_to_meth((int)num); 191 key_bits = rc2_magic_to_meth((int)num);
184 if (!key_bits) 192 if (!key_bits)
185 return(-1); 193 return (-1);
186 if(i > 0 && !EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1)) 194 if (i > 0 && !EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1))
187 return -1; 195 return -1;
188 EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL); 196 EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS,
197 key_bits, NULL);
189 EVP_CIPHER_CTX_set_key_length(c, key_bits / 8); 198 EVP_CIPHER_CTX_set_key_length(c, key_bits / 8);
190 }
191 return(i);
192 } 199 }
200 return (i);
201}
193 202
194static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) 203static int
195 { 204rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
205{
196 long num; 206 long num;
197 int i=0,j; 207 int i = 0, j;
198 208
199 if (type != NULL) 209 if (type != NULL) {
200 { 210 num = rc2_meth_to_magic(c);
201 num=rc2_meth_to_magic(c); 211 j = EVP_CIPHER_CTX_iv_length(c);
202 j=EVP_CIPHER_CTX_iv_length(c); 212 i = ASN1_TYPE_set_int_octetstring(type, num, c->oiv, j);
203 i=ASN1_TYPE_set_int_octetstring(type,num,c->oiv,j);
204 }
205 return(i);
206 } 213 }
214 return (i);
215}
207 216
208static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) 217static int
209 { 218rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
210 switch(type) 219{
211 { 220 switch (type) {
212 case EVP_CTRL_INIT: 221 case EVP_CTRL_INIT:
213 data(c)->key_bits = EVP_CIPHER_CTX_key_length(c) * 8; 222 data(c)->key_bits = EVP_CIPHER_CTX_key_length(c) * 8;
214 return 1; 223 return 1;
@@ -216,14 +225,14 @@ static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
216 case EVP_CTRL_GET_RC2_KEY_BITS: 225 case EVP_CTRL_GET_RC2_KEY_BITS:
217 *(int *)ptr = data(c)->key_bits; 226 *(int *)ptr = data(c)->key_bits;
218 return 1; 227 return 1;
219 228
220 case EVP_CTRL_SET_RC2_KEY_BITS: 229 case EVP_CTRL_SET_RC2_KEY_BITS:
221 if(arg > 0) 230 if (arg > 0) {
222 {
223 data(c)->key_bits = arg; 231 data(c)->key_bits = arg;
224 return 1; 232 return 1;
225 } 233 }
226 return 0; 234 return 0;
235
227#ifdef PBE_PRF_TEST 236#ifdef PBE_PRF_TEST
228 case EVP_CTRL_PBE_PRF_NID: 237 case EVP_CTRL_PBE_PRF_NID:
229 *(int *)ptr = NID_hmacWithMD5; 238 *(int *)ptr = NID_hmacWithMD5;
@@ -232,7 +241,7 @@ static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
232 241
233 default: 242 default:
234 return -1; 243 return -1;
235 }
236 } 244 }
245}
237 246
238#endif 247#endif
diff --git a/src/lib/libcrypto/evp/e_rc4.c b/src/lib/libcrypto/evp/e_rc4.c
index b4f6bda82d..f66885f70d 100644
--- a/src/lib/libcrypto/evp/e_rc4.c
+++ b/src/lib/libcrypto/evp/e_rc4.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -69,21 +69,20 @@
69/* FIXME: surely this is available elsewhere? */ 69/* FIXME: surely this is available elsewhere? */
70#define EVP_RC4_KEY_SIZE 16 70#define EVP_RC4_KEY_SIZE 16
71 71
72typedef struct 72typedef struct {
73 {
74 RC4_KEY ks; /* working key */ 73 RC4_KEY ks; /* working key */
75 } EVP_RC4_KEY; 74} EVP_RC4_KEY;
76 75
77#define data(ctx) ((EVP_RC4_KEY *)(ctx)->cipher_data) 76#define data(ctx) ((EVP_RC4_KEY *)(ctx)->cipher_data)
78 77
79static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 78static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
80 const unsigned char *iv,int enc); 79 const unsigned char *iv, int enc);
81static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 80static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
82 const unsigned char *in, size_t inl); 81 const unsigned char *in, size_t inl);
83static const EVP_CIPHER r4_cipher= 82
84 { 83static const EVP_CIPHER r4_cipher = {
85 NID_rc4, 84 NID_rc4,
86 1,EVP_RC4_KEY_SIZE,0, 85 1, EVP_RC4_KEY_SIZE, 0,
87 EVP_CIPH_VARIABLE_LENGTH, 86 EVP_CIPH_VARIABLE_LENGTH,
88 rc4_init_key, 87 rc4_init_key,
89 rc4_cipher, 88 rc4_cipher,
@@ -93,45 +92,47 @@ static const EVP_CIPHER r4_cipher=
93 NULL, 92 NULL,
94 NULL, 93 NULL,
95 NULL 94 NULL
96 }; 95};
97 96
98static const EVP_CIPHER r4_40_cipher= 97static const EVP_CIPHER r4_40_cipher = {
99 {
100 NID_rc4_40, 98 NID_rc4_40,
101 1,5 /* 40 bit */,0, 99 1, 5 /* 40 bit */, 0,
102 EVP_CIPH_VARIABLE_LENGTH, 100 EVP_CIPH_VARIABLE_LENGTH,
103 rc4_init_key, 101 rc4_init_key,
104 rc4_cipher, 102 rc4_cipher,
105 NULL, 103 NULL,
106 sizeof(EVP_RC4_KEY), 104 sizeof(EVP_RC4_KEY),
107 NULL, 105 NULL,
108 NULL, 106 NULL,
109 NULL, 107 NULL,
110 NULL 108 NULL
111 }; 109};
112 110
113const EVP_CIPHER *EVP_rc4(void) 111const EVP_CIPHER *
114 { 112EVP_rc4(void)
115 return(&r4_cipher); 113{
116 } 114 return (&r4_cipher);
115}
117 116
118const EVP_CIPHER *EVP_rc4_40(void) 117const EVP_CIPHER *
119 { 118EVP_rc4_40(void)
120 return(&r4_40_cipher); 119{
121 } 120 return (&r4_40_cipher);
121}
122 122
123static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 123static int
124 const unsigned char *iv, int enc) 124rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
125 { 125 const unsigned char *iv, int enc)
126 RC4_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx), 126{
127 key); 127 RC4_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key);
128 return 1; 128 return 1;
129 } 129}
130 130
131static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 131static int
132 const unsigned char *in, size_t inl) 132rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
133 { 133 const unsigned char *in, size_t inl)
134 RC4(&data(ctx)->ks,inl,in,out); 134{
135 RC4(&data(ctx)->ks, inl, in, out);
135 return 1; 136 return 1;
136 } 137}
137#endif 138#endif
diff --git a/src/lib/libcrypto/evp/e_rc4_hmac_md5.c b/src/lib/libcrypto/evp/e_rc4_hmac_md5.c
index 56563191ba..d4655c56d9 100644
--- a/src/lib/libcrypto/evp/e_rc4_hmac_md5.c
+++ b/src/lib/libcrypto/evp/e_rc4_hmac_md5.c
@@ -68,37 +68,35 @@
68/* FIXME: surely this is available elsewhere? */ 68/* FIXME: surely this is available elsewhere? */
69#define EVP_RC4_KEY_SIZE 16 69#define EVP_RC4_KEY_SIZE 16
70 70
71typedef struct 71typedef struct {
72 { 72 RC4_KEY ks;
73 RC4_KEY ks; 73 MD5_CTX head, tail, md;
74 MD5_CTX head,tail,md; 74 size_t payload_length;
75 size_t payload_length; 75} EVP_RC4_HMAC_MD5;
76 } EVP_RC4_HMAC_MD5;
77 76
78#define NO_PAYLOAD_LENGTH ((size_t)-1) 77#define NO_PAYLOAD_LENGTH ((size_t)-1)
79 78
80void rc4_md5_enc (RC4_KEY *key, const void *in0, void *out, 79void rc4_md5_enc (RC4_KEY *key, const void *in0, void *out,
81 MD5_CTX *ctx,const void *inp,size_t blocks); 80 MD5_CTX *ctx, const void *inp, size_t blocks);
82 81
83#define data(ctx) ((EVP_RC4_HMAC_MD5 *)(ctx)->cipher_data) 82#define data(ctx) ((EVP_RC4_HMAC_MD5 *)(ctx)->cipher_data)
84 83
85static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx, 84static int
86 const unsigned char *inkey, 85rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *inkey,
87 const unsigned char *iv, int enc) 86 const unsigned char *iv, int enc)
88 { 87{
89 EVP_RC4_HMAC_MD5 *key = data(ctx); 88 EVP_RC4_HMAC_MD5 *key = data(ctx);
90 89
91 RC4_set_key(&key->ks,EVP_CIPHER_CTX_key_length(ctx), 90 RC4_set_key(&key->ks, EVP_CIPHER_CTX_key_length(ctx), inkey);
92 inkey);
93 91
94 MD5_Init(&key->head); /* handy when benchmarking */ 92 MD5_Init(&key->head); /* handy when benchmarking */
95 key->tail = key->head; 93 key->tail = key->head;
96 key->md = key->head; 94 key->md = key->head;
97 95
98 key->payload_length = NO_PAYLOAD_LENGTH; 96 key->payload_length = NO_PAYLOAD_LENGTH;
99 97
100 return 1; 98 return 1;
101 } 99}
102 100
103#if !defined(OPENSSL_NO_ASM) && ( \ 101#if !defined(OPENSSL_NO_ASM) && ( \
104 defined(__x86_64) || defined(__x86_64__) || \ 102 defined(__x86_64) || defined(__x86_64__) || \
@@ -113,173 +111,184 @@ static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx,
113#define md5_off 0 111#define md5_off 0
114#endif 112#endif
115 113
116static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 114static int
117 const unsigned char *in, size_t len) 115rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
118 { 116 const unsigned char *in, size_t len)
117{
119 EVP_RC4_HMAC_MD5 *key = data(ctx); 118 EVP_RC4_HMAC_MD5 *key = data(ctx);
120#if defined(STITCHED_CALL) 119#if defined(STITCHED_CALL)
121 size_t rc4_off = 32-1-(key->ks.x&(32-1)), /* 32 is $MOD from rc4_md5-x86_64.pl */ 120 size_t rc4_off = 32-1-(key->ks.x&(32-1)), /* 32 is $MOD from rc4_md5-x86_64.pl */
122 md5_off = MD5_CBLOCK-key->md.num, 121 md5_off = MD5_CBLOCK - key->md.num,
123 blocks; 122 blocks;
124 unsigned int l; 123 unsigned int l;
125 extern unsigned int OPENSSL_ia32cap_P[]; 124 extern unsigned int OPENSSL_ia32cap_P[];
126#endif 125#endif
127 size_t plen = key->payload_length; 126 size_t plen = key->payload_length;
128 127
129 if (plen!=NO_PAYLOAD_LENGTH && len!=(plen+MD5_DIGEST_LENGTH)) return 0; 128 if (plen != NO_PAYLOAD_LENGTH && len != (plen + MD5_DIGEST_LENGTH))
129 return 0;
130 130
131 if (ctx->encrypt) { 131 if (ctx->encrypt) {
132 if (plen==NO_PAYLOAD_LENGTH) plen = len; 132 if (plen == NO_PAYLOAD_LENGTH)
133 plen = len;
133#if defined(STITCHED_CALL) 134#if defined(STITCHED_CALL)
134 /* cipher has to "fall behind" */ 135 /* cipher has to "fall behind" */
135 if (rc4_off>md5_off) md5_off+=MD5_CBLOCK; 136 if (rc4_off > md5_off)
137 md5_off += MD5_CBLOCK;
136 138
137 if (plen>md5_off && (blocks=(plen-md5_off)/MD5_CBLOCK) && 139 if (plen > md5_off &&
138 (OPENSSL_ia32cap_P[0]&(1<<20))==0) { 140 (blocks = (plen - md5_off) / MD5_CBLOCK) &&
139 MD5_Update(&key->md,in,md5_off); 141 (OPENSSL_ia32cap_P[0]&(1 << 20)) == 0) {
140 RC4(&key->ks,rc4_off,in,out); 142 MD5_Update(&key->md, in, md5_off);
143 RC4(&key->ks, rc4_off, in, out);
141 144
142 rc4_md5_enc(&key->ks,in+rc4_off,out+rc4_off, 145 rc4_md5_enc(&key->ks, in + rc4_off, out + rc4_off,
143 &key->md,in+md5_off,blocks); 146 &key->md, in + md5_off, blocks);
144 blocks *= MD5_CBLOCK; 147 blocks *= MD5_CBLOCK;
145 rc4_off += blocks; 148 rc4_off += blocks;
146 md5_off += blocks; 149 md5_off += blocks;
147 key->md.Nh += blocks>>29; 150 key->md.Nh += blocks >> 29;
148 key->md.Nl += blocks<<=3; 151 key->md.Nl += blocks <<= 3;
149 if (key->md.Nl<(unsigned int)blocks) key->md.Nh++; 152 if (key->md.Nl < (unsigned int)blocks)
153 key->md.Nh++;
150 } else { 154 } else {
151 rc4_off = 0; 155 rc4_off = 0;
152 md5_off = 0; 156 md5_off = 0;
153 } 157 }
154#endif 158#endif
155 MD5_Update(&key->md,in+md5_off,plen-md5_off); 159 MD5_Update(&key->md, in + md5_off, plen - md5_off);
156 160
157 if (plen!=len) { /* "TLS" mode of operation */ 161 if (plen!=len) { /* "TLS" mode of operation */
158 if (in!=out) 162 if (in != out)
159 memcpy(out+rc4_off,in+rc4_off,plen-rc4_off); 163 memcpy(out + rc4_off, in + rc4_off,
164 plen - rc4_off);
160 165
161 /* calculate HMAC and append it to payload */ 166 /* calculate HMAC and append it to payload */
162 MD5_Final(out+plen,&key->md); 167 MD5_Final(out + plen, &key->md);
163 key->md = key->tail; 168 key->md = key->tail;
164 MD5_Update(&key->md,out+plen,MD5_DIGEST_LENGTH); 169 MD5_Update(&key->md, out + plen, MD5_DIGEST_LENGTH);
165 MD5_Final(out+plen,&key->md); 170 MD5_Final(out + plen, &key->md);
171
166 /* encrypt HMAC at once */ 172 /* encrypt HMAC at once */
167 RC4(&key->ks,len-rc4_off,out+rc4_off,out+rc4_off); 173 RC4(&key->ks, len - rc4_off, out + rc4_off,
174 out + rc4_off);
168 } else { 175 } else {
169 RC4(&key->ks,len-rc4_off,in+rc4_off,out+rc4_off); 176 RC4(&key->ks, len - rc4_off, in + rc4_off,
177 out + rc4_off);
170 } 178 }
171 } else { 179 } else {
172 unsigned char mac[MD5_DIGEST_LENGTH]; 180 unsigned char mac[MD5_DIGEST_LENGTH];
173#if defined(STITCHED_CALL) 181#if defined(STITCHED_CALL)
174 /* digest has to "fall behind" */ 182 /* digest has to "fall behind" */
175 if (md5_off>rc4_off) rc4_off += 2*MD5_CBLOCK; 183 if (md5_off > rc4_off)
176 else rc4_off += MD5_CBLOCK; 184 rc4_off += 2*MD5_CBLOCK;
177 185 else
178 if (len>rc4_off && (blocks=(len-rc4_off)/MD5_CBLOCK) && 186 rc4_off += MD5_CBLOCK;
179 (OPENSSL_ia32cap_P[0]&(1<<20))==0) { 187
180 RC4(&key->ks,rc4_off,in,out); 188 if (len > rc4_off && (blocks = (len - rc4_off) / MD5_CBLOCK) &&
181 MD5_Update(&key->md,out,md5_off); 189 (OPENSSL_ia32cap_P[0] & (1 << 20)) == 0) {
182 190 RC4(&key->ks, rc4_off, in, out);
183 rc4_md5_enc(&key->ks,in+rc4_off,out+rc4_off, 191 MD5_Update(&key->md, out, md5_off);
184 &key->md,out+md5_off,blocks); 192
193 rc4_md5_enc(&key->ks, in + rc4_off, out + rc4_off,
194 &key->md, out + md5_off, blocks);
185 blocks *= MD5_CBLOCK; 195 blocks *= MD5_CBLOCK;
186 rc4_off += blocks; 196 rc4_off += blocks;
187 md5_off += blocks; 197 md5_off += blocks;
188 l = (key->md.Nl+(blocks<<3))&0xffffffffU; 198 l = (key->md.Nl + (blocks << 3)) & 0xffffffffU;
189 if (l<key->md.Nl) key->md.Nh++; 199 if (l < key->md.Nl)
190 key->md.Nl = l; 200 key->md.Nh++;
191 key->md.Nh += blocks>>29; 201 key->md.Nl = l;
202 key->md.Nh += blocks >> 29;
192 } else { 203 } else {
193 md5_off=0; 204 md5_off = 0;
194 rc4_off=0; 205 rc4_off = 0;
195 } 206 }
196#endif 207#endif
197 /* decrypt HMAC at once */ 208 /* decrypt HMAC at once */
198 RC4(&key->ks,len-rc4_off,in+rc4_off,out+rc4_off); 209 RC4(&key->ks, len - rc4_off, in + rc4_off, out + rc4_off);
199 if (plen!=NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */ 210 if (plen!=NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */
200 MD5_Update(&key->md,out+md5_off,plen-md5_off); 211 MD5_Update(&key->md, out + md5_off, plen - md5_off);
201 212
202 /* calculate HMAC and verify it */ 213 /* calculate HMAC and verify it */
203 MD5_Final(mac,&key->md); 214 MD5_Final(mac, &key->md);
204 key->md = key->tail; 215 key->md = key->tail;
205 MD5_Update(&key->md,mac,MD5_DIGEST_LENGTH); 216 MD5_Update(&key->md, mac, MD5_DIGEST_LENGTH);
206 MD5_Final(mac,&key->md); 217 MD5_Final(mac, &key->md);
207 218
208 if (memcmp(out+plen,mac,MD5_DIGEST_LENGTH)) 219 if (memcmp(out + plen, mac, MD5_DIGEST_LENGTH))
209 return 0; 220 return 0;
210 } else { 221 } else {
211 MD5_Update(&key->md,out+md5_off,len-md5_off); 222 MD5_Update(&key->md, out + md5_off, len - md5_off);
212 } 223 }
213 } 224 }
214 225
215 key->payload_length = NO_PAYLOAD_LENGTH; 226 key->payload_length = NO_PAYLOAD_LENGTH;
216 227
217 return 1; 228 return 1;
218 } 229}
219 230
220static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) 231static int
221 { 232rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
233{
222 EVP_RC4_HMAC_MD5 *key = data(ctx); 234 EVP_RC4_HMAC_MD5 *key = data(ctx);
223 235
224 switch (type) 236 switch (type) {
225 {
226 case EVP_CTRL_AEAD_SET_MAC_KEY: 237 case EVP_CTRL_AEAD_SET_MAC_KEY:
227 { 238 {
228 unsigned int i; 239 unsigned int i;
229 unsigned char hmac_key[64]; 240 unsigned char hmac_key[64];
230 241
231 memset (hmac_key,0,sizeof(hmac_key)); 242 memset (hmac_key, 0, sizeof(hmac_key));
232 243
233 if (arg > (int)sizeof(hmac_key)) { 244 if (arg > (int)sizeof(hmac_key)) {
234 MD5_Init(&key->head); 245 MD5_Init(&key->head);
235 MD5_Update(&key->head,ptr,arg); 246 MD5_Update(&key->head, ptr, arg);
236 MD5_Final(hmac_key,&key->head); 247 MD5_Final(hmac_key, &key->head);
237 } else { 248 } else {
238 memcpy(hmac_key,ptr,arg); 249 memcpy(hmac_key, ptr, arg);
239 } 250 }
240 251
241 for (i=0;i<sizeof(hmac_key);i++) 252 for (i = 0; i < sizeof(hmac_key); i++)
242 hmac_key[i] ^= 0x36; /* ipad */ 253 hmac_key[i] ^= 0x36; /* ipad */
243 MD5_Init(&key->head); 254 MD5_Init(&key->head);
244 MD5_Update(&key->head,hmac_key,sizeof(hmac_key)); 255 MD5_Update(&key->head, hmac_key, sizeof(hmac_key));
245 256
246 for (i=0;i<sizeof(hmac_key);i++) 257 for (i = 0; i < sizeof(hmac_key); i++)
247 hmac_key[i] ^= 0x36^0x5c; /* opad */ 258 hmac_key[i] ^= 0x36 ^ 0x5c; /* opad */
248 MD5_Init(&key->tail); 259 MD5_Init(&key->tail);
249 MD5_Update(&key->tail,hmac_key,sizeof(hmac_key)); 260 MD5_Update(&key->tail, hmac_key, sizeof(hmac_key));
250 261
251 return 1; 262 return 1;
252 } 263 }
253 case EVP_CTRL_AEAD_TLS1_AAD: 264 case EVP_CTRL_AEAD_TLS1_AAD:
254 { 265 {
255 unsigned char *p=ptr; 266 unsigned char *p = ptr;
256 unsigned int len=p[arg-2]<<8|p[arg-1]; 267 unsigned int len = p[arg - 2] << 8 | p[arg - 1];
257 268
258 if (!ctx->encrypt) 269 if (!ctx->encrypt) {
259 { 270 len -= MD5_DIGEST_LENGTH;
260 len -= MD5_DIGEST_LENGTH; 271 p[arg - 2] = len >> 8;
261 p[arg-2] = len>>8; 272 p[arg - 1] = len;
262 p[arg-1] = len;
263 } 273 }
264 key->payload_length=len; 274 key->payload_length = len;
265 key->md = key->head; 275 key->md = key->head;
266 MD5_Update(&key->md,p,arg); 276 MD5_Update(&key->md, p, arg);
267 277
268 return MD5_DIGEST_LENGTH; 278 return MD5_DIGEST_LENGTH;
269 } 279 }
270 default: 280 default:
271 return -1; 281 return -1;
272 }
273 } 282 }
283}
274 284
275static EVP_CIPHER r4_hmac_md5_cipher= 285static EVP_CIPHER r4_hmac_md5_cipher = {
276 {
277#ifdef NID_rc4_hmac_md5 286#ifdef NID_rc4_hmac_md5
278 NID_rc4_hmac_md5, 287 NID_rc4_hmac_md5,
279#else 288#else
280 NID_undef, 289 NID_undef,
281#endif 290#endif
282 1,EVP_RC4_KEY_SIZE,0, 291 1, EVP_RC4_KEY_SIZE, 0,
283 EVP_CIPH_STREAM_CIPHER|EVP_CIPH_VARIABLE_LENGTH|EVP_CIPH_FLAG_AEAD_CIPHER, 292 EVP_CIPH_STREAM_CIPHER|EVP_CIPH_VARIABLE_LENGTH|EVP_CIPH_FLAG_AEAD_CIPHER,
284 rc4_hmac_md5_init_key, 293 rc4_hmac_md5_init_key,
285 rc4_hmac_md5_cipher, 294 rc4_hmac_md5_cipher,
@@ -289,10 +298,11 @@ static EVP_CIPHER r4_hmac_md5_cipher=
289 NULL, 298 NULL,
290 rc4_hmac_md5_ctrl, 299 rc4_hmac_md5_ctrl,
291 NULL 300 NULL
292 }; 301};
293 302
294const EVP_CIPHER *EVP_rc4_hmac_md5(void) 303const EVP_CIPHER *
295 { 304EVP_rc4_hmac_md5(void)
296 return(&r4_hmac_md5_cipher); 305{
297 } 306 return (&r4_hmac_md5_cipher);
307}
298#endif 308#endif
diff --git a/src/lib/libcrypto/evp/e_rc5.c b/src/lib/libcrypto/evp/e_rc5.c
index 19a10c6402..efbd03735e 100644
--- a/src/lib/libcrypto/evp/e_rc5.c
+++ b/src/lib/libcrypto/evp/e_rc5.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -67,27 +67,26 @@
67#include <openssl/rc5.h> 67#include <openssl/rc5.h>
68 68
69static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 69static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
70 const unsigned char *iv,int enc); 70 const unsigned char *iv, int enc);
71static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); 71static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
72 72
73typedef struct 73typedef struct {
74 {
75 int rounds; /* number of rounds */ 74 int rounds; /* number of rounds */
76 RC5_32_KEY ks; /* key schedule */ 75 RC5_32_KEY ks; /* key schedule */
77 } EVP_RC5_KEY; 76} EVP_RC5_KEY;
78 77
79#define data(ctx) EVP_C_DATA(EVP_RC5_KEY,ctx) 78#define data(ctx) EVP_C_DATA(EVP_RC5_KEY,ctx)
80 79
81IMPLEMENT_BLOCK_CIPHER(rc5_32_12_16, ks, RC5_32, EVP_RC5_KEY, NID_rc5, 80IMPLEMENT_BLOCK_CIPHER(rc5_32_12_16, ks, RC5_32, EVP_RC5_KEY, NID_rc5,
82 8, RC5_32_KEY_LENGTH, 8, 64, 81 8, RC5_32_KEY_LENGTH, 8, 64,
83 EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, 82 EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
84 r_32_12_16_init_key, NULL, 83 r_32_12_16_init_key, NULL,
85 NULL, NULL, rc5_ctrl) 84 NULL, NULL, rc5_ctrl)
86 85
87static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) 86static int
88 { 87rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
89 switch(type) 88{
90 { 89 switch (type) {
91 case EVP_CTRL_INIT: 90 case EVP_CTRL_INIT:
92 data(c)->rounds = RC5_12_ROUNDS; 91 data(c)->rounds = RC5_12_ROUNDS;
93 return 1; 92 return 1;
@@ -95,10 +94,9 @@ static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
95 case EVP_CTRL_GET_RC5_ROUNDS: 94 case EVP_CTRL_GET_RC5_ROUNDS:
96 *(int *)ptr = data(c)->rounds; 95 *(int *)ptr = data(c)->rounds;
97 return 1; 96 return 1;
98 97
99 case EVP_CTRL_SET_RC5_ROUNDS: 98 case EVP_CTRL_SET_RC5_ROUNDS:
100 switch(arg) 99 switch (arg) {
101 {
102 case RC5_8_ROUNDS: 100 case RC5_8_ROUNDS:
103 case RC5_12_ROUNDS: 101 case RC5_12_ROUNDS:
104 case RC5_16_ROUNDS: 102 case RC5_16_ROUNDS:
@@ -106,21 +104,23 @@ static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
106 return 1; 104 return 1;
107 105
108 default: 106 default:
109 EVPerr(EVP_F_RC5_CTRL, EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS); 107 EVPerr(EVP_F_RC5_CTRL,
108 EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS);
110 return 0; 109 return 0;
111 } 110 }
112 111
113 default: 112 default:
114 return -1; 113 return -1;
115 }
116 } 114 }
115}
117 116
118static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 117static int
119 const unsigned char *iv, int enc) 118r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
120 { 119 const unsigned char *iv, int enc)
121 RC5_32_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx), 120{
122 key,data(ctx)->rounds); 121 RC5_32_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key,
122 data(ctx)->rounds);
123 return 1; 123 return 1;
124 } 124}
125 125
126#endif 126#endif
diff --git a/src/lib/libcrypto/evp/e_xcbc_d.c b/src/lib/libcrypto/evp/e_xcbc_d.c
index 250e88c8c5..7313e4d225 100644
--- a/src/lib/libcrypto/evp/e_xcbc_d.c
+++ b/src/lib/libcrypto/evp/e_xcbc_d.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -67,24 +67,22 @@
67#include <openssl/des.h> 67#include <openssl/des.h>
68 68
69static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 69static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
70 const unsigned char *iv,int enc); 70 const unsigned char *iv, int enc);
71static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 71static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
72 const unsigned char *in, size_t inl); 72 const unsigned char *in, size_t inl);
73 73
74 74
75typedef struct 75typedef struct {
76 { 76 DES_key_schedule ks;/* key schedule */
77 DES_key_schedule ks;/* key schedule */ 77 DES_cblock inw;
78 DES_cblock inw; 78 DES_cblock outw;
79 DES_cblock outw; 79} DESX_CBC_KEY;
80 } DESX_CBC_KEY;
81 80
82#define data(ctx) ((DESX_CBC_KEY *)(ctx)->cipher_data) 81#define data(ctx) ((DESX_CBC_KEY *)(ctx)->cipher_data)
83 82
84static const EVP_CIPHER d_xcbc_cipher= 83static const EVP_CIPHER d_xcbc_cipher = {
85 {
86 NID_desx_cbc, 84 NID_desx_cbc,
87 8,24,8, 85 8, 24, 8,
88 EVP_CIPH_CBC_MODE, 86 EVP_CIPH_CBC_MODE,
89 desx_cbc_init_key, 87 desx_cbc_init_key,
90 desx_cbc_cipher, 88 desx_cbc_cipher,
@@ -94,45 +92,43 @@ static const EVP_CIPHER d_xcbc_cipher=
94 EVP_CIPHER_get_asn1_iv, 92 EVP_CIPHER_get_asn1_iv,
95 NULL, 93 NULL,
96 NULL 94 NULL
97 }; 95};
98 96
99const EVP_CIPHER *EVP_desx_cbc(void) 97const EVP_CIPHER *
100 { 98EVP_desx_cbc(void)
101 return(&d_xcbc_cipher); 99{
102 } 100 return (&d_xcbc_cipher);
103 101}
104static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 102
105 const unsigned char *iv, int enc) 103static int
106 { 104desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
105 const unsigned char *iv, int enc)
106{
107 DES_cblock *deskey = (DES_cblock *)key; 107 DES_cblock *deskey = (DES_cblock *)key;
108 108
109 DES_set_key_unchecked(deskey,&data(ctx)->ks); 109 DES_set_key_unchecked(deskey, &data(ctx)->ks);
110 memcpy(&data(ctx)->inw[0],&key[8],8); 110 memcpy(&data(ctx)->inw[0], &key[8], 8);
111 memcpy(&data(ctx)->outw[0],&key[16],8); 111 memcpy(&data(ctx)->outw[0], &key[16], 8);
112 112
113 return 1; 113 return 1;
114 } 114}
115 115
116static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 116static int
117 const unsigned char *in, size_t inl) 117desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
118 { 118 const unsigned char *in, size_t inl)
119 while (inl>=EVP_MAXCHUNK) 119{
120 { 120 while (inl >= EVP_MAXCHUNK) {
121 DES_xcbc_encrypt(in,out,(long)EVP_MAXCHUNK,&data(ctx)->ks, 121 DES_xcbc_encrypt(in, out, (long)EVP_MAXCHUNK, &data(ctx)->ks,
122 (DES_cblock *)&(ctx->iv[0]), 122 (DES_cblock *)&(ctx->iv[0]), &data(ctx)->inw,
123 &data(ctx)->inw, 123 &data(ctx)->outw, ctx->encrypt);
124 &data(ctx)->outw, 124 inl -= EVP_MAXCHUNK;
125 ctx->encrypt); 125 in += EVP_MAXCHUNK;
126 inl-=EVP_MAXCHUNK; 126 out += EVP_MAXCHUNK;
127 in +=EVP_MAXCHUNK; 127 }
128 out+=EVP_MAXCHUNK;
129 }
130 if (inl) 128 if (inl)
131 DES_xcbc_encrypt(in,out,(long)inl,&data(ctx)->ks, 129 DES_xcbc_encrypt(in, out, (long)inl, &data(ctx)->ks,
132 (DES_cblock *)&(ctx->iv[0]), 130 (DES_cblock *)&(ctx->iv[0]), &data(ctx)->inw,
133 &data(ctx)->inw, 131 &data(ctx)->outw, ctx->encrypt);
134 &data(ctx)->outw,
135 ctx->encrypt);
136 return 1; 132 return 1;
137 } 133}
138#endif 134#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_aes.c b/src/lib/libssl/src/crypto/evp/e_aes.c
index d6f0124a94..db0fdf85c8 100644
--- a/src/lib/libssl/src/crypto/evp/e_aes.c
+++ b/src/lib/libssl/src/crypto/evp/e_aes.c
@@ -6,7 +6,7 @@
6 * are met: 6 * are met:
7 * 7 *
8 * 1. Redistributions of source code must retain the above copyright 8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * 10 *
11 * 2. Redistributions in binary form must reproduce the above copyright 11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in 12 * notice, this list of conditions and the following disclaimer in
@@ -60,18 +60,16 @@
60#include "modes_lcl.h" 60#include "modes_lcl.h"
61#include <openssl/rand.h> 61#include <openssl/rand.h>
62 62
63typedef struct 63typedef struct {
64 {
65 AES_KEY ks; 64 AES_KEY ks;
66 block128_f block; 65 block128_f block;
67 union { 66 union {
68 cbc128_f cbc; 67 cbc128_f cbc;
69 ctr128_f ctr; 68 ctr128_f ctr;
70 } stream; 69 } stream;
71 } EVP_AES_KEY; 70} EVP_AES_KEY;
72 71
73typedef struct 72typedef struct {
74 {
75 AES_KEY ks; /* AES key schedule to use */ 73 AES_KEY ks; /* AES key schedule to use */
76 int key_set; /* Set if key initialised */ 74 int key_set; /* Set if key initialised */
77 int iv_set; /* Set if an iv is set */ 75 int iv_set; /* Set if an iv is set */
@@ -82,20 +80,17 @@ typedef struct
82 int iv_gen; /* It is OK to generate IVs */ 80 int iv_gen; /* It is OK to generate IVs */
83 int tls_aad_len; /* TLS AAD length */ 81 int tls_aad_len; /* TLS AAD length */
84 ctr128_f ctr; 82 ctr128_f ctr;
85 } EVP_AES_GCM_CTX; 83} EVP_AES_GCM_CTX;
86 84
87typedef struct 85typedef struct {
88 {
89 AES_KEY ks1, ks2; /* AES key schedules to use */ 86 AES_KEY ks1, ks2; /* AES key schedules to use */
90 XTS128_CONTEXT xts; 87 XTS128_CONTEXT xts;
91 void (*stream)(const unsigned char *in, 88 void (*stream)(const unsigned char *in, unsigned char *out,
92 unsigned char *out, size_t length, 89 size_t length, const AES_KEY *key1, const AES_KEY *key2,
93 const AES_KEY *key1, const AES_KEY *key2, 90 const unsigned char iv[16]);
94 const unsigned char iv[16]); 91} EVP_AES_XTS_CTX;
95 } EVP_AES_XTS_CTX; 92
96 93typedef struct {
97typedef struct
98 {
99 AES_KEY ks; /* AES key schedule to use */ 94 AES_KEY ks; /* AES key schedule to use */
100 int key_set; /* Set if key initialised */ 95 int key_set; /* Set if key initialised */
101 int iv_set; /* Set if an iv is set */ 96 int iv_set; /* Set if an iv is set */
@@ -104,53 +99,46 @@ typedef struct
104 int L, M; /* L and M parameters from RFC3610 */ 99 int L, M; /* L and M parameters from RFC3610 */
105 CCM128_CONTEXT ccm; 100 CCM128_CONTEXT ccm;
106 ccm128_f str; 101 ccm128_f str;
107 } EVP_AES_CCM_CTX; 102} EVP_AES_CCM_CTX;
108 103
109#define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4)) 104#define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4))
110 105
111#ifdef VPAES_ASM 106#ifdef VPAES_ASM
112int vpaes_set_encrypt_key(const unsigned char *userKey, int bits, 107int vpaes_set_encrypt_key(const unsigned char *userKey, int bits,
113 AES_KEY *key); 108 AES_KEY *key);
114int vpaes_set_decrypt_key(const unsigned char *userKey, int bits, 109int vpaes_set_decrypt_key(const unsigned char *userKey, int bits,
115 AES_KEY *key); 110 AES_KEY *key);
116 111
117void vpaes_encrypt(const unsigned char *in, unsigned char *out, 112void vpaes_encrypt(const unsigned char *in, unsigned char *out,
118 const AES_KEY *key); 113 const AES_KEY *key);
119void vpaes_decrypt(const unsigned char *in, unsigned char *out, 114void vpaes_decrypt(const unsigned char *in, unsigned char *out,
120 const AES_KEY *key); 115 const AES_KEY *key);
121 116
122void vpaes_cbc_encrypt(const unsigned char *in, 117void vpaes_cbc_encrypt(const unsigned char *in, unsigned char *out,
123 unsigned char *out, 118 size_t length, const AES_KEY *key, unsigned char *ivec, int enc);
124 size_t length,
125 const AES_KEY *key,
126 unsigned char *ivec, int enc);
127#endif 119#endif
128#ifdef BSAES_ASM 120#ifdef BSAES_ASM
129void bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out, 121void bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out,
130 size_t length, const AES_KEY *key, 122 size_t length, const AES_KEY *key, unsigned char ivec[16], int enc);
131 unsigned char ivec[16], int enc);
132void bsaes_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, 123void bsaes_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
133 size_t len, const AES_KEY *key, 124 size_t len, const AES_KEY *key, const unsigned char ivec[16]);
134 const unsigned char ivec[16]);
135void bsaes_xts_encrypt(const unsigned char *inp, unsigned char *out, 125void bsaes_xts_encrypt(const unsigned char *inp, unsigned char *out,
136 size_t len, const AES_KEY *key1, 126 size_t len, const AES_KEY *key1, const AES_KEY *key2,
137 const AES_KEY *key2, const unsigned char iv[16]); 127 const unsigned char iv[16]);
138void bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out, 128void bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out,
139 size_t len, const AES_KEY *key1, 129 size_t len, const AES_KEY *key1, const AES_KEY *key2,
140 const AES_KEY *key2, const unsigned char iv[16]); 130 const unsigned char iv[16]);
141#endif 131#endif
142#ifdef AES_CTR_ASM 132#ifdef AES_CTR_ASM
143void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out, 133void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
144 size_t blocks, const AES_KEY *key, 134 size_t blocks, const AES_KEY *key,
145 const unsigned char ivec[AES_BLOCK_SIZE]); 135 const unsigned char ivec[AES_BLOCK_SIZE]);
146#endif 136#endif
147#ifdef AES_XTS_ASM 137#ifdef AES_XTS_ASM
148void AES_xts_encrypt(const char *inp,char *out,size_t len, 138void AES_xts_encrypt(const char *inp, char *out, size_t len,
149 const AES_KEY *key1, const AES_KEY *key2, 139 const AES_KEY *key1, const AES_KEY *key2, const unsigned char iv[16]);
150 const unsigned char iv[16]); 140void AES_xts_decrypt(const char *inp, char *out, size_t len,
151void AES_xts_decrypt(const char *inp,char *out,size_t len, 141 const AES_KEY *key1, const AES_KEY *key2, const unsigned char iv[16]);
152 const AES_KEY *key1, const AES_KEY *key2,
153 const unsigned char iv[16]);
154#endif 142#endif
155 143
156#if defined(AES_ASM) && !defined(I386_ONLY) && ( \ 144#if defined(AES_ASM) && !defined(I386_ONLY) && ( \
@@ -174,160 +162,142 @@ extern unsigned int OPENSSL_ia32cap_P[2];
174#define AESNI_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(57-32))) 162#define AESNI_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(57-32)))
175 163
176int aesni_set_encrypt_key(const unsigned char *userKey, int bits, 164int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
177 AES_KEY *key); 165 AES_KEY *key);
178int aesni_set_decrypt_key(const unsigned char *userKey, int bits, 166int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
179 AES_KEY *key); 167 AES_KEY *key);
180 168
181void aesni_encrypt(const unsigned char *in, unsigned char *out, 169void aesni_encrypt(const unsigned char *in, unsigned char *out,
182 const AES_KEY *key); 170 const AES_KEY *key);
183void aesni_decrypt(const unsigned char *in, unsigned char *out, 171void aesni_decrypt(const unsigned char *in, unsigned char *out,
184 const AES_KEY *key); 172 const AES_KEY *key);
185 173
186void aesni_ecb_encrypt(const unsigned char *in, 174void aesni_ecb_encrypt(const unsigned char *in, unsigned char *out,
187 unsigned char *out, 175 size_t length, const AES_KEY *key, int enc);
188 size_t length, 176void aesni_cbc_encrypt(const unsigned char *in, unsigned char *out,
189 const AES_KEY *key, 177 size_t length, const AES_KEY *key, unsigned char *ivec, int enc);
190 int enc); 178
191void aesni_cbc_encrypt(const unsigned char *in, 179void aesni_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
192 unsigned char *out, 180 size_t blocks, const void *key, const unsigned char *ivec);
193 size_t length, 181
194 const AES_KEY *key, 182void aesni_xts_encrypt(const unsigned char *in, unsigned char *out,
195 unsigned char *ivec, int enc); 183 size_t length, const AES_KEY *key1, const AES_KEY *key2,
196 184 const unsigned char iv[16]);
197void aesni_ctr32_encrypt_blocks(const unsigned char *in, 185
198 unsigned char *out, 186void aesni_xts_decrypt(const unsigned char *in, unsigned char *out,
199 size_t blocks, 187 size_t length, const AES_KEY *key1, const AES_KEY *key2,
200 const void *key, 188 const unsigned char iv[16]);
201 const unsigned char *ivec); 189
202 190void aesni_ccm64_encrypt_blocks (const unsigned char *in, unsigned char *out,
203void aesni_xts_encrypt(const unsigned char *in, 191 size_t blocks, const void *key, const unsigned char ivec[16],
204 unsigned char *out, 192 unsigned char cmac[16]);
205 size_t length, 193
206 const AES_KEY *key1, const AES_KEY *key2, 194void aesni_ccm64_decrypt_blocks (const unsigned char *in, unsigned char *out,
207 const unsigned char iv[16]); 195 size_t blocks, const void *key, const unsigned char ivec[16],
208 196 unsigned char cmac[16]);
209void aesni_xts_decrypt(const unsigned char *in, 197
210 unsigned char *out, 198static int
211 size_t length, 199aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
212 const AES_KEY *key1, const AES_KEY *key2, 200 const unsigned char *iv, int enc)
213 const unsigned char iv[16]); 201{
214
215void aesni_ccm64_encrypt_blocks (const unsigned char *in,
216 unsigned char *out,
217 size_t blocks,
218 const void *key,
219 const unsigned char ivec[16],
220 unsigned char cmac[16]);
221
222void aesni_ccm64_decrypt_blocks (const unsigned char *in,
223 unsigned char *out,
224 size_t blocks,
225 const void *key,
226 const unsigned char ivec[16],
227 unsigned char cmac[16]);
228
229static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
230 const unsigned char *iv, int enc)
231 {
232 int ret, mode; 202 int ret, mode;
233 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; 203 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
234 204
235 mode = ctx->cipher->flags & EVP_CIPH_MODE; 205 mode = ctx->cipher->flags & EVP_CIPH_MODE;
236 if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) 206 if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) &&
237 && !enc) 207 !enc) {
238 { 208 ret = aesni_set_decrypt_key(key, ctx->key_len * 8,
239 ret = aesni_set_decrypt_key(key, ctx->key_len*8, ctx->cipher_data); 209 ctx->cipher_data);
240 dat->block = (block128_f)aesni_decrypt; 210 dat->block = (block128_f)aesni_decrypt;
241 dat->stream.cbc = mode==EVP_CIPH_CBC_MODE ? 211 dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
242 (cbc128_f)aesni_cbc_encrypt : 212 (cbc128_f)aesni_cbc_encrypt : NULL;
243 NULL; 213 } else {
244 } 214 ret = aesni_set_encrypt_key(key, ctx->key_len * 8,
245 else { 215 ctx->cipher_data);
246 ret = aesni_set_encrypt_key(key, ctx->key_len*8, ctx->cipher_data); 216 dat->block = (block128_f)aesni_encrypt;
247 dat->block = (block128_f)aesni_encrypt; 217 if (mode == EVP_CIPH_CBC_MODE)
248 if (mode==EVP_CIPH_CBC_MODE) 218 dat->stream.cbc = (cbc128_f)aesni_cbc_encrypt;
249 dat->stream.cbc = (cbc128_f)aesni_cbc_encrypt; 219 else if (mode == EVP_CIPH_CTR_MODE)
250 else if (mode==EVP_CIPH_CTR_MODE)
251 dat->stream.ctr = (ctr128_f)aesni_ctr32_encrypt_blocks; 220 dat->stream.ctr = (ctr128_f)aesni_ctr32_encrypt_blocks;
252 else 221 else
253 dat->stream.cbc = NULL; 222 dat->stream.cbc = NULL;
254 } 223 }
255 224
256 if(ret < 0) 225 if (ret < 0) {
257 { 226 EVPerr(EVP_F_AESNI_INIT_KEY, EVP_R_AES_KEY_SETUP_FAILED);
258 EVPerr(EVP_F_AESNI_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED);
259 return 0; 227 return 0;
260 } 228 }
261 229
262 return 1; 230 return 1;
263 } 231}
264 232
265static int aesni_cbc_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, 233static int
266 const unsigned char *in, size_t len) 234aesni_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
235 const unsigned char *in, size_t len)
267{ 236{
268 aesni_cbc_encrypt(in,out,len,ctx->cipher_data,ctx->iv,ctx->encrypt); 237 aesni_cbc_encrypt(in, out, len, ctx->cipher_data, ctx->iv,
238 ctx->encrypt);
269 239
270 return 1; 240 return 1;
271} 241}
272 242
273static int aesni_ecb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, 243static int
274 const unsigned char *in, size_t len) 244aesni_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
245 const unsigned char *in, size_t len)
275{ 246{
276 size_t bl = ctx->cipher->block_size; 247 size_t bl = ctx->cipher->block_size;
277 248
278 if (len<bl) return 1; 249 if (len < bl)
250 return 1;
279 251
280 aesni_ecb_encrypt(in,out,len,ctx->cipher_data,ctx->encrypt); 252 aesni_ecb_encrypt(in, out, len, ctx->cipher_data, ctx->encrypt);
281 253
282 return 1; 254 return 1;
283} 255}
284 256
285#define aesni_ofb_cipher aes_ofb_cipher 257#define aesni_ofb_cipher aes_ofb_cipher
286static int aesni_ofb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, 258static int aesni_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
287 const unsigned char *in,size_t len); 259 const unsigned char *in, size_t len);
288 260
289#define aesni_cfb_cipher aes_cfb_cipher 261#define aesni_cfb_cipher aes_cfb_cipher
290static int aesni_cfb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, 262static int aesni_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
291 const unsigned char *in,size_t len); 263 const unsigned char *in, size_t len);
292 264
293#define aesni_cfb8_cipher aes_cfb8_cipher 265#define aesni_cfb8_cipher aes_cfb8_cipher
294static int aesni_cfb8_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, 266static int aesni_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
295 const unsigned char *in,size_t len); 267 const unsigned char *in, size_t len);
296 268
297#define aesni_cfb1_cipher aes_cfb1_cipher 269#define aesni_cfb1_cipher aes_cfb1_cipher
298static int aesni_cfb1_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, 270static int aesni_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
299 const unsigned char *in,size_t len); 271 const unsigned char *in, size_t len);
300 272
301#define aesni_ctr_cipher aes_ctr_cipher 273#define aesni_ctr_cipher aes_ctr_cipher
302static int aesni_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 274static int aesni_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
303 const unsigned char *in, size_t len); 275 const unsigned char *in, size_t len);
304 276
305static int aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 277static int
306 const unsigned char *iv, int enc) 278aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
307 { 279 const unsigned char *iv, int enc)
280{
308 EVP_AES_GCM_CTX *gctx = ctx->cipher_data; 281 EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
282
309 if (!iv && !key) 283 if (!iv && !key)
310 return 1; 284 return 1;
311 if (key) 285 if (key) {
312 {
313 aesni_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks); 286 aesni_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
314 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, 287 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
315 (block128_f)aesni_encrypt); 288 (block128_f)aesni_encrypt);
316 gctx->ctr = (ctr128_f)aesni_ctr32_encrypt_blocks; 289 gctx->ctr = (ctr128_f)aesni_ctr32_encrypt_blocks;
317 /* If we have an iv can set it directly, otherwise use 290 /* If we have an iv can set it directly, otherwise use
318 * saved IV. 291 * saved IV.
319 */ 292 */
320 if (iv == NULL && gctx->iv_set) 293 if (iv == NULL && gctx->iv_set)
321 iv = gctx->iv; 294 iv = gctx->iv;
322 if (iv) 295 if (iv) {
323 {
324 CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); 296 CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
325 gctx->iv_set = 1; 297 gctx->iv_set = 1;
326 }
327 gctx->key_set = 1;
328 } 298 }
329 else 299 gctx->key_set = 1;
330 { 300 } else {
331 /* If key set use IV, otherwise copy */ 301 /* If key set use IV, otherwise copy */
332 if (gctx->key_set) 302 if (gctx->key_set)
333 CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); 303 CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
@@ -335,83 +305,82 @@ static int aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
335 memcpy(gctx->iv, iv, gctx->ivlen); 305 memcpy(gctx->iv, iv, gctx->ivlen);
336 gctx->iv_set = 1; 306 gctx->iv_set = 1;
337 gctx->iv_gen = 0; 307 gctx->iv_gen = 0;
338 }
339 return 1;
340 } 308 }
309 return 1;
310}
341 311
342#define aesni_gcm_cipher aes_gcm_cipher 312#define aesni_gcm_cipher aes_gcm_cipher
343static int aesni_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 313static int aesni_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
344 const unsigned char *in, size_t len); 314 const unsigned char *in, size_t len);
345 315
346static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 316static int
347 const unsigned char *iv, int enc) 317aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
348 { 318 const unsigned char *iv, int enc)
319{
349 EVP_AES_XTS_CTX *xctx = ctx->cipher_data; 320 EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
321
350 if (!iv && !key) 322 if (!iv && !key)
351 return 1; 323 return 1;
352 324
353 if (key) 325 if (key) {
354 {
355 /* key_len is two AES keys */ 326 /* key_len is two AES keys */
356 if (enc) 327 if (enc) {
357 { 328 aesni_set_encrypt_key(key, ctx->key_len * 4,
358 aesni_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1); 329 &xctx->ks1);
359 xctx->xts.block1 = (block128_f)aesni_encrypt; 330 xctx->xts.block1 = (block128_f)aesni_encrypt;
360 xctx->stream = aesni_xts_encrypt; 331 xctx->stream = aesni_xts_encrypt;
361 } 332 } else {
362 else 333 aesni_set_decrypt_key(key, ctx->key_len * 4,
363 { 334 &xctx->ks1);
364 aesni_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1);
365 xctx->xts.block1 = (block128_f)aesni_decrypt; 335 xctx->xts.block1 = (block128_f)aesni_decrypt;
366 xctx->stream = aesni_xts_decrypt; 336 xctx->stream = aesni_xts_decrypt;
367 } 337 }
368 338
369 aesni_set_encrypt_key(key + ctx->key_len/2, 339 aesni_set_encrypt_key(key + ctx->key_len / 2,
370 ctx->key_len * 4, &xctx->ks2); 340 ctx->key_len * 4, &xctx->ks2);
371 xctx->xts.block2 = (block128_f)aesni_encrypt; 341 xctx->xts.block2 = (block128_f)aesni_encrypt;
372 342
373 xctx->xts.key1 = &xctx->ks1; 343 xctx->xts.key1 = &xctx->ks1;
374 } 344 }
375 345
376 if (iv) 346 if (iv) {
377 {
378 xctx->xts.key2 = &xctx->ks2; 347 xctx->xts.key2 = &xctx->ks2;
379 memcpy(ctx->iv, iv, 16); 348 memcpy(ctx->iv, iv, 16);
380 } 349 }
381 350
382 return 1; 351 return 1;
383 } 352}
384 353
385#define aesni_xts_cipher aes_xts_cipher 354#define aesni_xts_cipher aes_xts_cipher
386static int aesni_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 355static int aesni_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
387 const unsigned char *in, size_t len); 356 const unsigned char *in, size_t len);
388 357
389static int aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 358static int
390 const unsigned char *iv, int enc) 359aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
391 { 360 const unsigned char *iv, int enc)
361{
392 EVP_AES_CCM_CTX *cctx = ctx->cipher_data; 362 EVP_AES_CCM_CTX *cctx = ctx->cipher_data;
363
393 if (!iv && !key) 364 if (!iv && !key)
394 return 1; 365 return 1;
395 if (key) 366 if (key) {
396 {
397 aesni_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks); 367 aesni_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks);
398 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, 368 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
399 &cctx->ks, (block128_f)aesni_encrypt); 369 &cctx->ks, (block128_f)aesni_encrypt);
400 cctx->str = enc?(ccm128_f)aesni_ccm64_encrypt_blocks : 370 cctx->str = enc ? (ccm128_f)aesni_ccm64_encrypt_blocks :
401 (ccm128_f)aesni_ccm64_decrypt_blocks; 371 (ccm128_f)aesni_ccm64_decrypt_blocks;
402 cctx->key_set = 1; 372 cctx->key_set = 1;
403 } 373 }
404 if (iv) 374 if (iv) {
405 {
406 memcpy(ctx->iv, iv, 15 - cctx->L); 375 memcpy(ctx->iv, iv, 15 - cctx->L);
407 cctx->iv_set = 1; 376 cctx->iv_set = 1;
408 }
409 return 1;
410 } 377 }
378 return 1;
379}
411 380
412#define aesni_ccm_cipher aes_ccm_cipher 381#define aesni_ccm_cipher aes_ccm_cipher
413static int aesni_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 382static int aesni_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
414 const unsigned char *in, size_t len); 383 const unsigned char *in, size_t len);
415 384
416#define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ 385#define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
417static const EVP_CIPHER aesni_##keylen##_##mode = { \ 386static const EVP_CIPHER aesni_##keylen##_##mode = { \
@@ -493,199 +462,205 @@ const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
493 BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags) \ 462 BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags) \
494 BLOCK_CIPHER_generic(nid,keylen,1,16,ctr,ctr,CTR,flags) 463 BLOCK_CIPHER_generic(nid,keylen,1,16,ctr,ctr,CTR,flags)
495 464
496static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 465static int
497 const unsigned char *iv, int enc) 466aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
498 { 467 const unsigned char *iv, int enc)
468{
499 int ret, mode; 469 int ret, mode;
500 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; 470 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
501 471
502 mode = ctx->cipher->flags & EVP_CIPH_MODE; 472 mode = ctx->cipher->flags & EVP_CIPH_MODE;
503 if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) 473 if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) &&
504 && !enc) 474 !enc)
505#ifdef BSAES_CAPABLE 475#ifdef BSAES_CAPABLE
506 if (BSAES_CAPABLE && mode==EVP_CIPH_CBC_MODE) 476 if (BSAES_CAPABLE && mode == EVP_CIPH_CBC_MODE) {
507 { 477 ret = AES_set_decrypt_key(key, ctx->key_len * 8,
508 ret = AES_set_decrypt_key(key,ctx->key_len*8,&dat->ks); 478 &dat->ks);
509 dat->block = (block128_f)AES_decrypt; 479 dat->block = (block128_f)AES_decrypt;
510 dat->stream.cbc = (cbc128_f)bsaes_cbc_encrypt; 480 dat->stream.cbc = (cbc128_f)bsaes_cbc_encrypt;
511 } 481 } else
512 else
513#endif 482#endif
514#ifdef VPAES_CAPABLE 483#ifdef VPAES_CAPABLE
515 if (VPAES_CAPABLE) 484 if (VPAES_CAPABLE) {
516 { 485 ret = vpaes_set_decrypt_key(key, ctx->key_len * 8,
517 ret = vpaes_set_decrypt_key(key,ctx->key_len*8,&dat->ks); 486 &dat->ks);
518 dat->block = (block128_f)vpaes_decrypt; 487 dat->block = (block128_f)vpaes_decrypt;
519 dat->stream.cbc = mode==EVP_CIPH_CBC_MODE ? 488 dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
520 (cbc128_f)vpaes_cbc_encrypt : 489 (cbc128_f)vpaes_cbc_encrypt : NULL;
521 NULL; 490 } else
522 }
523 else
524#endif 491#endif
525 { 492 {
526 ret = AES_set_decrypt_key(key,ctx->key_len*8,&dat->ks); 493 ret = AES_set_decrypt_key(key, ctx->key_len * 8,
527 dat->block = (block128_f)AES_decrypt; 494 &dat->ks);
528 dat->stream.cbc = mode==EVP_CIPH_CBC_MODE ? 495 dat->block = (block128_f)AES_decrypt;
529 (cbc128_f)AES_cbc_encrypt : 496 dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
530 NULL; 497 (cbc128_f)AES_cbc_encrypt : NULL;
531 } 498 } else
532 else
533#ifdef BSAES_CAPABLE 499#ifdef BSAES_CAPABLE
534 if (BSAES_CAPABLE && mode==EVP_CIPH_CTR_MODE) 500 if (BSAES_CAPABLE && mode == EVP_CIPH_CTR_MODE) {
535 { 501 ret = AES_set_encrypt_key(key, ctx->key_len * 8,
536 ret = AES_set_encrypt_key(key,ctx->key_len*8,&dat->ks); 502 &dat->ks);
537 dat->block = (block128_f)AES_encrypt; 503 dat->block = (block128_f)AES_encrypt;
538 dat->stream.ctr = (ctr128_f)bsaes_ctr32_encrypt_blocks; 504 dat->stream.ctr = (ctr128_f)bsaes_ctr32_encrypt_blocks;
539 } 505 } else
540 else
541#endif 506#endif
542#ifdef VPAES_CAPABLE 507#ifdef VPAES_CAPABLE
543 if (VPAES_CAPABLE) 508 if (VPAES_CAPABLE) {
544 { 509 ret = vpaes_set_encrypt_key(key, ctx->key_len * 8,
545 ret = vpaes_set_encrypt_key(key,ctx->key_len*8,&dat->ks); 510 &dat->ks);
546 dat->block = (block128_f)vpaes_encrypt; 511 dat->block = (block128_f)vpaes_encrypt;
547 dat->stream.cbc = mode==EVP_CIPH_CBC_MODE ? 512 dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
548 (cbc128_f)vpaes_cbc_encrypt : 513 (cbc128_f)vpaes_cbc_encrypt : NULL;
549 NULL; 514 } else
550 }
551 else
552#endif 515#endif
553 { 516 {
554 ret = AES_set_encrypt_key(key,ctx->key_len*8,&dat->ks); 517 ret = AES_set_encrypt_key(key, ctx->key_len * 8,
555 dat->block = (block128_f)AES_encrypt; 518 &dat->ks);
556 dat->stream.cbc = mode==EVP_CIPH_CBC_MODE ? 519 dat->block = (block128_f)AES_encrypt;
557 (cbc128_f)AES_cbc_encrypt : 520 dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
558 NULL; 521 (cbc128_f)AES_cbc_encrypt : NULL;
559#ifdef AES_CTR_ASM 522#ifdef AES_CTR_ASM
560 if (mode==EVP_CIPH_CTR_MODE) 523 if (mode == EVP_CIPH_CTR_MODE)
561 dat->stream.ctr = (ctr128_f)AES_ctr32_encrypt; 524 dat->stream.ctr = (ctr128_f)AES_ctr32_encrypt;
562#endif 525#endif
563 } 526 }
564 527
565 if(ret < 0) 528 if (ret < 0) {
566 { 529 EVPerr(EVP_F_AES_INIT_KEY, EVP_R_AES_KEY_SETUP_FAILED);
567 EVPerr(EVP_F_AES_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED);
568 return 0; 530 return 0;
569 } 531 }
570 532
571 return 1; 533 return 1;
572 } 534}
573 535
574static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, 536static int
575 const unsigned char *in, size_t len) 537aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
538 const unsigned char *in, size_t len)
576{ 539{
577 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; 540 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
578 541
579 if (dat->stream.cbc) 542 if (dat->stream.cbc)
580 (*dat->stream.cbc)(in,out,len,&dat->ks,ctx->iv,ctx->encrypt); 543 (*dat->stream.cbc)(in, out, len, &dat->ks, ctx->iv,
544 ctx->encrypt);
581 else if (ctx->encrypt) 545 else if (ctx->encrypt)
582 CRYPTO_cbc128_encrypt(in,out,len,&dat->ks,ctx->iv,dat->block); 546 CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, ctx->iv,
547 dat->block);
583 else 548 else
584 CRYPTO_cbc128_decrypt(in,out,len,&dat->ks,ctx->iv,dat->block); 549 CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, ctx->iv,
550 dat->block);
585 551
586 return 1; 552 return 1;
587} 553}
588 554
589static int aes_ecb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, 555static int
590 const unsigned char *in, size_t len) 556aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
557 const unsigned char *in, size_t len)
591{ 558{
592 size_t bl = ctx->cipher->block_size; 559 size_t bl = ctx->cipher->block_size;
593 size_t i; 560 size_t i;
594 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; 561 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
595 562
596 if (len<bl) return 1; 563 if (len < bl)
564 return 1;
597 565
598 for (i=0,len-=bl;i<=len;i+=bl) 566 for (i = 0, len -= bl; i <= len; i += bl)
599 (*dat->block)(in+i,out+i,&dat->ks); 567 (*dat->block)(in + i, out + i, &dat->ks);
600 568
601 return 1; 569 return 1;
602} 570}
603 571
604static int aes_ofb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, 572static int
605 const unsigned char *in,size_t len) 573aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
574 const unsigned char *in, size_t len)
606{ 575{
607 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; 576 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
608 577
609 CRYPTO_ofb128_encrypt(in,out,len,&dat->ks, 578 CRYPTO_ofb128_encrypt(in, out, len, &dat->ks, ctx->iv, &ctx->num,
610 ctx->iv,&ctx->num,dat->block); 579 dat->block);
611 return 1; 580 return 1;
612} 581}
613 582
614static int aes_cfb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, 583static int
615 const unsigned char *in,size_t len) 584aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
585 const unsigned char *in, size_t len)
616{ 586{
617 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; 587 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
618 588
619 CRYPTO_cfb128_encrypt(in,out,len,&dat->ks, 589 CRYPTO_cfb128_encrypt(in, out, len, &dat->ks, ctx->iv, &ctx->num,
620 ctx->iv,&ctx->num,ctx->encrypt,dat->block); 590 ctx->encrypt, dat->block);
621 return 1; 591 return 1;
622} 592}
623 593
624static int aes_cfb8_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, 594static int
625 const unsigned char *in,size_t len) 595aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
596 const unsigned char *in, size_t len)
626{ 597{
627 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; 598 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
628 599
629 CRYPTO_cfb128_8_encrypt(in,out,len,&dat->ks, 600 CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks, ctx->iv, &ctx->num,
630 ctx->iv,&ctx->num,ctx->encrypt,dat->block); 601 ctx->encrypt, dat->block);
631 return 1; 602 return 1;
632} 603}
633 604
634static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, 605static int
635 const unsigned char *in,size_t len) 606aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
607 const unsigned char *in, size_t len)
636{ 608{
637 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; 609 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
638 610
639 if (ctx->flags&EVP_CIPH_FLAG_LENGTH_BITS) { 611 if (ctx->flags&EVP_CIPH_FLAG_LENGTH_BITS) {
640 CRYPTO_cfb128_1_encrypt(in,out,len,&dat->ks, 612 CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks, ctx->iv,
641 ctx->iv,&ctx->num,ctx->encrypt,dat->block); 613 &ctx->num, ctx->encrypt, dat->block);
642 return 1; 614 return 1;
643 } 615 }
644 616
645 while (len>=MAXBITCHUNK) { 617 while (len >= MAXBITCHUNK) {
646 CRYPTO_cfb128_1_encrypt(in,out,MAXBITCHUNK*8,&dat->ks, 618 CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK*8, &dat->ks,
647 ctx->iv,&ctx->num,ctx->encrypt,dat->block); 619 ctx->iv, &ctx->num, ctx->encrypt, dat->block);
648 len-=MAXBITCHUNK; 620 len -= MAXBITCHUNK;
649 } 621 }
650 if (len) 622 if (len)
651 CRYPTO_cfb128_1_encrypt(in,out,len*8,&dat->ks, 623 CRYPTO_cfb128_1_encrypt(in, out, len*8, &dat->ks,
652 ctx->iv,&ctx->num,ctx->encrypt,dat->block); 624 ctx->iv, &ctx->num, ctx->encrypt, dat->block);
653 625
654 return 1; 626 return 1;
655} 627}
656 628
657static int aes_ctr_cipher (EVP_CIPHER_CTX *ctx, unsigned char *out, 629static int aes_ctr_cipher (EVP_CIPHER_CTX *ctx, unsigned char *out,
658 const unsigned char *in, size_t len) 630 const unsigned char *in, size_t len)
659{ 631{
660 unsigned int num = ctx->num; 632 unsigned int num = ctx->num;
661 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; 633 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
662 634
663 if (dat->stream.ctr) 635 if (dat->stream.ctr)
664 CRYPTO_ctr128_encrypt_ctr32(in,out,len,&dat->ks, 636 CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks,
665 ctx->iv,ctx->buf,&num,dat->stream.ctr); 637 ctx->iv, ctx->buf, &num, dat->stream.ctr);
666 else 638 else
667 CRYPTO_ctr128_encrypt(in,out,len,&dat->ks, 639 CRYPTO_ctr128_encrypt(in, out, len, &dat->ks,
668 ctx->iv,ctx->buf,&num,dat->block); 640 ctx->iv, ctx->buf, &num, dat->block);
669 ctx->num = (size_t)num; 641 ctx->num = (size_t)num;
670 return 1; 642 return 1;
671} 643}
672 644
673BLOCK_CIPHER_generic_pack(NID_aes,128,EVP_CIPH_FLAG_FIPS) 645BLOCK_CIPHER_generic_pack(NID_aes, 128, EVP_CIPH_FLAG_FIPS)
674BLOCK_CIPHER_generic_pack(NID_aes,192,EVP_CIPH_FLAG_FIPS) 646BLOCK_CIPHER_generic_pack(NID_aes, 192, EVP_CIPH_FLAG_FIPS)
675BLOCK_CIPHER_generic_pack(NID_aes,256,EVP_CIPH_FLAG_FIPS) 647BLOCK_CIPHER_generic_pack(NID_aes, 256, EVP_CIPH_FLAG_FIPS)
676 648
677static int aes_gcm_cleanup(EVP_CIPHER_CTX *c) 649static int
678 { 650aes_gcm_cleanup(EVP_CIPHER_CTX *c)
651{
679 EVP_AES_GCM_CTX *gctx = c->cipher_data; 652 EVP_AES_GCM_CTX *gctx = c->cipher_data;
653
680 OPENSSL_cleanse(&gctx->gcm, sizeof(gctx->gcm)); 654 OPENSSL_cleanse(&gctx->gcm, sizeof(gctx->gcm));
681 if (gctx->iv != c->iv) 655 if (gctx->iv != c->iv)
682 free(gctx->iv); 656 free(gctx->iv);
683 return 1; 657 return 1;
684 } 658}
685 659
686/* increment counter (64-bit int) by 1 */ 660/* increment counter (64-bit int) by 1 */
687static void ctr64_inc(unsigned char *counter) { 661static void
688 int n=8; 662ctr64_inc(unsigned char *counter) {
663 int n = 8;
689 unsigned char c; 664 unsigned char c;
690 665
691 do { 666 do {
@@ -693,15 +668,17 @@ static void ctr64_inc(unsigned char *counter) {
693 c = counter[n]; 668 c = counter[n];
694 ++c; 669 ++c;
695 counter[n] = c; 670 counter[n] = c;
696 if (c) return; 671 if (c)
672 return;
697 } while (n); 673 } while (n);
698} 674}
699 675
700static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) 676static int
701 { 677aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
678{
702 EVP_AES_GCM_CTX *gctx = c->cipher_data; 679 EVP_AES_GCM_CTX *gctx = c->cipher_data;
703 switch (type) 680
704 { 681 switch (type) {
705 case EVP_CTRL_INIT: 682 case EVP_CTRL_INIT:
706 gctx->key_set = 0; 683 gctx->key_set = 0;
707 gctx->iv_set = 0; 684 gctx->iv_set = 0;
@@ -716,19 +693,18 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
716 if (arg <= 0) 693 if (arg <= 0)
717 return 0; 694 return 0;
718#ifdef OPENSSL_FIPS 695#ifdef OPENSSL_FIPS
719 if (FIPS_module_mode() && !(c->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) 696 if (FIPS_module_mode() &&
720 && arg < 12) 697 !(c->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) && arg < 12)
721 return 0; 698 return 0;
722#endif 699#endif
723 /* Allocate memory for IV if needed */ 700 /* Allocate memory for IV if needed */
724 if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) 701 if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) {
725 {
726 if (gctx->iv != c->iv) 702 if (gctx->iv != c->iv)
727 free(gctx->iv); 703 free(gctx->iv);
728 gctx->iv = malloc(arg); 704 gctx->iv = malloc(arg);
729 if (!gctx->iv) 705 if (!gctx->iv)
730 return 0; 706 return 0;
731 } 707 }
732 gctx->ivlen = arg; 708 gctx->ivlen = arg;
733 return 1; 709 return 1;
734 710
@@ -747,12 +723,11 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
747 723
748 case EVP_CTRL_GCM_SET_IV_FIXED: 724 case EVP_CTRL_GCM_SET_IV_FIXED:
749 /* Special case: -1 length restores whole IV */ 725 /* Special case: -1 length restores whole IV */
750 if (arg == -1) 726 if (arg == -1) {
751 {
752 memcpy(gctx->iv, ptr, gctx->ivlen); 727 memcpy(gctx->iv, ptr, gctx->ivlen);
753 gctx->iv_gen = 1; 728 gctx->iv_gen = 1;
754 return 1; 729 return 1;
755 } 730 }
756 /* Fixed field must be at least 4 bytes and invocation field 731 /* Fixed field must be at least 4 bytes and invocation field
757 * at least 8. 732 * at least 8.
758 */ 733 */
@@ -761,7 +736,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
761 if (arg) 736 if (arg)
762 memcpy(gctx->iv, ptr, arg); 737 memcpy(gctx->iv, ptr, arg);
763 if (c->encrypt && 738 if (c->encrypt &&
764 RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0) 739 RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0)
765 return 0; 740 return 0;
766 gctx->iv_gen = 1; 741 gctx->iv_gen = 1;
767 return 1; 742 return 1;
@@ -795,63 +770,68 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
795 return 0; 770 return 0;
796 memcpy(c->buf, ptr, arg); 771 memcpy(c->buf, ptr, arg);
797 gctx->tls_aad_len = arg; 772 gctx->tls_aad_len = arg;
798 { 773 {
799 unsigned int len=c->buf[arg-2]<<8|c->buf[arg-1]; 774 unsigned int len = c->buf[arg - 2] << 8 |
775 c->buf[arg - 1];
776
800 /* Correct length for explicit IV */ 777 /* Correct length for explicit IV */
801 len -= EVP_GCM_TLS_EXPLICIT_IV_LEN; 778 len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
779
802 /* If decrypting correct for tag too */ 780 /* If decrypting correct for tag too */
803 if (!c->encrypt) 781 if (!c->encrypt)
804 len -= EVP_GCM_TLS_TAG_LEN; 782 len -= EVP_GCM_TLS_TAG_LEN;
805 c->buf[arg-2] = len>>8; 783 c->buf[arg - 2] = len >> 8;
806 c->buf[arg-1] = len & 0xff; 784 c->buf[arg - 1] = len & 0xff;
807 } 785 }
808 /* Extra padding: tag appended to record */ 786 /* Extra padding: tag appended to record */
809 return EVP_GCM_TLS_TAG_LEN; 787 return EVP_GCM_TLS_TAG_LEN;
810 788
811 default: 789 default:
812 return -1; 790 return -1;
813 791
814 }
815 } 792 }
793}
816 794
817static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 795static int
818 const unsigned char *iv, int enc) 796aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
819 { 797 const unsigned char *iv, int enc)
798{
820 EVP_AES_GCM_CTX *gctx = ctx->cipher_data; 799 EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
800
821 if (!iv && !key) 801 if (!iv && !key)
822 return 1; 802 return 1;
823 if (key) 803 if (key) {
824 { do { 804 do {
825#ifdef BSAES_CAPABLE 805#ifdef BSAES_CAPABLE
826 if (BSAES_CAPABLE) 806 if (BSAES_CAPABLE) {
827 { 807 AES_set_encrypt_key(key, ctx->key_len * 8,
828 AES_set_encrypt_key(key,ctx->key_len*8,&gctx->ks); 808 &gctx->ks);
829 CRYPTO_gcm128_init(&gctx->gcm,&gctx->ks, 809 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
830 (block128_f)AES_encrypt); 810 (block128_f)AES_encrypt);
831 gctx->ctr = (ctr128_f)bsaes_ctr32_encrypt_blocks; 811 gctx->ctr =
832 break; 812 (ctr128_f)bsaes_ctr32_encrypt_blocks;
833 } 813 break;
834 else 814 } else
835#endif 815#endif
836#ifdef VPAES_CAPABLE 816#ifdef VPAES_CAPABLE
837 if (VPAES_CAPABLE) 817 if (VPAES_CAPABLE) {
838 { 818 vpaes_set_encrypt_key(key, ctx->key_len * 8,
839 vpaes_set_encrypt_key(key,ctx->key_len*8,&gctx->ks); 819 &gctx->ks);
840 CRYPTO_gcm128_init(&gctx->gcm,&gctx->ks, 820 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
841 (block128_f)vpaes_encrypt); 821 (block128_f)vpaes_encrypt);
842 gctx->ctr = NULL; 822 gctx->ctr = NULL;
843 break; 823 break;
844 } 824 } else
845 else
846#endif 825#endif
847 (void)0; /* terminate potentially open 'else' */ 826 (void)0; /* terminate potentially open 'else' */
848 827
849 AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks); 828 AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
850 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f)AES_encrypt); 829 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
830 (block128_f)AES_encrypt);
851#ifdef AES_CTR_ASM 831#ifdef AES_CTR_ASM
852 gctx->ctr = (ctr128_f)AES_ctr32_encrypt; 832 gctx->ctr = (ctr128_f)AES_ctr32_encrypt;
853#else 833#else
854 gctx->ctr = NULL; 834 gctx->ctr = NULL;
855#endif 835#endif
856 } while (0); 836 } while (0);
857 837
@@ -860,15 +840,12 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
860 */ 840 */
861 if (iv == NULL && gctx->iv_set) 841 if (iv == NULL && gctx->iv_set)
862 iv = gctx->iv; 842 iv = gctx->iv;
863 if (iv) 843 if (iv) {
864 {
865 CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); 844 CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
866 gctx->iv_set = 1; 845 gctx->iv_set = 1;
867 }
868 gctx->key_set = 1;
869 } 846 }
870 else 847 gctx->key_set = 1;
871 { 848 } else {
872 /* If key set use IV, otherwise copy */ 849 /* If key set use IV, otherwise copy */
873 if (gctx->key_set) 850 if (gctx->key_set)
874 CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); 851 CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
@@ -876,9 +853,9 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
876 memcpy(gctx->iv, iv, gctx->ivlen); 853 memcpy(gctx->iv, iv, gctx->ivlen);
877 gctx->iv_set = 1; 854 gctx->iv_set = 1;
878 gctx->iv_gen = 0; 855 gctx->iv_gen = 0;
879 }
880 return 1;
881 } 856 }
857 return 1;
858}
882 859
883/* Handle TLS GCM packet format. This consists of the last portion of the IV 860/* Handle TLS GCM packet format. This consists of the last portion of the IV
884 * followed by the payload and finally the tag. On encrypt generate IV, 861 * followed by the payload and finally the tag. On encrypt generate IV,
@@ -886,83 +863,82 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
886 * and verify tag. 863 * and verify tag.
887 */ 864 */
888 865
889static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 866static int
890 const unsigned char *in, size_t len) 867aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
891 { 868 const unsigned char *in, size_t len)
869{
892 EVP_AES_GCM_CTX *gctx = ctx->cipher_data; 870 EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
893 int rv = -1; 871 int rv = -1;
872
894 /* Encrypt/decrypt must be performed in place */ 873 /* Encrypt/decrypt must be performed in place */
895 if (out != in || len < (EVP_GCM_TLS_EXPLICIT_IV_LEN+EVP_GCM_TLS_TAG_LEN)) 874 if (out != in ||
875 len < (EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN))
896 return -1; 876 return -1;
877
897 /* Set IV from start of buffer or generate IV and write to start 878 /* Set IV from start of buffer or generate IV and write to start
898 * of buffer. 879 * of buffer.
899 */ 880 */
900 if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ? 881 if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ?
901 EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV, 882 EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV,
902 EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0) 883 EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
903 goto err; 884 goto err;
885
904 /* Use saved AAD */ 886 /* Use saved AAD */
905 if (CRYPTO_gcm128_aad(&gctx->gcm, ctx->buf, gctx->tls_aad_len)) 887 if (CRYPTO_gcm128_aad(&gctx->gcm, ctx->buf, gctx->tls_aad_len))
906 goto err; 888 goto err;
889
907 /* Fix buffer and length to point to payload */ 890 /* Fix buffer and length to point to payload */
908 in += EVP_GCM_TLS_EXPLICIT_IV_LEN; 891 in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
909 out += EVP_GCM_TLS_EXPLICIT_IV_LEN; 892 out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
910 len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; 893 len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
911 if (ctx->encrypt) 894 if (ctx->encrypt) {
912 {
913 /* Encrypt payload */ 895 /* Encrypt payload */
914 if (gctx->ctr) 896 if (gctx->ctr) {
915 { 897 if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm, in, out,
916 if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm, 898 len, gctx->ctr))
917 in, out, len,
918 gctx->ctr))
919 goto err; 899 goto err;
920 } 900 } else {
921 else {
922 if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len)) 901 if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len))
923 goto err; 902 goto err;
924 } 903 }
925 out += len; 904 out += len;
905
926 /* Finally write tag */ 906 /* Finally write tag */
927 CRYPTO_gcm128_tag(&gctx->gcm, out, EVP_GCM_TLS_TAG_LEN); 907 CRYPTO_gcm128_tag(&gctx->gcm, out, EVP_GCM_TLS_TAG_LEN);
928 rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; 908 rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
929 } 909 } else {
930 else
931 {
932 /* Decrypt */ 910 /* Decrypt */
933 if (gctx->ctr) 911 if (gctx->ctr) {
934 { 912 if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm, in, out,
935 if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm, 913 len, gctx->ctr))
936 in, out, len,
937 gctx->ctr))
938 goto err; 914 goto err;
939 } 915 } else {
940 else {
941 if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len)) 916 if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len))
942 goto err; 917 goto err;
943 } 918 }
944 /* Retrieve tag */ 919 /* Retrieve tag */
945 CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, 920 CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, EVP_GCM_TLS_TAG_LEN);
946 EVP_GCM_TLS_TAG_LEN); 921
947 /* If tag mismatch wipe buffer */ 922 /* If tag mismatch wipe buffer */
948 if (memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) 923 if (memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) {
949 {
950 OPENSSL_cleanse(out, len); 924 OPENSSL_cleanse(out, len);
951 goto err; 925 goto err;
952 }
953 rv = len;
954 } 926 }
927 rv = len;
928 }
955 929
956 err: 930err:
957 gctx->iv_set = 0; 931 gctx->iv_set = 0;
958 gctx->tls_aad_len = -1; 932 gctx->tls_aad_len = -1;
959 return rv; 933 return rv;
960 } 934}
961 935
962static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 936static int
963 const unsigned char *in, size_t len) 937aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
964 { 938 const unsigned char *in, size_t len)
939{
965 EVP_AES_GCM_CTX *gctx = ctx->cipher_data; 940 EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
941
966 /* If not set up, return error */ 942 /* If not set up, return error */
967 if (!gctx->key_set) 943 if (!gctx->key_set)
968 return -1; 944 return -1;
@@ -972,95 +948,88 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
972 948
973 if (!gctx->iv_set) 949 if (!gctx->iv_set)
974 return -1; 950 return -1;
975 if (in) 951
976 { 952 if (in) {
977 if (out == NULL) 953 if (out == NULL) {
978 {
979 if (CRYPTO_gcm128_aad(&gctx->gcm, in, len)) 954 if (CRYPTO_gcm128_aad(&gctx->gcm, in, len))
980 return -1; 955 return -1;
981 } 956 } else if (ctx->encrypt) {
982 else if (ctx->encrypt) 957 if (gctx->ctr) {
983 {
984 if (gctx->ctr)
985 {
986 if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm, 958 if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm,
987 in, out, len, 959 in, out, len, gctx->ctr))
988 gctx->ctr))
989 return -1; 960 return -1;
990 } 961 } else {
991 else { 962 if (CRYPTO_gcm128_encrypt(&gctx->gcm,
992 if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len)) 963 in, out, len))
993 return -1; 964 return -1;
994 }
995 } 965 }
996 else 966 } else {
997 { 967 if (gctx->ctr) {
998 if (gctx->ctr)
999 {
1000 if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm, 968 if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm,
1001 in, out, len, 969 in, out, len, gctx->ctr))
1002 gctx->ctr))
1003 return -1; 970 return -1;
1004 } 971 } else {
1005 else { 972 if (CRYPTO_gcm128_decrypt(&gctx->gcm,
1006 if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len)) 973 in, out, len))
1007 return -1; 974 return -1;
1008 }
1009 } 975 }
1010 return len;
1011 } 976 }
1012 else 977 return len;
1013 { 978 } else {
1014 if (!ctx->encrypt) 979 if (!ctx->encrypt) {
1015 {
1016 if (gctx->taglen < 0) 980 if (gctx->taglen < 0)
1017 return -1; 981 return -1;
1018 if (CRYPTO_gcm128_finish(&gctx->gcm, 982 if (CRYPTO_gcm128_finish(&gctx->gcm, ctx->buf,
1019 ctx->buf, gctx->taglen) != 0) 983 gctx->taglen) != 0)
1020 return -1; 984 return -1;
1021 gctx->iv_set = 0; 985 gctx->iv_set = 0;
1022 return 0; 986 return 0;
1023 } 987 }
1024 CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, 16); 988 CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, 16);
1025 gctx->taglen = 16; 989 gctx->taglen = 16;
990
1026 /* Don't reuse the IV */ 991 /* Don't reuse the IV */
1027 gctx->iv_set = 0; 992 gctx->iv_set = 0;
1028 return 0; 993 return 0;
1029 }
1030
1031 } 994 }
1032 995
996}
997
1033#define CUSTOM_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \ 998#define CUSTOM_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \
1034 | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ 999 | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
1035 | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT) 1000 | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT)
1036 1001
1037BLOCK_CIPHER_custom(NID_aes,128,1,12,gcm,GCM, 1002BLOCK_CIPHER_custom(NID_aes, 128, 1,12, gcm, GCM,
1038 EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS) 1003 EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS)
1039BLOCK_CIPHER_custom(NID_aes,192,1,12,gcm,GCM, 1004BLOCK_CIPHER_custom(NID_aes, 192, 1,12, gcm, GCM,
1040 EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS) 1005 EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS)
1041BLOCK_CIPHER_custom(NID_aes,256,1,12,gcm,GCM, 1006BLOCK_CIPHER_custom(NID_aes, 256, 1,12, gcm, GCM,
1042 EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS) 1007 EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS)
1043 1008
1044static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) 1009static int
1045 { 1010aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
1011{
1046 EVP_AES_XTS_CTX *xctx = c->cipher_data; 1012 EVP_AES_XTS_CTX *xctx = c->cipher_data;
1013
1047 if (type != EVP_CTRL_INIT) 1014 if (type != EVP_CTRL_INIT)
1048 return -1; 1015 return -1;
1016
1049 /* key1 and key2 are used as an indicator both key and IV are set */ 1017 /* key1 and key2 are used as an indicator both key and IV are set */
1050 xctx->xts.key1 = NULL; 1018 xctx->xts.key1 = NULL;
1051 xctx->xts.key2 = NULL; 1019 xctx->xts.key2 = NULL;
1052 return 1; 1020 return 1;
1053 } 1021}
1054 1022
1055static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 1023static int
1056 const unsigned char *iv, int enc) 1024aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
1057 { 1025 const unsigned char *iv, int enc)
1026{
1058 EVP_AES_XTS_CTX *xctx = ctx->cipher_data; 1027 EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
1028
1059 if (!iv && !key) 1029 if (!iv && !key)
1060 return 1; 1030 return 1;
1061 1031
1062 if (key) do 1032 if (key) do {
1063 {
1064#ifdef AES_XTS_ASM 1033#ifdef AES_XTS_ASM
1065 xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt; 1034 xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt;
1066#else 1035#else
@@ -1069,100 +1038,98 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
1069 /* key_len is two AES keys */ 1038 /* key_len is two AES keys */
1070#ifdef BSAES_CAPABLE 1039#ifdef BSAES_CAPABLE
1071 if (BSAES_CAPABLE) 1040 if (BSAES_CAPABLE)
1072 xctx->stream = enc ? bsaes_xts_encrypt : bsaes_xts_decrypt; 1041 xctx->stream = enc ? bsaes_xts_encrypt :
1042 bsaes_xts_decrypt;
1073 else 1043 else
1074#endif 1044#endif
1075#ifdef VPAES_CAPABLE 1045#ifdef VPAES_CAPABLE
1076 if (VPAES_CAPABLE) 1046 if (VPAES_CAPABLE) {
1077 { 1047 if (enc) {
1078 if (enc) 1048 vpaes_set_encrypt_key(key, ctx->key_len * 4,
1079 { 1049 &xctx->ks1);
1080 vpaes_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1); 1050 xctx->xts.block1 = (block128_f)vpaes_encrypt;
1081 xctx->xts.block1 = (block128_f)vpaes_encrypt; 1051 } else {
1082 } 1052 vpaes_set_decrypt_key(key, ctx->key_len * 4,
1083 else 1053 &xctx->ks1);
1084 { 1054 xctx->xts.block1 = (block128_f)vpaes_decrypt;
1085 vpaes_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1);
1086 xctx->xts.block1 = (block128_f)vpaes_decrypt;
1087 } 1055 }
1088 1056
1089 vpaes_set_encrypt_key(key + ctx->key_len/2, 1057 vpaes_set_encrypt_key(key + ctx->key_len / 2,
1090 ctx->key_len * 4, &xctx->ks2); 1058 ctx->key_len * 4, &xctx->ks2);
1091 xctx->xts.block2 = (block128_f)vpaes_encrypt; 1059 xctx->xts.block2 = (block128_f)vpaes_encrypt;
1092 1060
1093 xctx->xts.key1 = &xctx->ks1; 1061 xctx->xts.key1 = &xctx->ks1;
1094 break; 1062 break;
1095 } 1063 } else
1096 else
1097#endif 1064#endif
1098 (void)0; /* terminate potentially open 'else' */ 1065 (void)0; /* terminate potentially open 'else' */
1099 1066
1100 if (enc) 1067 if (enc) {
1101 {
1102 AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1); 1068 AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);
1103 xctx->xts.block1 = (block128_f)AES_encrypt; 1069 xctx->xts.block1 = (block128_f)AES_encrypt;
1104 } 1070 } else {
1105 else
1106 {
1107 AES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1); 1071 AES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1);
1108 xctx->xts.block1 = (block128_f)AES_decrypt; 1072 xctx->xts.block1 = (block128_f)AES_decrypt;
1109 } 1073 }
1110 1074
1111 AES_set_encrypt_key(key + ctx->key_len/2, 1075 AES_set_encrypt_key(key + ctx->key_len / 2,
1112 ctx->key_len * 4, &xctx->ks2); 1076 ctx->key_len * 4, &xctx->ks2);
1113 xctx->xts.block2 = (block128_f)AES_encrypt; 1077 xctx->xts.block2 = (block128_f)AES_encrypt;
1114 1078
1115 xctx->xts.key1 = &xctx->ks1; 1079 xctx->xts.key1 = &xctx->ks1;
1116 } while (0); 1080 } while (0);
1117 1081
1118 if (iv) 1082 if (iv) {
1119 {
1120 xctx->xts.key2 = &xctx->ks2; 1083 xctx->xts.key2 = &xctx->ks2;
1121 memcpy(ctx->iv, iv, 16); 1084 memcpy(ctx->iv, iv, 16);
1122 } 1085 }
1123 1086
1124 return 1; 1087 return 1;
1125 } 1088}
1126 1089
1127static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 1090static int
1128 const unsigned char *in, size_t len) 1091aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1129 { 1092 const unsigned char *in, size_t len)
1093{
1130 EVP_AES_XTS_CTX *xctx = ctx->cipher_data; 1094 EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
1095
1131 if (!xctx->xts.key1 || !xctx->xts.key2) 1096 if (!xctx->xts.key1 || !xctx->xts.key2)
1132 return 0; 1097 return 0;
1133 if (!out || !in || len<AES_BLOCK_SIZE) 1098 if (!out || !in || len < AES_BLOCK_SIZE)
1134 return 0; 1099 return 0;
1100
1135#ifdef OPENSSL_FIPS 1101#ifdef OPENSSL_FIPS
1136 /* Requirement of SP800-38E */ 1102 /* Requirement of SP800-38E */
1137 if (FIPS_module_mode() && !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) && 1103 if (FIPS_module_mode() &&
1138 (len > (1UL<<20)*16)) 1104 !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) &&
1139 { 1105 (len > (1UL << 20) * 16)) {
1140 EVPerr(EVP_F_AES_XTS_CIPHER, EVP_R_TOO_LARGE); 1106 EVPerr(EVP_F_AES_XTS_CIPHER, EVP_R_TOO_LARGE);
1141 return 0; 1107 return 0;
1142 } 1108 }
1143#endif 1109#endif
1144 if (xctx->stream) 1110 if (xctx->stream)
1145 (*xctx->stream)(in, out, len, 1111 (*xctx->stream)(in, out, len, xctx->xts.key1, xctx->xts.key2,
1146 xctx->xts.key1, xctx->xts.key2, ctx->iv); 1112 ctx->iv);
1147 else if (CRYPTO_xts128_encrypt(&xctx->xts, ctx->iv, in, out, len, 1113 else if (CRYPTO_xts128_encrypt(&xctx->xts, ctx->iv, in, out, len,
1148 ctx->encrypt)) 1114 ctx->encrypt))
1149 return 0; 1115 return 0;
1150 return 1; 1116 return 1;
1151 } 1117}
1152 1118
1153#define aes_xts_cleanup NULL 1119#define aes_xts_cleanup NULL
1154 1120
1155#define XTS_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV \ 1121#define XTS_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV \
1156 | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT) 1122 | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT)
1157 1123
1158BLOCK_CIPHER_custom(NID_aes,128,1,16,xts,XTS,EVP_CIPH_FLAG_FIPS|XTS_FLAGS) 1124BLOCK_CIPHER_custom(NID_aes, 128, 1,16, xts, XTS, EVP_CIPH_FLAG_FIPS|XTS_FLAGS)
1159BLOCK_CIPHER_custom(NID_aes,256,1,16,xts,XTS,EVP_CIPH_FLAG_FIPS|XTS_FLAGS) 1125BLOCK_CIPHER_custom(NID_aes, 256, 1,16, xts, XTS, EVP_CIPH_FLAG_FIPS|XTS_FLAGS)
1160 1126
1161static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) 1127static int
1162 { 1128aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
1129{
1163 EVP_AES_CCM_CTX *cctx = c->cipher_data; 1130 EVP_AES_CCM_CTX *cctx = c->cipher_data;
1164 switch (type) 1131
1165 { 1132 switch (type) {
1166 case EVP_CTRL_INIT: 1133 case EVP_CTRL_INIT:
1167 cctx->key_set = 0; 1134 cctx->key_set = 0;
1168 cctx->iv_set = 0; 1135 cctx->iv_set = 0;
@@ -1174,6 +1141,7 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
1174 1141
1175 case EVP_CTRL_CCM_SET_IVLEN: 1142 case EVP_CTRL_CCM_SET_IVLEN:
1176 arg = 15 - arg; 1143 arg = 15 - arg;
1144
1177 case EVP_CTRL_CCM_SET_L: 1145 case EVP_CTRL_CCM_SET_L:
1178 if (arg < 2 || arg > 8) 1146 if (arg < 2 || arg > 8)
1179 return 0; 1147 return 0;
@@ -1185,18 +1153,17 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
1185 return 0; 1153 return 0;
1186 if ((c->encrypt && ptr) || (!c->encrypt && !ptr)) 1154 if ((c->encrypt && ptr) || (!c->encrypt && !ptr))
1187 return 0; 1155 return 0;
1188 if (ptr) 1156 if (ptr) {
1189 {
1190 cctx->tag_set = 1; 1157 cctx->tag_set = 1;
1191 memcpy(c->buf, ptr, arg); 1158 memcpy(c->buf, ptr, arg);
1192 } 1159 }
1193 cctx->M = arg; 1160 cctx->M = arg;
1194 return 1; 1161 return 1;
1195 1162
1196 case EVP_CTRL_CCM_GET_TAG: 1163 case EVP_CTRL_CCM_GET_TAG:
1197 if (!c->encrypt || !cctx->tag_set) 1164 if (!c->encrypt || !cctx->tag_set)
1198 return 0; 1165 return 0;
1199 if(!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg)) 1166 if (!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg))
1200 return 0; 1167 return 0;
1201 cctx->tag_set = 0; 1168 cctx->tag_set = 0;
1202 cctx->iv_set = 0; 1169 cctx->iv_set = 0;
@@ -1205,116 +1172,111 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
1205 1172
1206 default: 1173 default:
1207 return -1; 1174 return -1;
1208
1209 }
1210 } 1175 }
1176}
1211 1177
1212static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 1178static int
1213 const unsigned char *iv, int enc) 1179aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
1214 { 1180 const unsigned char *iv, int enc)
1181{
1215 EVP_AES_CCM_CTX *cctx = ctx->cipher_data; 1182 EVP_AES_CCM_CTX *cctx = ctx->cipher_data;
1183
1216 if (!iv && !key) 1184 if (!iv && !key)
1217 return 1; 1185 return 1;
1218 if (key) do 1186 if (key) do {
1219 {
1220#ifdef VPAES_CAPABLE 1187#ifdef VPAES_CAPABLE
1221 if (VPAES_CAPABLE) 1188 if (VPAES_CAPABLE) {
1222 {
1223 vpaes_set_encrypt_key(key, ctx->key_len*8, &cctx->ks); 1189 vpaes_set_encrypt_key(key, ctx->key_len*8, &cctx->ks);
1224 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, 1190 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
1225 &cctx->ks, (block128_f)vpaes_encrypt); 1191 &cctx->ks, (block128_f)vpaes_encrypt);
1226 cctx->str = NULL; 1192 cctx->str = NULL;
1227 cctx->key_set = 1; 1193 cctx->key_set = 1;
1228 break; 1194 break;
1229 } 1195 }
1230#endif 1196#endif
1231 AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks); 1197 AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks);
1232 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, 1198 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
1233 &cctx->ks, (block128_f)AES_encrypt); 1199 &cctx->ks, (block128_f)AES_encrypt);
1234 cctx->str = NULL; 1200 cctx->str = NULL;
1235 cctx->key_set = 1; 1201 cctx->key_set = 1;
1236 } while (0); 1202 } while (0);
1237 if (iv) 1203 if (iv) {
1238 {
1239 memcpy(ctx->iv, iv, 15 - cctx->L); 1204 memcpy(ctx->iv, iv, 15 - cctx->L);
1240 cctx->iv_set = 1; 1205 cctx->iv_set = 1;
1241 }
1242 return 1;
1243 } 1206 }
1207 return 1;
1208}
1244 1209
1245static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 1210static int
1246 const unsigned char *in, size_t len) 1211aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1247 { 1212 const unsigned char *in, size_t len)
1213{
1248 EVP_AES_CCM_CTX *cctx = ctx->cipher_data; 1214 EVP_AES_CCM_CTX *cctx = ctx->cipher_data;
1249 CCM128_CONTEXT *ccm = &cctx->ccm; 1215 CCM128_CONTEXT *ccm = &cctx->ccm;
1216
1250 /* If not set up, return error */ 1217 /* If not set up, return error */
1251 if (!cctx->iv_set && !cctx->key_set) 1218 if (!cctx->iv_set && !cctx->key_set)
1252 return -1; 1219 return -1;
1253 if (!ctx->encrypt && !cctx->tag_set) 1220 if (!ctx->encrypt && !cctx->tag_set)
1254 return -1; 1221 return -1;
1255 if (!out) 1222
1256 { 1223 if (!out) {
1257 if (!in) 1224 if (!in) {
1258 { 1225 if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L,
1259 if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L,len)) 1226 len))
1260 return -1; 1227 return -1;
1261 cctx->len_set = 1; 1228 cctx->len_set = 1;
1262 return len; 1229 return len;
1263 } 1230 }
1264 /* If have AAD need message length */ 1231 /* If have AAD need message length */
1265 if (!cctx->len_set && len) 1232 if (!cctx->len_set && len)
1266 return -1; 1233 return -1;
1267 CRYPTO_ccm128_aad(ccm, in, len); 1234 CRYPTO_ccm128_aad(ccm, in, len);
1268 return len; 1235 return len;
1269 } 1236 }
1270 /* EVP_*Final() doesn't return any data */ 1237 /* EVP_*Final() doesn't return any data */
1271 if (!in) 1238 if (!in)
1272 return 0; 1239 return 0;
1273 /* If not set length yet do it */ 1240 /* If not set length yet do it */
1274 if (!cctx->len_set) 1241 if (!cctx->len_set) {
1275 {
1276 if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len)) 1242 if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len))
1277 return -1; 1243 return -1;
1278 cctx->len_set = 1; 1244 cctx->len_set = 1;
1279 } 1245 }
1280 if (ctx->encrypt) 1246 if (ctx->encrypt) {
1281 {
1282 if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, 1247 if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len,
1283 cctx->str) : 1248 cctx->str) : CRYPTO_ccm128_encrypt(ccm, in, out, len))
1284 CRYPTO_ccm128_encrypt(ccm, in, out, len))
1285 return -1; 1249 return -1;
1286 cctx->tag_set = 1; 1250 cctx->tag_set = 1;
1287 return len; 1251 return len;
1288 } 1252 } else {
1289 else
1290 {
1291 int rv = -1; 1253 int rv = -1;
1292 if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, 1254 if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len,
1293 cctx->str) : 1255 cctx->str) : !CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
1294 !CRYPTO_ccm128_decrypt(ccm, in, out, len))
1295 {
1296 unsigned char tag[16]; 1256 unsigned char tag[16];
1297 if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) 1257 if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
1298 {
1299 if (!memcmp(tag, ctx->buf, cctx->M)) 1258 if (!memcmp(tag, ctx->buf, cctx->M))
1300 rv = len; 1259 rv = len;
1301 }
1302 } 1260 }
1261 }
1303 if (rv == -1) 1262 if (rv == -1)
1304 OPENSSL_cleanse(out, len); 1263 OPENSSL_cleanse(out, len);
1305 cctx->iv_set = 0; 1264 cctx->iv_set = 0;
1306 cctx->tag_set = 0; 1265 cctx->tag_set = 0;
1307 cctx->len_set = 0; 1266 cctx->len_set = 0;
1308 return rv; 1267 return rv;
1309 }
1310
1311 } 1268 }
1312 1269
1270}
1271
1313#define aes_ccm_cleanup NULL 1272#define aes_ccm_cleanup NULL
1314 1273
1315BLOCK_CIPHER_custom(NID_aes,128,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) 1274BLOCK_CIPHER_custom(NID_aes, 128, 1,12, ccm, CCM,
1316BLOCK_CIPHER_custom(NID_aes,192,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) 1275 EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS)
1317BLOCK_CIPHER_custom(NID_aes,256,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) 1276BLOCK_CIPHER_custom(NID_aes, 192, 1,12, ccm, CCM,
1277 EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS)
1278BLOCK_CIPHER_custom(NID_aes, 256, 1,12, ccm, CCM,
1279 EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS)
1318 1280
1319#endif 1281#endif
1320#endif 1282#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c b/src/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c
index 4d76ec74d2..af0edb3dcf 100644
--- a/src/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/src/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -72,16 +72,15 @@
72 72
73#define TLS1_1_VERSION 0x0302 73#define TLS1_1_VERSION 0x0302
74 74
75typedef struct 75typedef struct {
76 { 76 AES_KEY ks;
77 AES_KEY ks; 77 SHA_CTX head, tail, md;
78 SHA_CTX head,tail,md; 78 size_t payload_length; /* AAD length in decrypt case */
79 size_t payload_length; /* AAD length in decrypt case */ 79 union {
80 union { 80 unsigned int tls_ver;
81 unsigned int tls_ver; 81 unsigned char tls_aad[16]; /* 13 used */
82 unsigned char tls_aad[16]; /* 13 used */ 82 } aux;
83 } aux; 83} EVP_AES_HMAC_SHA1;
84 } EVP_AES_HMAC_SHA1;
85 84
86#define NO_PAYLOAD_LENGTH ((size_t)-1) 85#define NO_PAYLOAD_LENGTH ((size_t)-1)
87 86
@@ -97,43 +96,37 @@ typedef struct
97extern unsigned int OPENSSL_ia32cap_P[2]; 96extern unsigned int OPENSSL_ia32cap_P[2];
98#define AESNI_CAPABLE (1<<(57-32)) 97#define AESNI_CAPABLE (1<<(57-32))
99 98
100int aesni_set_encrypt_key(const unsigned char *userKey, int bits, 99int aesni_set_encrypt_key(const unsigned char *userKey, int bits, AES_KEY *key);
101 AES_KEY *key); 100int aesni_set_decrypt_key(const unsigned char *userKey, int bits, AES_KEY *key);
102int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
103 AES_KEY *key);
104 101
105void aesni_cbc_encrypt(const unsigned char *in, 102void aesni_cbc_encrypt(const unsigned char *in, unsigned char *out,
106 unsigned char *out, 103 size_t length, const AES_KEY *key, unsigned char *ivec, int enc);
107 size_t length,
108 const AES_KEY *key,
109 unsigned char *ivec, int enc);
110 104
111void aesni_cbc_sha1_enc (const void *inp, void *out, size_t blocks, 105void aesni_cbc_sha1_enc (const void *inp, void *out, size_t blocks,
112 const AES_KEY *key, unsigned char iv[16], 106 const AES_KEY *key, unsigned char iv[16], SHA_CTX *ctx, const void *in0);
113 SHA_CTX *ctx,const void *in0);
114 107
115#define data(ctx) ((EVP_AES_HMAC_SHA1 *)(ctx)->cipher_data) 108#define data(ctx) ((EVP_AES_HMAC_SHA1 *)(ctx)->cipher_data)
116 109
117static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, 110static int
118 const unsigned char *inkey, 111aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *inkey,
119 const unsigned char *iv, int enc) 112 const unsigned char *iv, int enc)
120 { 113{
121 EVP_AES_HMAC_SHA1 *key = data(ctx); 114 EVP_AES_HMAC_SHA1 *key = data(ctx);
122 int ret; 115 int ret;
123 116
124 if (enc) 117 if (enc)
125 ret=aesni_set_encrypt_key(inkey,ctx->key_len*8,&key->ks); 118 ret = aesni_set_encrypt_key(inkey, ctx->key_len * 8, &key->ks);
126 else 119 else
127 ret=aesni_set_decrypt_key(inkey,ctx->key_len*8,&key->ks); 120 ret = aesni_set_decrypt_key(inkey, ctx->key_len * 8, &key->ks);
128 121
129 SHA1_Init(&key->head); /* handy when benchmarking */ 122 SHA1_Init(&key->head); /* handy when benchmarking */
130 key->tail = key->head; 123 key->tail = key->head;
131 key->md = key->head; 124 key->md = key->head;
132 125
133 key->payload_length = NO_PAYLOAD_LENGTH; 126 key->payload_length = NO_PAYLOAD_LENGTH;
134 127
135 return ret<0?0:1; 128 return ret < 0 ? 0 : 1;
136 } 129}
137 130
138#define STITCHED_CALL 131#define STITCHED_CALL
139 132
@@ -141,16 +134,19 @@ static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
141#define aes_off 0 134#define aes_off 0
142#endif 135#endif
143 136
144void sha1_block_data_order (void *c,const void *p,size_t len); 137void sha1_block_data_order (void *c, const void *p, size_t len);
145 138
146static void sha1_update(SHA_CTX *c,const void *data,size_t len) 139static void
147{ const unsigned char *ptr = data; 140sha1_update(SHA_CTX *c, const void *data, size_t len)
141{
142 const unsigned char *ptr = data;
148 size_t res; 143 size_t res;
149 144
150 if ((res = c->num)) { 145 if ((res = c->num)) {
151 res = SHA_CBLOCK-res; 146 res = SHA_CBLOCK - res;
152 if (len<res) res=len; 147 if (len < res)
153 SHA1_Update (c,ptr,res); 148 res = len;
149 SHA1_Update(c, ptr, res);
154 ptr += res; 150 ptr += res;
155 len -= res; 151 len -= res;
156 } 152 }
@@ -159,16 +155,17 @@ static void sha1_update(SHA_CTX *c,const void *data,size_t len)
159 len -= res; 155 len -= res;
160 156
161 if (len) { 157 if (len) {
162 sha1_block_data_order(c,ptr,len/SHA_CBLOCK); 158 sha1_block_data_order(c, ptr, len / SHA_CBLOCK);
163 159
164 ptr += len; 160 ptr += len;
165 c->Nh += len>>29; 161 c->Nh += len >> 29;
166 c->Nl += len<<=3; 162 c->Nl += len <<= 3;
167 if (c->Nl<(unsigned int)len) c->Nh++; 163 if (c->Nl < (unsigned int)len)
164 c->Nh++;
168 } 165 }
169 166
170 if (res) 167 if (res)
171 SHA1_Update(c,ptr,res); 168 SHA1_Update(c, ptr, res);
172} 169}
173 170
174#ifdef SHA1_Update 171#ifdef SHA1_Update
@@ -176,96 +173,106 @@ static void sha1_update(SHA_CTX *c,const void *data,size_t len)
176#endif 173#endif
177#define SHA1_Update sha1_update 174#define SHA1_Update sha1_update
178 175
179static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 176static int
180 const unsigned char *in, size_t len) 177aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
181 { 178 const unsigned char *in, size_t len)
179{
182 EVP_AES_HMAC_SHA1 *key = data(ctx); 180 EVP_AES_HMAC_SHA1 *key = data(ctx);
183 unsigned int l; 181 unsigned int l;
184 size_t plen = key->payload_length, 182 size_t plen = key->payload_length,
185 iv = 0, /* explicit IV in TLS 1.1 and later */ 183 iv = 0, /* explicit IV in TLS 1.1 and later */
186 sha_off = 0; 184 sha_off = 0;
187#if defined(STITCHED_CALL) 185#if defined(STITCHED_CALL)
188 size_t aes_off = 0, 186 size_t aes_off = 0, blocks;
189 blocks;
190 187
191 sha_off = SHA_CBLOCK-key->md.num; 188 sha_off = SHA_CBLOCK - key->md.num;
192#endif 189#endif
193 190
194 key->payload_length = NO_PAYLOAD_LENGTH; 191 key->payload_length = NO_PAYLOAD_LENGTH;
195 192
196 if (len%AES_BLOCK_SIZE) return 0; 193 if (len % AES_BLOCK_SIZE)
194 return 0;
197 195
198 if (ctx->encrypt) { 196 if (ctx->encrypt) {
199 if (plen==NO_PAYLOAD_LENGTH) 197 if (plen == NO_PAYLOAD_LENGTH)
200 plen = len; 198 plen = len;
201 else if (len!=((plen+SHA_DIGEST_LENGTH+AES_BLOCK_SIZE)&-AES_BLOCK_SIZE)) 199 else if (len != ((plen + SHA_DIGEST_LENGTH + AES_BLOCK_SIZE) &
200 -AES_BLOCK_SIZE))
202 return 0; 201 return 0;
203 else if (key->aux.tls_ver >= TLS1_1_VERSION) 202 else if (key->aux.tls_ver >= TLS1_1_VERSION)
204 iv = AES_BLOCK_SIZE; 203 iv = AES_BLOCK_SIZE;
205 204
206#if defined(STITCHED_CALL) 205#if defined(STITCHED_CALL)
207 if (plen>(sha_off+iv) && (blocks=(plen-(sha_off+iv))/SHA_CBLOCK)) { 206 if (plen > (sha_off + iv) &&
208 SHA1_Update(&key->md,in+iv,sha_off); 207 (blocks = (plen - (sha_off + iv)) / SHA_CBLOCK)) {
208 SHA1_Update(&key->md, in + iv, sha_off);
209 209
210 aesni_cbc_sha1_enc(in,out,blocks,&key->ks, 210 aesni_cbc_sha1_enc(in, out, blocks, &key->ks,
211 ctx->iv,&key->md,in+iv+sha_off); 211 ctx->iv, &key->md, in + iv + sha_off);
212 blocks *= SHA_CBLOCK; 212 blocks *= SHA_CBLOCK;
213 aes_off += blocks; 213 aes_off += blocks;
214 sha_off += blocks; 214 sha_off += blocks;
215 key->md.Nh += blocks>>29; 215 key->md.Nh += blocks >> 29;
216 key->md.Nl += blocks<<=3; 216 key->md.Nl += blocks <<= 3;
217 if (key->md.Nl<(unsigned int)blocks) key->md.Nh++; 217 if (key->md.Nl < (unsigned int)blocks)
218 key->md.Nh++;
218 } else { 219 } else {
219 sha_off = 0; 220 sha_off = 0;
220 } 221 }
221#endif 222#endif
222 sha_off += iv; 223 sha_off += iv;
223 SHA1_Update(&key->md,in+sha_off,plen-sha_off); 224 SHA1_Update(&key->md, in + sha_off, plen - sha_off);
224 225
225 if (plen!=len) { /* "TLS" mode of operation */ 226 if (plen != len) { /* "TLS" mode of operation */
226 if (in!=out) 227 if (in != out)
227 memcpy(out+aes_off,in+aes_off,plen-aes_off); 228 memcpy(out + aes_off, in + aes_off,
229 plen - aes_off);
228 230
229 /* calculate HMAC and append it to payload */ 231 /* calculate HMAC and append it to payload */
230 SHA1_Final(out+plen,&key->md); 232 SHA1_Final(out + plen, &key->md);
231 key->md = key->tail; 233 key->md = key->tail;
232 SHA1_Update(&key->md,out+plen,SHA_DIGEST_LENGTH); 234 SHA1_Update(&key->md, out + plen, SHA_DIGEST_LENGTH);
233 SHA1_Final(out+plen,&key->md); 235 SHA1_Final(out + plen, &key->md);
234 236
235 /* pad the payload|hmac */ 237 /* pad the payload|hmac */
236 plen += SHA_DIGEST_LENGTH; 238 plen += SHA_DIGEST_LENGTH;
237 for (l=len-plen-1;plen<len;plen++) out[plen]=l; 239 for (l = len - plen - 1; plen < len; plen++)
240 out[plen] = l;
241
238 /* encrypt HMAC|padding at once */ 242 /* encrypt HMAC|padding at once */
239 aesni_cbc_encrypt(out+aes_off,out+aes_off,len-aes_off, 243 aesni_cbc_encrypt(out + aes_off, out + aes_off,
240 &key->ks,ctx->iv,1); 244 len - aes_off, &key->ks, ctx->iv, 1);
241 } else { 245 } else {
242 aesni_cbc_encrypt(in+aes_off,out+aes_off,len-aes_off, 246 aesni_cbc_encrypt(in + aes_off, out + aes_off,
243 &key->ks,ctx->iv,1); 247 len - aes_off, &key->ks, ctx->iv, 1);
244 } 248 }
245 } else { 249 } else {
246 union { unsigned int u[SHA_DIGEST_LENGTH/sizeof(unsigned int)]; 250 union {
247 unsigned char c[32+SHA_DIGEST_LENGTH]; } mac, *pmac; 251 unsigned int u[SHA_DIGEST_LENGTH/sizeof(unsigned int)];
252 unsigned char c[32 + SHA_DIGEST_LENGTH];
253 } mac, *pmac;
248 254
249 /* arrange cache line alignment */ 255 /* arrange cache line alignment */
250 pmac = (void *)(((size_t)mac.c+31)&((size_t)0-32)); 256 pmac = (void *)(((size_t)mac.c + 31) & ((size_t)0 - 32));
251 257
252 /* decrypt HMAC|padding at once */ 258 /* decrypt HMAC|padding at once */
253 aesni_cbc_encrypt(in,out,len, 259 aesni_cbc_encrypt(in, out, len, &key->ks, ctx->iv, 0);
254 &key->ks,ctx->iv,0);
255 260
256 if (plen) { /* "TLS" mode of operation */ 261 if (plen) { /* "TLS" mode of operation */
257 size_t inp_len, mask, j, i; 262 size_t inp_len, mask, j, i;
258 unsigned int res, maxpad, pad, bitlen; 263 unsigned int res, maxpad, pad, bitlen;
259 int ret = 1; 264 int ret = 1;
260 union { unsigned int u[SHA_LBLOCK]; 265 union {
261 unsigned char c[SHA_CBLOCK]; } 266 unsigned int u[SHA_LBLOCK];
262 *data = (void *)key->md.data; 267 unsigned char c[SHA_CBLOCK];
268 }
269 *data = (void *)key->md.data;
263 270
264 if ((key->aux.tls_aad[plen-4]<<8|key->aux.tls_aad[plen-3]) 271 if ((key->aux.tls_aad[plen - 4] << 8 |
265 >= TLS1_1_VERSION) 272 key->aux.tls_aad[plen - 3]) >= TLS1_1_VERSION)
266 iv = AES_BLOCK_SIZE; 273 iv = AES_BLOCK_SIZE;
267 274
268 if (len<(iv+SHA_DIGEST_LENGTH+1)) 275 if (len < (iv + SHA_DIGEST_LENGTH + 1))
269 return 0; 276 return 0;
270 277
271 /* omit explicit iv */ 278 /* omit explicit iv */
@@ -273,93 +280,102 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
273 len -= iv; 280 len -= iv;
274 281
275 /* figure out payload length */ 282 /* figure out payload length */
276 pad = out[len-1]; 283 pad = out[len - 1];
277 maxpad = len-(SHA_DIGEST_LENGTH+1); 284 maxpad = len - (SHA_DIGEST_LENGTH + 1);
278 maxpad |= (255-maxpad)>>(sizeof(maxpad)*8-8); 285 maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
279 maxpad &= 255; 286 maxpad &= 255;
280 287
281 inp_len = len - (SHA_DIGEST_LENGTH+pad+1); 288 inp_len = len - (SHA_DIGEST_LENGTH + pad + 1);
282 mask = (0-((inp_len-len)>>(sizeof(inp_len)*8-1))); 289 mask = (0 - ((inp_len - len) >>
290 (sizeof(inp_len) * 8 - 1)));
283 inp_len &= mask; 291 inp_len &= mask;
284 ret &= (int)mask; 292 ret &= (int)mask;
285 293
286 key->aux.tls_aad[plen-2] = inp_len>>8; 294 key->aux.tls_aad[plen - 2] = inp_len >> 8;
287 key->aux.tls_aad[plen-1] = inp_len; 295 key->aux.tls_aad[plen - 1] = inp_len;
288 296
289 /* calculate HMAC */ 297 /* calculate HMAC */
290 key->md = key->head; 298 key->md = key->head;
291 SHA1_Update(&key->md,key->aux.tls_aad,plen); 299 SHA1_Update(&key->md, key->aux.tls_aad, plen);
292 300
293#if 1 301#if 1
294 len -= SHA_DIGEST_LENGTH; /* amend mac */ 302 len -= SHA_DIGEST_LENGTH; /* amend mac */
295 if (len>=(256+SHA_CBLOCK)) { 303 if (len >= (256 + SHA_CBLOCK)) {
296 j = (len-(256+SHA_CBLOCK))&(0-SHA_CBLOCK); 304 j = (len - (256 + SHA_CBLOCK)) &
297 j += SHA_CBLOCK-key->md.num; 305 (0 - SHA_CBLOCK);
298 SHA1_Update(&key->md,out,j); 306 j += SHA_CBLOCK - key->md.num;
307 SHA1_Update(&key->md, out, j);
299 out += j; 308 out += j;
300 len -= j; 309 len -= j;
301 inp_len -= j; 310 inp_len -= j;
302 } 311 }
303 312
304 /* but pretend as if we hashed padded payload */ 313 /* but pretend as if we hashed padded payload */
305 bitlen = key->md.Nl+(inp_len<<3); /* at most 18 bits */ 314 bitlen = key->md.Nl + (inp_len << 3); /* at most 18 bits */
306#ifdef BSWAP 315#ifdef BSWAP
307 bitlen = BSWAP(bitlen); 316 bitlen = BSWAP(bitlen);
308#else 317#else
309 mac.c[0] = 0; 318 mac.c[0] = 0;
310 mac.c[1] = (unsigned char)(bitlen>>16); 319 mac.c[1] = (unsigned char)(bitlen >> 16);
311 mac.c[2] = (unsigned char)(bitlen>>8); 320 mac.c[2] = (unsigned char)(bitlen >> 8);
312 mac.c[3] = (unsigned char)bitlen; 321 mac.c[3] = (unsigned char)bitlen;
313 bitlen = mac.u[0]; 322 bitlen = mac.u[0];
314#endif 323#endif
315 324
316 pmac->u[0]=0; 325 pmac->u[0] = 0;
317 pmac->u[1]=0; 326 pmac->u[1] = 0;
318 pmac->u[2]=0; 327 pmac->u[2] = 0;
319 pmac->u[3]=0; 328 pmac->u[3] = 0;
320 pmac->u[4]=0; 329 pmac->u[4] = 0;
321 330
322 for (res=key->md.num, j=0;j<len;j++) { 331 for (res = key->md.num, j = 0; j < len; j++) {
323 size_t c = out[j]; 332 size_t c = out[j];
324 mask = (j-inp_len)>>(sizeof(j)*8-8); 333 mask = (j - inp_len) >> (sizeof(j) * 8 - 8);
325 c &= mask; 334 c &= mask;
326 c |= 0x80&~mask&~((inp_len-j)>>(sizeof(j)*8-8)); 335 c |= 0x80 & ~mask &
327 data->c[res++]=(unsigned char)c; 336 ~((inp_len - j) >> (sizeof(j) * 8 - 8));
337 data->c[res++] = (unsigned char)c;
328 338
329 if (res!=SHA_CBLOCK) continue; 339 if (res != SHA_CBLOCK)
340 continue;
330 341
331 /* j is not incremented yet */ 342 /* j is not incremented yet */
332 mask = 0-((inp_len+7-j)>>(sizeof(j)*8-1)); 343 mask = 0 - ((inp_len + 7 - j) >>
333 data->u[SHA_LBLOCK-1] |= bitlen&mask; 344 (sizeof(j) * 8 - 1));
334 sha1_block_data_order(&key->md,data,1); 345 data->u[SHA_LBLOCK - 1] |= bitlen&mask;
335 mask &= 0-((j-inp_len-72)>>(sizeof(j)*8-1)); 346 sha1_block_data_order(&key->md, data, 1);
347 mask &= 0 - ((j - inp_len - 72) >>
348 (sizeof(j) * 8 - 1));
336 pmac->u[0] |= key->md.h0 & mask; 349 pmac->u[0] |= key->md.h0 & mask;
337 pmac->u[1] |= key->md.h1 & mask; 350 pmac->u[1] |= key->md.h1 & mask;
338 pmac->u[2] |= key->md.h2 & mask; 351 pmac->u[2] |= key->md.h2 & mask;
339 pmac->u[3] |= key->md.h3 & mask; 352 pmac->u[3] |= key->md.h3 & mask;
340 pmac->u[4] |= key->md.h4 & mask; 353 pmac->u[4] |= key->md.h4 & mask;
341 res=0; 354 res = 0;
342 } 355 }
343 356
344 for(i=res;i<SHA_CBLOCK;i++,j++) data->c[i]=0; 357 for (i = res; i < SHA_CBLOCK; i++, j++)
358 data->c[i] = 0;
345 359
346 if (res>SHA_CBLOCK-8) { 360 if (res > SHA_CBLOCK - 8) {
347 mask = 0-((inp_len+8-j)>>(sizeof(j)*8-1)); 361 mask = 0 - ((inp_len + 8 - j) >>
348 data->u[SHA_LBLOCK-1] |= bitlen&mask; 362 (sizeof(j) * 8 - 1));
349 sha1_block_data_order(&key->md,data,1); 363 data->u[SHA_LBLOCK - 1] |= bitlen & mask;
350 mask &= 0-((j-inp_len-73)>>(sizeof(j)*8-1)); 364 sha1_block_data_order(&key->md, data, 1);
365 mask &= 0 - ((j - inp_len - 73) >>
366 (sizeof(j) * 8 - 1));
351 pmac->u[0] |= key->md.h0 & mask; 367 pmac->u[0] |= key->md.h0 & mask;
352 pmac->u[1] |= key->md.h1 & mask; 368 pmac->u[1] |= key->md.h1 & mask;
353 pmac->u[2] |= key->md.h2 & mask; 369 pmac->u[2] |= key->md.h2 & mask;
354 pmac->u[3] |= key->md.h3 & mask; 370 pmac->u[3] |= key->md.h3 & mask;
355 pmac->u[4] |= key->md.h4 & mask; 371 pmac->u[4] |= key->md.h4 & mask;
356 372
357 memset(data,0,SHA_CBLOCK); 373 memset(data, 0, SHA_CBLOCK);
358 j+=64; 374 j += 64;
359 } 375 }
360 data->u[SHA_LBLOCK-1] = bitlen; 376 data->u[SHA_LBLOCK - 1] = bitlen;
361 sha1_block_data_order(&key->md,data,1); 377 sha1_block_data_order(&key->md, data, 1);
362 mask = 0-((j-inp_len-73)>>(sizeof(j)*8-1)); 378 mask = 0 - ((j - inp_len - 73) >> (sizeof(j) * 8 - 1));
363 pmac->u[0] |= key->md.h0 & mask; 379 pmac->u[0] |= key->md.h0 & mask;
364 pmac->u[1] |= key->md.h1 & mask; 380 pmac->u[1] |= key->md.h1 & mask;
365 pmac->u[2] |= key->md.h2 & mask; 381 pmac->u[2] |= key->md.h2 & mask;
@@ -373,209 +389,218 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
373 pmac->u[3] = BSWAP(pmac->u[3]); 389 pmac->u[3] = BSWAP(pmac->u[3]);
374 pmac->u[4] = BSWAP(pmac->u[4]); 390 pmac->u[4] = BSWAP(pmac->u[4]);
375#else 391#else
376 for (i=0;i<5;i++) { 392 for (i = 0; i < 5; i++) {
377 res = pmac->u[i]; 393 res = pmac->u[i];
378 pmac->c[4*i+0]=(unsigned char)(res>>24); 394 pmac->c[4 * i + 0] = (unsigned char)(res >> 24);
379 pmac->c[4*i+1]=(unsigned char)(res>>16); 395 pmac->c[4 * i + 1] = (unsigned char)(res >> 16);
380 pmac->c[4*i+2]=(unsigned char)(res>>8); 396 pmac->c[4 * i + 2] = (unsigned char)(res >> 8);
381 pmac->c[4*i+3]=(unsigned char)res; 397 pmac->c[4 * i + 3] = (unsigned char)res;
382 } 398 }
383#endif 399#endif
384 len += SHA_DIGEST_LENGTH; 400 len += SHA_DIGEST_LENGTH;
385#else 401#else
386 SHA1_Update(&key->md,out,inp_len); 402 SHA1_Update(&key->md, out, inp_len);
387 res = key->md.num; 403 res = key->md.num;
388 SHA1_Final(pmac->c,&key->md); 404 SHA1_Final(pmac->c, &key->md);
389 405
390 { 406 {
391 unsigned int inp_blocks, pad_blocks; 407 unsigned int inp_blocks, pad_blocks;
392 408
393 /* but pretend as if we hashed padded payload */ 409 /* but pretend as if we hashed padded payload */
394 inp_blocks = 1+((SHA_CBLOCK-9-res)>>(sizeof(res)*8-1)); 410 inp_blocks = 1 + ((SHA_CBLOCK - 9 - res) >>
395 res += (unsigned int)(len-inp_len); 411 (sizeof(res) * 8 - 1));
396 pad_blocks = res / SHA_CBLOCK; 412 res += (unsigned int)(len - inp_len);
397 res %= SHA_CBLOCK; 413 pad_blocks = res / SHA_CBLOCK;
398 pad_blocks += 1+((SHA_CBLOCK-9-res)>>(sizeof(res)*8-1)); 414 res %= SHA_CBLOCK;
399 for (;inp_blocks<pad_blocks;inp_blocks++) 415 pad_blocks += 1 + ((SHA_CBLOCK - 9 - res) >>
400 sha1_block_data_order(&key->md,data,1); 416 (sizeof(res) * 8 - 1));
417 for (; inp_blocks < pad_blocks; inp_blocks++)
418 sha1_block_data_order(&key->md,
419 data, 1);
401 } 420 }
402#endif 421#endif
403 key->md = key->tail; 422 key->md = key->tail;
404 SHA1_Update(&key->md,pmac->c,SHA_DIGEST_LENGTH); 423 SHA1_Update(&key->md, pmac->c, SHA_DIGEST_LENGTH);
405 SHA1_Final(pmac->c,&key->md); 424 SHA1_Final(pmac->c, &key->md);
406 425
407 /* verify HMAC */ 426 /* verify HMAC */
408 out += inp_len; 427 out += inp_len;
409 len -= inp_len; 428 len -= inp_len;
410#if 1 429#if 1
411 { 430 {
412 unsigned char *p = out+len-1-maxpad-SHA_DIGEST_LENGTH; 431 unsigned char *p =
413 size_t off = out-p; 432 out + len - 1 - maxpad - SHA_DIGEST_LENGTH;
414 unsigned int c, cmask; 433 size_t off = out - p;
415 434 unsigned int c, cmask;
416 maxpad += SHA_DIGEST_LENGTH; 435
417 for (res=0,i=0,j=0;j<maxpad;j++) { 436 maxpad += SHA_DIGEST_LENGTH;
418 c = p[j]; 437 for (res = 0, i = 0, j = 0; j < maxpad; j++) {
419 cmask = ((int)(j-off-SHA_DIGEST_LENGTH))>>(sizeof(int)*8-1); 438 c = p[j];
420 res |= (c^pad)&~cmask; /* ... and padding */ 439 cmask = ((int)(j - off -
421 cmask &= ((int)(off-1-j))>>(sizeof(int)*8-1); 440 SHA_DIGEST_LENGTH)) >>
422 res |= (c^pmac->c[i])&cmask; 441 (sizeof(int) * 8 - 1);
423 i += 1&cmask; 442 res |= (c ^ pad) & ~cmask; /* ... and padding */
424 } 443 cmask &= ((int)(off - 1 - j)) >>
425 maxpad -= SHA_DIGEST_LENGTH; 444 (sizeof(int) * 8 - 1);
426 445 res |= (c ^ pmac->c[i]) & cmask;
427 res = 0-((0-res)>>(sizeof(res)*8-1)); 446 i += 1 & cmask;
428 ret &= (int)~res; 447 }
448 maxpad -= SHA_DIGEST_LENGTH;
449
450 res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
451 ret &= (int)~res;
429 } 452 }
430#else 453#else
431 for (res=0,i=0;i<SHA_DIGEST_LENGTH;i++) 454 for (res = 0, i = 0; i < SHA_DIGEST_LENGTH; i++)
432 res |= out[i]^pmac->c[i]; 455 res |= out[i] ^ pmac->c[i];
433 res = 0-((0-res)>>(sizeof(res)*8-1)); 456 res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
434 ret &= (int)~res; 457 ret &= (int)~res;
435 458
436 /* verify padding */ 459 /* verify padding */
437 pad = (pad&~res) | (maxpad&res); 460 pad = (pad & ~res) | (maxpad & res);
438 out = out+len-1-pad; 461 out = out + len - 1 - pad;
439 for (res=0,i=0;i<pad;i++) 462 for (res = 0, i = 0; i < pad; i++)
440 res |= out[i]^pad; 463 res |= out[i] ^ pad;
441 464
442 res = (0-res)>>(sizeof(res)*8-1); 465 res = (0 - res) >> (sizeof(res) * 8 - 1);
443 ret &= (int)~res; 466 ret &= (int)~res;
444#endif 467#endif
445 return ret; 468 return ret;
446 } else { 469 } else {
447 SHA1_Update(&key->md,out,len); 470 SHA1_Update(&key->md, out, len);
448 } 471 }
449 } 472 }
450 473
451 return 1; 474 return 1;
452 } 475}
453 476
454static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) 477static int
455 { 478aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
479{
456 EVP_AES_HMAC_SHA1 *key = data(ctx); 480 EVP_AES_HMAC_SHA1 *key = data(ctx);
457 481
458 switch (type) 482 switch (type) {
459 {
460 case EVP_CTRL_AEAD_SET_MAC_KEY: 483 case EVP_CTRL_AEAD_SET_MAC_KEY:
461 { 484 {
462 unsigned int i; 485 unsigned int i;
463 unsigned char hmac_key[64]; 486 unsigned char hmac_key[64];
464 487
465 memset (hmac_key,0,sizeof(hmac_key)); 488 memset (hmac_key, 0, sizeof(hmac_key));
466 489
467 if (arg > (int)sizeof(hmac_key)) { 490 if (arg > (int)sizeof(hmac_key)) {
468 SHA1_Init(&key->head); 491 SHA1_Init(&key->head);
469 SHA1_Update(&key->head,ptr,arg); 492 SHA1_Update(&key->head, ptr, arg);
470 SHA1_Final(hmac_key,&key->head); 493 SHA1_Final(hmac_key, &key->head);
471 } else { 494 } else {
472 memcpy(hmac_key,ptr,arg); 495 memcpy(hmac_key, ptr, arg);
473 } 496 }
474 497
475 for (i=0;i<sizeof(hmac_key);i++) 498 for (i = 0; i < sizeof(hmac_key); i++)
476 hmac_key[i] ^= 0x36; /* ipad */ 499 hmac_key[i] ^= 0x36; /* ipad */
477 SHA1_Init(&key->head); 500 SHA1_Init(&key->head);
478 SHA1_Update(&key->head,hmac_key,sizeof(hmac_key)); 501 SHA1_Update(&key->head, hmac_key, sizeof(hmac_key));
479 502
480 for (i=0;i<sizeof(hmac_key);i++) 503 for (i = 0; i < sizeof(hmac_key); i++)
481 hmac_key[i] ^= 0x36^0x5c; /* opad */ 504 hmac_key[i] ^= 0x36 ^ 0x5c; /* opad */
482 SHA1_Init(&key->tail); 505 SHA1_Init(&key->tail);
483 SHA1_Update(&key->tail,hmac_key,sizeof(hmac_key)); 506 SHA1_Update(&key->tail, hmac_key, sizeof(hmac_key));
484 507
485 OPENSSL_cleanse(hmac_key,sizeof(hmac_key)); 508 OPENSSL_cleanse(hmac_key, sizeof(hmac_key));
486 509
487 return 1; 510 return 1;
488 } 511 }
489 case EVP_CTRL_AEAD_TLS1_AAD: 512 case EVP_CTRL_AEAD_TLS1_AAD:
490 { 513 {
491 unsigned char *p=ptr; 514 unsigned char *p = ptr;
492 unsigned int len=p[arg-2]<<8|p[arg-1]; 515 unsigned int len = p[arg - 2] << 8 | p[arg - 1];
493 516
494 if (ctx->encrypt) 517 if (ctx->encrypt) {
495 { 518 key->payload_length = len;
496 key->payload_length = len; 519 if ((key->aux.tls_ver = p[arg - 4] << 8 |
497 if ((key->aux.tls_ver=p[arg-4]<<8|p[arg-3]) >= TLS1_1_VERSION) { 520 p[arg - 3]) >= TLS1_1_VERSION) {
498 len -= AES_BLOCK_SIZE; 521 len -= AES_BLOCK_SIZE;
499 p[arg-2] = len>>8; 522 p[arg - 2] = len >> 8;
500 p[arg-1] = len; 523 p[arg - 1] = len;
501 } 524 }
502 key->md = key->head; 525 key->md = key->head;
503 SHA1_Update(&key->md,p,arg); 526 SHA1_Update(&key->md, p, arg);
504 527
505 return (int)(((len+SHA_DIGEST_LENGTH+AES_BLOCK_SIZE)&-AES_BLOCK_SIZE) 528 return (int)(((len + SHA_DIGEST_LENGTH +
506 - len); 529 AES_BLOCK_SIZE) & -AES_BLOCK_SIZE) - len);
507 } 530 } else {
508 else 531 if (arg > 13)
509 { 532 arg = 13;
510 if (arg>13) arg = 13; 533 memcpy(key->aux.tls_aad, ptr, arg);
511 memcpy(key->aux.tls_aad,ptr,arg); 534 key->payload_length = arg;
512 key->payload_length = arg; 535
513 536 return SHA_DIGEST_LENGTH;
514 return SHA_DIGEST_LENGTH;
515 } 537 }
516 } 538 }
517 default: 539 default:
518 return -1; 540 return -1;
519 }
520 } 541 }
542}
521 543
522static EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher = 544static EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher = {
523 {
524#ifdef NID_aes_128_cbc_hmac_sha1 545#ifdef NID_aes_128_cbc_hmac_sha1
525 NID_aes_128_cbc_hmac_sha1, 546 NID_aes_128_cbc_hmac_sha1,
526#else 547#else
527 NID_undef, 548 NID_undef,
528#endif 549#endif
529 16,16,16, 550 16, 16, 16,
530 EVP_CIPH_CBC_MODE|EVP_CIPH_FLAG_DEFAULT_ASN1|EVP_CIPH_FLAG_AEAD_CIPHER, 551 EVP_CIPH_CBC_MODE|EVP_CIPH_FLAG_DEFAULT_ASN1|EVP_CIPH_FLAG_AEAD_CIPHER,
531 aesni_cbc_hmac_sha1_init_key, 552 aesni_cbc_hmac_sha1_init_key,
532 aesni_cbc_hmac_sha1_cipher, 553 aesni_cbc_hmac_sha1_cipher,
533 NULL, 554 NULL,
534 sizeof(EVP_AES_HMAC_SHA1), 555 sizeof(EVP_AES_HMAC_SHA1),
535 EVP_CIPH_FLAG_DEFAULT_ASN1?NULL:EVP_CIPHER_set_asn1_iv, 556 EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_set_asn1_iv,
536 EVP_CIPH_FLAG_DEFAULT_ASN1?NULL:EVP_CIPHER_get_asn1_iv, 557 EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_get_asn1_iv,
537 aesni_cbc_hmac_sha1_ctrl, 558 aesni_cbc_hmac_sha1_ctrl,
538 NULL 559 NULL
539 }; 560};
540 561
541static EVP_CIPHER aesni_256_cbc_hmac_sha1_cipher = 562static EVP_CIPHER aesni_256_cbc_hmac_sha1_cipher = {
542 {
543#ifdef NID_aes_256_cbc_hmac_sha1 563#ifdef NID_aes_256_cbc_hmac_sha1
544 NID_aes_256_cbc_hmac_sha1, 564 NID_aes_256_cbc_hmac_sha1,
545#else 565#else
546 NID_undef, 566 NID_undef,
547#endif 567#endif
548 16,32,16, 568 16, 32, 16,
549 EVP_CIPH_CBC_MODE|EVP_CIPH_FLAG_DEFAULT_ASN1|EVP_CIPH_FLAG_AEAD_CIPHER, 569 EVP_CIPH_CBC_MODE|EVP_CIPH_FLAG_DEFAULT_ASN1|EVP_CIPH_FLAG_AEAD_CIPHER,
550 aesni_cbc_hmac_sha1_init_key, 570 aesni_cbc_hmac_sha1_init_key,
551 aesni_cbc_hmac_sha1_cipher, 571 aesni_cbc_hmac_sha1_cipher,
552 NULL, 572 NULL,
553 sizeof(EVP_AES_HMAC_SHA1), 573 sizeof(EVP_AES_HMAC_SHA1),
554 EVP_CIPH_FLAG_DEFAULT_ASN1?NULL:EVP_CIPHER_set_asn1_iv, 574 EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_set_asn1_iv,
555 EVP_CIPH_FLAG_DEFAULT_ASN1?NULL:EVP_CIPHER_get_asn1_iv, 575 EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_get_asn1_iv,
556 aesni_cbc_hmac_sha1_ctrl, 576 aesni_cbc_hmac_sha1_ctrl,
557 NULL 577 NULL
558 }; 578};
559 579
560const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void) 580const EVP_CIPHER *
561 { 581EVP_aes_128_cbc_hmac_sha1(void)
562 return(OPENSSL_ia32cap_P[1]&AESNI_CAPABLE? 582{
563 &aesni_128_cbc_hmac_sha1_cipher:NULL); 583 return(OPENSSL_ia32cap_P[1] & AESNI_CAPABLE?
564 } 584 &aesni_128_cbc_hmac_sha1_cipher : NULL);
585}
565 586
566const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void) 587const EVP_CIPHER *
567 { 588EVP_aes_256_cbc_hmac_sha1(void)
568 return(OPENSSL_ia32cap_P[1]&AESNI_CAPABLE? 589{
569 &aesni_256_cbc_hmac_sha1_cipher:NULL); 590 return(OPENSSL_ia32cap_P[1] & AESNI_CAPABLE?
570 } 591 &aesni_256_cbc_hmac_sha1_cipher : NULL);
592}
571#else 593#else
572const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void) 594const EVP_CIPHER *
573 { 595EVP_aes_128_cbc_hmac_sha1(void)
574 return NULL; 596{
575 }
576const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void)
577 {
578 return NULL; 597 return NULL;
579 } 598}
599
600const EVP_CIPHER *
601EVP_aes_256_cbc_hmac_sha1(void)
602{
603 return NULL;
604}
580#endif 605#endif
581#endif 606#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_bf.c b/src/lib/libssl/src/crypto/evp/e_bf.c
index cc224e5363..62194767c8 100644
--- a/src/lib/libssl/src/crypto/evp/e_bf.c
+++ b/src/lib/libssl/src/crypto/evp/e_bf.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -65,24 +65,23 @@
65#include <openssl/blowfish.h> 65#include <openssl/blowfish.h>
66 66
67static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 67static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
68 const unsigned char *iv, int enc); 68 const unsigned char *iv, int enc);
69 69
70typedef struct 70typedef struct {
71 {
72 BF_KEY ks; 71 BF_KEY ks;
73 } EVP_BF_KEY; 72} EVP_BF_KEY;
74 73
75#define data(ctx) EVP_C_DATA(EVP_BF_KEY,ctx) 74#define data(ctx) EVP_C_DATA(EVP_BF_KEY,ctx)
76 75
77IMPLEMENT_BLOCK_CIPHER(bf, ks, BF, EVP_BF_KEY, NID_bf, 8, 16, 8, 64, 76IMPLEMENT_BLOCK_CIPHER(bf, ks, BF, EVP_BF_KEY, NID_bf, 8, 16, 8, 64,
78 EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL, 77 EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL,
79 EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) 78 EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
80
81static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
82 const unsigned char *iv, int enc)
83 {
84 BF_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),key);
85 return 1;
86 }
87 79
80static int
81bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
82 const unsigned char *iv, int enc)
83{
84 BF_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key);
85 return 1;
86}
88#endif 87#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_camellia.c b/src/lib/libssl/src/crypto/evp/e_camellia.c
index 8bb7c320d3..377d121b89 100644
--- a/src/lib/libssl/src/crypto/evp/e_camellia.c
+++ b/src/lib/libssl/src/crypto/evp/e_camellia.c
@@ -7,7 +7,7 @@
7 * are met: 7 * are met:
8 * 8 *
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
11 * 11 *
12 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in 13 * notice, this list of conditions and the following disclaimer in
@@ -63,63 +63,61 @@
63#include "evp_locl.h" 63#include "evp_locl.h"
64 64
65static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 65static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
66 const unsigned char *iv, int enc); 66 const unsigned char *iv, int enc);
67 67
68/* Camellia subkey Structure */ 68/* Camellia subkey Structure */
69typedef struct 69typedef struct {
70 {
71 CAMELLIA_KEY ks; 70 CAMELLIA_KEY ks;
72 } EVP_CAMELLIA_KEY; 71} EVP_CAMELLIA_KEY;
73 72
74/* Attribute operation for Camellia */ 73/* Attribute operation for Camellia */
75#define data(ctx) EVP_C_DATA(EVP_CAMELLIA_KEY,ctx) 74#define data(ctx) EVP_C_DATA(EVP_CAMELLIA_KEY,ctx)
76 75
77IMPLEMENT_BLOCK_CIPHER(camellia_128, ks, Camellia, EVP_CAMELLIA_KEY, 76IMPLEMENT_BLOCK_CIPHER(camellia_128, ks, Camellia, EVP_CAMELLIA_KEY,
78 NID_camellia_128, 16, 16, 16, 128, 77 NID_camellia_128, 16, 16, 16, 128,
79 0, camellia_init_key, NULL, 78 0, camellia_init_key, NULL,
80 EVP_CIPHER_set_asn1_iv, 79 EVP_CIPHER_set_asn1_iv,
81 EVP_CIPHER_get_asn1_iv, 80 EVP_CIPHER_get_asn1_iv,
82 NULL) 81 NULL)
83IMPLEMENT_BLOCK_CIPHER(camellia_192, ks, Camellia, EVP_CAMELLIA_KEY, 82IMPLEMENT_BLOCK_CIPHER(camellia_192, ks, Camellia, EVP_CAMELLIA_KEY,
84 NID_camellia_192, 16, 24, 16, 128, 83 NID_camellia_192, 16, 24, 16, 128,
85 0, camellia_init_key, NULL, 84 0, camellia_init_key, NULL,
86 EVP_CIPHER_set_asn1_iv, 85 EVP_CIPHER_set_asn1_iv,
87 EVP_CIPHER_get_asn1_iv, 86 EVP_CIPHER_get_asn1_iv,
88 NULL) 87 NULL)
89IMPLEMENT_BLOCK_CIPHER(camellia_256, ks, Camellia, EVP_CAMELLIA_KEY, 88IMPLEMENT_BLOCK_CIPHER(camellia_256, ks, Camellia, EVP_CAMELLIA_KEY,
90 NID_camellia_256, 16, 32, 16, 128, 89 NID_camellia_256, 16, 32, 16, 128,
91 0, camellia_init_key, NULL, 90 0, camellia_init_key, NULL,
92 EVP_CIPHER_set_asn1_iv, 91 EVP_CIPHER_set_asn1_iv,
93 EVP_CIPHER_get_asn1_iv, 92 EVP_CIPHER_get_asn1_iv,
94 NULL) 93 NULL)
95 94
96#define IMPLEMENT_CAMELLIA_CFBR(ksize,cbits) IMPLEMENT_CFBR(camellia,Camellia,EVP_CAMELLIA_KEY,ks,ksize,cbits,16) 95#define IMPLEMENT_CAMELLIA_CFBR(ksize,cbits) IMPLEMENT_CFBR(camellia,Camellia,EVP_CAMELLIA_KEY,ks,ksize,cbits,16)
97 96
98IMPLEMENT_CAMELLIA_CFBR(128,1) 97IMPLEMENT_CAMELLIA_CFBR(128, 1)
99IMPLEMENT_CAMELLIA_CFBR(192,1) 98IMPLEMENT_CAMELLIA_CFBR(192, 1)
100IMPLEMENT_CAMELLIA_CFBR(256,1) 99IMPLEMENT_CAMELLIA_CFBR(256, 1)
101 100
102IMPLEMENT_CAMELLIA_CFBR(128,8) 101IMPLEMENT_CAMELLIA_CFBR(128, 8)
103IMPLEMENT_CAMELLIA_CFBR(192,8) 102IMPLEMENT_CAMELLIA_CFBR(192, 8)
104IMPLEMENT_CAMELLIA_CFBR(256,8) 103IMPLEMENT_CAMELLIA_CFBR(256, 8)
105 104
106 105
107 106/* The subkey for Camellia is generated. */
108/* The subkey for Camellia is generated. */ 107static int
109static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 108camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
110 const unsigned char *iv, int enc) 109 const unsigned char *iv, int enc)
111 { 110{
112 int ret; 111 int ret;
113 112
114 ret=Camellia_set_key(key, ctx->key_len * 8, ctx->cipher_data); 113 ret = Camellia_set_key(key, ctx->key_len * 8, ctx->cipher_data);
115 114
116 if(ret < 0) 115 if (ret < 0) {
117 { 116 EVPerr(EVP_F_CAMELLIA_INIT_KEY,
118 EVPerr(EVP_F_CAMELLIA_INIT_KEY,EVP_R_CAMELLIA_KEY_SETUP_FAILED); 117 EVP_R_CAMELLIA_KEY_SETUP_FAILED);
119 return 0; 118 return 0;
120 }
121
122 return 1;
123 } 119 }
124 120
121 return 1;
122}
125#endif 123#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_cast.c b/src/lib/libssl/src/crypto/evp/e_cast.c
index d77bcd9298..199c5bf48e 100644
--- a/src/lib/libssl/src/crypto/evp/e_cast.c
+++ b/src/lib/libssl/src/crypto/evp/e_cast.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -66,25 +66,24 @@
66#include <openssl/cast.h> 66#include <openssl/cast.h>
67 67
68static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 68static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
69 const unsigned char *iv,int enc); 69 const unsigned char *iv, int enc);
70 70
71typedef struct 71typedef struct {
72 {
73 CAST_KEY ks; 72 CAST_KEY ks;
74 } EVP_CAST_KEY; 73} EVP_CAST_KEY;
75 74
76#define data(ctx) EVP_C_DATA(EVP_CAST_KEY,ctx) 75#define data(ctx) EVP_C_DATA(EVP_CAST_KEY,ctx)
77 76
78IMPLEMENT_BLOCK_CIPHER(cast5, ks, CAST, EVP_CAST_KEY, 77IMPLEMENT_BLOCK_CIPHER(cast5, ks, CAST, EVP_CAST_KEY,
79 NID_cast5, 8, CAST_KEY_LENGTH, 8, 64, 78 NID_cast5, 8, CAST_KEY_LENGTH, 8, 64,
80 EVP_CIPH_VARIABLE_LENGTH, cast_init_key, NULL, 79 EVP_CIPH_VARIABLE_LENGTH, cast_init_key, NULL,
81 EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) 80 EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
82
83static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
84 const unsigned char *iv, int enc)
85 {
86 CAST_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),key);
87 return 1;
88 }
89 81
82static int
83cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
84 const unsigned char *iv, int enc)
85{
86 CAST_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key);
87 return 1;
88}
90#endif 89#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_chacha.c b/src/lib/libssl/src/crypto/evp/e_chacha.c
index 4a20186006..0c32b99df4 100644
--- a/src/lib/libssl/src/crypto/evp/e_chacha.c
+++ b/src/lib/libssl/src/crypto/evp/e_chacha.c
@@ -41,7 +41,7 @@ static const EVP_CIPHER chacha20_cipher = {
41const EVP_CIPHER * 41const EVP_CIPHER *
42EVP_chacha20(void) 42EVP_chacha20(void)
43{ 43{
44 return(&chacha20_cipher); 44 return (&chacha20_cipher);
45} 45}
46 46
47static int 47static int
diff --git a/src/lib/libssl/src/crypto/evp/e_des.c b/src/lib/libssl/src/crypto/evp/e_des.c
index ca009f2c52..ac46ba6a96 100644
--- a/src/lib/libssl/src/crypto/evp/e_des.c
+++ b/src/lib/libssl/src/crypto/evp/e_des.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -66,150 +66,155 @@
66#include <openssl/rand.h> 66#include <openssl/rand.h>
67 67
68static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 68static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
69 const unsigned char *iv, int enc); 69 const unsigned char *iv, int enc);
70static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); 70static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
71 71
72/* Because of various casts and different names can't use IMPLEMENT_BLOCK_CIPHER */ 72/* Because of various casts and different names can't use IMPLEMENT_BLOCK_CIPHER */
73 73
74static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 74static int
75 const unsigned char *in, size_t inl) 75des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
76 const unsigned char *in, size_t inl)
76{ 77{
77 BLOCK_CIPHER_ecb_loop() 78 BLOCK_CIPHER_ecb_loop()
78 DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), ctx->cipher_data, ctx->encrypt); 79 DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i),
80 ctx->cipher_data, ctx->encrypt);
79 return 1; 81 return 1;
80} 82}
81 83
82static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 84static int
83 const unsigned char *in, size_t inl) 85des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
86 const unsigned char *in, size_t inl)
84{ 87{
85 while(inl>=EVP_MAXCHUNK) 88 while (inl >= EVP_MAXCHUNK) {
86 {
87 DES_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data, 89 DES_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data,
88 (DES_cblock *)ctx->iv, &ctx->num); 90 (DES_cblock *)ctx->iv, &ctx->num);
89 inl-=EVP_MAXCHUNK; 91 inl -= EVP_MAXCHUNK;
90 in +=EVP_MAXCHUNK; 92 in += EVP_MAXCHUNK;
91 out+=EVP_MAXCHUNK; 93 out += EVP_MAXCHUNK;
92 } 94 }
93 if (inl) 95 if (inl)
94 DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data, 96 DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data,
95 (DES_cblock *)ctx->iv, &ctx->num); 97 (DES_cblock *)ctx->iv, &ctx->num);
96 return 1; 98 return 1;
97} 99}
98 100
99static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 101static int
100 const unsigned char *in, size_t inl) 102des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
103 const unsigned char *in, size_t inl)
101{ 104{
102 while(inl>=EVP_MAXCHUNK) 105 while (inl >= EVP_MAXCHUNK) {
103 {
104 DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data, 106 DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data,
105 (DES_cblock *)ctx->iv, ctx->encrypt); 107 (DES_cblock *)ctx->iv, ctx->encrypt);
106 inl-=EVP_MAXCHUNK; 108 inl -= EVP_MAXCHUNK;
107 in +=EVP_MAXCHUNK; 109 in += EVP_MAXCHUNK;
108 out+=EVP_MAXCHUNK; 110 out += EVP_MAXCHUNK;
109 } 111 }
110 if (inl) 112 if (inl)
111 DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data, 113 DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data,
112 (DES_cblock *)ctx->iv, ctx->encrypt); 114 (DES_cblock *)ctx->iv, ctx->encrypt);
113 return 1; 115 return 1;
114} 116}
115 117
116static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 118static int
117 const unsigned char *in, size_t inl) 119des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
120 const unsigned char *in, size_t inl)
118{ 121{
119 while(inl>=EVP_MAXCHUNK) 122 while (inl >= EVP_MAXCHUNK) {
120 { 123 DES_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data,
121 DES_cfb64_encrypt(in,out, (long)EVP_MAXCHUNK, ctx->cipher_data, 124 (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
122 (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); 125 inl -= EVP_MAXCHUNK;
123 inl-=EVP_MAXCHUNK; 126 in += EVP_MAXCHUNK;
124 in +=EVP_MAXCHUNK; 127 out += EVP_MAXCHUNK;
125 out+=EVP_MAXCHUNK; 128 }
126 }
127 if (inl) 129 if (inl)
128 DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data, 130 DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data,
129 (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); 131 (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
130 return 1; 132 return 1;
131} 133}
132 134
133/* Although we have a CFB-r implementation for DES, it doesn't pack the right 135/* Although we have a CFB-r implementation for DES, it doesn't pack the right
134 way, so wrap it here */ 136 way, so wrap it here */
135static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 137static int
136 const unsigned char *in, size_t inl) 138des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
137 { 139 const unsigned char *in, size_t inl)
138 size_t n,chunk=EVP_MAXCHUNK/8; 140{
139 unsigned char c[1],d[1]; 141 size_t n, chunk = EVP_MAXCHUNK/8;
140 142 unsigned char c[1], d[1];
141 if (inl<chunk) chunk=inl; 143
142 144 if (inl < chunk)
143 while (inl && inl>=chunk) 145 chunk = inl;
144 { 146
145 for(n=0 ; n < chunk*8; ++n) 147 while (inl && inl >= chunk) {
146 { 148 for (n = 0; n < chunk*8; ++n) {
147 c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0; 149 c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
148 DES_cfb_encrypt(c,d,1,1,ctx->cipher_data,(DES_cblock *)ctx->iv, 150 DES_cfb_encrypt(c, d, 1, 1, ctx->cipher_data,
149 ctx->encrypt); 151 (DES_cblock *)ctx->iv, ctx->encrypt);
150 out[n/8]=(out[n/8]&~(0x80 >> (unsigned int)(n%8))) | 152 out[n / 8] = (out[n / 8] &
151 ((d[0]&0x80) >> (unsigned int)(n%8)); 153 ~(0x80 >> (unsigned int)(n % 8))) |
152 } 154 ((d[0] & 0x80) >> (unsigned int)(n % 8));
153 inl-=chunk; 155 }
154 in +=chunk; 156 inl -= chunk;
155 out+=chunk; 157 in += chunk;
156 if (inl<chunk) chunk=inl; 158 out += chunk;
159 if (inl < chunk)
160 chunk = inl;
157 } 161 }
158 162
159 return 1; 163 return 1;
160 } 164}
161 165
162static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 166static int
163 const unsigned char *in, size_t inl) 167des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
164 { 168 const unsigned char *in, size_t inl)
165 while (inl>=EVP_MAXCHUNK) 169{
166 { 170 while (inl >= EVP_MAXCHUNK) {
167 DES_cfb_encrypt(in,out,8,(long)EVP_MAXCHUNK,ctx->cipher_data, 171 DES_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK,
168 (DES_cblock *)ctx->iv,ctx->encrypt); 172 ctx->cipher_data, (DES_cblock *)ctx->iv, ctx->encrypt);
169 inl-=EVP_MAXCHUNK; 173 inl -= EVP_MAXCHUNK;
170 in +=EVP_MAXCHUNK; 174 in += EVP_MAXCHUNK;
171 out+=EVP_MAXCHUNK; 175 out += EVP_MAXCHUNK;
172 } 176 }
173 if (inl) 177 if (inl)
174 DES_cfb_encrypt(in,out,8,(long)inl,ctx->cipher_data, 178 DES_cfb_encrypt(in, out, 8,(long)inl, ctx->cipher_data,
175 (DES_cblock *)ctx->iv,ctx->encrypt); 179 (DES_cblock *)ctx->iv, ctx->encrypt);
176 return 1; 180 return 1;
177 } 181}
178 182
179BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64, 183BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64,
180 EVP_CIPH_RAND_KEY, des_init_key, NULL, 184 EVP_CIPH_RAND_KEY, des_init_key, NULL,
181 EVP_CIPHER_set_asn1_iv, 185 EVP_CIPHER_set_asn1_iv,
182 EVP_CIPHER_get_asn1_iv, 186 EVP_CIPHER_get_asn1_iv,
183 des_ctrl) 187 des_ctrl)
184 188
185BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1, 189BLOCK_CIPHER_def_cfb(des, DES_key_schedule, NID_des, 8,8, 1,
186 EVP_CIPH_RAND_KEY, des_init_key,NULL, 190 EVP_CIPH_RAND_KEY, des_init_key, NULL,
187 EVP_CIPHER_set_asn1_iv, 191 EVP_CIPHER_set_asn1_iv,
188 EVP_CIPHER_get_asn1_iv,des_ctrl) 192 EVP_CIPHER_get_asn1_iv, des_ctrl)
189 193
190BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8, 194BLOCK_CIPHER_def_cfb(des, DES_key_schedule, NID_des, 8,8, 8,
191 EVP_CIPH_RAND_KEY,des_init_key,NULL, 195 EVP_CIPH_RAND_KEY, des_init_key, NULL,
192 EVP_CIPHER_set_asn1_iv, 196 EVP_CIPHER_set_asn1_iv,
193 EVP_CIPHER_get_asn1_iv,des_ctrl) 197 EVP_CIPHER_get_asn1_iv, des_ctrl)
194 198
195static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 199static int
196 const unsigned char *iv, int enc) 200des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
197 { 201 const unsigned char *iv, int enc)
202{
198 DES_cblock *deskey = (DES_cblock *)key; 203 DES_cblock *deskey = (DES_cblock *)key;
204
199#ifdef EVP_CHECK_DES_KEY 205#ifdef EVP_CHECK_DES_KEY
200 if(DES_set_key_checked(deskey,ctx->cipher_data) != 0) 206 if (DES_set_key_checked(deskey, ctx->cipher_data) != 0)
201 return 0; 207 return 0;
202#else 208#else
203 DES_set_key_unchecked(deskey,ctx->cipher_data); 209 DES_set_key_unchecked(deskey, ctx->cipher_data);
204#endif 210#endif
205 return 1; 211 return 1;
206 } 212}
207 213
208static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) 214static int
209 { 215des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
210 216{
211 switch(type) 217 switch (type) {
212 {
213 case EVP_CTRL_RAND_KEY: 218 case EVP_CTRL_RAND_KEY:
214 if (RAND_bytes(ptr, 8) <= 0) 219 if (RAND_bytes(ptr, 8) <= 0)
215 return 0; 220 return 0;
@@ -218,7 +223,7 @@ static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
218 223
219 default: 224 default:
220 return -1; 225 return -1;
221 }
222 } 226 }
227}
223 228
224#endif 229#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_des3.c b/src/lib/libssl/src/crypto/evp/e_des3.c
index 8d7b7de292..ddb069dda5 100644
--- a/src/lib/libssl/src/crypto/evp/e_des3.c
+++ b/src/lib/libssl/src/crypto/evp/e_des3.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -68,150 +68,147 @@
68#ifndef OPENSSL_FIPS 68#ifndef OPENSSL_FIPS
69 69
70static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 70static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
71 const unsigned char *iv,int enc); 71 const unsigned char *iv, int enc);
72 72
73static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 73static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
74 const unsigned char *iv,int enc); 74 const unsigned char *iv, int enc);
75 75
76static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); 76static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
77 77
78typedef struct 78typedef struct {
79 {
80 DES_key_schedule ks1;/* key schedule */ 79 DES_key_schedule ks1;/* key schedule */
81 DES_key_schedule ks2;/* key schedule (for ede) */ 80 DES_key_schedule ks2;/* key schedule (for ede) */
82 DES_key_schedule ks3;/* key schedule (for ede3) */ 81 DES_key_schedule ks3;/* key schedule (for ede3) */
83 } DES_EDE_KEY; 82} DES_EDE_KEY;
84 83
85#define data(ctx) ((DES_EDE_KEY *)(ctx)->cipher_data) 84#define data(ctx) ((DES_EDE_KEY *)(ctx)->cipher_data)
86 85
87/* Because of various casts and different args can't use IMPLEMENT_BLOCK_CIPHER */ 86/* Because of various casts and different args can't use IMPLEMENT_BLOCK_CIPHER */
88 87
89static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 88static int
90 const unsigned char *in, size_t inl) 89des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
90 const unsigned char *in, size_t inl)
91{ 91{
92 BLOCK_CIPHER_ecb_loop() 92 BLOCK_CIPHER_ecb_loop()
93 DES_ecb3_encrypt((const_DES_cblock *)(in + i), 93 DES_ecb3_encrypt((const_DES_cblock *)(in + i), (DES_cblock *)(out + i),
94 (DES_cblock *)(out + i), 94 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, ctx->encrypt);
95 &data(ctx)->ks1, &data(ctx)->ks2,
96 &data(ctx)->ks3,
97 ctx->encrypt);
98 return 1; 95 return 1;
99} 96}
100 97
101static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 98static int
102 const unsigned char *in, size_t inl) 99des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
100 const unsigned char *in, size_t inl)
103{ 101{
104 while (inl>=EVP_MAXCHUNK) 102 while (inl >= EVP_MAXCHUNK) {
105 {
106 DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, 103 DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK,
107 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, 104 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
108 (DES_cblock *)ctx->iv, &ctx->num); 105 (DES_cblock *)ctx->iv, &ctx->num);
109 inl-=EVP_MAXCHUNK; 106 inl -= EVP_MAXCHUNK;
110 in +=EVP_MAXCHUNK; 107 in += EVP_MAXCHUNK;
111 out+=EVP_MAXCHUNK; 108 out += EVP_MAXCHUNK;
112 } 109 }
113 if (inl) 110 if (inl)
114 DES_ede3_ofb64_encrypt(in, out, (long)inl, 111 DES_ede3_ofb64_encrypt(in, out, (long)inl,
115 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, 112 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
116 (DES_cblock *)ctx->iv, &ctx->num); 113 (DES_cblock *)ctx->iv, &ctx->num);
117 114
118 return 1; 115 return 1;
119} 116}
120 117
121static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 118static int
122 const unsigned char *in, size_t inl) 119des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
120 const unsigned char *in, size_t inl)
123{ 121{
124#ifdef KSSL_DEBUG 122#ifdef KSSL_DEBUG
125 { 123 {
126 int i; 124 int i;
127 char *cp; 125 char *cp;
128 printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", ctx, ctx->buf_len); 126 printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", ctx, ctx->buf_len);
129 printf("\t iv= "); 127 printf("\t iv= ");
130 for(i=0;i<8;i++) 128 for (i = 0; i < 8; i++)
131 printf("%02X",ctx->iv[i]); 129 printf("%02X",ctx->iv[i]);
132 printf("\n"); 130 printf("\n");
133 } 131 }
134#endif /* KSSL_DEBUG */ 132#endif /* KSSL_DEBUG */
135 while (inl>=EVP_MAXCHUNK) 133 while (inl >= EVP_MAXCHUNK) {
136 {
137 DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, 134 DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK,
138 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, 135 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
139 (DES_cblock *)ctx->iv, ctx->encrypt); 136 (DES_cblock *)ctx->iv, ctx->encrypt);
140 inl-=EVP_MAXCHUNK; 137 inl -= EVP_MAXCHUNK;
141 in +=EVP_MAXCHUNK; 138 in += EVP_MAXCHUNK;
142 out+=EVP_MAXCHUNK; 139 out += EVP_MAXCHUNK;
143 } 140 }
144 if (inl) 141 if (inl)
145 DES_ede3_cbc_encrypt(in, out, (long)inl, 142 DES_ede3_cbc_encrypt(in, out, (long)inl,
146 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, 143 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
147 (DES_cblock *)ctx->iv, ctx->encrypt); 144 (DES_cblock *)ctx->iv, ctx->encrypt);
148 return 1; 145 return 1;
149} 146}
150 147
151static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 148static int
152 const unsigned char *in, size_t inl) 149des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
150 const unsigned char *in, size_t inl)
153{ 151{
154 while (inl>=EVP_MAXCHUNK) 152 while (inl >= EVP_MAXCHUNK) {
155 { 153 DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK,
156 DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, 154 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
157 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, 155 (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
158 (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); 156 inl -= EVP_MAXCHUNK;
159 inl-=EVP_MAXCHUNK; 157 in += EVP_MAXCHUNK;
160 in +=EVP_MAXCHUNK; 158 out += EVP_MAXCHUNK;
161 out+=EVP_MAXCHUNK; 159 }
162 }
163 if (inl) 160 if (inl)
164 DES_ede3_cfb64_encrypt(in, out, (long)inl, 161 DES_ede3_cfb64_encrypt(in, out, (long)inl,
165 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, 162 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
166 (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); 163 (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
167 return 1; 164 return 1;
168} 165}
169 166
170/* Although we have a CFB-r implementation for 3-DES, it doesn't pack the right 167/* Although we have a CFB-r implementation for 3-DES, it doesn't pack the right
171 way, so wrap it here */ 168 way, so wrap it here */
172static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 169static int
173 const unsigned char *in, size_t inl) 170des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
174 { 171 const unsigned char *in, size_t inl)
175 size_t n; 172{
176 unsigned char c[1],d[1]; 173 size_t n;
174 unsigned char c[1], d[1];
177 175
178 for(n=0 ; n < inl ; ++n) 176 for (n = 0; n < inl; ++n) {
179 { 177 c[0] = (in[n/8]&(1 << (7 - n % 8))) ? 0x80 : 0;
180 c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0; 178 DES_ede3_cfb_encrypt(c, d, 1, 1,
181 DES_ede3_cfb_encrypt(c,d,1,1, 179 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
182 &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3, 180 (DES_cblock *)ctx->iv, ctx->encrypt);
183 (DES_cblock *)ctx->iv,ctx->encrypt); 181 out[n / 8] = (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8))) |
184 out[n/8]=(out[n/8]&~(0x80 >> (unsigned int)(n%8))) | 182 ((d[0] & 0x80) >> (unsigned int)(n % 8));
185 ((d[0]&0x80) >> (unsigned int)(n%8));
186 } 183 }
187 184
188 return 1; 185 return 1;
189 } 186}
190 187
191static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 188static int
192 const unsigned char *in, size_t inl) 189des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
193 { 190 const unsigned char *in, size_t inl)
194 while (inl>=EVP_MAXCHUNK) 191{
195 { 192 while (inl >= EVP_MAXCHUNK) {
196 DES_ede3_cfb_encrypt(in,out,8,(long)EVP_MAXCHUNK, 193 DES_ede3_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK,
197 &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3, 194 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
198 (DES_cblock *)ctx->iv,ctx->encrypt); 195 (DES_cblock *)ctx->iv, ctx->encrypt);
199 inl-=EVP_MAXCHUNK; 196 inl -= EVP_MAXCHUNK;
200 in +=EVP_MAXCHUNK; 197 in += EVP_MAXCHUNK;
201 out+=EVP_MAXCHUNK; 198 out += EVP_MAXCHUNK;
202 } 199 }
203 if (inl) 200 if (inl)
204 DES_ede3_cfb_encrypt(in,out,8,(long)inl, 201 DES_ede3_cfb_encrypt(in, out, 8, (long)inl,
205 &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3, 202 &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
206 (DES_cblock *)ctx->iv,ctx->encrypt); 203 (DES_cblock *)ctx->iv, ctx->encrypt);
207 return 1; 204 return 1;
208 } 205}
209 206
210BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, 207BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
211 EVP_CIPH_RAND_KEY, des_ede_init_key, NULL, 208 EVP_CIPH_RAND_KEY, des_ede_init_key, NULL,
212 EVP_CIPHER_set_asn1_iv, 209 EVP_CIPHER_set_asn1_iv,
213 EVP_CIPHER_get_asn1_iv, 210 EVP_CIPHER_get_asn1_iv,
214 des3_ctrl) 211 des3_ctrl)
215 212
216#define des_ede3_cfb64_cipher des_ede_cfb64_cipher 213#define des_ede3_cfb64_cipher des_ede_cfb64_cipher
217#define des_ede3_ofb_cipher des_ede_ofb_cipher 214#define des_ede3_ofb_cipher des_ede_ofb_cipher
@@ -219,75 +216,78 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
219#define des_ede3_ecb_cipher des_ede_ecb_cipher 216#define des_ede3_ecb_cipher des_ede_ecb_cipher
220 217
221BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, 218BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
222 EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL, 219 EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL,
223 EVP_CIPHER_set_asn1_iv, 220 EVP_CIPHER_set_asn1_iv,
224 EVP_CIPHER_get_asn1_iv, 221 EVP_CIPHER_get_asn1_iv,
225 des3_ctrl) 222 des3_ctrl)
226
227BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1,
228 EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL,
229 EVP_CIPHER_set_asn1_iv,
230 EVP_CIPHER_get_asn1_iv,
231 des3_ctrl)
232
233BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8,
234 EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL,
235 EVP_CIPHER_set_asn1_iv,
236 EVP_CIPHER_get_asn1_iv,
237 des3_ctrl)
238 223
239static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 224BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1,
240 const unsigned char *iv, int enc) 225 EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL,
241 { 226 EVP_CIPHER_set_asn1_iv,
227 EVP_CIPHER_get_asn1_iv,
228 des3_ctrl)
229
230BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8,
231 EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL,
232 EVP_CIPHER_set_asn1_iv,
233 EVP_CIPHER_get_asn1_iv,
234 des3_ctrl)
235
236static int
237des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
238 const unsigned char *iv, int enc)
239{
242 DES_cblock *deskey = (DES_cblock *)key; 240 DES_cblock *deskey = (DES_cblock *)key;
241
243#ifdef EVP_CHECK_DES_KEY 242#ifdef EVP_CHECK_DES_KEY
244 if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1) 243 if (DES_set_key_checked(&deskey[0], &data(ctx)->ks1)
245 !! DES_set_key_checked(&deskey[1],&data(ctx)->ks2)) 244 !! DES_set_key_checked(&deskey[1], &data(ctx)->ks2))
246 return 0; 245 return 0;
247#else 246#else
248 DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1); 247 DES_set_key_unchecked(&deskey[0], &data(ctx)->ks1);
249 DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2); 248 DES_set_key_unchecked(&deskey[1], &data(ctx)->ks2);
250#endif 249#endif
251 memcpy(&data(ctx)->ks3,&data(ctx)->ks1, 250 memcpy(&data(ctx)->ks3, &data(ctx)->ks1,
252 sizeof(data(ctx)->ks1)); 251 sizeof(data(ctx)->ks1));
253 return 1; 252 return 1;
254 } 253}
255 254
256static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 255static int
257 const unsigned char *iv, int enc) 256des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
258 { 257 const unsigned char *iv, int enc)
258{
259 DES_cblock *deskey = (DES_cblock *)key; 259 DES_cblock *deskey = (DES_cblock *)key;
260
260#ifdef KSSL_DEBUG 261#ifdef KSSL_DEBUG
261 { 262 {
262 int i; 263 int i;
263 printf("des_ede3_init_key(ctx=%lx)\n", ctx); 264 printf("des_ede3_init_key(ctx=%lx)\n", ctx);
264 printf("\tKEY= "); 265 printf("\tKEY= ");
265 for(i=0;i<24;i++) printf("%02X",key[i]); printf("\n"); 266 for(i=0;i<24;i++) printf("%02X",key[i]); printf("\n");
266 printf("\t IV= "); 267 printf("\t IV= ");
267 for(i=0;i<8;i++) printf("%02X",iv[i]); printf("\n"); 268 for(i=0;i<8;i++) printf("%02X",iv[i]); printf("\n");
268 } 269 }
269#endif /* KSSL_DEBUG */ 270#endif /* KSSL_DEBUG */
270 271
271#ifdef EVP_CHECK_DES_KEY 272#ifdef EVP_CHECK_DES_KEY
272 if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1) 273 if (DES_set_key_checked(&deskey[0], &data(ctx)->ks1) ||
273 || DES_set_key_checked(&deskey[1],&data(ctx)->ks2) 274 DES_set_key_checked(&deskey[1], &data(ctx)->ks2) ||
274 || DES_set_key_checked(&deskey[2],&data(ctx)->ks3)) 275 DES_set_key_checked(&deskey[2], &data(ctx)->ks3))
275 return 0; 276 return 0;
276#else 277#else
277 DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1); 278 DES_set_key_unchecked(&deskey[0], &data(ctx)->ks1);
278 DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2); 279 DES_set_key_unchecked(&deskey[1], &data(ctx)->ks2);
279 DES_set_key_unchecked(&deskey[2],&data(ctx)->ks3); 280 DES_set_key_unchecked(&deskey[2], &data(ctx)->ks3);
280#endif 281#endif
281 return 1; 282 return 1;
282 } 283}
283
284static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
285 {
286 284
285static int
286des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
287{
287 DES_cblock *deskey = ptr; 288 DES_cblock *deskey = ptr;
288 289
289 switch(type) 290 switch (type) {
290 {
291 case EVP_CTRL_RAND_KEY: 291 case EVP_CTRL_RAND_KEY:
292 if (RAND_bytes(ptr, c->key_len) <= 0) 292 if (RAND_bytes(ptr, c->key_len) <= 0)
293 return 0; 293 return 0;
@@ -300,15 +300,17 @@ static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
300 300
301 default: 301 default:
302 return -1; 302 return -1;
303 }
304 } 303 }
304}
305 305
306const EVP_CIPHER *EVP_des_ede(void) 306const EVP_CIPHER *
307EVP_des_ede(void)
307{ 308{
308 return &des_ede_ecb; 309 return &des_ede_ecb;
309} 310}
310 311
311const EVP_CIPHER *EVP_des_ede3(void) 312const EVP_CIPHER *
313EVP_des_ede3(void)
312{ 314{
313 return &des_ede3_ecb; 315 return &des_ede3_ecb;
314} 316}
diff --git a/src/lib/libssl/src/crypto/evp/e_idea.c b/src/lib/libssl/src/crypto/evp/e_idea.c
index 806b080360..8b8a647a8c 100644
--- a/src/lib/libssl/src/crypto/evp/e_idea.c
+++ b/src/lib/libssl/src/crypto/evp/e_idea.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -66,53 +66,56 @@
66#include <openssl/idea.h> 66#include <openssl/idea.h>
67 67
68static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 68static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
69 const unsigned char *iv,int enc); 69 const unsigned char *iv, int enc);
70 70
71/* NB idea_ecb_encrypt doesn't take an 'encrypt' argument so we treat it as a special 71/* NB idea_ecb_encrypt doesn't take an 'encrypt' argument so we treat it as a special
72 * case 72 * case
73 */ 73 */
74 74
75static int idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 75static int
76 const unsigned char *in, size_t inl) 76idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
77 const unsigned char *in, size_t inl)
77{ 78{
78 BLOCK_CIPHER_ecb_loop() 79 BLOCK_CIPHER_ecb_loop()
79 idea_ecb_encrypt(in + i, out + i, ctx->cipher_data); 80 idea_ecb_encrypt(in + i, out + i, ctx->cipher_data);
80 return 1; 81 return 1;
81} 82}
82 83
83/* Can't use IMPLEMENT_BLOCK_CIPHER because idea_ecb_encrypt is different */ 84/* Can't use IMPLEMENT_BLOCK_CIPHER because idea_ecb_encrypt is different */
84 85
85typedef struct 86typedef struct {
86 {
87 IDEA_KEY_SCHEDULE ks; 87 IDEA_KEY_SCHEDULE ks;
88 } EVP_IDEA_KEY; 88} EVP_IDEA_KEY;
89 89
90BLOCK_CIPHER_func_cbc(idea, idea, EVP_IDEA_KEY, ks) 90BLOCK_CIPHER_func_cbc(idea, idea, EVP_IDEA_KEY, ks)
91BLOCK_CIPHER_func_ofb(idea, idea, 64, EVP_IDEA_KEY, ks) 91BLOCK_CIPHER_func_ofb(idea, idea, 64, EVP_IDEA_KEY, ks)
92BLOCK_CIPHER_func_cfb(idea, idea, 64, EVP_IDEA_KEY, ks) 92BLOCK_CIPHER_func_cfb(idea, idea, 64, EVP_IDEA_KEY, ks)
93 93
94BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64, 94BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64,
95 0, idea_init_key, NULL, 95 0, idea_init_key, NULL,
96 EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) 96 EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
97 97
98static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 98static int
99 const unsigned char *iv, int enc) 99idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
100 { 100 const unsigned char *iv, int enc)
101 if(!enc) { 101{
102 if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) enc = 1; 102 if (!enc) {
103 else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE) enc = 1; 103 if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE)
104 enc = 1;
105 else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE)
106 enc = 1;
104 } 107 }
105 if (enc) idea_set_encrypt_key(key,ctx->cipher_data); 108 if (enc)
106 else 109 idea_set_encrypt_key(key, ctx->cipher_data);
107 { 110 else {
108 IDEA_KEY_SCHEDULE tmp; 111 IDEA_KEY_SCHEDULE tmp;
109 112
110 idea_set_encrypt_key(key,&tmp); 113 idea_set_encrypt_key(key, &tmp);
111 idea_set_decrypt_key(&tmp,ctx->cipher_data); 114 idea_set_decrypt_key(&tmp, ctx->cipher_data);
112 OPENSSL_cleanse((unsigned char *)&tmp, 115 OPENSSL_cleanse((unsigned char *)&tmp,
113 sizeof(IDEA_KEY_SCHEDULE)); 116 sizeof(IDEA_KEY_SCHEDULE));
114 }
115 return 1;
116 } 117 }
118 return 1;
119}
117 120
118#endif 121#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_null.c b/src/lib/libssl/src/crypto/evp/e_null.c
index 98a78499f9..d94751a07a 100644
--- a/src/lib/libssl/src/crypto/evp/e_null.c
+++ b/src/lib/libssl/src/crypto/evp/e_null.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -62,13 +62,13 @@
62#include <openssl/objects.h> 62#include <openssl/objects.h>
63 63
64static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 64static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
65 const unsigned char *iv,int enc); 65 const unsigned char *iv, int enc);
66static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 66static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
67 const unsigned char *in, size_t inl); 67 const unsigned char *in, size_t inl);
68static const EVP_CIPHER n_cipher= 68
69 { 69static const EVP_CIPHER n_cipher = {
70 NID_undef, 70 NID_undef,
71 1,0,0, 71 1, 0, 0,
72 0, 72 0,
73 null_init_key, 73 null_init_key,
74 null_cipher, 74 null_cipher,
@@ -78,24 +78,27 @@ static const EVP_CIPHER n_cipher=
78 NULL, 78 NULL,
79 NULL, 79 NULL,
80 NULL 80 NULL
81 }; 81};
82 82
83const EVP_CIPHER *EVP_enc_null(void) 83const EVP_CIPHER *
84 { 84EVP_enc_null(void)
85 return(&n_cipher); 85{
86 } 86 return (&n_cipher);
87}
87 88
88static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 89static int
89 const unsigned char *iv, int enc) 90null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
90 { 91 const unsigned char *iv, int enc)
92{
91 /* memset(&(ctx->c),0,sizeof(ctx->c));*/ 93 /* memset(&(ctx->c),0,sizeof(ctx->c));*/
92 return 1; 94 return 1;
93 } 95}
94 96
95static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 97static int
96 const unsigned char *in, size_t inl) 98null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
97 { 99 const unsigned char *in, size_t inl)
100{
98 if (in != out) 101 if (in != out)
99 memcpy((char *)out,(const char *)in,inl); 102 memcpy((char *)out, (const char *)in, inl);
100 return 1; 103 return 1;
101 } 104}
diff --git a/src/lib/libssl/src/crypto/evp/e_old.c b/src/lib/libssl/src/crypto/evp/e_old.c
index 1642af4869..c27b61a4bf 100644
--- a/src/lib/libssl/src/crypto/evp/e_old.c
+++ b/src/lib/libssl/src/crypto/evp/e_old.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -71,55 +71,88 @@ static void *dummy = &dummy;
71#ifndef OPENSSL_NO_BF 71#ifndef OPENSSL_NO_BF
72#undef EVP_bf_cfb 72#undef EVP_bf_cfb
73const EVP_CIPHER *EVP_bf_cfb(void); 73const EVP_CIPHER *EVP_bf_cfb(void);
74const EVP_CIPHER *EVP_bf_cfb(void) { return EVP_bf_cfb64(); } 74const EVP_CIPHER *EVP_bf_cfb(void)
75{
76 return EVP_bf_cfb64();
77}
75#endif 78#endif
76 79
77#ifndef OPENSSL_NO_DES 80#ifndef OPENSSL_NO_DES
78#undef EVP_des_cfb 81#undef EVP_des_cfb
79const EVP_CIPHER *EVP_des_cfb(void); 82const EVP_CIPHER *EVP_des_cfb(void);
80const EVP_CIPHER *EVP_des_cfb(void) { return EVP_des_cfb64(); } 83const EVP_CIPHER *EVP_des_cfb(void)
84{
85 return EVP_des_cfb64();
86}
81#undef EVP_des_ede3_cfb 87#undef EVP_des_ede3_cfb
82const EVP_CIPHER *EVP_des_ede3_cfb(void); 88const EVP_CIPHER *EVP_des_ede3_cfb(void);
83const EVP_CIPHER *EVP_des_ede3_cfb(void) { return EVP_des_ede3_cfb64(); } 89const EVP_CIPHER *EVP_des_ede3_cfb(void)
90{
91 return EVP_des_ede3_cfb64();
92}
84#undef EVP_des_ede_cfb 93#undef EVP_des_ede_cfb
85const EVP_CIPHER *EVP_des_ede_cfb(void); 94const EVP_CIPHER *EVP_des_ede_cfb(void);
86const EVP_CIPHER *EVP_des_ede_cfb(void) { return EVP_des_ede_cfb64(); } 95const EVP_CIPHER *EVP_des_ede_cfb(void)
96{
97 return EVP_des_ede_cfb64();
98}
87#endif 99#endif
88 100
89#ifndef OPENSSL_NO_IDEA 101#ifndef OPENSSL_NO_IDEA
90#undef EVP_idea_cfb 102#undef EVP_idea_cfb
91const EVP_CIPHER *EVP_idea_cfb(void); 103const EVP_CIPHER *EVP_idea_cfb(void);
92const EVP_CIPHER *EVP_idea_cfb(void) { return EVP_idea_cfb64(); } 104const EVP_CIPHER *EVP_idea_cfb(void)
105{
106 return EVP_idea_cfb64();
107}
93#endif 108#endif
94 109
95#ifndef OPENSSL_NO_RC2 110#ifndef OPENSSL_NO_RC2
96#undef EVP_rc2_cfb 111#undef EVP_rc2_cfb
97const EVP_CIPHER *EVP_rc2_cfb(void); 112const EVP_CIPHER *EVP_rc2_cfb(void);
98const EVP_CIPHER *EVP_rc2_cfb(void) { return EVP_rc2_cfb64(); } 113const EVP_CIPHER *EVP_rc2_cfb(void)
114{
115 return EVP_rc2_cfb64();
116}
99#endif 117#endif
100 118
101#ifndef OPENSSL_NO_CAST 119#ifndef OPENSSL_NO_CAST
102#undef EVP_cast5_cfb 120#undef EVP_cast5_cfb
103const EVP_CIPHER *EVP_cast5_cfb(void); 121const EVP_CIPHER *EVP_cast5_cfb(void);
104const EVP_CIPHER *EVP_cast5_cfb(void) { return EVP_cast5_cfb64(); } 122const EVP_CIPHER *EVP_cast5_cfb(void)
123{
124 return EVP_cast5_cfb64();
125}
105#endif 126#endif
106 127
107#ifndef OPENSSL_NO_RC5 128#ifndef OPENSSL_NO_RC5
108#undef EVP_rc5_32_12_16_cfb 129#undef EVP_rc5_32_12_16_cfb
109const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void); 130const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void);
110const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void) { return EVP_rc5_32_12_16_cfb64(); } 131const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void)
132{
133 return EVP_rc5_32_12_16_cfb64();
134}
111#endif 135#endif
112 136
113#ifndef OPENSSL_NO_AES 137#ifndef OPENSSL_NO_AES
114#undef EVP_aes_128_cfb 138#undef EVP_aes_128_cfb
115const EVP_CIPHER *EVP_aes_128_cfb(void); 139const EVP_CIPHER *EVP_aes_128_cfb(void);
116const EVP_CIPHER *EVP_aes_128_cfb(void) { return EVP_aes_128_cfb128(); } 140const EVP_CIPHER *EVP_aes_128_cfb(void)
141{
142 return EVP_aes_128_cfb128();
143}
117#undef EVP_aes_192_cfb 144#undef EVP_aes_192_cfb
118const EVP_CIPHER *EVP_aes_192_cfb(void); 145const EVP_CIPHER *EVP_aes_192_cfb(void);
119const EVP_CIPHER *EVP_aes_192_cfb(void) { return EVP_aes_192_cfb128(); } 146const EVP_CIPHER *EVP_aes_192_cfb(void)
147{
148 return EVP_aes_192_cfb128();
149}
120#undef EVP_aes_256_cfb 150#undef EVP_aes_256_cfb
121const EVP_CIPHER *EVP_aes_256_cfb(void); 151const EVP_CIPHER *EVP_aes_256_cfb(void);
122const EVP_CIPHER *EVP_aes_256_cfb(void) { return EVP_aes_256_cfb128(); } 152const EVP_CIPHER *EVP_aes_256_cfb(void)
153{
154 return EVP_aes_256_cfb128();
155}
123#endif 156#endif
124 157
125#endif 158#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_rc2.c b/src/lib/libssl/src/crypto/evp/e_rc2.c
index d4c33b58d4..f6f4504890 100644
--- a/src/lib/libssl/src/crypto/evp/e_rc2.c
+++ b/src/lib/libssl/src/crypto/evp/e_rc2.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -67,37 +67,35 @@
67#include <openssl/rc2.h> 67#include <openssl/rc2.h>
68 68
69static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 69static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
70 const unsigned char *iv,int enc); 70 const unsigned char *iv, int enc);
71static int rc2_meth_to_magic(EVP_CIPHER_CTX *ctx); 71static int rc2_meth_to_magic(EVP_CIPHER_CTX *ctx);
72static int rc2_magic_to_meth(int i); 72static int rc2_magic_to_meth(int i);
73static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); 73static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
74static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); 74static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
75static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); 75static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
76 76
77typedef struct 77typedef struct {
78 {
79 int key_bits; /* effective key bits */ 78 int key_bits; /* effective key bits */
80 RC2_KEY ks; /* key schedule */ 79 RC2_KEY ks; /* key schedule */
81 } EVP_RC2_KEY; 80} EVP_RC2_KEY;
82 81
83#define data(ctx) ((EVP_RC2_KEY *)(ctx)->cipher_data) 82#define data(ctx) ((EVP_RC2_KEY *)(ctx)->cipher_data)
84 83
85IMPLEMENT_BLOCK_CIPHER(rc2, ks, RC2, EVP_RC2_KEY, NID_rc2, 84IMPLEMENT_BLOCK_CIPHER(rc2, ks, RC2, EVP_RC2_KEY, NID_rc2,
86 8, 85 8,
87 RC2_KEY_LENGTH, 8, 64, 86 RC2_KEY_LENGTH, 8, 64,
88 EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, 87 EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
89 rc2_init_key, NULL, 88 rc2_init_key, NULL,
90 rc2_set_asn1_type_and_iv, rc2_get_asn1_type_and_iv, 89 rc2_set_asn1_type_and_iv, rc2_get_asn1_type_and_iv,
91 rc2_ctrl) 90 rc2_ctrl)
92 91
93#define RC2_40_MAGIC 0xa0 92#define RC2_40_MAGIC 0xa0
94#define RC2_64_MAGIC 0x78 93#define RC2_64_MAGIC 0x78
95#define RC2_128_MAGIC 0x3a 94#define RC2_128_MAGIC 0x3a
96 95
97static const EVP_CIPHER r2_64_cbc_cipher= 96static const EVP_CIPHER r2_64_cbc_cipher = {
98 {
99 NID_rc2_64_cbc, 97 NID_rc2_64_cbc,
100 8,8 /* 64 bit */,8, 98 8, 8 /* 64 bit */, 8,
101 EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, 99 EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
102 rc2_init_key, 100 rc2_init_key,
103 rc2_cbc_cipher, 101 rc2_cbc_cipher,
@@ -107,12 +105,11 @@ static const EVP_CIPHER r2_64_cbc_cipher=
107 rc2_get_asn1_type_and_iv, 105 rc2_get_asn1_type_and_iv,
108 rc2_ctrl, 106 rc2_ctrl,
109 NULL 107 NULL
110 }; 108};
111 109
112static const EVP_CIPHER r2_40_cbc_cipher= 110static const EVP_CIPHER r2_40_cbc_cipher = {
113 {
114 NID_rc2_40_cbc, 111 NID_rc2_40_cbc,
115 8,5 /* 40 bit */,8, 112 8, 5 /* 40 bit */, 8,
116 EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, 113 EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
117 rc2_init_key, 114 rc2_init_key,
118 rc2_cbc_cipher, 115 rc2_cbc_cipher,
@@ -122,93 +119,105 @@ static const EVP_CIPHER r2_40_cbc_cipher=
122 rc2_get_asn1_type_and_iv, 119 rc2_get_asn1_type_and_iv,
123 rc2_ctrl, 120 rc2_ctrl,
124 NULL 121 NULL
125 }; 122};
126 123
127const EVP_CIPHER *EVP_rc2_64_cbc(void) 124const EVP_CIPHER *
128 { 125EVP_rc2_64_cbc(void)
129 return(&r2_64_cbc_cipher); 126{
130 } 127 return (&r2_64_cbc_cipher);
131 128}
132const EVP_CIPHER *EVP_rc2_40_cbc(void) 129
133 { 130const EVP_CIPHER *
134 return(&r2_40_cbc_cipher); 131EVP_rc2_40_cbc(void)
135 } 132{
136 133 return (&r2_40_cbc_cipher);
137static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 134}
138 const unsigned char *iv, int enc) 135
139 { 136static int
140 RC2_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx), 137rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
141 key,data(ctx)->key_bits); 138 const unsigned char *iv, int enc)
139{
140 RC2_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx),
141 key, data(ctx)->key_bits);
142 return 1; 142 return 1;
143 } 143}
144 144
145static int rc2_meth_to_magic(EVP_CIPHER_CTX *e) 145static int
146 { 146rc2_meth_to_magic(EVP_CIPHER_CTX *e)
147{
147 int i; 148 int i;
148 149
149 EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i); 150 EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i);
150 if (i == 128) return(RC2_128_MAGIC); 151 if (i == 128)
151 else if (i == 64) return(RC2_64_MAGIC); 152 return (RC2_128_MAGIC);
152 else if (i == 40) return(RC2_40_MAGIC); 153 else if (i == 64)
153 else return(0); 154 return (RC2_64_MAGIC);
154 } 155 else if (i == 40)
155 156 return (RC2_40_MAGIC);
156static int rc2_magic_to_meth(int i)
157 {
158 if (i == RC2_128_MAGIC) return 128;
159 else if (i == RC2_64_MAGIC) return 64;
160 else if (i == RC2_40_MAGIC) return 40;
161 else 157 else
162 { 158 return (0);
163 EVPerr(EVP_F_RC2_MAGIC_TO_METH,EVP_R_UNSUPPORTED_KEY_SIZE); 159}
164 return(0); 160
165 } 161static int
162rc2_magic_to_meth(int i)
163{
164 if (i == RC2_128_MAGIC)
165 return 128;
166 else if (i == RC2_64_MAGIC)
167 return 64;
168 else if (i == RC2_40_MAGIC)
169 return 40;
170 else {
171 EVPerr(EVP_F_RC2_MAGIC_TO_METH, EVP_R_UNSUPPORTED_KEY_SIZE);
172 return (0);
166 } 173 }
174}
167 175
168static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) 176static int
169 { 177rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
170 long num=0; 178{
171 int i=0; 179 long num = 0;
180 int i = 0;
172 int key_bits; 181 int key_bits;
173 unsigned int l; 182 unsigned int l;
174 unsigned char iv[EVP_MAX_IV_LENGTH]; 183 unsigned char iv[EVP_MAX_IV_LENGTH];
175 184
176 if (type != NULL) 185 if (type != NULL) {
177 { 186 l = EVP_CIPHER_CTX_iv_length(c);
178 l=EVP_CIPHER_CTX_iv_length(c);
179 OPENSSL_assert(l <= sizeof(iv)); 187 OPENSSL_assert(l <= sizeof(iv));
180 i=ASN1_TYPE_get_int_octetstring(type,&num,iv,l); 188 i = ASN1_TYPE_get_int_octetstring(type, &num, iv, l);
181 if (i != (int)l) 189 if (i != (int)l)
182 return(-1); 190 return (-1);
183 key_bits =rc2_magic_to_meth((int)num); 191 key_bits = rc2_magic_to_meth((int)num);
184 if (!key_bits) 192 if (!key_bits)
185 return(-1); 193 return (-1);
186 if(i > 0 && !EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1)) 194 if (i > 0 && !EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1))
187 return -1; 195 return -1;
188 EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL); 196 EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS,
197 key_bits, NULL);
189 EVP_CIPHER_CTX_set_key_length(c, key_bits / 8); 198 EVP_CIPHER_CTX_set_key_length(c, key_bits / 8);
190 }
191 return(i);
192 } 199 }
200 return (i);
201}
193 202
194static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) 203static int
195 { 204rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
205{
196 long num; 206 long num;
197 int i=0,j; 207 int i = 0, j;
198 208
199 if (type != NULL) 209 if (type != NULL) {
200 { 210 num = rc2_meth_to_magic(c);
201 num=rc2_meth_to_magic(c); 211 j = EVP_CIPHER_CTX_iv_length(c);
202 j=EVP_CIPHER_CTX_iv_length(c); 212 i = ASN1_TYPE_set_int_octetstring(type, num, c->oiv, j);
203 i=ASN1_TYPE_set_int_octetstring(type,num,c->oiv,j);
204 }
205 return(i);
206 } 213 }
214 return (i);
215}
207 216
208static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) 217static int
209 { 218rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
210 switch(type) 219{
211 { 220 switch (type) {
212 case EVP_CTRL_INIT: 221 case EVP_CTRL_INIT:
213 data(c)->key_bits = EVP_CIPHER_CTX_key_length(c) * 8; 222 data(c)->key_bits = EVP_CIPHER_CTX_key_length(c) * 8;
214 return 1; 223 return 1;
@@ -216,14 +225,14 @@ static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
216 case EVP_CTRL_GET_RC2_KEY_BITS: 225 case EVP_CTRL_GET_RC2_KEY_BITS:
217 *(int *)ptr = data(c)->key_bits; 226 *(int *)ptr = data(c)->key_bits;
218 return 1; 227 return 1;
219 228
220 case EVP_CTRL_SET_RC2_KEY_BITS: 229 case EVP_CTRL_SET_RC2_KEY_BITS:
221 if(arg > 0) 230 if (arg > 0) {
222 {
223 data(c)->key_bits = arg; 231 data(c)->key_bits = arg;
224 return 1; 232 return 1;
225 } 233 }
226 return 0; 234 return 0;
235
227#ifdef PBE_PRF_TEST 236#ifdef PBE_PRF_TEST
228 case EVP_CTRL_PBE_PRF_NID: 237 case EVP_CTRL_PBE_PRF_NID:
229 *(int *)ptr = NID_hmacWithMD5; 238 *(int *)ptr = NID_hmacWithMD5;
@@ -232,7 +241,7 @@ static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
232 241
233 default: 242 default:
234 return -1; 243 return -1;
235 }
236 } 244 }
245}
237 246
238#endif 247#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_rc4.c b/src/lib/libssl/src/crypto/evp/e_rc4.c
index b4f6bda82d..f66885f70d 100644
--- a/src/lib/libssl/src/crypto/evp/e_rc4.c
+++ b/src/lib/libssl/src/crypto/evp/e_rc4.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -69,21 +69,20 @@
69/* FIXME: surely this is available elsewhere? */ 69/* FIXME: surely this is available elsewhere? */
70#define EVP_RC4_KEY_SIZE 16 70#define EVP_RC4_KEY_SIZE 16
71 71
72typedef struct 72typedef struct {
73 {
74 RC4_KEY ks; /* working key */ 73 RC4_KEY ks; /* working key */
75 } EVP_RC4_KEY; 74} EVP_RC4_KEY;
76 75
77#define data(ctx) ((EVP_RC4_KEY *)(ctx)->cipher_data) 76#define data(ctx) ((EVP_RC4_KEY *)(ctx)->cipher_data)
78 77
79static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 78static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
80 const unsigned char *iv,int enc); 79 const unsigned char *iv, int enc);
81static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 80static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
82 const unsigned char *in, size_t inl); 81 const unsigned char *in, size_t inl);
83static const EVP_CIPHER r4_cipher= 82
84 { 83static const EVP_CIPHER r4_cipher = {
85 NID_rc4, 84 NID_rc4,
86 1,EVP_RC4_KEY_SIZE,0, 85 1, EVP_RC4_KEY_SIZE, 0,
87 EVP_CIPH_VARIABLE_LENGTH, 86 EVP_CIPH_VARIABLE_LENGTH,
88 rc4_init_key, 87 rc4_init_key,
89 rc4_cipher, 88 rc4_cipher,
@@ -93,45 +92,47 @@ static const EVP_CIPHER r4_cipher=
93 NULL, 92 NULL,
94 NULL, 93 NULL,
95 NULL 94 NULL
96 }; 95};
97 96
98static const EVP_CIPHER r4_40_cipher= 97static const EVP_CIPHER r4_40_cipher = {
99 {
100 NID_rc4_40, 98 NID_rc4_40,
101 1,5 /* 40 bit */,0, 99 1, 5 /* 40 bit */, 0,
102 EVP_CIPH_VARIABLE_LENGTH, 100 EVP_CIPH_VARIABLE_LENGTH,
103 rc4_init_key, 101 rc4_init_key,
104 rc4_cipher, 102 rc4_cipher,
105 NULL, 103 NULL,
106 sizeof(EVP_RC4_KEY), 104 sizeof(EVP_RC4_KEY),
107 NULL, 105 NULL,
108 NULL, 106 NULL,
109 NULL, 107 NULL,
110 NULL 108 NULL
111 }; 109};
112 110
113const EVP_CIPHER *EVP_rc4(void) 111const EVP_CIPHER *
114 { 112EVP_rc4(void)
115 return(&r4_cipher); 113{
116 } 114 return (&r4_cipher);
115}
117 116
118const EVP_CIPHER *EVP_rc4_40(void) 117const EVP_CIPHER *
119 { 118EVP_rc4_40(void)
120 return(&r4_40_cipher); 119{
121 } 120 return (&r4_40_cipher);
121}
122 122
123static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 123static int
124 const unsigned char *iv, int enc) 124rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
125 { 125 const unsigned char *iv, int enc)
126 RC4_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx), 126{
127 key); 127 RC4_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key);
128 return 1; 128 return 1;
129 } 129}
130 130
131static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 131static int
132 const unsigned char *in, size_t inl) 132rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
133 { 133 const unsigned char *in, size_t inl)
134 RC4(&data(ctx)->ks,inl,in,out); 134{
135 RC4(&data(ctx)->ks, inl, in, out);
135 return 1; 136 return 1;
136 } 137}
137#endif 138#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_rc4_hmac_md5.c b/src/lib/libssl/src/crypto/evp/e_rc4_hmac_md5.c
index 56563191ba..d4655c56d9 100644
--- a/src/lib/libssl/src/crypto/evp/e_rc4_hmac_md5.c
+++ b/src/lib/libssl/src/crypto/evp/e_rc4_hmac_md5.c
@@ -68,37 +68,35 @@
68/* FIXME: surely this is available elsewhere? */ 68/* FIXME: surely this is available elsewhere? */
69#define EVP_RC4_KEY_SIZE 16 69#define EVP_RC4_KEY_SIZE 16
70 70
71typedef struct 71typedef struct {
72 { 72 RC4_KEY ks;
73 RC4_KEY ks; 73 MD5_CTX head, tail, md;
74 MD5_CTX head,tail,md; 74 size_t payload_length;
75 size_t payload_length; 75} EVP_RC4_HMAC_MD5;
76 } EVP_RC4_HMAC_MD5;
77 76
78#define NO_PAYLOAD_LENGTH ((size_t)-1) 77#define NO_PAYLOAD_LENGTH ((size_t)-1)
79 78
80void rc4_md5_enc (RC4_KEY *key, const void *in0, void *out, 79void rc4_md5_enc (RC4_KEY *key, const void *in0, void *out,
81 MD5_CTX *ctx,const void *inp,size_t blocks); 80 MD5_CTX *ctx, const void *inp, size_t blocks);
82 81
83#define data(ctx) ((EVP_RC4_HMAC_MD5 *)(ctx)->cipher_data) 82#define data(ctx) ((EVP_RC4_HMAC_MD5 *)(ctx)->cipher_data)
84 83
85static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx, 84static int
86 const unsigned char *inkey, 85rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *inkey,
87 const unsigned char *iv, int enc) 86 const unsigned char *iv, int enc)
88 { 87{
89 EVP_RC4_HMAC_MD5 *key = data(ctx); 88 EVP_RC4_HMAC_MD5 *key = data(ctx);
90 89
91 RC4_set_key(&key->ks,EVP_CIPHER_CTX_key_length(ctx), 90 RC4_set_key(&key->ks, EVP_CIPHER_CTX_key_length(ctx), inkey);
92 inkey);
93 91
94 MD5_Init(&key->head); /* handy when benchmarking */ 92 MD5_Init(&key->head); /* handy when benchmarking */
95 key->tail = key->head; 93 key->tail = key->head;
96 key->md = key->head; 94 key->md = key->head;
97 95
98 key->payload_length = NO_PAYLOAD_LENGTH; 96 key->payload_length = NO_PAYLOAD_LENGTH;
99 97
100 return 1; 98 return 1;
101 } 99}
102 100
103#if !defined(OPENSSL_NO_ASM) && ( \ 101#if !defined(OPENSSL_NO_ASM) && ( \
104 defined(__x86_64) || defined(__x86_64__) || \ 102 defined(__x86_64) || defined(__x86_64__) || \
@@ -113,173 +111,184 @@ static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx,
113#define md5_off 0 111#define md5_off 0
114#endif 112#endif
115 113
116static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 114static int
117 const unsigned char *in, size_t len) 115rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
118 { 116 const unsigned char *in, size_t len)
117{
119 EVP_RC4_HMAC_MD5 *key = data(ctx); 118 EVP_RC4_HMAC_MD5 *key = data(ctx);
120#if defined(STITCHED_CALL) 119#if defined(STITCHED_CALL)
121 size_t rc4_off = 32-1-(key->ks.x&(32-1)), /* 32 is $MOD from rc4_md5-x86_64.pl */ 120 size_t rc4_off = 32-1-(key->ks.x&(32-1)), /* 32 is $MOD from rc4_md5-x86_64.pl */
122 md5_off = MD5_CBLOCK-key->md.num, 121 md5_off = MD5_CBLOCK - key->md.num,
123 blocks; 122 blocks;
124 unsigned int l; 123 unsigned int l;
125 extern unsigned int OPENSSL_ia32cap_P[]; 124 extern unsigned int OPENSSL_ia32cap_P[];
126#endif 125#endif
127 size_t plen = key->payload_length; 126 size_t plen = key->payload_length;
128 127
129 if (plen!=NO_PAYLOAD_LENGTH && len!=(plen+MD5_DIGEST_LENGTH)) return 0; 128 if (plen != NO_PAYLOAD_LENGTH && len != (plen + MD5_DIGEST_LENGTH))
129 return 0;
130 130
131 if (ctx->encrypt) { 131 if (ctx->encrypt) {
132 if (plen==NO_PAYLOAD_LENGTH) plen = len; 132 if (plen == NO_PAYLOAD_LENGTH)
133 plen = len;
133#if defined(STITCHED_CALL) 134#if defined(STITCHED_CALL)
134 /* cipher has to "fall behind" */ 135 /* cipher has to "fall behind" */
135 if (rc4_off>md5_off) md5_off+=MD5_CBLOCK; 136 if (rc4_off > md5_off)
137 md5_off += MD5_CBLOCK;
136 138
137 if (plen>md5_off && (blocks=(plen-md5_off)/MD5_CBLOCK) && 139 if (plen > md5_off &&
138 (OPENSSL_ia32cap_P[0]&(1<<20))==0) { 140 (blocks = (plen - md5_off) / MD5_CBLOCK) &&
139 MD5_Update(&key->md,in,md5_off); 141 (OPENSSL_ia32cap_P[0]&(1 << 20)) == 0) {
140 RC4(&key->ks,rc4_off,in,out); 142 MD5_Update(&key->md, in, md5_off);
143 RC4(&key->ks, rc4_off, in, out);
141 144
142 rc4_md5_enc(&key->ks,in+rc4_off,out+rc4_off, 145 rc4_md5_enc(&key->ks, in + rc4_off, out + rc4_off,
143 &key->md,in+md5_off,blocks); 146 &key->md, in + md5_off, blocks);
144 blocks *= MD5_CBLOCK; 147 blocks *= MD5_CBLOCK;
145 rc4_off += blocks; 148 rc4_off += blocks;
146 md5_off += blocks; 149 md5_off += blocks;
147 key->md.Nh += blocks>>29; 150 key->md.Nh += blocks >> 29;
148 key->md.Nl += blocks<<=3; 151 key->md.Nl += blocks <<= 3;
149 if (key->md.Nl<(unsigned int)blocks) key->md.Nh++; 152 if (key->md.Nl < (unsigned int)blocks)
153 key->md.Nh++;
150 } else { 154 } else {
151 rc4_off = 0; 155 rc4_off = 0;
152 md5_off = 0; 156 md5_off = 0;
153 } 157 }
154#endif 158#endif
155 MD5_Update(&key->md,in+md5_off,plen-md5_off); 159 MD5_Update(&key->md, in + md5_off, plen - md5_off);
156 160
157 if (plen!=len) { /* "TLS" mode of operation */ 161 if (plen!=len) { /* "TLS" mode of operation */
158 if (in!=out) 162 if (in != out)
159 memcpy(out+rc4_off,in+rc4_off,plen-rc4_off); 163 memcpy(out + rc4_off, in + rc4_off,
164 plen - rc4_off);
160 165
161 /* calculate HMAC and append it to payload */ 166 /* calculate HMAC and append it to payload */
162 MD5_Final(out+plen,&key->md); 167 MD5_Final(out + plen, &key->md);
163 key->md = key->tail; 168 key->md = key->tail;
164 MD5_Update(&key->md,out+plen,MD5_DIGEST_LENGTH); 169 MD5_Update(&key->md, out + plen, MD5_DIGEST_LENGTH);
165 MD5_Final(out+plen,&key->md); 170 MD5_Final(out + plen, &key->md);
171
166 /* encrypt HMAC at once */ 172 /* encrypt HMAC at once */
167 RC4(&key->ks,len-rc4_off,out+rc4_off,out+rc4_off); 173 RC4(&key->ks, len - rc4_off, out + rc4_off,
174 out + rc4_off);
168 } else { 175 } else {
169 RC4(&key->ks,len-rc4_off,in+rc4_off,out+rc4_off); 176 RC4(&key->ks, len - rc4_off, in + rc4_off,
177 out + rc4_off);
170 } 178 }
171 } else { 179 } else {
172 unsigned char mac[MD5_DIGEST_LENGTH]; 180 unsigned char mac[MD5_DIGEST_LENGTH];
173#if defined(STITCHED_CALL) 181#if defined(STITCHED_CALL)
174 /* digest has to "fall behind" */ 182 /* digest has to "fall behind" */
175 if (md5_off>rc4_off) rc4_off += 2*MD5_CBLOCK; 183 if (md5_off > rc4_off)
176 else rc4_off += MD5_CBLOCK; 184 rc4_off += 2*MD5_CBLOCK;
177 185 else
178 if (len>rc4_off && (blocks=(len-rc4_off)/MD5_CBLOCK) && 186 rc4_off += MD5_CBLOCK;
179 (OPENSSL_ia32cap_P[0]&(1<<20))==0) { 187
180 RC4(&key->ks,rc4_off,in,out); 188 if (len > rc4_off && (blocks = (len - rc4_off) / MD5_CBLOCK) &&
181 MD5_Update(&key->md,out,md5_off); 189 (OPENSSL_ia32cap_P[0] & (1 << 20)) == 0) {
182 190 RC4(&key->ks, rc4_off, in, out);
183 rc4_md5_enc(&key->ks,in+rc4_off,out+rc4_off, 191 MD5_Update(&key->md, out, md5_off);
184 &key->md,out+md5_off,blocks); 192
193 rc4_md5_enc(&key->ks, in + rc4_off, out + rc4_off,
194 &key->md, out + md5_off, blocks);
185 blocks *= MD5_CBLOCK; 195 blocks *= MD5_CBLOCK;
186 rc4_off += blocks; 196 rc4_off += blocks;
187 md5_off += blocks; 197 md5_off += blocks;
188 l = (key->md.Nl+(blocks<<3))&0xffffffffU; 198 l = (key->md.Nl + (blocks << 3)) & 0xffffffffU;
189 if (l<key->md.Nl) key->md.Nh++; 199 if (l < key->md.Nl)
190 key->md.Nl = l; 200 key->md.Nh++;
191 key->md.Nh += blocks>>29; 201 key->md.Nl = l;
202 key->md.Nh += blocks >> 29;
192 } else { 203 } else {
193 md5_off=0; 204 md5_off = 0;
194 rc4_off=0; 205 rc4_off = 0;
195 } 206 }
196#endif 207#endif
197 /* decrypt HMAC at once */ 208 /* decrypt HMAC at once */
198 RC4(&key->ks,len-rc4_off,in+rc4_off,out+rc4_off); 209 RC4(&key->ks, len - rc4_off, in + rc4_off, out + rc4_off);
199 if (plen!=NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */ 210 if (plen!=NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */
200 MD5_Update(&key->md,out+md5_off,plen-md5_off); 211 MD5_Update(&key->md, out + md5_off, plen - md5_off);
201 212
202 /* calculate HMAC and verify it */ 213 /* calculate HMAC and verify it */
203 MD5_Final(mac,&key->md); 214 MD5_Final(mac, &key->md);
204 key->md = key->tail; 215 key->md = key->tail;
205 MD5_Update(&key->md,mac,MD5_DIGEST_LENGTH); 216 MD5_Update(&key->md, mac, MD5_DIGEST_LENGTH);
206 MD5_Final(mac,&key->md); 217 MD5_Final(mac, &key->md);
207 218
208 if (memcmp(out+plen,mac,MD5_DIGEST_LENGTH)) 219 if (memcmp(out + plen, mac, MD5_DIGEST_LENGTH))
209 return 0; 220 return 0;
210 } else { 221 } else {
211 MD5_Update(&key->md,out+md5_off,len-md5_off); 222 MD5_Update(&key->md, out + md5_off, len - md5_off);
212 } 223 }
213 } 224 }
214 225
215 key->payload_length = NO_PAYLOAD_LENGTH; 226 key->payload_length = NO_PAYLOAD_LENGTH;
216 227
217 return 1; 228 return 1;
218 } 229}
219 230
220static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) 231static int
221 { 232rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
233{
222 EVP_RC4_HMAC_MD5 *key = data(ctx); 234 EVP_RC4_HMAC_MD5 *key = data(ctx);
223 235
224 switch (type) 236 switch (type) {
225 {
226 case EVP_CTRL_AEAD_SET_MAC_KEY: 237 case EVP_CTRL_AEAD_SET_MAC_KEY:
227 { 238 {
228 unsigned int i; 239 unsigned int i;
229 unsigned char hmac_key[64]; 240 unsigned char hmac_key[64];
230 241
231 memset (hmac_key,0,sizeof(hmac_key)); 242 memset (hmac_key, 0, sizeof(hmac_key));
232 243
233 if (arg > (int)sizeof(hmac_key)) { 244 if (arg > (int)sizeof(hmac_key)) {
234 MD5_Init(&key->head); 245 MD5_Init(&key->head);
235 MD5_Update(&key->head,ptr,arg); 246 MD5_Update(&key->head, ptr, arg);
236 MD5_Final(hmac_key,&key->head); 247 MD5_Final(hmac_key, &key->head);
237 } else { 248 } else {
238 memcpy(hmac_key,ptr,arg); 249 memcpy(hmac_key, ptr, arg);
239 } 250 }
240 251
241 for (i=0;i<sizeof(hmac_key);i++) 252 for (i = 0; i < sizeof(hmac_key); i++)
242 hmac_key[i] ^= 0x36; /* ipad */ 253 hmac_key[i] ^= 0x36; /* ipad */
243 MD5_Init(&key->head); 254 MD5_Init(&key->head);
244 MD5_Update(&key->head,hmac_key,sizeof(hmac_key)); 255 MD5_Update(&key->head, hmac_key, sizeof(hmac_key));
245 256
246 for (i=0;i<sizeof(hmac_key);i++) 257 for (i = 0; i < sizeof(hmac_key); i++)
247 hmac_key[i] ^= 0x36^0x5c; /* opad */ 258 hmac_key[i] ^= 0x36 ^ 0x5c; /* opad */
248 MD5_Init(&key->tail); 259 MD5_Init(&key->tail);
249 MD5_Update(&key->tail,hmac_key,sizeof(hmac_key)); 260 MD5_Update(&key->tail, hmac_key, sizeof(hmac_key));
250 261
251 return 1; 262 return 1;
252 } 263 }
253 case EVP_CTRL_AEAD_TLS1_AAD: 264 case EVP_CTRL_AEAD_TLS1_AAD:
254 { 265 {
255 unsigned char *p=ptr; 266 unsigned char *p = ptr;
256 unsigned int len=p[arg-2]<<8|p[arg-1]; 267 unsigned int len = p[arg - 2] << 8 | p[arg - 1];
257 268
258 if (!ctx->encrypt) 269 if (!ctx->encrypt) {
259 { 270 len -= MD5_DIGEST_LENGTH;
260 len -= MD5_DIGEST_LENGTH; 271 p[arg - 2] = len >> 8;
261 p[arg-2] = len>>8; 272 p[arg - 1] = len;
262 p[arg-1] = len;
263 } 273 }
264 key->payload_length=len; 274 key->payload_length = len;
265 key->md = key->head; 275 key->md = key->head;
266 MD5_Update(&key->md,p,arg); 276 MD5_Update(&key->md, p, arg);
267 277
268 return MD5_DIGEST_LENGTH; 278 return MD5_DIGEST_LENGTH;
269 } 279 }
270 default: 280 default:
271 return -1; 281 return -1;
272 }
273 } 282 }
283}
274 284
275static EVP_CIPHER r4_hmac_md5_cipher= 285static EVP_CIPHER r4_hmac_md5_cipher = {
276 {
277#ifdef NID_rc4_hmac_md5 286#ifdef NID_rc4_hmac_md5
278 NID_rc4_hmac_md5, 287 NID_rc4_hmac_md5,
279#else 288#else
280 NID_undef, 289 NID_undef,
281#endif 290#endif
282 1,EVP_RC4_KEY_SIZE,0, 291 1, EVP_RC4_KEY_SIZE, 0,
283 EVP_CIPH_STREAM_CIPHER|EVP_CIPH_VARIABLE_LENGTH|EVP_CIPH_FLAG_AEAD_CIPHER, 292 EVP_CIPH_STREAM_CIPHER|EVP_CIPH_VARIABLE_LENGTH|EVP_CIPH_FLAG_AEAD_CIPHER,
284 rc4_hmac_md5_init_key, 293 rc4_hmac_md5_init_key,
285 rc4_hmac_md5_cipher, 294 rc4_hmac_md5_cipher,
@@ -289,10 +298,11 @@ static EVP_CIPHER r4_hmac_md5_cipher=
289 NULL, 298 NULL,
290 rc4_hmac_md5_ctrl, 299 rc4_hmac_md5_ctrl,
291 NULL 300 NULL
292 }; 301};
293 302
294const EVP_CIPHER *EVP_rc4_hmac_md5(void) 303const EVP_CIPHER *
295 { 304EVP_rc4_hmac_md5(void)
296 return(&r4_hmac_md5_cipher); 305{
297 } 306 return (&r4_hmac_md5_cipher);
307}
298#endif 308#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_rc5.c b/src/lib/libssl/src/crypto/evp/e_rc5.c
index 19a10c6402..efbd03735e 100644
--- a/src/lib/libssl/src/crypto/evp/e_rc5.c
+++ b/src/lib/libssl/src/crypto/evp/e_rc5.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -67,27 +67,26 @@
67#include <openssl/rc5.h> 67#include <openssl/rc5.h>
68 68
69static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 69static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
70 const unsigned char *iv,int enc); 70 const unsigned char *iv, int enc);
71static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); 71static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
72 72
73typedef struct 73typedef struct {
74 {
75 int rounds; /* number of rounds */ 74 int rounds; /* number of rounds */
76 RC5_32_KEY ks; /* key schedule */ 75 RC5_32_KEY ks; /* key schedule */
77 } EVP_RC5_KEY; 76} EVP_RC5_KEY;
78 77
79#define data(ctx) EVP_C_DATA(EVP_RC5_KEY,ctx) 78#define data(ctx) EVP_C_DATA(EVP_RC5_KEY,ctx)
80 79
81IMPLEMENT_BLOCK_CIPHER(rc5_32_12_16, ks, RC5_32, EVP_RC5_KEY, NID_rc5, 80IMPLEMENT_BLOCK_CIPHER(rc5_32_12_16, ks, RC5_32, EVP_RC5_KEY, NID_rc5,
82 8, RC5_32_KEY_LENGTH, 8, 64, 81 8, RC5_32_KEY_LENGTH, 8, 64,
83 EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, 82 EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
84 r_32_12_16_init_key, NULL, 83 r_32_12_16_init_key, NULL,
85 NULL, NULL, rc5_ctrl) 84 NULL, NULL, rc5_ctrl)
86 85
87static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) 86static int
88 { 87rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
89 switch(type) 88{
90 { 89 switch (type) {
91 case EVP_CTRL_INIT: 90 case EVP_CTRL_INIT:
92 data(c)->rounds = RC5_12_ROUNDS; 91 data(c)->rounds = RC5_12_ROUNDS;
93 return 1; 92 return 1;
@@ -95,10 +94,9 @@ static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
95 case EVP_CTRL_GET_RC5_ROUNDS: 94 case EVP_CTRL_GET_RC5_ROUNDS:
96 *(int *)ptr = data(c)->rounds; 95 *(int *)ptr = data(c)->rounds;
97 return 1; 96 return 1;
98 97
99 case EVP_CTRL_SET_RC5_ROUNDS: 98 case EVP_CTRL_SET_RC5_ROUNDS:
100 switch(arg) 99 switch (arg) {
101 {
102 case RC5_8_ROUNDS: 100 case RC5_8_ROUNDS:
103 case RC5_12_ROUNDS: 101 case RC5_12_ROUNDS:
104 case RC5_16_ROUNDS: 102 case RC5_16_ROUNDS:
@@ -106,21 +104,23 @@ static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
106 return 1; 104 return 1;
107 105
108 default: 106 default:
109 EVPerr(EVP_F_RC5_CTRL, EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS); 107 EVPerr(EVP_F_RC5_CTRL,
108 EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS);
110 return 0; 109 return 0;
111 } 110 }
112 111
113 default: 112 default:
114 return -1; 113 return -1;
115 }
116 } 114 }
115}
117 116
118static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 117static int
119 const unsigned char *iv, int enc) 118r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
120 { 119 const unsigned char *iv, int enc)
121 RC5_32_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx), 120{
122 key,data(ctx)->rounds); 121 RC5_32_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key,
122 data(ctx)->rounds);
123 return 1; 123 return 1;
124 } 124}
125 125
126#endif 126#endif
diff --git a/src/lib/libssl/src/crypto/evp/e_xcbc_d.c b/src/lib/libssl/src/crypto/evp/e_xcbc_d.c
index 250e88c8c5..7313e4d225 100644
--- a/src/lib/libssl/src/crypto/evp/e_xcbc_d.c
+++ b/src/lib/libssl/src/crypto/evp/e_xcbc_d.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -67,24 +67,22 @@
67#include <openssl/des.h> 67#include <openssl/des.h>
68 68
69static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 69static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
70 const unsigned char *iv,int enc); 70 const unsigned char *iv, int enc);
71static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 71static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
72 const unsigned char *in, size_t inl); 72 const unsigned char *in, size_t inl);
73 73
74 74
75typedef struct 75typedef struct {
76 { 76 DES_key_schedule ks;/* key schedule */
77 DES_key_schedule ks;/* key schedule */ 77 DES_cblock inw;
78 DES_cblock inw; 78 DES_cblock outw;
79 DES_cblock outw; 79} DESX_CBC_KEY;
80 } DESX_CBC_KEY;
81 80
82#define data(ctx) ((DESX_CBC_KEY *)(ctx)->cipher_data) 81#define data(ctx) ((DESX_CBC_KEY *)(ctx)->cipher_data)
83 82
84static const EVP_CIPHER d_xcbc_cipher= 83static const EVP_CIPHER d_xcbc_cipher = {
85 {
86 NID_desx_cbc, 84 NID_desx_cbc,
87 8,24,8, 85 8, 24, 8,
88 EVP_CIPH_CBC_MODE, 86 EVP_CIPH_CBC_MODE,
89 desx_cbc_init_key, 87 desx_cbc_init_key,
90 desx_cbc_cipher, 88 desx_cbc_cipher,
@@ -94,45 +92,43 @@ static const EVP_CIPHER d_xcbc_cipher=
94 EVP_CIPHER_get_asn1_iv, 92 EVP_CIPHER_get_asn1_iv,
95 NULL, 93 NULL,
96 NULL 94 NULL
97 }; 95};
98 96
99const EVP_CIPHER *EVP_desx_cbc(void) 97const EVP_CIPHER *
100 { 98EVP_desx_cbc(void)
101 return(&d_xcbc_cipher); 99{
102 } 100 return (&d_xcbc_cipher);
103 101}
104static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 102
105 const unsigned char *iv, int enc) 103static int
106 { 104desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
105 const unsigned char *iv, int enc)
106{
107 DES_cblock *deskey = (DES_cblock *)key; 107 DES_cblock *deskey = (DES_cblock *)key;
108 108
109 DES_set_key_unchecked(deskey,&data(ctx)->ks); 109 DES_set_key_unchecked(deskey, &data(ctx)->ks);
110 memcpy(&data(ctx)->inw[0],&key[8],8); 110 memcpy(&data(ctx)->inw[0], &key[8], 8);
111 memcpy(&data(ctx)->outw[0],&key[16],8); 111 memcpy(&data(ctx)->outw[0], &key[16], 8);
112 112
113 return 1; 113 return 1;
114 } 114}
115 115
116static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 116static int
117 const unsigned char *in, size_t inl) 117desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
118 { 118 const unsigned char *in, size_t inl)
119 while (inl>=EVP_MAXCHUNK) 119{
120 { 120 while (inl >= EVP_MAXCHUNK) {
121 DES_xcbc_encrypt(in,out,(long)EVP_MAXCHUNK,&data(ctx)->ks, 121 DES_xcbc_encrypt(in, out, (long)EVP_MAXCHUNK, &data(ctx)->ks,
122 (DES_cblock *)&(ctx->iv[0]), 122 (DES_cblock *)&(ctx->iv[0]), &data(ctx)->inw,
123 &data(ctx)->inw, 123 &data(ctx)->outw, ctx->encrypt);
124 &data(ctx)->outw, 124 inl -= EVP_MAXCHUNK;
125 ctx->encrypt); 125 in += EVP_MAXCHUNK;
126 inl-=EVP_MAXCHUNK; 126 out += EVP_MAXCHUNK;
127 in +=EVP_MAXCHUNK; 127 }
128 out+=EVP_MAXCHUNK;
129 }
130 if (inl) 128 if (inl)
131 DES_xcbc_encrypt(in,out,(long)inl,&data(ctx)->ks, 129 DES_xcbc_encrypt(in, out, (long)inl, &data(ctx)->ks,
132 (DES_cblock *)&(ctx->iv[0]), 130 (DES_cblock *)&(ctx->iv[0]), &data(ctx)->inw,
133 &data(ctx)->inw, 131 &data(ctx)->outw, ctx->encrypt);
134 &data(ctx)->outw,
135 ctx->encrypt);
136 return 1; 132 return 1;
137 } 133}
138#endif 134#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-25 23:17:07 +0000