8 files changed, 249 insertions, 125 deletions
diff --git a/src/lib/libcrypto/aes/Makefile b/src/lib/libcrypto/aes/Makefile
new file mode 100644
index 0000000000..a37c6f66a2
--- /dev/null
+++ b/src/lib/libcrypto/aes/Makefile
@@ -0,0 +1,103 @@
+#
+# crypto/aes/Makefile
+#
+DIR=    aes
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=     /usr/local/ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile
+AR=             ar r
+# CFLAGS= -mpentiumpro $(INCLUDES) $(CFLAG) -O3 -fexpensive-optimizations -funroll-loops -fforce-addr
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+#TEST=aestest.c
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=aes_core.c aes_misc.c aes_ecb.c aes_cbc.c aes_cfb.c aes_ofb.c aes_ctr.c
+LIBOBJ=aes_core.o aes_misc.o aes_ecb.o aes_cbc.o aes_cfb.o aes_ofb.o aes_ctr.o
+SRC= $(LIBSRC)
+EXHEADER= aes.h
+HEADER= aes_locl.h $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+$(LIBOBJ): $(LIBSRC)
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install: installs
+installs:
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+aes_cbc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_cbc.o: ../../include/openssl/opensslconf.h aes_cbc.c aes_locl.h
+aes_cfb.o: ../../e_os.h ../../include/openssl/aes.h
+aes_cfb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+aes_cfb.o: aes_cfb.c aes_locl.h
+aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_core.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h
+aes_core.o: aes_core.c aes_locl.h
+aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c aes_locl.h
+aes_ecb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_ecb.o: ../../include/openssl/opensslconf.h aes_ecb.c aes_locl.h
+aes_misc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_misc.o: ../../include/openssl/opensslconf.h
+aes_misc.o: ../../include/openssl/opensslv.h aes_locl.h aes_misc.c
+aes_ofb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_ofb.o: ../../include/openssl/opensslconf.h aes_locl.h aes_ofb.c
diff --git a/src/lib/libcrypto/aes/Makefile.ssl b/src/lib/libcrypto/aes/Makefile.ssl
new file mode 100644
index 0000000000..f353aeb697
--- /dev/null
+++ b/src/lib/libcrypto/aes/Makefile.ssl
@@ -0,0 +1,103 @@
+#
+# crypto/aes/Makefile
+#
+DIR=    aes
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=     /usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+# CFLAGS= -mpentiumpro $(INCLUDES) $(CFLAG) -O3 -fexpensive-optimizations -funroll-loops -fforce-addr
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+#TEST=aestest.c
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=aes_core.c aes_misc.c aes_ecb.c aes_cbc.c aes_cfb.c aes_ofb.c aes_ctr.c
+LIBOBJ=aes_core.o aes_misc.o aes_ecb.o aes_cbc.o aes_cfb.o aes_ofb.o aes_ctr.o
+SRC= $(LIBSRC)
+EXHEADER= aes.h
+HEADER= aes_locl.h $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+$(LIBOBJ): $(LIBSRC)
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install: installs
+installs:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+aes_cbc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_cbc.o: ../../include/openssl/opensslconf.h aes_cbc.c aes_locl.h
+aes_cfb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_cfb.o: ../../include/openssl/opensslconf.h aes_cfb.c aes_locl.h
+aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_core.o: ../../include/openssl/opensslconf.h aes_core.c aes_locl.h
+aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c aes_locl.h
+aes_ecb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_ecb.o: ../../include/openssl/opensslconf.h aes_ecb.c aes_locl.h
+aes_misc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_misc.o: ../../include/openssl/opensslconf.h
+aes_misc.o: ../../include/openssl/opensslv.h aes_locl.h aes_misc.c
+aes_ofb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_ofb.o: ../../include/openssl/opensslconf.h aes_locl.h aes_ofb.c
diff --git a/src/lib/libcrypto/aes/aes.h b/src/lib/libcrypto/aes/aes.h
index 8a3ea0b883..da067f4a8f 100644
--- a/src/lib/libcrypto/aes/aes.h
+++ b/src/lib/libcrypto/aes/aes.h
@@ -52,8 +52,6 @@
 #ifndef HEADER_AES_H
 #define HEADER_AES_H
-#include <openssl/e_os2.h>
 #ifdef OPENSSL_NO_AES
 #error AES is disabled.
 #endif
@@ -66,10 +64,6 @@
 #define AES_MAXNR 14
 #define AES_BLOCK_SIZE 16
-#if defined(OPENSSL_FIPS)
-#define FIPS_AES_SIZE_T int
-#endif
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -101,15 +95,6 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
 void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
        const unsigned long length, const AES_KEY *key,
        unsigned char *ivec, int *num, const int enc);
-void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const AES_KEY *key,
-        unsigned char *ivec, int *num, const int enc);
-void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const AES_KEY *key,
-        unsigned char *ivec, int *num, const int enc);
-void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
-                            const int nbits,const AES_KEY *key,
-                            unsigned char *ivec,const int enc);
 void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
        const unsigned long length, const AES_KEY *key,
        unsigned char *ivec, int *num);
diff --git a/src/lib/libcrypto/aes/aes_cbc.c b/src/lib/libcrypto/aes/aes_cbc.c
index d2ba6bcdb4..1222a21002 100644
--- a/src/lib/libcrypto/aes/aes_cbc.c
+++ b/src/lib/libcrypto/aes/aes_cbc.c
@@ -66,7 +66,6 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
        unsigned long n;
        unsigned long len = length;
        unsigned char tmp[AES_BLOCK_SIZE];
-        const unsigned char *iv = ivec;
        assert(in && out && key && ivec);
        assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
@@ -74,39 +73,22 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
        if (AES_ENCRYPT == enc) {
                while (len >= AES_BLOCK_SIZE) {
                        for(n=0; n < AES_BLOCK_SIZE; ++n)
-                                out[n] = in[n] ^ iv[n];
+                                tmp[n] = in[n] ^ ivec[n];
-                        AES_encrypt(out, out, key);
+                        AES_encrypt(tmp, out, key);
-                        iv = out;
+                        memcpy(ivec, out, AES_BLOCK_SIZE);
                        len -= AES_BLOCK_SIZE;
                        in += AES_BLOCK_SIZE;
                        out += AES_BLOCK_SIZE;
                }
                if (len) {
                        for(n=0; n < len; ++n)
-                                out[n] = in[n] ^ iv[n];
+                                tmp[n] = in[n] ^ ivec[n];
                        for(n=len; n < AES_BLOCK_SIZE; ++n)
-                                out[n] = iv[n];
+                                tmp[n] = ivec[n];
-                        AES_encrypt(out, out, key);
+                        AES_encrypt(tmp, tmp, key);
-                        iv = out;
+                        memcpy(out, tmp, AES_BLOCK_SIZE);
-                }
+                        memcpy(ivec, tmp, AES_BLOCK_SIZE);
-                memcpy(ivec,iv,AES_BLOCK_SIZE);
+                }                       
-        } else if (in != out) {
-                while (len >= AES_BLOCK_SIZE) {
-                        AES_decrypt(in, out, key);
-                        for(n=0; n < AES_BLOCK_SIZE; ++n)
-                                out[n] ^= iv[n];
-                        iv = in;
-                        len -= AES_BLOCK_SIZE;
-                        in  += AES_BLOCK_SIZE;
-                        out += AES_BLOCK_SIZE;
-                }
-                if (len) {
-                        AES_decrypt(in,tmp,key);
-                        for(n=0; n < len; ++n)
-                                out[n] = tmp[n] ^ iv[n];
-                        iv = in;
-                }
-                memcpy(ivec,iv,AES_BLOCK_SIZE);
        } else {
                while (len >= AES_BLOCK_SIZE) {
                        memcpy(tmp, in, AES_BLOCK_SIZE);
@@ -120,12 +102,10 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
                }
                if (len) {
                        memcpy(tmp, in, AES_BLOCK_SIZE);
-                        AES_decrypt(tmp, out, key);
+                        AES_decrypt(tmp, tmp, key);
                        for(n=0; n < len; ++n)
-                                out[n] ^= ivec[n];
+                                out[n] = tmp[n] ^ ivec[n];
-                        for(n=len; n < AES_BLOCK_SIZE; ++n)
-                                out[n] = tmp[n];
                        memcpy(ivec, tmp, AES_BLOCK_SIZE);
-                }
+                }                       
        }
 }
diff --git a/src/lib/libcrypto/aes/aes_cfb.c b/src/lib/libcrypto/aes/aes_cfb.c
index 49f0411010..9b569dda90 100644
--- a/src/lib/libcrypto/aes/aes_cfb.c
+++ b/src/lib/libcrypto/aes/aes_cfb.c
@@ -114,7 +114,6 @@
 #include <openssl/aes.h>
 #include "aes_locl.h"
-#include "e_os.h"
 /* The input and output encrypted as though 128bit cfb mode is being
 * used.  The extra state information to record how much of the
@@ -156,70 +155,3 @@ void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
        *num=n;
 }
-/* This expects a single block of size nbits for both in and out. Note that
-   it corrupts any extra bits in the last byte of out */
-void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
-                            const int nbits,const AES_KEY *key,
-                            unsigned char *ivec,const int enc)
-    {
-    int n,rem,num;
-    unsigned char ovec[AES_BLOCK_SIZE*2];
-    if (nbits<=0 || nbits>128) return;
-        /* fill in the first half of the new IV with the current IV */
-        memcpy(ovec,ivec,AES_BLOCK_SIZE);
-        /* construct the new IV */
-        AES_encrypt(ivec,ivec,key);
-        num = (nbits+7)/8;
-        if (enc)        /* encrypt the input */
-            for(n=0 ; n < num ; ++n)
-                out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n] ^ ivec[n]);
-        else            /* decrypt the input */
-            for(n=0 ; n < num ; ++n)
-                out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n]) ^ ivec[n];
-        /* shift ovec left... */
-        rem = nbits%8;
-        num = nbits/8;
-        if(rem==0)
-            memcpy(ivec,ovec+num,AES_BLOCK_SIZE);
-        else
-            for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
-                ivec[n] = ovec[n+num]<<rem | ovec[n+num+1]>>(8-rem);
-    /* it is not necessary to cleanse ovec, since the IV is not secret */
-    }
-/* N.B. This expects the input to be packed, MS bit first */
-void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
-                      const unsigned long length, const AES_KEY *key,
-                      unsigned char *ivec, int *num, const int enc)
-    {
-    unsigned int n;
-    unsigned char c[1],d[1];
-    assert(in && out && key && ivec && num);
-    assert(*num == 0);
-    memset(out,0,(length+7)/8);
-    for(n=0 ; n < length ; ++n)
-        {
-        c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
-        AES_cfbr_encrypt_block(c,d,1,key,ivec,enc);
-        out[n/8]=(out[n/8]&~(1 << (7-n%8)))|((d[0]&0x80) >> (n%8));
-        }
-    }
-void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
-                      const unsigned long length, const AES_KEY *key,
-                      unsigned char *ivec, int *num, const int enc)
-    {
-    unsigned int n;
-    assert(in && out && key && ivec && num);
-    assert(*num == 0);
-    for(n=0 ; n < length ; ++n)
-        AES_cfbr_encrypt_block(&in[n],&out[n],8,key,ivec,enc);
-    }
diff --git a/src/lib/libcrypto/aes/aes_core.c b/src/lib/libcrypto/aes/aes_core.c
index ed566a8123..2f41a825f8 100644
--- a/src/lib/libcrypto/aes/aes_core.c
+++ b/src/lib/libcrypto/aes/aes_core.c
@@ -37,11 +37,8 @@
 #include <stdlib.h>
 #include <openssl/aes.h>
-#include <openssl/fips.h>
 #include "aes_locl.h"
-#ifndef OPENSSL_FIPS
 /*
 Te0[x] = S [x].[02, 01, 01, 03];
 Te1[x] = S [x].[03, 02, 01, 01];
@@ -1258,4 +1255,3 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
        PUTU32(out + 12, s3);
 }
-#endif /* ndef OPENSSL_FIPS */
diff --git a/src/lib/libcrypto/aes/aes_ctr.c b/src/lib/libcrypto/aes/aes_ctr.c
index f36982be1e..79e1c18f19 100644
--- a/src/lib/libcrypto/aes/aes_ctr.c
+++ b/src/lib/libcrypto/aes/aes_ctr.c
@@ -59,7 +59,7 @@
 #include <openssl/aes.h>
 #include "aes_locl.h"
-/* NOTE: the IV/counter CTR mode is big-endian.  The rest of the AES code
+/* NOTE: CTR mode is big-endian.  The rest of the AES code
 * is endian-neutral. */
 /* increment counter (128-bit int) by 1 */
@@ -67,36 +67,61 @@ static void AES_ctr128_inc(unsigned char *counter) {
        unsigned long c;
        /* Grab bottom dword of counter and increment */
+#ifdef L_ENDIAN
+        c = GETU32(counter +  0);
+        c++;
+        PUTU32(counter +  0, c);
+#else
        c = GETU32(counter + 12);
-        c++;    c &= 0xFFFFFFFF;
+        c++;
        PUTU32(counter + 12, c);
+#endif
        /* if no overflow, we're done */
        if (c)
                return;
        /* Grab 1st dword of counter and increment */
+#ifdef L_ENDIAN
+        c = GETU32(counter +  4);
+        c++;
+        PUTU32(counter +  4, c);
+#else
        c = GETU32(counter +  8);
-        c++;    c &= 0xFFFFFFFF;
+        c++;
        PUTU32(counter +  8, c);
+#endif
        /* if no overflow, we're done */
        if (c)
                return;
        /* Grab 2nd dword of counter and increment */
+#ifdef L_ENDIAN
+        c = GETU32(counter +  8);
+        c++;
+        PUTU32(counter +  8, c);
+#else
        c = GETU32(counter +  4);
-        c++;    c &= 0xFFFFFFFF;
+        c++;
        PUTU32(counter +  4, c);
+#endif
        /* if no overflow, we're done */
        if (c)
                return;
        /* Grab top dword of counter and increment */
+#ifdef L_ENDIAN
+        c = GETU32(counter + 12);
+        c++;
+        PUTU32(counter + 12, c);
+#else
        c = GETU32(counter +  0);
-        c++;    c &= 0xFFFFFFFF;
+        c++;
        PUTU32(counter +  0, c);
+#endif
 }
 /* The input encrypted as though 128bit counter mode is being
diff --git a/src/lib/libcrypto/aes/aes_locl.h b/src/lib/libcrypto/aes/aes_locl.h
index 4184729e34..f290946058 100644
--- a/src/lib/libcrypto/aes/aes_locl.h
+++ b/src/lib/libcrypto/aes/aes_locl.h
@@ -62,7 +62,7 @@
 #include <stdlib.h>
 #include <string.h>
-#if defined(_MSC_VER) && !defined(_M_IA64) && !defined(OPENSSL_SYS_WINCE)
+#if defined(_MSC_VER) && !defined(OPENSSL_SYS_WINCE)
 # define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
 # define GETU32(p) SWAP(*((u32 *)(p)))
 # define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); }