1 files changed, 23 insertions, 22 deletions
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index 72d1991ce2..23710a5a9b 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_aes.c,v 1.64 2025/05/18 11:07:45 jsing Exp $ */
+/* $OpenBSD: e_aes.c,v 1.65 2025/05/18 11:11:12 jsing Exp $ */
 /* ====================================================================
 * Copyright (c) 2001-2011 The OpenSSL Project.  All rights reserved.
 *
@@ -68,9 +68,6 @@
 typedef struct {
        AES_KEY ks;
        block128_f block;
-        union {
-                ctr128_f ctr;
-        } stream;
 } EVP_AES_KEY;
 typedef struct {
@@ -169,8 +166,6 @@ aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
        int ret, mode;
        EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
-        dat->stream.ctr = NULL;
        mode = ctx->cipher->flags & EVP_CIPH_MODE;
        if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) &&
@@ -182,8 +177,6 @@ aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                ret = aesni_set_encrypt_key(key, ctx->key_len * 8,
                    ctx->cipher_data);
                dat->block = (block128_f)aesni_encrypt;
-                if (mode == EVP_CIPH_CTR_MODE)
-                        dat->stream.ctr = (ctr128_f)aesni_ctr32_encrypt_blocks;
        }
        if (ret < 0) {
@@ -205,6 +198,21 @@ aesni_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 }
 static int
+aesni_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+    const unsigned char *in, size_t len)
+{
+        EVP_AES_KEY *eak = ctx->cipher_data;
+        unsigned int num = ctx->num;
+        CRYPTO_ctr128_encrypt_ctr32(in, out, len, &eak->ks, ctx->iv, ctx->buf,
+            &num, aesni_ctr32_encrypt_blocks);
+        ctx->num = (size_t)num;
+        return 1;
+}
+static int
 aesni_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
    const unsigned char *in, size_t len)
 {
@@ -313,7 +321,6 @@ aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
        }
        return 1;
 }
 #endif
 static int
@@ -323,8 +330,6 @@ aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
        int ret, mode;
        EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
-        dat->stream.ctr = NULL;
        mode = ctx->cipher->flags & EVP_CIPH_MODE;
        if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) && !enc) {
@@ -455,20 +460,16 @@ static int
 aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
    const unsigned char *in, size_t len)
 {
+        EVP_AES_KEY *eak = ctx->cipher_data;
        unsigned int num = ctx->num;
-        EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
-        if (dat->stream.ctr)
+        AES_ctr128_encrypt(in, out, len, &eak->ks, ctx->iv, ctx->buf, &num);
-                CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks,
-                    ctx->iv, ctx->buf, &num, dat->stream.ctr);
-        else
-                CRYPTO_ctr128_encrypt(in, out, len, &dat->ks,
-                    ctx->iv, ctx->buf, &num, dat->block);
        ctx->num = (size_t)num;
        return 1;
 }
 #ifdef AESNI_CAPABLE
 static const EVP_CIPHER aesni_128_cbc = {
        .nid = NID_aes_128_cbc,
@@ -687,7 +688,7 @@ static const EVP_CIPHER aesni_128_ctr = {
        .iv_len = 16,
        .flags = EVP_CIPH_CTR_MODE,
        .init = aesni_init_key,
-        .do_cipher = aes_ctr_cipher,
+        .do_cipher = aesni_ctr_cipher,
        .ctx_size = sizeof(EVP_AES_KEY),
 };
 #endif
@@ -933,7 +934,7 @@ static const EVP_CIPHER aesni_192_ctr = {
        .iv_len = 16,
        .flags = EVP_CIPH_CTR_MODE,
        .init = aesni_init_key,
-        .do_cipher = aes_ctr_cipher,
+        .do_cipher = aesni_ctr_cipher,
        .ctx_size = sizeof(EVP_AES_KEY),
 };
 #endif
@@ -1179,7 +1180,7 @@ static const EVP_CIPHER aesni_256_ctr = {
        .iv_len = 16,
        .flags = EVP_CIPH_CTR_MODE,
        .init = aesni_init_key,
-        .do_cipher = aes_ctr_cipher,
+        .do_cipher = aesni_ctr_cipher,
        .ctx_size = sizeof(EVP_AES_KEY),
 };
 #endif

diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c index 72d1991ce2..23710a5a9b 100644 --- a/src/lib/libcrypto/evp/e_aes.c +++ b/src/lib/libcrypto/evp/e_aes.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: e_aes.c,v 1.64 2025/05/18 11:07:45 jsing Exp $ */	1	/* $OpenBSD: e_aes.c,v 1.65 2025/05/18 11:11:12 jsing Exp $ */
2	/* ====================================================================	2	/* ====================================================================
3	* Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.	3	* Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.
4	*	4	*
@@ -68,9 +68,6 @@
68	typedef struct {	68	typedef struct {
69	AES_KEY ks;	69	AES_KEY ks;
70	block128_f block;	70	block128_f block;
71	union {
72	ctr128_f ctr;
73	} stream;
74	} EVP_AES_KEY;	71	} EVP_AES_KEY;
75		72
76	typedef struct {	73	typedef struct {
@@ -169,8 +166,6 @@ aesni_init_key(EVP_CIPHER_CTX ctx, const unsigned char key,
169	int ret, mode;	166	int ret, mode;
170	EVP_AES_KEY dat = (EVP_AES_KEY )ctx->cipher_data;	167	EVP_AES_KEY dat = (EVP_AES_KEY )ctx->cipher_data;
171		168
172	dat->stream.ctr = NULL;
173
174	mode = ctx->cipher->flags & EVP_CIPH_MODE;	169	mode = ctx->cipher->flags & EVP_CIPH_MODE;
175		170
176	if ((mode == EVP_CIPH_ECB_MODE \|\| mode == EVP_CIPH_CBC_MODE) &&	171	if ((mode == EVP_CIPH_ECB_MODE \|\| mode == EVP_CIPH_CBC_MODE) &&
@@ -182,8 +177,6 @@ aesni_init_key(EVP_CIPHER_CTX ctx, const unsigned char key,
182	ret = aesni_set_encrypt_key(key, ctx->key_len * 8,	177	ret = aesni_set_encrypt_key(key, ctx->key_len * 8,
183	ctx->cipher_data);	178	ctx->cipher_data);
184	dat->block = (block128_f)aesni_encrypt;	179	dat->block = (block128_f)aesni_encrypt;
185	if (mode == EVP_CIPH_CTR_MODE)
186	dat->stream.ctr = (ctr128_f)aesni_ctr32_encrypt_blocks;
187	}	180	}
188		181
189	if (ret < 0) {	182	if (ret < 0) {
@@ -205,6 +198,21 @@ aesni_cbc_cipher(EVP_CIPHER_CTX ctx, unsigned char out,
205	}	198	}
206		199
207	static int	200	static int
		201	aesni_ctr_cipher(EVP_CIPHER_CTX ctx, unsigned char out,
		202	const unsigned char *in, size_t len)
		203	{
		204	EVP_AES_KEY *eak = ctx->cipher_data;
		205	unsigned int num = ctx->num;
		206
		207	CRYPTO_ctr128_encrypt_ctr32(in, out, len, &eak->ks, ctx->iv, ctx->buf,
		208	&num, aesni_ctr32_encrypt_blocks);
		209
		210	ctx->num = (size_t)num;
		211
		212	return 1;
		213	}
		214
		215	static int
208	aesni_ecb_cipher(EVP_CIPHER_CTX ctx, unsigned char out,	216	aesni_ecb_cipher(EVP_CIPHER_CTX ctx, unsigned char out,
209	const unsigned char *in, size_t len)	217	const unsigned char *in, size_t len)
210	{	218	{
@@ -313,7 +321,6 @@ aesni_ccm_init_key(EVP_CIPHER_CTX ctx, const unsigned char key,
313	}	321	}
314	return 1;	322	return 1;
315	}	323	}
316
317	#endif	324	#endif
318		325
319	static int	326	static int
@@ -323,8 +330,6 @@ aes_init_key(EVP_CIPHER_CTX ctx, const unsigned char key,
323	int ret, mode;	330	int ret, mode;
324	EVP_AES_KEY dat = (EVP_AES_KEY )ctx->cipher_data;	331	EVP_AES_KEY dat = (EVP_AES_KEY )ctx->cipher_data;
325		332
326	dat->stream.ctr = NULL;
327
328	mode = ctx->cipher->flags & EVP_CIPH_MODE;	333	mode = ctx->cipher->flags & EVP_CIPH_MODE;
329		334
330	if ((mode == EVP_CIPH_ECB_MODE \|\| mode == EVP_CIPH_CBC_MODE) && !enc) {	335	if ((mode == EVP_CIPH_ECB_MODE \|\| mode == EVP_CIPH_CBC_MODE) && !enc) {
@@ -455,20 +460,16 @@ static int
455	aes_ctr_cipher(EVP_CIPHER_CTX ctx, unsigned char out,	460	aes_ctr_cipher(EVP_CIPHER_CTX ctx, unsigned char out,
456	const unsigned char *in, size_t len)	461	const unsigned char *in, size_t len)
457	{	462	{
		463	EVP_AES_KEY *eak = ctx->cipher_data;
458	unsigned int num = ctx->num;	464	unsigned int num = ctx->num;
459	EVP_AES_KEY dat = (EVP_AES_KEY )ctx->cipher_data;
460		465
461	if (dat->stream.ctr)	466	AES_ctr128_encrypt(in, out, len, &eak->ks, ctx->iv, ctx->buf, &num);
462	CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks,	467
463	ctx->iv, ctx->buf, &num, dat->stream.ctr);
464	else
465	CRYPTO_ctr128_encrypt(in, out, len, &dat->ks,
466	ctx->iv, ctx->buf, &num, dat->block);
467	ctx->num = (size_t)num;	468	ctx->num = (size_t)num;
		469
468	return 1;	470	return 1;
469	}	471	}
470		472
471
472	#ifdef AESNI_CAPABLE	473	#ifdef AESNI_CAPABLE
473	static const EVP_CIPHER aesni_128_cbc = {	474	static const EVP_CIPHER aesni_128_cbc = {
474	.nid = NID_aes_128_cbc,	475	.nid = NID_aes_128_cbc,
@@ -687,7 +688,7 @@ static const EVP_CIPHER aesni_128_ctr = {
687	.iv_len = 16,	688	.iv_len = 16,
688	.flags = EVP_CIPH_CTR_MODE,	689	.flags = EVP_CIPH_CTR_MODE,
689	.init = aesni_init_key,	690	.init = aesni_init_key,
690	.do_cipher = aes_ctr_cipher,	691	.do_cipher = aesni_ctr_cipher,
691	.ctx_size = sizeof(EVP_AES_KEY),	692	.ctx_size = sizeof(EVP_AES_KEY),
692	};	693	};
693	#endif	694	#endif
@@ -933,7 +934,7 @@ static const EVP_CIPHER aesni_192_ctr = {
933	.iv_len = 16,	934	.iv_len = 16,
934	.flags = EVP_CIPH_CTR_MODE,	935	.flags = EVP_CIPH_CTR_MODE,
935	.init = aesni_init_key,	936	.init = aesni_init_key,
936	.do_cipher = aes_ctr_cipher,	937	.do_cipher = aesni_ctr_cipher,
937	.ctx_size = sizeof(EVP_AES_KEY),	938	.ctx_size = sizeof(EVP_AES_KEY),
938	};	939	};
939	#endif	940	#endif
@@ -1179,7 +1180,7 @@ static const EVP_CIPHER aesni_256_ctr = {
1179	.iv_len = 16,	1180	.iv_len = 16,
1180	.flags = EVP_CIPH_CTR_MODE,	1181	.flags = EVP_CIPH_CTR_MODE,
1181	.init = aesni_init_key,	1182	.init = aesni_init_key,
1182	.do_cipher = aes_ctr_cipher,	1183	.do_cipher = aesni_ctr_cipher,
1183	.ctx_size = sizeof(EVP_AES_KEY),	1184	.ctx_size = sizeof(EVP_AES_KEY),
1184	};	1185	};
1185	#endif	1186	#endif