1 files changed, 69 insertions, 1 deletions
diff --git a/src/lib/libcrypto/aes/aes.c b/src/lib/libcrypto/aes/aes.c
index cbfb548b3b..33e6273268 100644
--- a/src/lib/libcrypto/aes/aes.c
+++ b/src/lib/libcrypto/aes/aes.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: aes.c,v 1.12 2025/07/20 08:55:49 jsing Exp $ */
+/* $OpenBSD: aes.c,v 1.13 2025/07/21 10:24:23 jsing Exp $ */
 /* ====================================================================
 * Copyright (c) 2002-2006 The OpenSSL Project.  All rights reserved.
 *
@@ -173,6 +173,74 @@ AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, size_t length,
 LCRYPTO_ALIAS(AES_cfb8_encrypt);
 void
+aes_ccm64_encrypt_generic(const unsigned char *in, unsigned char *out,
+    size_t blocks, const void *key, const unsigned char ivec[16],
+    unsigned char cmac[16], int encrypt)
+{
+        uint8_t iv[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE];
+        uint8_t in_mask;
+        uint64_t ctr;
+        int i;
+        in_mask = 0 - (encrypt != 0);
+        memcpy(iv, ivec, sizeof(iv));
+        ctr = crypto_load_be64toh(&iv[8]);
+        while (blocks > 0) {
+                crypto_store_htobe64(&iv[8], ctr);
+                aes_encrypt_internal(iv, buf, key);
+                ctr++;
+                for (i = 0; i < 16; i++) {
+                        out[i] = in[i] ^ buf[i];
+                        cmac[i] ^= (in[i] & in_mask) | (out[i] & ~in_mask);
+                }
+                aes_encrypt_internal(cmac, cmac, key);
+                in += 16;
+                out += 16;
+                blocks--;
+        }
+        explicit_bzero(buf, sizeof(buf));
+        explicit_bzero(iv, sizeof(iv));
+}
+#ifdef HAVE_AES_CCM64_ENCRYPT_INTERNAL
+void aes_ccm64_encrypt_internal(const unsigned char *in, unsigned char *out,
+    size_t blocks, const void *key, const unsigned char ivec[16],
+    unsigned char cmac[16], int encrypt);
+#else
+static inline void
+aes_ccm64_encrypt_internal(const unsigned char *in, unsigned char *out,
+    size_t blocks, const void *key, const unsigned char ivec[16],
+    unsigned char cmac[16], int encrypt)
+{
+        aes_ccm64_encrypt_generic(in, out, blocks, key, ivec, cmac, encrypt);
+}
+#endif
+void
+aes_ccm64_encrypt_ccm128f(const unsigned char *in, unsigned char *out,
+    size_t blocks, const void *key, const unsigned char ivec[16],
+    unsigned char cmac[16])
+{
+        aes_ccm64_encrypt_internal(in, out, blocks, key, ivec, cmac, 1);
+}
+void
+aes_ccm64_decrypt_ccm128f(const unsigned char *in, unsigned char *out,
+    size_t blocks, const void *key, const unsigned char ivec[16],
+    unsigned char cmac[16])
+{
+        aes_ccm64_encrypt_internal(in, out, blocks, key, ivec, cmac, 0);
+}
+void
 aes_ctr32_encrypt_generic(const unsigned char *in, unsigned char *out,
    size_t blocks, const AES_KEY *key, const unsigned char ivec[AES_BLOCK_SIZE])
 {

diff --git a/src/lib/libcrypto/aes/aes.c b/src/lib/libcrypto/aes/aes.c index cbfb548b3b..33e6273268 100644 --- a/src/lib/libcrypto/aes/aes.c +++ b/src/lib/libcrypto/aes/aes.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: aes.c,v 1.12 2025/07/20 08:55:49 jsing Exp $ */	1	/* $OpenBSD: aes.c,v 1.13 2025/07/21 10:24:23 jsing Exp $ */
2	/* ====================================================================	2	/* ====================================================================
3	* Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved.	3	* Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved.
4	*	4	*
@@ -173,6 +173,74 @@ AES_cfb8_encrypt(const unsigned char in, unsigned char out, size_t length,
173	LCRYPTO_ALIAS(AES_cfb8_encrypt);	173	LCRYPTO_ALIAS(AES_cfb8_encrypt);
174		174
175	void	175	void
		176	aes_ccm64_encrypt_generic(const unsigned char in, unsigned char out,
		177	size_t blocks, const void *key, const unsigned char ivec[16],
		178	unsigned char cmac[16], int encrypt)
		179	{
		180	uint8_t iv[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE];
		181	uint8_t in_mask;
		182	uint64_t ctr;
		183	int i;
		184
		185	in_mask = 0 - (encrypt != 0);
		186
		187	memcpy(iv, ivec, sizeof(iv));
		188
		189	ctr = crypto_load_be64toh(&iv[8]);
		190
		191	while (blocks > 0) {
		192	crypto_store_htobe64(&iv[8], ctr);
		193	aes_encrypt_internal(iv, buf, key);
		194	ctr++;
		195
		196	for (i = 0; i < 16; i++) {
		197	out[i] = in[i] ^ buf[i];
		198	cmac[i] ^= (in[i] & in_mask) \| (out[i] & ~in_mask);
		199	}
		200
		201	aes_encrypt_internal(cmac, cmac, key);
		202
		203	in += 16;
		204	out += 16;
		205	blocks--;
		206	}
		207
		208	explicit_bzero(buf, sizeof(buf));
		209	explicit_bzero(iv, sizeof(iv));
		210	}
		211
		212	#ifdef HAVE_AES_CCM64_ENCRYPT_INTERNAL
		213	void aes_ccm64_encrypt_internal(const unsigned char in, unsigned char out,
		214	size_t blocks, const void *key, const unsigned char ivec[16],
		215	unsigned char cmac[16], int encrypt);
		216
		217	#else
		218	static inline void
		219	aes_ccm64_encrypt_internal(const unsigned char in, unsigned char out,
		220	size_t blocks, const void *key, const unsigned char ivec[16],
		221	unsigned char cmac[16], int encrypt)
		222	{
		223	aes_ccm64_encrypt_generic(in, out, blocks, key, ivec, cmac, encrypt);
		224	}
		225	#endif
		226
		227	void
		228	aes_ccm64_encrypt_ccm128f(const unsigned char in, unsigned char out,
		229	size_t blocks, const void *key, const unsigned char ivec[16],
		230	unsigned char cmac[16])
		231	{
		232	aes_ccm64_encrypt_internal(in, out, blocks, key, ivec, cmac, 1);
		233	}
		234
		235	void
		236	aes_ccm64_decrypt_ccm128f(const unsigned char in, unsigned char out,
		237	size_t blocks, const void *key, const unsigned char ivec[16],
		238	unsigned char cmac[16])
		239	{
		240	aes_ccm64_encrypt_internal(in, out, blocks, key, ivec, cmac, 0);
		241	}
		242
		243	void
176	aes_ctr32_encrypt_generic(const unsigned char in, unsigned char out,	244	aes_ctr32_encrypt_generic(const unsigned char in, unsigned char out,
177	size_t blocks, const AES_KEY *key, const unsigned char ivec[AES_BLOCK_SIZE])	245	size_t blocks, const AES_KEY *key, const unsigned char ivec[AES_BLOCK_SIZE])
178	{	246	{