summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/evp
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/evp')
-rw-r--r--src/lib/libcrypto/evp/e_aes.c1035
-rw-r--r--src/lib/libcrypto/evp/e_bf.c30
-rw-r--r--src/lib/libcrypto/evp/e_camellia.c110
-rw-r--r--src/lib/libcrypto/evp/e_cast.c30
-rw-r--r--src/lib/libcrypto/evp/e_des.c44
-rw-r--r--src/lib/libcrypto/evp/e_des3.c69
-rw-r--r--src/lib/libcrypto/evp/e_idea.c26
-rw-r--r--src/lib/libcrypto/evp/e_xcbc_d.c8
-rw-r--r--src/lib/libcrypto/evp/evp.h30
-rw-r--r--src/lib/libcrypto/evp/evp_cipher.c44
-rw-r--r--src/lib/libcrypto/evp/evp_local.h4
-rw-r--r--src/lib/libcrypto/evp/p_lib.c18
12 files changed, 327 insertions, 1121 deletions
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index f672c998eb..e1ae1e9a5b 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: e_aes.c,v 1.62 2025/05/10 05:54:38 tb Exp $ */ 1/* $OpenBSD: e_aes.c,v 1.83 2025/07/22 09:31:09 jsing Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -61,17 +61,13 @@
61#include <openssl/aes.h> 61#include <openssl/aes.h>
62#include <openssl/evp.h> 62#include <openssl/evp.h>
63 63
64#include "aes_local.h"
64#include "err_local.h" 65#include "err_local.h"
65#include "evp_local.h" 66#include "evp_local.h"
66#include "modes_local.h" 67#include "modes_local.h"
67 68
68typedef struct { 69typedef struct {
69 AES_KEY ks; 70 AES_KEY ks;
70 block128_f block;
71 union {
72 cbc128_f cbc;
73 ctr128_f ctr;
74 } stream;
75} EVP_AES_KEY; 71} EVP_AES_KEY;
76 72
77typedef struct { 73typedef struct {
@@ -84,15 +80,11 @@ typedef struct {
84 int taglen; 80 int taglen;
85 int iv_gen; /* It is OK to generate IVs */ 81 int iv_gen; /* It is OK to generate IVs */
86 int tls_aad_len; /* TLS AAD length */ 82 int tls_aad_len; /* TLS AAD length */
87 ctr128_f ctr;
88} EVP_AES_GCM_CTX; 83} EVP_AES_GCM_CTX;
89 84
90typedef struct { 85typedef struct {
91 AES_KEY ks1, ks2; /* AES key schedules to use */ 86 AES_KEY ks1, ks2; /* AES key schedules to use */
92 XTS128_CONTEXT xts; 87 XTS128_CONTEXT xts; /* XXX - replace with flags. */
93 void (*stream)(const unsigned char *in, unsigned char *out,
94 size_t length, const AES_KEY *key1, const AES_KEY *key2,
95 const unsigned char iv[16]);
96} EVP_AES_XTS_CTX; 88} EVP_AES_XTS_CTX;
97 89
98typedef struct { 90typedef struct {
@@ -103,99 +95,17 @@ typedef struct {
103 int len_set; /* Set if message length set */ 95 int len_set; /* Set if message length set */
104 int L, M; /* L and M parameters from RFC3610 */ 96 int L, M; /* L and M parameters from RFC3610 */
105 CCM128_CONTEXT ccm; 97 CCM128_CONTEXT ccm;
106 ccm128_f str;
107} EVP_AES_CCM_CTX; 98} EVP_AES_CCM_CTX;
108 99
109#define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4)) 100#define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4))
110 101
111#ifdef AES_CTR_ASM
112void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
113 size_t blocks, const AES_KEY *key,
114 const unsigned char ivec[AES_BLOCK_SIZE]);
115#endif
116#ifdef AES_XTS_ASM
117void AES_xts_encrypt(const char *inp, char *out, size_t len,
118 const AES_KEY *key1, const AES_KEY *key2, const unsigned char iv[16]);
119void AES_xts_decrypt(const char *inp, char *out, size_t len,
120 const AES_KEY *key1, const AES_KEY *key2, const unsigned char iv[16]);
121#endif
122
123#if defined(AES_ASM) && ( \
124 ((defined(__i386) || defined(__i386__) || \
125 defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \
126 defined(__x86_64) || defined(__x86_64__) || \
127 defined(_M_AMD64) || defined(_M_X64) || \
128 defined(__INTEL__) )
129
130#include "x86_arch.h"
131
132/*
133 * AES-NI section
134 */
135#define AESNI_CAPABLE (crypto_cpu_caps_ia32() & CPUCAP_MASK_AESNI)
136
137int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
138 AES_KEY *key);
139int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
140 AES_KEY *key);
141
142void aesni_encrypt(const unsigned char *in, unsigned char *out,
143 const AES_KEY *key);
144void aesni_decrypt(const unsigned char *in, unsigned char *out,
145 const AES_KEY *key);
146
147void aesni_ecb_encrypt(const unsigned char *in, unsigned char *out,
148 size_t length, const AES_KEY *key, int enc);
149void aesni_cbc_encrypt(const unsigned char *in, unsigned char *out,
150 size_t length, const AES_KEY *key, unsigned char *ivec, int enc);
151
152void aesni_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
153 size_t blocks, const void *key, const unsigned char *ivec);
154
155void aesni_xts_encrypt(const unsigned char *in, unsigned char *out,
156 size_t length, const AES_KEY *key1, const AES_KEY *key2,
157 const unsigned char iv[16]);
158
159void aesni_xts_decrypt(const unsigned char *in, unsigned char *out,
160 size_t length, const AES_KEY *key1, const AES_KEY *key2,
161 const unsigned char iv[16]);
162
163void aesni_ccm64_encrypt_blocks (const unsigned char *in, unsigned char *out,
164 size_t blocks, const void *key, const unsigned char ivec[16],
165 unsigned char cmac[16]);
166
167void aesni_ccm64_decrypt_blocks (const unsigned char *in, unsigned char *out,
168 size_t blocks, const void *key, const unsigned char ivec[16],
169 unsigned char cmac[16]);
170
171static int 102static int
172aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 103aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
173 const unsigned char *iv, int enc) 104 const unsigned char *iv, int enc)
174{ 105{
175 int ret, mode; 106 EVP_AES_KEY *eak = ctx->cipher_data;
176 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
177
178 mode = ctx->cipher->flags & EVP_CIPH_MODE;
179 if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) &&
180 !enc) {
181 ret = aesni_set_decrypt_key(key, ctx->key_len * 8,
182 ctx->cipher_data);
183 dat->block = (block128_f)aesni_decrypt;
184 dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
185 (cbc128_f)aesni_cbc_encrypt : NULL;
186 } else {
187 ret = aesni_set_encrypt_key(key, ctx->key_len * 8,
188 ctx->cipher_data);
189 dat->block = (block128_f)aesni_encrypt;
190 if (mode == EVP_CIPH_CBC_MODE)
191 dat->stream.cbc = (cbc128_f)aesni_cbc_encrypt;
192 else if (mode == EVP_CIPH_CTR_MODE)
193 dat->stream.ctr = (ctr128_f)aesni_ctr32_encrypt_blocks;
194 else
195 dat->stream.cbc = NULL;
196 }
197 107
198 if (ret < 0) { 108 if (AES_set_encrypt_key(key, ctx->key_len * 8, &eak->ks) < 0) {
199 EVPerror(EVP_R_AES_KEY_SETUP_FAILED); 109 EVPerror(EVP_R_AES_KEY_SETUP_FAILED);
200 return 0; 110 return 0;
201 } 111 }
@@ -204,192 +114,65 @@ aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
204} 114}
205 115
206static int 116static int
207aesni_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 117aes_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
208 const unsigned char *in, size_t len) 118 const unsigned char *iv, int encrypt)
209{
210 aesni_cbc_encrypt(in, out, len, ctx->cipher_data, ctx->iv,
211 ctx->encrypt);
212
213 return 1;
214}
215
216static int
217aesni_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
218 const unsigned char *in, size_t len)
219{
220 size_t bl = ctx->cipher->block_size;
221
222 if (len < bl)
223 return 1;
224
225 aesni_ecb_encrypt(in, out, len, ctx->cipher_data, ctx->encrypt);
226
227 return 1;
228}
229
230static int
231aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
232 const unsigned char *iv, int enc)
233{ 119{
234 EVP_AES_GCM_CTX *gctx = ctx->cipher_data; 120 EVP_AES_KEY *eak = ctx->cipher_data;
235 121
236 if (!iv && !key) 122 if (encrypt) {
237 return 1; 123 if (AES_set_encrypt_key(key, ctx->key_len * 8, &eak->ks) < 0) {
238 if (key) { 124 EVPerror(EVP_R_AES_KEY_SETUP_FAILED);
239 aesni_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks); 125 return 0;
240 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
241 (block128_f)aesni_encrypt);
242 gctx->ctr = (ctr128_f)aesni_ctr32_encrypt_blocks;
243 /* If we have an iv can set it directly, otherwise use
244 * saved IV.
245 */
246 if (iv == NULL && gctx->iv_set)
247 iv = gctx->iv;
248 if (iv) {
249 CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
250 gctx->iv_set = 1;
251 } 126 }
252 gctx->key_set = 1;
253 } else { 127 } else {
254 /* If key set use IV, otherwise copy */ 128 if (AES_set_decrypt_key(key, ctx->key_len * 8, &eak->ks) < 0) {
255 if (gctx->key_set) 129 EVPerror(EVP_R_AES_KEY_SETUP_FAILED);
256 CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); 130 return 0;
257 else
258 memcpy(gctx->iv, iv, gctx->ivlen);
259 gctx->iv_set = 1;
260 gctx->iv_gen = 0;
261 }
262 return 1;
263}
264
265static int
266aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
267 const unsigned char *iv, int enc)
268{
269 EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
270
271 if (!iv && !key)
272 return 1;
273
274 if (key) {
275 /* key_len is two AES keys */
276 if (enc) {
277 aesni_set_encrypt_key(key, ctx->key_len * 4,
278 &xctx->ks1);
279 xctx->xts.block1 = (block128_f)aesni_encrypt;
280 xctx->stream = aesni_xts_encrypt;
281 } else {
282 aesni_set_decrypt_key(key, ctx->key_len * 4,
283 &xctx->ks1);
284 xctx->xts.block1 = (block128_f)aesni_decrypt;
285 xctx->stream = aesni_xts_decrypt;
286 } 131 }
287
288 aesni_set_encrypt_key(key + ctx->key_len / 2,
289 ctx->key_len * 4, &xctx->ks2);
290 xctx->xts.block2 = (block128_f)aesni_encrypt;
291
292 xctx->xts.key1 = &xctx->ks1;
293 }
294
295 if (iv) {
296 xctx->xts.key2 = &xctx->ks2;
297 memcpy(ctx->iv, iv, 16);
298 } 132 }
299 133
300 return 1; 134 return 1;
301} 135}
302 136
303static int 137static int
304aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 138aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
305 const unsigned char *iv, int enc) 139 const unsigned char *in, size_t len)
306{ 140{
307 EVP_AES_CCM_CTX *cctx = ctx->cipher_data; 141 EVP_AES_KEY *eak = ctx->cipher_data;
142
143 AES_cbc_encrypt(in, out, len, &eak->ks, ctx->iv, ctx->encrypt);
308 144
309 if (!iv && !key)
310 return 1;
311 if (key) {
312 aesni_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks);
313 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
314 &cctx->ks, (block128_f)aesni_encrypt);
315 cctx->str = enc ? (ccm128_f)aesni_ccm64_encrypt_blocks :
316 (ccm128_f)aesni_ccm64_decrypt_blocks;
317 cctx->key_set = 1;
318 }
319 if (iv) {
320 memcpy(ctx->iv, iv, 15 - cctx->L);
321 cctx->iv_set = 1;
322 }
323 return 1; 145 return 1;
324} 146}
325 147
326#endif
327
328static int 148static int
329aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 149aes_ecb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
330 const unsigned char *iv, int enc) 150 const unsigned char *iv, int encrypt)
331{ 151{
332 int ret, mode; 152 EVP_AES_KEY *eak = ctx->cipher_data;
333 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
334
335 mode = ctx->cipher->flags & EVP_CIPH_MODE;
336 153
337 if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) && !enc) { 154 if (encrypt) {
338 ret = AES_set_decrypt_key(key, ctx->key_len * 8, &dat->ks); 155 if (AES_set_encrypt_key(key, ctx->key_len * 8, &eak->ks) < 0) {
339 dat->block = (block128_f)AES_decrypt; 156 EVPerror(EVP_R_AES_KEY_SETUP_FAILED);
340 dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? 157 return 0;
341 (cbc128_f)AES_cbc_encrypt : NULL; 158 }
342 } else { 159 } else {
343 ret = AES_set_encrypt_key(key, ctx->key_len * 8, &dat->ks); 160 if (AES_set_decrypt_key(key, ctx->key_len * 8, &eak->ks) < 0) {
344 dat->block = (block128_f)AES_encrypt; 161 EVPerror(EVP_R_AES_KEY_SETUP_FAILED);
345 dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? 162 return 0;
346 (cbc128_f)AES_cbc_encrypt : NULL; 163 }
347#ifdef AES_CTR_ASM
348 if (mode == EVP_CIPH_CTR_MODE)
349 dat->stream.ctr = (ctr128_f)AES_ctr32_encrypt;
350#endif
351 }
352
353 if (ret < 0) {
354 EVPerror(EVP_R_AES_KEY_SETUP_FAILED);
355 return 0;
356 } 164 }
357 165
358 return 1; 166 return 1;
359} 167}
360 168
361static int 169static int
362aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
363 const unsigned char *in, size_t len)
364{
365 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
366
367 if (dat->stream.cbc)
368 (*dat->stream.cbc)(in, out, len, &dat->ks, ctx->iv,
369 ctx->encrypt);
370 else if (ctx->encrypt)
371 CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, ctx->iv,
372 dat->block);
373 else
374 CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, ctx->iv,
375 dat->block);
376
377 return 1;
378}
379
380static int
381aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 170aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
382 const unsigned char *in, size_t len) 171 const unsigned char *in, size_t len)
383{ 172{
384 size_t bl = ctx->cipher->block_size; 173 EVP_AES_KEY *eak = ctx->cipher_data;
385 size_t i;
386 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
387 174
388 if (len < bl) 175 aes_ecb_encrypt_internal(in, out, len, &eak->ks, ctx->encrypt);
389 return 1;
390
391 for (i = 0, len -= bl; i <= len; i += bl)
392 (*dat->block)(in + i, out + i, &dat->ks);
393 176
394 return 1; 177 return 1;
395} 178}
@@ -398,10 +181,10 @@ static int
398aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 181aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
399 const unsigned char *in, size_t len) 182 const unsigned char *in, size_t len)
400{ 183{
401 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; 184 EVP_AES_KEY *eak = ctx->cipher_data;
185
186 AES_ofb128_encrypt(in, out, len, &eak->ks, ctx->iv, &ctx->num);
402 187
403 CRYPTO_ofb128_encrypt(in, out, len, &dat->ks, ctx->iv, &ctx->num,
404 dat->block);
405 return 1; 188 return 1;
406} 189}
407 190
@@ -409,10 +192,11 @@ static int
409aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 192aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
410 const unsigned char *in, size_t len) 193 const unsigned char *in, size_t len)
411{ 194{
412 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; 195 EVP_AES_KEY *eak = ctx->cipher_data;
196
197 AES_cfb128_encrypt(in, out, len, &eak->ks, ctx->iv, &ctx->num,
198 ctx->encrypt);
413 199
414 CRYPTO_cfb128_encrypt(in, out, len, &dat->ks, ctx->iv, &ctx->num,
415 ctx->encrypt, dat->block);
416 return 1; 200 return 1;
417} 201}
418 202
@@ -420,10 +204,11 @@ static int
420aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 204aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
421 const unsigned char *in, size_t len) 205 const unsigned char *in, size_t len)
422{ 206{
423 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; 207 EVP_AES_KEY *eak = ctx->cipher_data;
208
209 AES_cfb8_encrypt(in, out, len, &eak->ks, ctx->iv, &ctx->num,
210 ctx->encrypt);
424 211
425 CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks, ctx->iv, &ctx->num,
426 ctx->encrypt, dat->block);
427 return 1; 212 return 1;
428} 213}
429 214
@@ -431,24 +216,25 @@ static int
431aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 216aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
432 const unsigned char *in, size_t len) 217 const unsigned char *in, size_t len)
433{ 218{
434 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; 219 EVP_AES_KEY *eak = ctx->cipher_data;
435 220
436 if (ctx->flags&EVP_CIPH_FLAG_LENGTH_BITS) { 221 if ((ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) != 0) {
437 CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks, ctx->iv, 222 AES_cfb1_encrypt(in, out, len, &eak->ks, ctx->iv, &ctx->num,
438 &ctx->num, ctx->encrypt, dat->block); 223 ctx->encrypt);
439 return 1; 224 return 1;
440 } 225 }
441 226
442 while (len >= MAXBITCHUNK) { 227 while (len >= MAXBITCHUNK) {
443 CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK*8, &dat->ks, 228 AES_cfb1_encrypt(in, out, MAXBITCHUNK * 8, &eak->ks, ctx->iv,
444 ctx->iv, &ctx->num, ctx->encrypt, dat->block); 229 &ctx->num, ctx->encrypt);
445 len -= MAXBITCHUNK; 230 len -= MAXBITCHUNK;
446 in += MAXBITCHUNK; 231 in += MAXBITCHUNK;
447 out += MAXBITCHUNK; 232 out += MAXBITCHUNK;
448 } 233 }
449 if (len) 234 if (len > 0) {
450 CRYPTO_cfb128_1_encrypt(in, out, len*8, &dat->ks, 235 AES_cfb1_encrypt(in, out, len * 8, &eak->ks, ctx->iv, &ctx->num,
451 ctx->iv, &ctx->num, ctx->encrypt, dat->block); 236 ctx->encrypt);
237 }
452 238
453 return 1; 239 return 1;
454} 240}
@@ -457,40 +243,23 @@ static int
457aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 243aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
458 const unsigned char *in, size_t len) 244 const unsigned char *in, size_t len)
459{ 245{
246 EVP_AES_KEY *eak = ctx->cipher_data;
460 unsigned int num = ctx->num; 247 unsigned int num = ctx->num;
461 EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
462 248
463 if (dat->stream.ctr) 249 AES_ctr128_encrypt(in, out, len, &eak->ks, ctx->iv, ctx->buf, &num);
464 CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks, 250
465 ctx->iv, ctx->buf, &num, dat->stream.ctr);
466 else
467 CRYPTO_ctr128_encrypt(in, out, len, &dat->ks,
468 ctx->iv, ctx->buf, &num, dat->block);
469 ctx->num = (size_t)num; 251 ctx->num = (size_t)num;
252
470 return 1; 253 return 1;
471} 254}
472 255
473
474#ifdef AESNI_CAPABLE
475static const EVP_CIPHER aesni_128_cbc = {
476 .nid = NID_aes_128_cbc,
477 .block_size = 16,
478 .key_len = 16,
479 .iv_len = 16,
480 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE,
481 .init = aesni_init_key,
482 .do_cipher = aesni_cbc_cipher,
483 .ctx_size = sizeof(EVP_AES_KEY),
484};
485#endif
486
487static const EVP_CIPHER aes_128_cbc = { 256static const EVP_CIPHER aes_128_cbc = {
488 .nid = NID_aes_128_cbc, 257 .nid = NID_aes_128_cbc,
489 .block_size = 16, 258 .block_size = 16,
490 .key_len = 16, 259 .key_len = 16,
491 .iv_len = 16, 260 .iv_len = 16,
492 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE, 261 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE,
493 .init = aes_init_key, 262 .init = aes_cbc_init_key,
494 .do_cipher = aes_cbc_cipher, 263 .do_cipher = aes_cbc_cipher,
495 .ctx_size = sizeof(EVP_AES_KEY), 264 .ctx_size = sizeof(EVP_AES_KEY),
496}; 265};
@@ -498,34 +267,17 @@ static const EVP_CIPHER aes_128_cbc = {
498const EVP_CIPHER * 267const EVP_CIPHER *
499EVP_aes_128_cbc(void) 268EVP_aes_128_cbc(void)
500{ 269{
501#ifdef AESNI_CAPABLE
502 return AESNI_CAPABLE ? &aesni_128_cbc : &aes_128_cbc;
503#else
504 return &aes_128_cbc; 270 return &aes_128_cbc;
505#endif
506} 271}
507LCRYPTO_ALIAS(EVP_aes_128_cbc); 272LCRYPTO_ALIAS(EVP_aes_128_cbc);
508 273
509#ifdef AESNI_CAPABLE
510static const EVP_CIPHER aesni_128_ecb = {
511 .nid = NID_aes_128_ecb,
512 .block_size = 16,
513 .key_len = 16,
514 .iv_len = 0,
515 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE,
516 .init = aesni_init_key,
517 .do_cipher = aesni_ecb_cipher,
518 .ctx_size = sizeof(EVP_AES_KEY),
519};
520#endif
521
522static const EVP_CIPHER aes_128_ecb = { 274static const EVP_CIPHER aes_128_ecb = {
523 .nid = NID_aes_128_ecb, 275 .nid = NID_aes_128_ecb,
524 .block_size = 16, 276 .block_size = 16,
525 .key_len = 16, 277 .key_len = 16,
526 .iv_len = 0, 278 .iv_len = 0,
527 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE, 279 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE,
528 .init = aes_init_key, 280 .init = aes_ecb_init_key,
529 .do_cipher = aes_ecb_cipher, 281 .do_cipher = aes_ecb_cipher,
530 .ctx_size = sizeof(EVP_AES_KEY), 282 .ctx_size = sizeof(EVP_AES_KEY),
531}; 283};
@@ -533,27 +285,10 @@ static const EVP_CIPHER aes_128_ecb = {
533const EVP_CIPHER * 285const EVP_CIPHER *
534EVP_aes_128_ecb(void) 286EVP_aes_128_ecb(void)
535{ 287{
536#ifdef AESNI_CAPABLE
537 return AESNI_CAPABLE ? &aesni_128_ecb : &aes_128_ecb;
538#else
539 return &aes_128_ecb; 288 return &aes_128_ecb;
540#endif
541} 289}
542LCRYPTO_ALIAS(EVP_aes_128_ecb); 290LCRYPTO_ALIAS(EVP_aes_128_ecb);
543 291
544#ifdef AESNI_CAPABLE
545static const EVP_CIPHER aesni_128_ofb = {
546 .nid = NID_aes_128_ofb128,
547 .block_size = 1,
548 .key_len = 16,
549 .iv_len = 16,
550 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_OFB_MODE,
551 .init = aesni_init_key,
552 .do_cipher = aes_ofb_cipher,
553 .ctx_size = sizeof(EVP_AES_KEY),
554};
555#endif
556
557static const EVP_CIPHER aes_128_ofb = { 292static const EVP_CIPHER aes_128_ofb = {
558 .nid = NID_aes_128_ofb128, 293 .nid = NID_aes_128_ofb128,
559 .block_size = 1, 294 .block_size = 1,
@@ -568,27 +303,10 @@ static const EVP_CIPHER aes_128_ofb = {
568const EVP_CIPHER * 303const EVP_CIPHER *
569EVP_aes_128_ofb(void) 304EVP_aes_128_ofb(void)
570{ 305{
571#ifdef AESNI_CAPABLE
572 return AESNI_CAPABLE ? &aesni_128_ofb : &aes_128_ofb;
573#else
574 return &aes_128_ofb; 306 return &aes_128_ofb;
575#endif
576} 307}
577LCRYPTO_ALIAS(EVP_aes_128_ofb); 308LCRYPTO_ALIAS(EVP_aes_128_ofb);
578 309
579#ifdef AESNI_CAPABLE
580static const EVP_CIPHER aesni_128_cfb = {
581 .nid = NID_aes_128_cfb128,
582 .block_size = 1,
583 .key_len = 16,
584 .iv_len = 16,
585 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CFB_MODE,
586 .init = aesni_init_key,
587 .do_cipher = aes_cfb_cipher,
588 .ctx_size = sizeof(EVP_AES_KEY),
589};
590#endif
591
592static const EVP_CIPHER aes_128_cfb = { 310static const EVP_CIPHER aes_128_cfb = {
593 .nid = NID_aes_128_cfb128, 311 .nid = NID_aes_128_cfb128,
594 .block_size = 1, 312 .block_size = 1,
@@ -603,27 +321,10 @@ static const EVP_CIPHER aes_128_cfb = {
603const EVP_CIPHER * 321const EVP_CIPHER *
604EVP_aes_128_cfb128(void) 322EVP_aes_128_cfb128(void)
605{ 323{
606#ifdef AESNI_CAPABLE
607 return AESNI_CAPABLE ? &aesni_128_cfb : &aes_128_cfb;
608#else
609 return &aes_128_cfb; 324 return &aes_128_cfb;
610#endif
611} 325}
612LCRYPTO_ALIAS(EVP_aes_128_cfb128); 326LCRYPTO_ALIAS(EVP_aes_128_cfb128);
613 327
614#ifdef AESNI_CAPABLE
615static const EVP_CIPHER aesni_128_cfb1 = {
616 .nid = NID_aes_128_cfb1,
617 .block_size = 1,
618 .key_len = 16,
619 .iv_len = 16,
620 .flags = EVP_CIPH_CFB_MODE,
621 .init = aesni_init_key,
622 .do_cipher = aes_cfb1_cipher,
623 .ctx_size = sizeof(EVP_AES_KEY),
624};
625#endif
626
627static const EVP_CIPHER aes_128_cfb1 = { 328static const EVP_CIPHER aes_128_cfb1 = {
628 .nid = NID_aes_128_cfb1, 329 .nid = NID_aes_128_cfb1,
629 .block_size = 1, 330 .block_size = 1,
@@ -638,27 +339,10 @@ static const EVP_CIPHER aes_128_cfb1 = {
638const EVP_CIPHER * 339const EVP_CIPHER *
639EVP_aes_128_cfb1(void) 340EVP_aes_128_cfb1(void)
640{ 341{
641#ifdef AESNI_CAPABLE
642 return AESNI_CAPABLE ? &aesni_128_cfb1 : &aes_128_cfb1;
643#else
644 return &aes_128_cfb1; 342 return &aes_128_cfb1;
645#endif
646} 343}
647LCRYPTO_ALIAS(EVP_aes_128_cfb1); 344LCRYPTO_ALIAS(EVP_aes_128_cfb1);
648 345
649#ifdef AESNI_CAPABLE
650static const EVP_CIPHER aesni_128_cfb8 = {
651 .nid = NID_aes_128_cfb8,
652 .block_size = 1,
653 .key_len = 16,
654 .iv_len = 16,
655 .flags = EVP_CIPH_CFB_MODE,
656 .init = aesni_init_key,
657 .do_cipher = aes_cfb8_cipher,
658 .ctx_size = sizeof(EVP_AES_KEY),
659};
660#endif
661
662static const EVP_CIPHER aes_128_cfb8 = { 346static const EVP_CIPHER aes_128_cfb8 = {
663 .nid = NID_aes_128_cfb8, 347 .nid = NID_aes_128_cfb8,
664 .block_size = 1, 348 .block_size = 1,
@@ -673,27 +357,10 @@ static const EVP_CIPHER aes_128_cfb8 = {
673const EVP_CIPHER * 357const EVP_CIPHER *
674EVP_aes_128_cfb8(void) 358EVP_aes_128_cfb8(void)
675{ 359{
676#ifdef AESNI_CAPABLE
677 return AESNI_CAPABLE ? &aesni_128_cfb8 : &aes_128_cfb8;
678#else
679 return &aes_128_cfb8; 360 return &aes_128_cfb8;
680#endif
681} 361}
682LCRYPTO_ALIAS(EVP_aes_128_cfb8); 362LCRYPTO_ALIAS(EVP_aes_128_cfb8);
683 363
684#ifdef AESNI_CAPABLE
685static const EVP_CIPHER aesni_128_ctr = {
686 .nid = NID_aes_128_ctr,
687 .block_size = 1,
688 .key_len = 16,
689 .iv_len = 16,
690 .flags = EVP_CIPH_CTR_MODE,
691 .init = aesni_init_key,
692 .do_cipher = aes_ctr_cipher,
693 .ctx_size = sizeof(EVP_AES_KEY),
694};
695#endif
696
697static const EVP_CIPHER aes_128_ctr = { 364static const EVP_CIPHER aes_128_ctr = {
698 .nid = NID_aes_128_ctr, 365 .nid = NID_aes_128_ctr,
699 .block_size = 1, 366 .block_size = 1,
@@ -708,35 +375,17 @@ static const EVP_CIPHER aes_128_ctr = {
708const EVP_CIPHER * 375const EVP_CIPHER *
709EVP_aes_128_ctr(void) 376EVP_aes_128_ctr(void)
710{ 377{
711#ifdef AESNI_CAPABLE
712 return AESNI_CAPABLE ? &aesni_128_ctr : &aes_128_ctr;
713#else
714 return &aes_128_ctr; 378 return &aes_128_ctr;
715#endif
716} 379}
717LCRYPTO_ALIAS(EVP_aes_128_ctr); 380LCRYPTO_ALIAS(EVP_aes_128_ctr);
718 381
719
720#ifdef AESNI_CAPABLE
721static const EVP_CIPHER aesni_192_cbc = {
722 .nid = NID_aes_192_cbc,
723 .block_size = 16,
724 .key_len = 24,
725 .iv_len = 16,
726 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE,
727 .init = aesni_init_key,
728 .do_cipher = aesni_cbc_cipher,
729 .ctx_size = sizeof(EVP_AES_KEY),
730};
731#endif
732
733static const EVP_CIPHER aes_192_cbc = { 382static const EVP_CIPHER aes_192_cbc = {
734 .nid = NID_aes_192_cbc, 383 .nid = NID_aes_192_cbc,
735 .block_size = 16, 384 .block_size = 16,
736 .key_len = 24, 385 .key_len = 24,
737 .iv_len = 16, 386 .iv_len = 16,
738 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE, 387 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE,
739 .init = aes_init_key, 388 .init = aes_cbc_init_key,
740 .do_cipher = aes_cbc_cipher, 389 .do_cipher = aes_cbc_cipher,
741 .ctx_size = sizeof(EVP_AES_KEY), 390 .ctx_size = sizeof(EVP_AES_KEY),
742}; 391};
@@ -744,34 +393,17 @@ static const EVP_CIPHER aes_192_cbc = {
744const EVP_CIPHER * 393const EVP_CIPHER *
745EVP_aes_192_cbc(void) 394EVP_aes_192_cbc(void)
746{ 395{
747#ifdef AESNI_CAPABLE
748 return AESNI_CAPABLE ? &aesni_192_cbc : &aes_192_cbc;
749#else
750 return &aes_192_cbc; 396 return &aes_192_cbc;
751#endif
752} 397}
753LCRYPTO_ALIAS(EVP_aes_192_cbc); 398LCRYPTO_ALIAS(EVP_aes_192_cbc);
754 399
755#ifdef AESNI_CAPABLE
756static const EVP_CIPHER aesni_192_ecb = {
757 .nid = NID_aes_192_ecb,
758 .block_size = 16,
759 .key_len = 24,
760 .iv_len = 0,
761 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE,
762 .init = aesni_init_key,
763 .do_cipher = aesni_ecb_cipher,
764 .ctx_size = sizeof(EVP_AES_KEY),
765};
766#endif
767
768static const EVP_CIPHER aes_192_ecb = { 400static const EVP_CIPHER aes_192_ecb = {
769 .nid = NID_aes_192_ecb, 401 .nid = NID_aes_192_ecb,
770 .block_size = 16, 402 .block_size = 16,
771 .key_len = 24, 403 .key_len = 24,
772 .iv_len = 0, 404 .iv_len = 0,
773 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE, 405 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE,
774 .init = aes_init_key, 406 .init = aes_ecb_init_key,
775 .do_cipher = aes_ecb_cipher, 407 .do_cipher = aes_ecb_cipher,
776 .ctx_size = sizeof(EVP_AES_KEY), 408 .ctx_size = sizeof(EVP_AES_KEY),
777}; 409};
@@ -779,27 +411,10 @@ static const EVP_CIPHER aes_192_ecb = {
779const EVP_CIPHER * 411const EVP_CIPHER *
780EVP_aes_192_ecb(void) 412EVP_aes_192_ecb(void)
781{ 413{
782#ifdef AESNI_CAPABLE
783 return AESNI_CAPABLE ? &aesni_192_ecb : &aes_192_ecb;
784#else
785 return &aes_192_ecb; 414 return &aes_192_ecb;
786#endif
787} 415}
788LCRYPTO_ALIAS(EVP_aes_192_ecb); 416LCRYPTO_ALIAS(EVP_aes_192_ecb);
789 417
790#ifdef AESNI_CAPABLE
791static const EVP_CIPHER aesni_192_ofb = {
792 .nid = NID_aes_192_ofb128,
793 .block_size = 1,
794 .key_len = 24,
795 .iv_len = 16,
796 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_OFB_MODE,
797 .init = aesni_init_key,
798 .do_cipher = aes_ofb_cipher,
799 .ctx_size = sizeof(EVP_AES_KEY),
800};
801#endif
802
803static const EVP_CIPHER aes_192_ofb = { 418static const EVP_CIPHER aes_192_ofb = {
804 .nid = NID_aes_192_ofb128, 419 .nid = NID_aes_192_ofb128,
805 .block_size = 1, 420 .block_size = 1,
@@ -814,27 +429,10 @@ static const EVP_CIPHER aes_192_ofb = {
814const EVP_CIPHER * 429const EVP_CIPHER *
815EVP_aes_192_ofb(void) 430EVP_aes_192_ofb(void)
816{ 431{
817#ifdef AESNI_CAPABLE
818 return AESNI_CAPABLE ? &aesni_192_ofb : &aes_192_ofb;
819#else
820 return &aes_192_ofb; 432 return &aes_192_ofb;
821#endif
822} 433}
823LCRYPTO_ALIAS(EVP_aes_192_ofb); 434LCRYPTO_ALIAS(EVP_aes_192_ofb);
824 435
825#ifdef AESNI_CAPABLE
826static const EVP_CIPHER aesni_192_cfb = {
827 .nid = NID_aes_192_cfb128,
828 .block_size = 1,
829 .key_len = 24,
830 .iv_len = 16,
831 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CFB_MODE,
832 .init = aesni_init_key,
833 .do_cipher = aes_cfb_cipher,
834 .ctx_size = sizeof(EVP_AES_KEY),
835};
836#endif
837
838static const EVP_CIPHER aes_192_cfb = { 436static const EVP_CIPHER aes_192_cfb = {
839 .nid = NID_aes_192_cfb128, 437 .nid = NID_aes_192_cfb128,
840 .block_size = 1, 438 .block_size = 1,
@@ -849,27 +447,10 @@ static const EVP_CIPHER aes_192_cfb = {
849const EVP_CIPHER * 447const EVP_CIPHER *
850EVP_aes_192_cfb128(void) 448EVP_aes_192_cfb128(void)
851{ 449{
852#ifdef AESNI_CAPABLE
853 return AESNI_CAPABLE ? &aesni_192_cfb : &aes_192_cfb;
854#else
855 return &aes_192_cfb; 450 return &aes_192_cfb;
856#endif
857} 451}
858LCRYPTO_ALIAS(EVP_aes_192_cfb128); 452LCRYPTO_ALIAS(EVP_aes_192_cfb128);
859 453
860#ifdef AESNI_CAPABLE
861static const EVP_CIPHER aesni_192_cfb1 = {
862 .nid = NID_aes_192_cfb1,
863 .block_size = 1,
864 .key_len = 24,
865 .iv_len = 16,
866 .flags = EVP_CIPH_CFB_MODE,
867 .init = aesni_init_key,
868 .do_cipher = aes_cfb1_cipher,
869 .ctx_size = sizeof(EVP_AES_KEY),
870};
871#endif
872
873static const EVP_CIPHER aes_192_cfb1 = { 454static const EVP_CIPHER aes_192_cfb1 = {
874 .nid = NID_aes_192_cfb1, 455 .nid = NID_aes_192_cfb1,
875 .block_size = 1, 456 .block_size = 1,
@@ -884,27 +465,10 @@ static const EVP_CIPHER aes_192_cfb1 = {
884const EVP_CIPHER * 465const EVP_CIPHER *
885EVP_aes_192_cfb1(void) 466EVP_aes_192_cfb1(void)
886{ 467{
887#ifdef AESNI_CAPABLE
888 return AESNI_CAPABLE ? &aesni_192_cfb1 : &aes_192_cfb1;
889#else
890 return &aes_192_cfb1; 468 return &aes_192_cfb1;
891#endif
892} 469}
893LCRYPTO_ALIAS(EVP_aes_192_cfb1); 470LCRYPTO_ALIAS(EVP_aes_192_cfb1);
894 471
895#ifdef AESNI_CAPABLE
896static const EVP_CIPHER aesni_192_cfb8 = {
897 .nid = NID_aes_192_cfb8,
898 .block_size = 1,
899 .key_len = 24,
900 .iv_len = 16,
901 .flags = EVP_CIPH_CFB_MODE,
902 .init = aesni_init_key,
903 .do_cipher = aes_cfb8_cipher,
904 .ctx_size = sizeof(EVP_AES_KEY),
905};
906#endif
907
908static const EVP_CIPHER aes_192_cfb8 = { 472static const EVP_CIPHER aes_192_cfb8 = {
909 .nid = NID_aes_192_cfb8, 473 .nid = NID_aes_192_cfb8,
910 .block_size = 1, 474 .block_size = 1,
@@ -919,27 +483,10 @@ static const EVP_CIPHER aes_192_cfb8 = {
919const EVP_CIPHER * 483const EVP_CIPHER *
920EVP_aes_192_cfb8(void) 484EVP_aes_192_cfb8(void)
921{ 485{
922#ifdef AESNI_CAPABLE
923 return AESNI_CAPABLE ? &aesni_192_cfb8 : &aes_192_cfb8;
924#else
925 return &aes_192_cfb8; 486 return &aes_192_cfb8;
926#endif
927} 487}
928LCRYPTO_ALIAS(EVP_aes_192_cfb8); 488LCRYPTO_ALIAS(EVP_aes_192_cfb8);
929 489
930#ifdef AESNI_CAPABLE
931static const EVP_CIPHER aesni_192_ctr = {
932 .nid = NID_aes_192_ctr,
933 .block_size = 1,
934 .key_len = 24,
935 .iv_len = 16,
936 .flags = EVP_CIPH_CTR_MODE,
937 .init = aesni_init_key,
938 .do_cipher = aes_ctr_cipher,
939 .ctx_size = sizeof(EVP_AES_KEY),
940};
941#endif
942
943static const EVP_CIPHER aes_192_ctr = { 490static const EVP_CIPHER aes_192_ctr = {
944 .nid = NID_aes_192_ctr, 491 .nid = NID_aes_192_ctr,
945 .block_size = 1, 492 .block_size = 1,
@@ -954,35 +501,17 @@ static const EVP_CIPHER aes_192_ctr = {
954const EVP_CIPHER * 501const EVP_CIPHER *
955EVP_aes_192_ctr(void) 502EVP_aes_192_ctr(void)
956{ 503{
957#ifdef AESNI_CAPABLE
958 return AESNI_CAPABLE ? &aesni_192_ctr : &aes_192_ctr;
959#else
960 return &aes_192_ctr; 504 return &aes_192_ctr;
961#endif
962} 505}
963LCRYPTO_ALIAS(EVP_aes_192_ctr); 506LCRYPTO_ALIAS(EVP_aes_192_ctr);
964 507
965
966#ifdef AESNI_CAPABLE
967static const EVP_CIPHER aesni_256_cbc = {
968 .nid = NID_aes_256_cbc,
969 .block_size = 16,
970 .key_len = 32,
971 .iv_len = 16,
972 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE,
973 .init = aesni_init_key,
974 .do_cipher = aesni_cbc_cipher,
975 .ctx_size = sizeof(EVP_AES_KEY),
976};
977#endif
978
979static const EVP_CIPHER aes_256_cbc = { 508static const EVP_CIPHER aes_256_cbc = {
980 .nid = NID_aes_256_cbc, 509 .nid = NID_aes_256_cbc,
981 .block_size = 16, 510 .block_size = 16,
982 .key_len = 32, 511 .key_len = 32,
983 .iv_len = 16, 512 .iv_len = 16,
984 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE, 513 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE,
985 .init = aes_init_key, 514 .init = aes_cbc_init_key,
986 .do_cipher = aes_cbc_cipher, 515 .do_cipher = aes_cbc_cipher,
987 .ctx_size = sizeof(EVP_AES_KEY), 516 .ctx_size = sizeof(EVP_AES_KEY),
988}; 517};
@@ -990,34 +519,17 @@ static const EVP_CIPHER aes_256_cbc = {
990const EVP_CIPHER * 519const EVP_CIPHER *
991EVP_aes_256_cbc(void) 520EVP_aes_256_cbc(void)
992{ 521{
993#ifdef AESNI_CAPABLE
994 return AESNI_CAPABLE ? &aesni_256_cbc : &aes_256_cbc;
995#else
996 return &aes_256_cbc; 522 return &aes_256_cbc;
997#endif
998} 523}
999LCRYPTO_ALIAS(EVP_aes_256_cbc); 524LCRYPTO_ALIAS(EVP_aes_256_cbc);
1000 525
1001#ifdef AESNI_CAPABLE
1002static const EVP_CIPHER aesni_256_ecb = {
1003 .nid = NID_aes_256_ecb,
1004 .block_size = 16,
1005 .key_len = 32,
1006 .iv_len = 0,
1007 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE,
1008 .init = aesni_init_key,
1009 .do_cipher = aesni_ecb_cipher,
1010 .ctx_size = sizeof(EVP_AES_KEY),
1011};
1012#endif
1013
1014static const EVP_CIPHER aes_256_ecb = { 526static const EVP_CIPHER aes_256_ecb = {
1015 .nid = NID_aes_256_ecb, 527 .nid = NID_aes_256_ecb,
1016 .block_size = 16, 528 .block_size = 16,
1017 .key_len = 32, 529 .key_len = 32,
1018 .iv_len = 0, 530 .iv_len = 0,
1019 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE, 531 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_ECB_MODE,
1020 .init = aes_init_key, 532 .init = aes_ecb_init_key,
1021 .do_cipher = aes_ecb_cipher, 533 .do_cipher = aes_ecb_cipher,
1022 .ctx_size = sizeof(EVP_AES_KEY), 534 .ctx_size = sizeof(EVP_AES_KEY),
1023}; 535};
@@ -1025,27 +537,10 @@ static const EVP_CIPHER aes_256_ecb = {
1025const EVP_CIPHER * 537const EVP_CIPHER *
1026EVP_aes_256_ecb(void) 538EVP_aes_256_ecb(void)
1027{ 539{
1028#ifdef AESNI_CAPABLE
1029 return AESNI_CAPABLE ? &aesni_256_ecb : &aes_256_ecb;
1030#else
1031 return &aes_256_ecb; 540 return &aes_256_ecb;
1032#endif
1033} 541}
1034LCRYPTO_ALIAS(EVP_aes_256_ecb); 542LCRYPTO_ALIAS(EVP_aes_256_ecb);
1035 543
1036#ifdef AESNI_CAPABLE
1037static const EVP_CIPHER aesni_256_ofb = {
1038 .nid = NID_aes_256_ofb128,
1039 .block_size = 1,
1040 .key_len = 32,
1041 .iv_len = 16,
1042 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_OFB_MODE,
1043 .init = aesni_init_key,
1044 .do_cipher = aes_ofb_cipher,
1045 .ctx_size = sizeof(EVP_AES_KEY),
1046};
1047#endif
1048
1049static const EVP_CIPHER aes_256_ofb = { 544static const EVP_CIPHER aes_256_ofb = {
1050 .nid = NID_aes_256_ofb128, 545 .nid = NID_aes_256_ofb128,
1051 .block_size = 1, 546 .block_size = 1,
@@ -1060,27 +555,10 @@ static const EVP_CIPHER aes_256_ofb = {
1060const EVP_CIPHER * 555const EVP_CIPHER *
1061EVP_aes_256_ofb(void) 556EVP_aes_256_ofb(void)
1062{ 557{
1063#ifdef AESNI_CAPABLE
1064 return AESNI_CAPABLE ? &aesni_256_ofb : &aes_256_ofb;
1065#else
1066 return &aes_256_ofb; 558 return &aes_256_ofb;
1067#endif
1068} 559}
1069LCRYPTO_ALIAS(EVP_aes_256_ofb); 560LCRYPTO_ALIAS(EVP_aes_256_ofb);
1070 561
1071#ifdef AESNI_CAPABLE
1072static const EVP_CIPHER aesni_256_cfb = {
1073 .nid = NID_aes_256_cfb128,
1074 .block_size = 1,
1075 .key_len = 32,
1076 .iv_len = 16,
1077 .flags = EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CFB_MODE,
1078 .init = aesni_init_key,
1079 .do_cipher = aes_cfb_cipher,
1080 .ctx_size = sizeof(EVP_AES_KEY),
1081};
1082#endif
1083
1084static const EVP_CIPHER aes_256_cfb = { 562static const EVP_CIPHER aes_256_cfb = {
1085 .nid = NID_aes_256_cfb128, 563 .nid = NID_aes_256_cfb128,
1086 .block_size = 1, 564 .block_size = 1,
@@ -1095,27 +573,10 @@ static const EVP_CIPHER aes_256_cfb = {
1095const EVP_CIPHER * 573const EVP_CIPHER *
1096EVP_aes_256_cfb128(void) 574EVP_aes_256_cfb128(void)
1097{ 575{
1098#ifdef AESNI_CAPABLE
1099 return AESNI_CAPABLE ? &aesni_256_cfb : &aes_256_cfb;
1100#else
1101 return &aes_256_cfb; 576 return &aes_256_cfb;
1102#endif
1103} 577}
1104LCRYPTO_ALIAS(EVP_aes_256_cfb128); 578LCRYPTO_ALIAS(EVP_aes_256_cfb128);
1105 579
1106#ifdef AESNI_CAPABLE
1107static const EVP_CIPHER aesni_256_cfb1 = {
1108 .nid = NID_aes_256_cfb1,
1109 .block_size = 1,
1110 .key_len = 32,
1111 .iv_len = 16,
1112 .flags = EVP_CIPH_CFB_MODE,
1113 .init = aesni_init_key,
1114 .do_cipher = aes_cfb1_cipher,
1115 .ctx_size = sizeof(EVP_AES_KEY),
1116};
1117#endif
1118
1119static const EVP_CIPHER aes_256_cfb1 = { 580static const EVP_CIPHER aes_256_cfb1 = {
1120 .nid = NID_aes_256_cfb1, 581 .nid = NID_aes_256_cfb1,
1121 .block_size = 1, 582 .block_size = 1,
@@ -1130,27 +591,10 @@ static const EVP_CIPHER aes_256_cfb1 = {
1130const EVP_CIPHER * 591const EVP_CIPHER *
1131EVP_aes_256_cfb1(void) 592EVP_aes_256_cfb1(void)
1132{ 593{
1133#ifdef AESNI_CAPABLE
1134 return AESNI_CAPABLE ? &aesni_256_cfb1 : &aes_256_cfb1;
1135#else
1136 return &aes_256_cfb1; 594 return &aes_256_cfb1;
1137#endif
1138} 595}
1139LCRYPTO_ALIAS(EVP_aes_256_cfb1); 596LCRYPTO_ALIAS(EVP_aes_256_cfb1);
1140 597
1141#ifdef AESNI_CAPABLE
1142static const EVP_CIPHER aesni_256_cfb8 = {
1143 .nid = NID_aes_256_cfb8,
1144 .block_size = 1,
1145 .key_len = 32,
1146 .iv_len = 16,
1147 .flags = EVP_CIPH_CFB_MODE,
1148 .init = aesni_init_key,
1149 .do_cipher = aes_cfb8_cipher,
1150 .ctx_size = sizeof(EVP_AES_KEY),
1151};
1152#endif
1153
1154static const EVP_CIPHER aes_256_cfb8 = { 598static const EVP_CIPHER aes_256_cfb8 = {
1155 .nid = NID_aes_256_cfb8, 599 .nid = NID_aes_256_cfb8,
1156 .block_size = 1, 600 .block_size = 1,
@@ -1165,27 +609,10 @@ static const EVP_CIPHER aes_256_cfb8 = {
1165const EVP_CIPHER * 609const EVP_CIPHER *
1166EVP_aes_256_cfb8(void) 610EVP_aes_256_cfb8(void)
1167{ 611{
1168#ifdef AESNI_CAPABLE
1169 return AESNI_CAPABLE ? &aesni_256_cfb8 : &aes_256_cfb8;
1170#else
1171 return &aes_256_cfb8; 612 return &aes_256_cfb8;
1172#endif
1173} 613}
1174LCRYPTO_ALIAS(EVP_aes_256_cfb8); 614LCRYPTO_ALIAS(EVP_aes_256_cfb8);
1175 615
1176#ifdef AESNI_CAPABLE
1177static const EVP_CIPHER aesni_256_ctr = {
1178 .nid = NID_aes_256_ctr,
1179 .block_size = 1,
1180 .key_len = 32,
1181 .iv_len = 16,
1182 .flags = EVP_CIPH_CTR_MODE,
1183 .init = aesni_init_key,
1184 .do_cipher = aes_ctr_cipher,
1185 .ctx_size = sizeof(EVP_AES_KEY),
1186};
1187#endif
1188
1189static const EVP_CIPHER aes_256_ctr = { 616static const EVP_CIPHER aes_256_ctr = {
1190 .nid = NID_aes_256_ctr, 617 .nid = NID_aes_256_ctr,
1191 .block_size = 1, 618 .block_size = 1,
@@ -1200,11 +627,7 @@ static const EVP_CIPHER aes_256_ctr = {
1200const EVP_CIPHER * 627const EVP_CIPHER *
1201EVP_aes_256_ctr(void) 628EVP_aes_256_ctr(void)
1202{ 629{
1203#ifdef AESNI_CAPABLE
1204 return AESNI_CAPABLE ? &aesni_256_ctr : &aes_256_ctr;
1205#else
1206 return &aes_256_ctr; 630 return &aes_256_ctr;
1207#endif
1208} 631}
1209LCRYPTO_ALIAS(EVP_aes_256_ctr); 632LCRYPTO_ALIAS(EVP_aes_256_ctr);
1210 633
@@ -1385,19 +808,6 @@ aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
1385 } 808 }
1386} 809}
1387 810
1388static ctr128_f
1389aes_gcm_set_key(AES_KEY *aes_key, GCM128_CONTEXT *gcm_ctx,
1390 const unsigned char *key, size_t key_len)
1391{
1392 AES_set_encrypt_key(key, key_len * 8, aes_key);
1393 CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)AES_encrypt);
1394#ifdef AES_CTR_ASM
1395 return (ctr128_f)AES_ctr32_encrypt;
1396#else
1397 return NULL;
1398#endif
1399}
1400
1401static int 811static int
1402aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 812aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
1403 const unsigned char *iv, int enc) 813 const unsigned char *iv, int enc)
@@ -1407,8 +817,8 @@ aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
1407 if (!iv && !key) 817 if (!iv && !key)
1408 return 1; 818 return 1;
1409 if (key) { 819 if (key) {
1410 gctx->ctr = aes_gcm_set_key(&gctx->ks, &gctx->gcm, 820 AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
1411 key, ctx->key_len); 821 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, aes_encrypt_block128);
1412 822
1413 /* If we have an iv can set it directly, otherwise use 823 /* If we have an iv can set it directly, otherwise use
1414 * saved IV. 824 * saved IV.
@@ -1468,14 +878,9 @@ aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1468 len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; 878 len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
1469 if (ctx->encrypt) { 879 if (ctx->encrypt) {
1470 /* Encrypt payload */ 880 /* Encrypt payload */
1471 if (gctx->ctr) { 881 if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm, in, out, len,
1472 if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm, in, out, 882 aes_ctr32_encrypt_ctr128f))
1473 len, gctx->ctr)) 883 goto err;
1474 goto err;
1475 } else {
1476 if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len))
1477 goto err;
1478 }
1479 out += len; 884 out += len;
1480 885
1481 /* Finally write tag */ 886 /* Finally write tag */
@@ -1483,19 +888,15 @@ aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1483 rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; 888 rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
1484 } else { 889 } else {
1485 /* Decrypt */ 890 /* Decrypt */
1486 if (gctx->ctr) { 891 if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm, in, out, len,
1487 if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm, in, out, 892 aes_ctr32_encrypt_ctr128f))
1488 len, gctx->ctr)) 893 goto err;
1489 goto err; 894
1490 } else {
1491 if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len))
1492 goto err;
1493 }
1494 /* Retrieve tag */ 895 /* Retrieve tag */
1495 CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, EVP_GCM_TLS_TAG_LEN); 896 CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, EVP_GCM_TLS_TAG_LEN);
1496 897
1497 /* If tag mismatch wipe buffer */ 898 /* If tag mismatch wipe buffer */
1498 if (memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) { 899 if (timingsafe_memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN) != 0) {
1499 explicit_bzero(out, len); 900 explicit_bzero(out, len);
1500 goto err; 901 goto err;
1501 } 902 }
@@ -1529,25 +930,13 @@ aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1529 if (CRYPTO_gcm128_aad(&gctx->gcm, in, len)) 930 if (CRYPTO_gcm128_aad(&gctx->gcm, in, len))
1530 return -1; 931 return -1;
1531 } else if (ctx->encrypt) { 932 } else if (ctx->encrypt) {
1532 if (gctx->ctr) { 933 if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm,
1533 if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm, 934 in, out, len, aes_ctr32_encrypt_ctr128f))
1534 in, out, len, gctx->ctr)) 935 return -1;
1535 return -1;
1536 } else {
1537 if (CRYPTO_gcm128_encrypt(&gctx->gcm,
1538 in, out, len))
1539 return -1;
1540 }
1541 } else { 936 } else {
1542 if (gctx->ctr) { 937 if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm,
1543 if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm, 938 in, out, len, aes_ctr32_encrypt_ctr128f))
1544 in, out, len, gctx->ctr)) 939 return -1;
1545 return -1;
1546 } else {
1547 if (CRYPTO_gcm128_decrypt(&gctx->gcm,
1548 in, out, len))
1549 return -1;
1550 }
1551 } 940 }
1552 return len; 941 return len;
1553 } else { 942 } else {
@@ -1576,22 +965,6 @@ aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1576 EVP_CIPH_FLAG_CUSTOM_CIPHER | EVP_CIPH_ALWAYS_CALL_INIT | \ 965 EVP_CIPH_FLAG_CUSTOM_CIPHER | EVP_CIPH_ALWAYS_CALL_INIT | \
1577 EVP_CIPH_CTRL_INIT | EVP_CIPH_CUSTOM_COPY ) 966 EVP_CIPH_CTRL_INIT | EVP_CIPH_CUSTOM_COPY )
1578 967
1579
1580#ifdef AESNI_CAPABLE
1581static const EVP_CIPHER aesni_128_gcm = {
1582 .nid = NID_aes_128_gcm,
1583 .block_size = 1,
1584 .key_len = 16,
1585 .iv_len = 12,
1586 .flags = EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS | EVP_CIPH_GCM_MODE,
1587 .init = aesni_gcm_init_key,
1588 .do_cipher = aes_gcm_cipher,
1589 .cleanup = aes_gcm_cleanup,
1590 .ctx_size = sizeof(EVP_AES_GCM_CTX),
1591 .ctrl = aes_gcm_ctrl,
1592};
1593#endif
1594
1595static const EVP_CIPHER aes_128_gcm = { 968static const EVP_CIPHER aes_128_gcm = {
1596 .nid = NID_aes_128_gcm, 969 .nid = NID_aes_128_gcm,
1597 .block_size = 1, 970 .block_size = 1,
@@ -1608,29 +981,10 @@ static const EVP_CIPHER aes_128_gcm = {
1608const EVP_CIPHER * 981const EVP_CIPHER *
1609EVP_aes_128_gcm(void) 982EVP_aes_128_gcm(void)
1610{ 983{
1611#ifdef AESNI_CAPABLE
1612 return AESNI_CAPABLE ? &aesni_128_gcm : &aes_128_gcm;
1613#else
1614 return &aes_128_gcm; 984 return &aes_128_gcm;
1615#endif
1616} 985}
1617LCRYPTO_ALIAS(EVP_aes_128_gcm); 986LCRYPTO_ALIAS(EVP_aes_128_gcm);
1618 987
1619#ifdef AESNI_CAPABLE
1620static const EVP_CIPHER aesni_192_gcm = {
1621 .nid = NID_aes_192_gcm,
1622 .block_size = 1,
1623 .key_len = 24,
1624 .iv_len = 12,
1625 .flags = EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS | EVP_CIPH_GCM_MODE,
1626 .init = aesni_gcm_init_key,
1627 .do_cipher = aes_gcm_cipher,
1628 .cleanup = aes_gcm_cleanup,
1629 .ctx_size = sizeof(EVP_AES_GCM_CTX),
1630 .ctrl = aes_gcm_ctrl,
1631};
1632#endif
1633
1634static const EVP_CIPHER aes_192_gcm = { 988static const EVP_CIPHER aes_192_gcm = {
1635 .nid = NID_aes_192_gcm, 989 .nid = NID_aes_192_gcm,
1636 .block_size = 1, 990 .block_size = 1,
@@ -1647,29 +1001,10 @@ static const EVP_CIPHER aes_192_gcm = {
1647const EVP_CIPHER * 1001const EVP_CIPHER *
1648EVP_aes_192_gcm(void) 1002EVP_aes_192_gcm(void)
1649{ 1003{
1650#ifdef AESNI_CAPABLE
1651 return AESNI_CAPABLE ? &aesni_192_gcm : &aes_192_gcm;
1652#else
1653 return &aes_192_gcm; 1004 return &aes_192_gcm;
1654#endif
1655} 1005}
1656LCRYPTO_ALIAS(EVP_aes_192_gcm); 1006LCRYPTO_ALIAS(EVP_aes_192_gcm);
1657 1007
1658#ifdef AESNI_CAPABLE
1659static const EVP_CIPHER aesni_256_gcm = {
1660 .nid = NID_aes_256_gcm,
1661 .block_size = 1,
1662 .key_len = 32,
1663 .iv_len = 12,
1664 .flags = EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS | EVP_CIPH_GCM_MODE,
1665 .init = aesni_gcm_init_key,
1666 .do_cipher = aes_gcm_cipher,
1667 .cleanup = aes_gcm_cleanup,
1668 .ctx_size = sizeof(EVP_AES_GCM_CTX),
1669 .ctrl = aes_gcm_ctrl,
1670};
1671#endif
1672
1673static const EVP_CIPHER aes_256_gcm = { 1008static const EVP_CIPHER aes_256_gcm = {
1674 .nid = NID_aes_256_gcm, 1009 .nid = NID_aes_256_gcm,
1675 .block_size = 1, 1010 .block_size = 1,
@@ -1686,11 +1021,7 @@ static const EVP_CIPHER aes_256_gcm = {
1686const EVP_CIPHER * 1021const EVP_CIPHER *
1687EVP_aes_256_gcm(void) 1022EVP_aes_256_gcm(void)
1688{ 1023{
1689#ifdef AESNI_CAPABLE
1690 return AESNI_CAPABLE ? &aesni_256_gcm : &aes_256_gcm;
1691#else
1692 return &aes_256_gcm; 1024 return &aes_256_gcm;
1693#endif
1694} 1025}
1695LCRYPTO_ALIAS(EVP_aes_256_gcm); 1026LCRYPTO_ALIAS(EVP_aes_256_gcm);
1696 1027
@@ -1732,36 +1063,24 @@ aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
1732 1063
1733static int 1064static int
1734aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 1065aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
1735 const unsigned char *iv, int enc) 1066 const unsigned char *iv, int encrypt)
1736{ 1067{
1737 EVP_AES_XTS_CTX *xctx = ctx->cipher_data; 1068 EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
1738 1069
1739 if (!iv && !key) 1070 if (key != NULL) {
1740 return 1;
1741
1742 if (key) {
1743#ifdef AES_XTS_ASM
1744 xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt;
1745#else
1746 xctx->stream = NULL;
1747#endif
1748 /* key_len is two AES keys */ 1071 /* key_len is two AES keys */
1749 if (enc) { 1072 if (encrypt)
1750 AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1); 1073 AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);
1751 xctx->xts.block1 = (block128_f)AES_encrypt; 1074 else
1752 } else {
1753 AES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1); 1075 AES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1);
1754 xctx->xts.block1 = (block128_f)AES_decrypt;
1755 }
1756 1076
1757 AES_set_encrypt_key(key + ctx->key_len / 2, 1077 AES_set_encrypt_key(key + ctx->key_len / 2, ctx->key_len * 4,
1758 ctx->key_len * 4, &xctx->ks2); 1078 &xctx->ks2);
1759 xctx->xts.block2 = (block128_f)AES_encrypt;
1760 1079
1761 xctx->xts.key1 = &xctx->ks1; 1080 xctx->xts.key1 = &xctx->ks1;
1762 } 1081 }
1763 1082
1764 if (iv) { 1083 if (iv != NULL) {
1765 xctx->xts.key2 = &xctx->ks2; 1084 xctx->xts.key2 = &xctx->ks2;
1766 memcpy(ctx->iv, iv, 16); 1085 memcpy(ctx->iv, iv, 16);
1767 } 1086 }
@@ -1775,17 +1094,15 @@ aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1775{ 1094{
1776 EVP_AES_XTS_CTX *xctx = ctx->cipher_data; 1095 EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
1777 1096
1778 if (!xctx->xts.key1 || !xctx->xts.key2) 1097 if (xctx->xts.key1 == NULL || xctx->xts.key2 == NULL)
1779 return 0;
1780 if (!out || !in || len < AES_BLOCK_SIZE)
1781 return 0; 1098 return 0;
1782 1099
1783 if (xctx->stream) 1100 if (out == NULL || in == NULL || len < AES_BLOCK_SIZE)
1784 (*xctx->stream)(in, out, len, xctx->xts.key1, xctx->xts.key2,
1785 ctx->iv);
1786 else if (CRYPTO_xts128_encrypt(&xctx->xts, ctx->iv, in, out, len,
1787 ctx->encrypt))
1788 return 0; 1101 return 0;
1102
1103 aes_xts_encrypt_internal(in, out, len, xctx->xts.key1, xctx->xts.key2,
1104 ctx->iv, ctx->encrypt);
1105
1789 return 1; 1106 return 1;
1790} 1107}
1791 1108
@@ -1793,22 +1110,6 @@ aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1793 ( EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV | \ 1110 ( EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV | \
1794 EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT | EVP_CIPH_CUSTOM_COPY ) 1111 EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT | EVP_CIPH_CUSTOM_COPY )
1795 1112
1796
1797#ifdef AESNI_CAPABLE
1798static const EVP_CIPHER aesni_128_xts = {
1799 .nid = NID_aes_128_xts,
1800 .block_size = 1,
1801 .key_len = 2 * 16,
1802 .iv_len = 16,
1803 .flags = XTS_FLAGS | EVP_CIPH_XTS_MODE,
1804 .init = aesni_xts_init_key,
1805 .do_cipher = aes_xts_cipher,
1806 .cleanup = NULL,
1807 .ctx_size = sizeof(EVP_AES_XTS_CTX),
1808 .ctrl = aes_xts_ctrl,
1809};
1810#endif
1811
1812static const EVP_CIPHER aes_128_xts = { 1113static const EVP_CIPHER aes_128_xts = {
1813 .nid = NID_aes_128_xts, 1114 .nid = NID_aes_128_xts,
1814 .block_size = 1, 1115 .block_size = 1,
@@ -1825,29 +1126,10 @@ static const EVP_CIPHER aes_128_xts = {
1825const EVP_CIPHER * 1126const EVP_CIPHER *
1826EVP_aes_128_xts(void) 1127EVP_aes_128_xts(void)
1827{ 1128{
1828#ifdef AESNI_CAPABLE
1829 return AESNI_CAPABLE ? &aesni_128_xts : &aes_128_xts;
1830#else
1831 return &aes_128_xts; 1129 return &aes_128_xts;
1832#endif
1833} 1130}
1834LCRYPTO_ALIAS(EVP_aes_128_xts); 1131LCRYPTO_ALIAS(EVP_aes_128_xts);
1835 1132
1836#ifdef AESNI_CAPABLE
1837static const EVP_CIPHER aesni_256_xts = {
1838 .nid = NID_aes_256_xts,
1839 .block_size = 1,
1840 .key_len = 2 * 32,
1841 .iv_len = 16,
1842 .flags = XTS_FLAGS | EVP_CIPH_XTS_MODE,
1843 .init = aesni_xts_init_key,
1844 .do_cipher = aes_xts_cipher,
1845 .cleanup = NULL,
1846 .ctx_size = sizeof(EVP_AES_XTS_CTX),
1847 .ctrl = aes_xts_ctrl,
1848};
1849#endif
1850
1851static const EVP_CIPHER aes_256_xts = { 1133static const EVP_CIPHER aes_256_xts = {
1852 .nid = NID_aes_256_xts, 1134 .nid = NID_aes_256_xts,
1853 .block_size = 1, 1135 .block_size = 1,
@@ -1864,11 +1146,7 @@ static const EVP_CIPHER aes_256_xts = {
1864const EVP_CIPHER * 1146const EVP_CIPHER *
1865EVP_aes_256_xts(void) 1147EVP_aes_256_xts(void)
1866{ 1148{
1867#ifdef AESNI_CAPABLE
1868 return AESNI_CAPABLE ? &aesni_256_xts : &aes_256_xts;
1869#else
1870 return &aes_256_xts; 1149 return &aes_256_xts;
1871#endif
1872} 1150}
1873LCRYPTO_ALIAS(EVP_aes_256_xts); 1151LCRYPTO_ALIAS(EVP_aes_256_xts);
1874 1152
@@ -1951,8 +1229,7 @@ aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
1951 if (key) { 1229 if (key) {
1952 AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks); 1230 AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks);
1953 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, 1231 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
1954 &cctx->ks, (block128_f)AES_encrypt); 1232 &cctx->ks, aes_encrypt_block128);
1955 cctx->str = NULL;
1956 cctx->key_set = 1; 1233 cctx->key_set = 1;
1957 } 1234 }
1958 if (iv) { 1235 if (iv) {
@@ -1970,7 +1247,14 @@ aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1970 CCM128_CONTEXT *ccm = &cctx->ccm; 1247 CCM128_CONTEXT *ccm = &cctx->ccm;
1971 1248
1972 /* If not set up, return error */ 1249 /* If not set up, return error */
1973 if (!cctx->iv_set && !cctx->key_set) 1250 if (!cctx->key_set)
1251 return -1;
1252
1253 /* EVP_*Final() doesn't return any data */
1254 if (in == NULL && out != NULL)
1255 return 0;
1256
1257 if (!cctx->iv_set)
1974 return -1; 1258 return -1;
1975 if (!ctx->encrypt && !cctx->tag_set) 1259 if (!ctx->encrypt && !cctx->tag_set)
1976 return -1; 1260 return -1;
@@ -1989,9 +1273,7 @@ aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1989 CRYPTO_ccm128_aad(ccm, in, len); 1273 CRYPTO_ccm128_aad(ccm, in, len);
1990 return len; 1274 return len;
1991 } 1275 }
1992 /* EVP_*Final() doesn't return any data */ 1276
1993 if (!in)
1994 return 0;
1995 /* If not set length yet do it */ 1277 /* If not set length yet do it */
1996 if (!cctx->len_set) { 1278 if (!cctx->len_set) {
1997 if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len)) 1279 if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len))
@@ -1999,18 +1281,18 @@ aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1999 cctx->len_set = 1; 1281 cctx->len_set = 1;
2000 } 1282 }
2001 if (ctx->encrypt) { 1283 if (ctx->encrypt) {
2002 if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, 1284 if (CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len,
2003 cctx->str) : CRYPTO_ccm128_encrypt(ccm, in, out, len)) 1285 aes_ccm64_encrypt_ccm128f) != 0)
2004 return -1; 1286 return -1;
2005 cctx->tag_set = 1; 1287 cctx->tag_set = 1;
2006 return len; 1288 return len;
2007 } else { 1289 } else {
2008 int rv = -1; 1290 int rv = -1;
2009 if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, 1291 if (CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len,
2010 cctx->str) : !CRYPTO_ccm128_decrypt(ccm, in, out, len)) { 1292 aes_ccm64_decrypt_ccm128f) == 0) {
2011 unsigned char tag[16]; 1293 unsigned char tag[16];
2012 if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { 1294 if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
2013 if (!memcmp(tag, ctx->buf, cctx->M)) 1295 if (timingsafe_memcmp(tag, ctx->buf, cctx->M) == 0)
2014 rv = len; 1296 rv = len;
2015 } 1297 }
2016 } 1298 }
@@ -2021,24 +1303,8 @@ aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
2021 cctx->len_set = 0; 1303 cctx->len_set = 0;
2022 return rv; 1304 return rv;
2023 } 1305 }
2024
2025} 1306}
2026 1307
2027#ifdef AESNI_CAPABLE
2028static const EVP_CIPHER aesni_128_ccm = {
2029 .nid = NID_aes_128_ccm,
2030 .block_size = 1,
2031 .key_len = 16,
2032 .iv_len = 12,
2033 .flags = CUSTOM_FLAGS | EVP_CIPH_CCM_MODE,
2034 .init = aesni_ccm_init_key,
2035 .do_cipher = aes_ccm_cipher,
2036 .cleanup = NULL,
2037 .ctx_size = sizeof(EVP_AES_CCM_CTX),
2038 .ctrl = aes_ccm_ctrl,
2039};
2040#endif
2041
2042static const EVP_CIPHER aes_128_ccm = { 1308static const EVP_CIPHER aes_128_ccm = {
2043 .nid = NID_aes_128_ccm, 1309 .nid = NID_aes_128_ccm,
2044 .block_size = 1, 1310 .block_size = 1,
@@ -2055,29 +1321,10 @@ static const EVP_CIPHER aes_128_ccm = {
2055const EVP_CIPHER * 1321const EVP_CIPHER *
2056EVP_aes_128_ccm(void) 1322EVP_aes_128_ccm(void)
2057{ 1323{
2058#ifdef AESNI_CAPABLE
2059 return AESNI_CAPABLE ? &aesni_128_ccm : &aes_128_ccm;
2060#else
2061 return &aes_128_ccm; 1324 return &aes_128_ccm;
2062#endif
2063} 1325}
2064LCRYPTO_ALIAS(EVP_aes_128_ccm); 1326LCRYPTO_ALIAS(EVP_aes_128_ccm);
2065 1327
2066#ifdef AESNI_CAPABLE
2067static const EVP_CIPHER aesni_192_ccm = {
2068 .nid = NID_aes_192_ccm,
2069 .block_size = 1,
2070 .key_len = 24,
2071 .iv_len = 12,
2072 .flags = CUSTOM_FLAGS | EVP_CIPH_CCM_MODE,
2073 .init = aesni_ccm_init_key,
2074 .do_cipher = aes_ccm_cipher,
2075 .cleanup = NULL,
2076 .ctx_size = sizeof(EVP_AES_CCM_CTX),
2077 .ctrl = aes_ccm_ctrl,
2078};
2079#endif
2080
2081static const EVP_CIPHER aes_192_ccm = { 1328static const EVP_CIPHER aes_192_ccm = {
2082 .nid = NID_aes_192_ccm, 1329 .nid = NID_aes_192_ccm,
2083 .block_size = 1, 1330 .block_size = 1,
@@ -2094,29 +1341,10 @@ static const EVP_CIPHER aes_192_ccm = {
2094const EVP_CIPHER * 1341const EVP_CIPHER *
2095EVP_aes_192_ccm(void) 1342EVP_aes_192_ccm(void)
2096{ 1343{
2097#ifdef AESNI_CAPABLE
2098 return AESNI_CAPABLE ? &aesni_192_ccm : &aes_192_ccm;
2099#else
2100 return &aes_192_ccm; 1344 return &aes_192_ccm;
2101#endif
2102} 1345}
2103LCRYPTO_ALIAS(EVP_aes_192_ccm); 1346LCRYPTO_ALIAS(EVP_aes_192_ccm);
2104 1347
2105#ifdef AESNI_CAPABLE
2106static const EVP_CIPHER aesni_256_ccm = {
2107 .nid = NID_aes_256_ccm,
2108 .block_size = 1,
2109 .key_len = 32,
2110 .iv_len = 12,
2111 .flags = CUSTOM_FLAGS | EVP_CIPH_CCM_MODE,
2112 .init = aesni_ccm_init_key,
2113 .do_cipher = aes_ccm_cipher,
2114 .cleanup = NULL,
2115 .ctx_size = sizeof(EVP_AES_CCM_CTX),
2116 .ctrl = aes_ccm_ctrl,
2117};
2118#endif
2119
2120static const EVP_CIPHER aes_256_ccm = { 1348static const EVP_CIPHER aes_256_ccm = {
2121 .nid = NID_aes_256_ccm, 1349 .nid = NID_aes_256_ccm,
2122 .block_size = 1, 1350 .block_size = 1,
@@ -2133,11 +1361,7 @@ static const EVP_CIPHER aes_256_ccm = {
2133const EVP_CIPHER * 1361const EVP_CIPHER *
2134EVP_aes_256_ccm(void) 1362EVP_aes_256_ccm(void)
2135{ 1363{
2136#ifdef AESNI_CAPABLE
2137 return AESNI_CAPABLE ? &aesni_256_ccm : &aes_256_ccm;
2138#else
2139 return &aes_256_ccm; 1364 return &aes_256_ccm;
2140#endif
2141} 1365}
2142LCRYPTO_ALIAS(EVP_aes_256_ccm); 1366LCRYPTO_ALIAS(EVP_aes_256_ccm);
2143 1367
@@ -2149,7 +1373,6 @@ struct aead_aes_gcm_ctx {
2149 AES_KEY ks; 1373 AES_KEY ks;
2150 } ks; 1374 } ks;
2151 GCM128_CONTEXT gcm; 1375 GCM128_CONTEXT gcm;
2152 ctr128_f ctr;
2153 unsigned char tag_len; 1376 unsigned char tag_len;
2154}; 1377};
2155 1378
@@ -2177,18 +1400,8 @@ aead_aes_gcm_init(EVP_AEAD_CTX *ctx, const unsigned char *key, size_t key_len,
2177 if ((gcm_ctx = calloc(1, sizeof(struct aead_aes_gcm_ctx))) == NULL) 1400 if ((gcm_ctx = calloc(1, sizeof(struct aead_aes_gcm_ctx))) == NULL)
2178 return 0; 1401 return 0;
2179 1402
2180#ifdef AESNI_CAPABLE 1403 AES_set_encrypt_key(key, key_bits, &gcm_ctx->ks.ks);
2181 if (AESNI_CAPABLE) { 1404 CRYPTO_gcm128_init(&gcm_ctx->gcm, &gcm_ctx->ks.ks, aes_encrypt_block128);
2182 aesni_set_encrypt_key(key, key_bits, &gcm_ctx->ks.ks);
2183 CRYPTO_gcm128_init(&gcm_ctx->gcm, &gcm_ctx->ks.ks,
2184 (block128_f)aesni_encrypt);
2185 gcm_ctx->ctr = (ctr128_f) aesni_ctr32_encrypt_blocks;
2186 } else
2187#endif
2188 {
2189 gcm_ctx->ctr = aes_gcm_set_key(&gcm_ctx->ks.ks, &gcm_ctx->gcm,
2190 key, key_len);
2191 }
2192 gcm_ctx->tag_len = tag_len; 1405 gcm_ctx->tag_len = tag_len;
2193 ctx->aead_state = gcm_ctx; 1406 ctx->aead_state = gcm_ctx;
2194 1407
@@ -2229,15 +1442,9 @@ aead_aes_gcm_seal(const EVP_AEAD_CTX *ctx, unsigned char *out, size_t *out_len,
2229 if (ad_len > 0 && CRYPTO_gcm128_aad(&gcm, ad, ad_len)) 1442 if (ad_len > 0 && CRYPTO_gcm128_aad(&gcm, ad, ad_len))
2230 return 0; 1443 return 0;
2231 1444
2232 if (gcm_ctx->ctr) { 1445 if (CRYPTO_gcm128_encrypt_ctr32(&gcm, in + bulk, out + bulk,
2233 if (CRYPTO_gcm128_encrypt_ctr32(&gcm, in + bulk, out + bulk, 1446 in_len - bulk, aes_ctr32_encrypt_ctr128f))
2234 in_len - bulk, gcm_ctx->ctr)) 1447 return 0;
2235 return 0;
2236 } else {
2237 if (CRYPTO_gcm128_encrypt(&gcm, in + bulk, out + bulk,
2238 in_len - bulk))
2239 return 0;
2240 }
2241 1448
2242 CRYPTO_gcm128_tag(&gcm, out + in_len, gcm_ctx->tag_len); 1449 CRYPTO_gcm128_tag(&gcm, out + in_len, gcm_ctx->tag_len);
2243 *out_len = in_len + gcm_ctx->tag_len; 1450 *out_len = in_len + gcm_ctx->tag_len;
@@ -2280,15 +1487,9 @@ aead_aes_gcm_open(const EVP_AEAD_CTX *ctx, unsigned char *out, size_t *out_len,
2280 if (CRYPTO_gcm128_aad(&gcm, ad, ad_len)) 1487 if (CRYPTO_gcm128_aad(&gcm, ad, ad_len))
2281 return 0; 1488 return 0;
2282 1489
2283 if (gcm_ctx->ctr) { 1490 if (CRYPTO_gcm128_decrypt_ctr32(&gcm, in + bulk, out + bulk,
2284 if (CRYPTO_gcm128_decrypt_ctr32(&gcm, in + bulk, out + bulk, 1491 in_len - bulk - gcm_ctx->tag_len, aes_ctr32_encrypt_ctr128f))
2285 in_len - bulk - gcm_ctx->tag_len, gcm_ctx->ctr)) 1492 return 0;
2286 return 0;
2287 } else {
2288 if (CRYPTO_gcm128_decrypt(&gcm, in + bulk, out + bulk,
2289 in_len - bulk - gcm_ctx->tag_len))
2290 return 0;
2291 }
2292 1493
2293 CRYPTO_gcm128_tag(&gcm, tag, gcm_ctx->tag_len); 1494 CRYPTO_gcm128_tag(&gcm, tag, gcm_ctx->tag_len);
2294 if (timingsafe_memcmp(tag, in + plaintext_len, gcm_ctx->tag_len) != 0) { 1495 if (timingsafe_memcmp(tag, in + plaintext_len, gcm_ctx->tag_len) != 0) {
diff --git a/src/lib/libcrypto/evp/e_bf.c b/src/lib/libcrypto/evp/e_bf.c
index 4f3799975b..8c32a5658e 100644
--- a/src/lib/libcrypto/evp/e_bf.c
+++ b/src/lib/libcrypto/evp/e_bf.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: e_bf.c,v 1.19 2024/04/09 13:52:41 beck Exp $ */ 1/* $OpenBSD: e_bf.c,v 1.20 2025/05/27 03:58:12 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -162,13 +162,14 @@ static const EVP_CIPHER bf_cbc = {
162 .block_size = 8, 162 .block_size = 8,
163 .key_len = 16, 163 .key_len = 16,
164 .iv_len = 8, 164 .iv_len = 8,
165 .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CBC_MODE, 165 .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CBC_MODE |
166 EVP_CIPH_FLAG_DEFAULT_ASN1,
166 .init = bf_init_key, 167 .init = bf_init_key,
167 .do_cipher = bf_cbc_cipher, 168 .do_cipher = bf_cbc_cipher,
168 .cleanup = NULL, 169 .cleanup = NULL,
169 .ctx_size = sizeof(EVP_BF_KEY), 170 .ctx_size = sizeof(EVP_BF_KEY),
170 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 171 .set_asn1_parameters = NULL,
171 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 172 .get_asn1_parameters = NULL,
172 .ctrl = NULL, 173 .ctrl = NULL,
173}; 174};
174 175
@@ -184,13 +185,14 @@ static const EVP_CIPHER bf_cfb64 = {
184 .block_size = 1, 185 .block_size = 1,
185 .key_len = 16, 186 .key_len = 16,
186 .iv_len = 8, 187 .iv_len = 8,
187 .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CFB_MODE, 188 .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CFB_MODE |
189 EVP_CIPH_FLAG_DEFAULT_ASN1,
188 .init = bf_init_key, 190 .init = bf_init_key,
189 .do_cipher = bf_cfb64_cipher, 191 .do_cipher = bf_cfb64_cipher,
190 .cleanup = NULL, 192 .cleanup = NULL,
191 .ctx_size = sizeof(EVP_BF_KEY), 193 .ctx_size = sizeof(EVP_BF_KEY),
192 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 194 .set_asn1_parameters = NULL,
193 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 195 .get_asn1_parameters = NULL,
194 .ctrl = NULL, 196 .ctrl = NULL,
195}; 197};
196 198
@@ -206,13 +208,14 @@ static const EVP_CIPHER bf_ofb = {
206 .block_size = 1, 208 .block_size = 1,
207 .key_len = 16, 209 .key_len = 16,
208 .iv_len = 8, 210 .iv_len = 8,
209 .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_OFB_MODE, 211 .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_OFB_MODE |
212 EVP_CIPH_FLAG_DEFAULT_ASN1,
210 .init = bf_init_key, 213 .init = bf_init_key,
211 .do_cipher = bf_ofb_cipher, 214 .do_cipher = bf_ofb_cipher,
212 .cleanup = NULL, 215 .cleanup = NULL,
213 .ctx_size = sizeof(EVP_BF_KEY), 216 .ctx_size = sizeof(EVP_BF_KEY),
214 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 217 .set_asn1_parameters = NULL,
215 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 218 .get_asn1_parameters = NULL,
216 .ctrl = NULL, 219 .ctrl = NULL,
217}; 220};
218 221
@@ -228,13 +231,14 @@ static const EVP_CIPHER bf_ecb = {
228 .block_size = 8, 231 .block_size = 8,
229 .key_len = 16, 232 .key_len = 16,
230 .iv_len = 0, 233 .iv_len = 0,
231 .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_ECB_MODE, 234 .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_ECB_MODE |
235 EVP_CIPH_FLAG_DEFAULT_ASN1,
232 .init = bf_init_key, 236 .init = bf_init_key,
233 .do_cipher = bf_ecb_cipher, 237 .do_cipher = bf_ecb_cipher,
234 .cleanup = NULL, 238 .cleanup = NULL,
235 .ctx_size = sizeof(EVP_BF_KEY), 239 .ctx_size = sizeof(EVP_BF_KEY),
236 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 240 .set_asn1_parameters = NULL,
237 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 241 .get_asn1_parameters = NULL,
238 .ctrl = NULL, 242 .ctrl = NULL,
239}; 243};
240 244
diff --git a/src/lib/libcrypto/evp/e_camellia.c b/src/lib/libcrypto/evp/e_camellia.c
index 5538281e75..8da46275a3 100644
--- a/src/lib/libcrypto/evp/e_camellia.c
+++ b/src/lib/libcrypto/evp/e_camellia.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: e_camellia.c,v 1.21 2025/05/10 05:54:38 tb Exp $ */ 1/* $OpenBSD: e_camellia.c,v 1.22 2025/05/27 03:58:12 tb Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 2006 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -163,13 +163,13 @@ static const EVP_CIPHER camellia_128_cbc = {
163 .block_size = 16, 163 .block_size = 16,
164 .key_len = 16, 164 .key_len = 16,
165 .iv_len = 16, 165 .iv_len = 16,
166 .flags = 0 | EVP_CIPH_CBC_MODE, 166 .flags = EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
167 .init = camellia_init_key, 167 .init = camellia_init_key,
168 .do_cipher = camellia_128_cbc_cipher, 168 .do_cipher = camellia_128_cbc_cipher,
169 .cleanup = NULL, 169 .cleanup = NULL,
170 .ctx_size = sizeof(EVP_CAMELLIA_KEY), 170 .ctx_size = sizeof(EVP_CAMELLIA_KEY),
171 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 171 .set_asn1_parameters = NULL,
172 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 172 .get_asn1_parameters = NULL,
173 .ctrl = NULL, 173 .ctrl = NULL,
174}; 174};
175 175
@@ -185,13 +185,13 @@ static const EVP_CIPHER camellia_128_cfb128 = {
185 .block_size = 1, 185 .block_size = 1,
186 .key_len = 16, 186 .key_len = 16,
187 .iv_len = 16, 187 .iv_len = 16,
188 .flags = 0 | EVP_CIPH_CFB_MODE, 188 .flags = EVP_CIPH_CFB_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
189 .init = camellia_init_key, 189 .init = camellia_init_key,
190 .do_cipher = camellia_128_cfb128_cipher, 190 .do_cipher = camellia_128_cfb128_cipher,
191 .cleanup = NULL, 191 .cleanup = NULL,
192 .ctx_size = sizeof(EVP_CAMELLIA_KEY), 192 .ctx_size = sizeof(EVP_CAMELLIA_KEY),
193 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 193 .set_asn1_parameters = NULL,
194 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 194 .get_asn1_parameters = NULL,
195 .ctrl = NULL, 195 .ctrl = NULL,
196}; 196};
197 197
@@ -207,13 +207,13 @@ static const EVP_CIPHER camellia_128_ofb = {
207 .block_size = 1, 207 .block_size = 1,
208 .key_len = 16, 208 .key_len = 16,
209 .iv_len = 16, 209 .iv_len = 16,
210 .flags = 0 | EVP_CIPH_OFB_MODE, 210 .flags = EVP_CIPH_OFB_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
211 .init = camellia_init_key, 211 .init = camellia_init_key,
212 .do_cipher = camellia_128_ofb_cipher, 212 .do_cipher = camellia_128_ofb_cipher,
213 .cleanup = NULL, 213 .cleanup = NULL,
214 .ctx_size = sizeof(EVP_CAMELLIA_KEY), 214 .ctx_size = sizeof(EVP_CAMELLIA_KEY),
215 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 215 .set_asn1_parameters = NULL,
216 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 216 .get_asn1_parameters = NULL,
217 .ctrl = NULL, 217 .ctrl = NULL,
218}; 218};
219 219
@@ -229,13 +229,13 @@ static const EVP_CIPHER camellia_128_ecb = {
229 .block_size = 16, 229 .block_size = 16,
230 .key_len = 16, 230 .key_len = 16,
231 .iv_len = 0, 231 .iv_len = 0,
232 .flags = 0 | EVP_CIPH_ECB_MODE, 232 .flags = EVP_CIPH_ECB_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
233 .init = camellia_init_key, 233 .init = camellia_init_key,
234 .do_cipher = camellia_128_ecb_cipher, 234 .do_cipher = camellia_128_ecb_cipher,
235 .cleanup = NULL, 235 .cleanup = NULL,
236 .ctx_size = sizeof(EVP_CAMELLIA_KEY), 236 .ctx_size = sizeof(EVP_CAMELLIA_KEY),
237 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 237 .set_asn1_parameters = NULL,
238 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 238 .get_asn1_parameters = NULL,
239 .ctrl = NULL, 239 .ctrl = NULL,
240}; 240};
241 241
@@ -321,13 +321,13 @@ static const EVP_CIPHER camellia_192_cbc = {
321 .block_size = 16, 321 .block_size = 16,
322 .key_len = 24, 322 .key_len = 24,
323 .iv_len = 16, 323 .iv_len = 16,
324 .flags = 0 | EVP_CIPH_CBC_MODE, 324 .flags = EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
325 .init = camellia_init_key, 325 .init = camellia_init_key,
326 .do_cipher = camellia_192_cbc_cipher, 326 .do_cipher = camellia_192_cbc_cipher,
327 .cleanup = NULL, 327 .cleanup = NULL,
328 .ctx_size = sizeof(EVP_CAMELLIA_KEY), 328 .ctx_size = sizeof(EVP_CAMELLIA_KEY),
329 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 329 .set_asn1_parameters = NULL,
330 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 330 .get_asn1_parameters = NULL,
331 .ctrl = NULL, 331 .ctrl = NULL,
332}; 332};
333 333
@@ -343,13 +343,13 @@ static const EVP_CIPHER camellia_192_cfb128 = {
343 .block_size = 1, 343 .block_size = 1,
344 .key_len = 24, 344 .key_len = 24,
345 .iv_len = 16, 345 .iv_len = 16,
346 .flags = 0 | EVP_CIPH_CFB_MODE, 346 .flags = EVP_CIPH_CFB_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
347 .init = camellia_init_key, 347 .init = camellia_init_key,
348 .do_cipher = camellia_192_cfb128_cipher, 348 .do_cipher = camellia_192_cfb128_cipher,
349 .cleanup = NULL, 349 .cleanup = NULL,
350 .ctx_size = sizeof(EVP_CAMELLIA_KEY), 350 .ctx_size = sizeof(EVP_CAMELLIA_KEY),
351 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 351 .set_asn1_parameters = NULL,
352 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 352 .get_asn1_parameters = NULL,
353 .ctrl = NULL, 353 .ctrl = NULL,
354}; 354};
355 355
@@ -365,13 +365,13 @@ static const EVP_CIPHER camellia_192_ofb = {
365 .block_size = 1, 365 .block_size = 1,
366 .key_len = 24, 366 .key_len = 24,
367 .iv_len = 16, 367 .iv_len = 16,
368 .flags = 0 | EVP_CIPH_OFB_MODE, 368 .flags = EVP_CIPH_OFB_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
369 .init = camellia_init_key, 369 .init = camellia_init_key,
370 .do_cipher = camellia_192_ofb_cipher, 370 .do_cipher = camellia_192_ofb_cipher,
371 .cleanup = NULL, 371 .cleanup = NULL,
372 .ctx_size = sizeof(EVP_CAMELLIA_KEY), 372 .ctx_size = sizeof(EVP_CAMELLIA_KEY),
373 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 373 .set_asn1_parameters = NULL,
374 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 374 .get_asn1_parameters = NULL,
375 .ctrl = NULL, 375 .ctrl = NULL,
376}; 376};
377 377
@@ -387,13 +387,13 @@ static const EVP_CIPHER camellia_192_ecb = {
387 .block_size = 16, 387 .block_size = 16,
388 .key_len = 24, 388 .key_len = 24,
389 .iv_len = 0, 389 .iv_len = 0,
390 .flags = 0 | EVP_CIPH_ECB_MODE, 390 .flags = EVP_CIPH_ECB_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
391 .init = camellia_init_key, 391 .init = camellia_init_key,
392 .do_cipher = camellia_192_ecb_cipher, 392 .do_cipher = camellia_192_ecb_cipher,
393 .cleanup = NULL, 393 .cleanup = NULL,
394 .ctx_size = sizeof(EVP_CAMELLIA_KEY), 394 .ctx_size = sizeof(EVP_CAMELLIA_KEY),
395 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 395 .set_asn1_parameters = NULL,
396 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 396 .get_asn1_parameters = NULL,
397 .ctrl = NULL, 397 .ctrl = NULL,
398}; 398};
399 399
@@ -479,13 +479,13 @@ static const EVP_CIPHER camellia_256_cbc = {
479 .block_size = 16, 479 .block_size = 16,
480 .key_len = 32, 480 .key_len = 32,
481 .iv_len = 16, 481 .iv_len = 16,
482 .flags = 0 | EVP_CIPH_CBC_MODE, 482 .flags = EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
483 .init = camellia_init_key, 483 .init = camellia_init_key,
484 .do_cipher = camellia_256_cbc_cipher, 484 .do_cipher = camellia_256_cbc_cipher,
485 .cleanup = NULL, 485 .cleanup = NULL,
486 .ctx_size = sizeof(EVP_CAMELLIA_KEY), 486 .ctx_size = sizeof(EVP_CAMELLIA_KEY),
487 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 487 .set_asn1_parameters = NULL,
488 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 488 .get_asn1_parameters = NULL,
489 .ctrl = NULL, 489 .ctrl = NULL,
490}; 490};
491 491
@@ -501,13 +501,13 @@ static const EVP_CIPHER camellia_256_cfb128 = {
501 .block_size = 1, 501 .block_size = 1,
502 .key_len = 32, 502 .key_len = 32,
503 .iv_len = 16, 503 .iv_len = 16,
504 .flags = 0 | EVP_CIPH_CFB_MODE, 504 .flags = EVP_CIPH_CFB_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
505 .init = camellia_init_key, 505 .init = camellia_init_key,
506 .do_cipher = camellia_256_cfb128_cipher, 506 .do_cipher = camellia_256_cfb128_cipher,
507 .cleanup = NULL, 507 .cleanup = NULL,
508 .ctx_size = sizeof(EVP_CAMELLIA_KEY), 508 .ctx_size = sizeof(EVP_CAMELLIA_KEY),
509 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 509 .set_asn1_parameters = NULL,
510 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 510 .get_asn1_parameters = NULL,
511 .ctrl = NULL, 511 .ctrl = NULL,
512}; 512};
513 513
@@ -523,13 +523,13 @@ static const EVP_CIPHER camellia_256_ofb = {
523 .block_size = 1, 523 .block_size = 1,
524 .key_len = 32, 524 .key_len = 32,
525 .iv_len = 16, 525 .iv_len = 16,
526 .flags = 0 | EVP_CIPH_OFB_MODE, 526 .flags = EVP_CIPH_OFB_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
527 .init = camellia_init_key, 527 .init = camellia_init_key,
528 .do_cipher = camellia_256_ofb_cipher, 528 .do_cipher = camellia_256_ofb_cipher,
529 .cleanup = NULL, 529 .cleanup = NULL,
530 .ctx_size = sizeof(EVP_CAMELLIA_KEY), 530 .ctx_size = sizeof(EVP_CAMELLIA_KEY),
531 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 531 .set_asn1_parameters = NULL,
532 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 532 .get_asn1_parameters = NULL,
533 .ctrl = NULL, 533 .ctrl = NULL,
534}; 534};
535 535
@@ -545,13 +545,13 @@ static const EVP_CIPHER camellia_256_ecb = {
545 .block_size = 16, 545 .block_size = 16,
546 .key_len = 32, 546 .key_len = 32,
547 .iv_len = 0, 547 .iv_len = 0,
548 .flags = 0 | EVP_CIPH_ECB_MODE, 548 .flags = EVP_CIPH_ECB_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
549 .init = camellia_init_key, 549 .init = camellia_init_key,
550 .do_cipher = camellia_256_ecb_cipher, 550 .do_cipher = camellia_256_ecb_cipher,
551 .cleanup = NULL, 551 .cleanup = NULL,
552 .ctx_size = sizeof(EVP_CAMELLIA_KEY), 552 .ctx_size = sizeof(EVP_CAMELLIA_KEY),
553 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 553 .set_asn1_parameters = NULL,
554 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 554 .get_asn1_parameters = NULL,
555 .ctrl = NULL, 555 .ctrl = NULL,
556}; 556};
557 557
@@ -589,13 +589,13 @@ static const EVP_CIPHER camellia_128_cfb1 = {
589 .block_size = 1, 589 .block_size = 1,
590 .key_len = 128/8, 590 .key_len = 128/8,
591 .iv_len = 16, 591 .iv_len = 16,
592 .flags = 0 | EVP_CIPH_CFB_MODE, 592 .flags = EVP_CIPH_CFB_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
593 .init = camellia_init_key, 593 .init = camellia_init_key,
594 .do_cipher = camellia_128_cfb1_cipher, 594 .do_cipher = camellia_128_cfb1_cipher,
595 .cleanup = NULL, 595 .cleanup = NULL,
596 .ctx_size = sizeof(EVP_CAMELLIA_KEY), 596 .ctx_size = sizeof(EVP_CAMELLIA_KEY),
597 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 597 .set_asn1_parameters = NULL,
598 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 598 .get_asn1_parameters = NULL,
599 .ctrl = NULL, 599 .ctrl = NULL,
600}; 600};
601 601
@@ -633,13 +633,13 @@ static const EVP_CIPHER camellia_192_cfb1 = {
633 .block_size = 1, 633 .block_size = 1,
634 .key_len = 192/8, 634 .key_len = 192/8,
635 .iv_len = 16, 635 .iv_len = 16,
636 .flags = 0 | EVP_CIPH_CFB_MODE, 636 .flags = EVP_CIPH_CFB_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
637 .init = camellia_init_key, 637 .init = camellia_init_key,
638 .do_cipher = camellia_192_cfb1_cipher, 638 .do_cipher = camellia_192_cfb1_cipher,
639 .cleanup = NULL, 639 .cleanup = NULL,
640 .ctx_size = sizeof(EVP_CAMELLIA_KEY), 640 .ctx_size = sizeof(EVP_CAMELLIA_KEY),
641 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 641 .set_asn1_parameters = NULL,
642 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 642 .get_asn1_parameters = NULL,
643 .ctrl = NULL, 643 .ctrl = NULL,
644}; 644};
645 645
@@ -677,13 +677,13 @@ static const EVP_CIPHER camellia_256_cfb1 = {
677 .block_size = 1, 677 .block_size = 1,
678 .key_len = 256/8, 678 .key_len = 256/8,
679 .iv_len = 16, 679 .iv_len = 16,
680 .flags = 0 | EVP_CIPH_CFB_MODE, 680 .flags = EVP_CIPH_CFB_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
681 .init = camellia_init_key, 681 .init = camellia_init_key,
682 .do_cipher = camellia_256_cfb1_cipher, 682 .do_cipher = camellia_256_cfb1_cipher,
683 .cleanup = NULL, 683 .cleanup = NULL,
684 .ctx_size = sizeof(EVP_CAMELLIA_KEY), 684 .ctx_size = sizeof(EVP_CAMELLIA_KEY),
685 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 685 .set_asn1_parameters = NULL,
686 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 686 .get_asn1_parameters = NULL,
687 .ctrl = NULL, 687 .ctrl = NULL,
688}; 688};
689 689
@@ -720,13 +720,13 @@ static const EVP_CIPHER camellia_128_cfb8 = {
720 .block_size = 1, 720 .block_size = 1,
721 .key_len = 128/8, 721 .key_len = 128/8,
722 .iv_len = 16, 722 .iv_len = 16,
723 .flags = 0 | EVP_CIPH_CFB_MODE, 723 .flags = EVP_CIPH_CFB_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
724 .init = camellia_init_key, 724 .init = camellia_init_key,
725 .do_cipher = camellia_128_cfb8_cipher, 725 .do_cipher = camellia_128_cfb8_cipher,
726 .cleanup = NULL, 726 .cleanup = NULL,
727 .ctx_size = sizeof(EVP_CAMELLIA_KEY), 727 .ctx_size = sizeof(EVP_CAMELLIA_KEY),
728 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 728 .set_asn1_parameters = NULL,
729 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 729 .get_asn1_parameters = NULL,
730 .ctrl = NULL, 730 .ctrl = NULL,
731}; 731};
732 732
@@ -762,13 +762,13 @@ static const EVP_CIPHER camellia_192_cfb8 = {
762 .block_size = 1, 762 .block_size = 1,
763 .key_len = 192/8, 763 .key_len = 192/8,
764 .iv_len = 16, 764 .iv_len = 16,
765 .flags = 0 | EVP_CIPH_CFB_MODE, 765 .flags = EVP_CIPH_CFB_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
766 .init = camellia_init_key, 766 .init = camellia_init_key,
767 .do_cipher = camellia_192_cfb8_cipher, 767 .do_cipher = camellia_192_cfb8_cipher,
768 .cleanup = NULL, 768 .cleanup = NULL,
769 .ctx_size = sizeof(EVP_CAMELLIA_KEY), 769 .ctx_size = sizeof(EVP_CAMELLIA_KEY),
770 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 770 .set_asn1_parameters = NULL,
771 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 771 .get_asn1_parameters = NULL,
772 .ctrl = NULL, 772 .ctrl = NULL,
773}; 773};
774 774
@@ -804,13 +804,13 @@ static const EVP_CIPHER camellia_256_cfb8 = {
804 .block_size = 1, 804 .block_size = 1,
805 .key_len = 256/8, 805 .key_len = 256/8,
806 .iv_len = 16, 806 .iv_len = 16,
807 .flags = 0 | EVP_CIPH_CFB_MODE, 807 .flags = EVP_CIPH_CFB_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
808 .init = camellia_init_key, 808 .init = camellia_init_key,
809 .do_cipher = camellia_256_cfb8_cipher, 809 .do_cipher = camellia_256_cfb8_cipher,
810 .cleanup = NULL, 810 .cleanup = NULL,
811 .ctx_size = sizeof(EVP_CAMELLIA_KEY), 811 .ctx_size = sizeof(EVP_CAMELLIA_KEY),
812 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 812 .set_asn1_parameters = NULL,
813 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 813 .get_asn1_parameters = NULL,
814 .ctrl = NULL, 814 .ctrl = NULL,
815}; 815};
816 816
diff --git a/src/lib/libcrypto/evp/e_cast.c b/src/lib/libcrypto/evp/e_cast.c
index 1575a7a5bb..283cb8cf63 100644
--- a/src/lib/libcrypto/evp/e_cast.c
+++ b/src/lib/libcrypto/evp/e_cast.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: e_cast.c,v 1.18 2024/04/09 13:52:41 beck Exp $ */ 1/* $OpenBSD: e_cast.c,v 1.19 2025/05/27 03:58:12 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -162,13 +162,14 @@ static const EVP_CIPHER cast5_cbc = {
162 .block_size = 8, 162 .block_size = 8,
163 .key_len = CAST_KEY_LENGTH, 163 .key_len = CAST_KEY_LENGTH,
164 .iv_len = 8, 164 .iv_len = 8,
165 .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CBC_MODE, 165 .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CBC_MODE |
166 EVP_CIPH_FLAG_DEFAULT_ASN1,
166 .init = cast_init_key, 167 .init = cast_init_key,
167 .do_cipher = cast5_cbc_cipher, 168 .do_cipher = cast5_cbc_cipher,
168 .cleanup = NULL, 169 .cleanup = NULL,
169 .ctx_size = sizeof(EVP_CAST_KEY), 170 .ctx_size = sizeof(EVP_CAST_KEY),
170 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 171 .set_asn1_parameters = NULL,
171 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 172 .get_asn1_parameters = NULL,
172 .ctrl = NULL, 173 .ctrl = NULL,
173}; 174};
174 175
@@ -184,13 +185,14 @@ static const EVP_CIPHER cast5_cfb64 = {
184 .block_size = 1, 185 .block_size = 1,
185 .key_len = CAST_KEY_LENGTH, 186 .key_len = CAST_KEY_LENGTH,
186 .iv_len = 8, 187 .iv_len = 8,
187 .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CFB_MODE, 188 .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CFB_MODE |
189 EVP_CIPH_FLAG_DEFAULT_ASN1,
188 .init = cast_init_key, 190 .init = cast_init_key,
189 .do_cipher = cast5_cfb64_cipher, 191 .do_cipher = cast5_cfb64_cipher,
190 .cleanup = NULL, 192 .cleanup = NULL,
191 .ctx_size = sizeof(EVP_CAST_KEY), 193 .ctx_size = sizeof(EVP_CAST_KEY),
192 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 194 .set_asn1_parameters = NULL,
193 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 195 .get_asn1_parameters = NULL,
194 .ctrl = NULL, 196 .ctrl = NULL,
195}; 197};
196 198
@@ -206,13 +208,14 @@ static const EVP_CIPHER cast5_ofb = {
206 .block_size = 1, 208 .block_size = 1,
207 .key_len = CAST_KEY_LENGTH, 209 .key_len = CAST_KEY_LENGTH,
208 .iv_len = 8, 210 .iv_len = 8,
209 .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_OFB_MODE, 211 .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_OFB_MODE |
212 EVP_CIPH_FLAG_DEFAULT_ASN1,
210 .init = cast_init_key, 213 .init = cast_init_key,
211 .do_cipher = cast5_ofb_cipher, 214 .do_cipher = cast5_ofb_cipher,
212 .cleanup = NULL, 215 .cleanup = NULL,
213 .ctx_size = sizeof(EVP_CAST_KEY), 216 .ctx_size = sizeof(EVP_CAST_KEY),
214 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 217 .set_asn1_parameters = NULL,
215 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 218 .get_asn1_parameters = NULL,
216 .ctrl = NULL, 219 .ctrl = NULL,
217}; 220};
218 221
@@ -228,13 +231,14 @@ static const EVP_CIPHER cast5_ecb = {
228 .block_size = 8, 231 .block_size = 8,
229 .key_len = CAST_KEY_LENGTH, 232 .key_len = CAST_KEY_LENGTH,
230 .iv_len = 0, 233 .iv_len = 0,
231 .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_ECB_MODE, 234 .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_ECB_MODE |
235 EVP_CIPH_FLAG_DEFAULT_ASN1,
232 .init = cast_init_key, 236 .init = cast_init_key,
233 .do_cipher = cast5_ecb_cipher, 237 .do_cipher = cast5_ecb_cipher,
234 .cleanup = NULL, 238 .cleanup = NULL,
235 .ctx_size = sizeof(EVP_CAST_KEY), 239 .ctx_size = sizeof(EVP_CAST_KEY),
236 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 240 .set_asn1_parameters = NULL,
237 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 241 .get_asn1_parameters = NULL,
238 .ctrl = NULL, 242 .ctrl = NULL,
239}; 243};
240 244
diff --git a/src/lib/libcrypto/evp/e_des.c b/src/lib/libcrypto/evp/e_des.c
index fb335e95b1..680f77a723 100644
--- a/src/lib/libcrypto/evp/e_des.c
+++ b/src/lib/libcrypto/evp/e_des.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: e_des.c,v 1.24 2024/04/09 13:52:41 beck Exp $ */ 1/* $OpenBSD: e_des.c,v 1.25 2025/05/27 03:58:12 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -226,13 +226,14 @@ static const EVP_CIPHER des_cbc = {
226 .block_size = 8, 226 .block_size = 8,
227 .key_len = 8, 227 .key_len = 8,
228 .iv_len = 8, 228 .iv_len = 8,
229 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CBC_MODE, 229 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CBC_MODE |
230 EVP_CIPH_FLAG_DEFAULT_ASN1,
230 .init = des_init_key, 231 .init = des_init_key,
231 .do_cipher = des_cbc_cipher, 232 .do_cipher = des_cbc_cipher,
232 .cleanup = NULL, 233 .cleanup = NULL,
233 .ctx_size = sizeof(DES_key_schedule), 234 .ctx_size = sizeof(DES_key_schedule),
234 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 235 .set_asn1_parameters = NULL,
235 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 236 .get_asn1_parameters = NULL,
236 .ctrl = des_ctrl, 237 .ctrl = des_ctrl,
237}; 238};
238 239
@@ -248,13 +249,14 @@ static const EVP_CIPHER des_cfb64 = {
248 .block_size = 1, 249 .block_size = 1,
249 .key_len = 8, 250 .key_len = 8,
250 .iv_len = 8, 251 .iv_len = 8,
251 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE, 252 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE |
253 EVP_CIPH_FLAG_DEFAULT_ASN1,
252 .init = des_init_key, 254 .init = des_init_key,
253 .do_cipher = des_cfb64_cipher, 255 .do_cipher = des_cfb64_cipher,
254 .cleanup = NULL, 256 .cleanup = NULL,
255 .ctx_size = sizeof(DES_key_schedule), 257 .ctx_size = sizeof(DES_key_schedule),
256 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 258 .set_asn1_parameters = NULL,
257 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 259 .get_asn1_parameters = NULL,
258 .ctrl = des_ctrl, 260 .ctrl = des_ctrl,
259}; 261};
260 262
@@ -270,13 +272,14 @@ static const EVP_CIPHER des_ofb = {
270 .block_size = 1, 272 .block_size = 1,
271 .key_len = 8, 273 .key_len = 8,
272 .iv_len = 8, 274 .iv_len = 8,
273 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_OFB_MODE, 275 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_OFB_MODE |
276 EVP_CIPH_FLAG_DEFAULT_ASN1,
274 .init = des_init_key, 277 .init = des_init_key,
275 .do_cipher = des_ofb_cipher, 278 .do_cipher = des_ofb_cipher,
276 .cleanup = NULL, 279 .cleanup = NULL,
277 .ctx_size = sizeof(DES_key_schedule), 280 .ctx_size = sizeof(DES_key_schedule),
278 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 281 .set_asn1_parameters = NULL,
279 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 282 .get_asn1_parameters = NULL,
280 .ctrl = des_ctrl, 283 .ctrl = des_ctrl,
281}; 284};
282 285
@@ -292,13 +295,14 @@ static const EVP_CIPHER des_ecb = {
292 .block_size = 8, 295 .block_size = 8,
293 .key_len = 8, 296 .key_len = 8,
294 .iv_len = 0, 297 .iv_len = 0,
295 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_ECB_MODE, 298 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_ECB_MODE |
299 EVP_CIPH_FLAG_DEFAULT_ASN1,
296 .init = des_init_key, 300 .init = des_init_key,
297 .do_cipher = des_ecb_cipher, 301 .do_cipher = des_ecb_cipher,
298 .cleanup = NULL, 302 .cleanup = NULL,
299 .ctx_size = sizeof(DES_key_schedule), 303 .ctx_size = sizeof(DES_key_schedule),
300 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 304 .set_asn1_parameters = NULL,
301 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 305 .get_asn1_parameters = NULL,
302 .ctrl = des_ctrl, 306 .ctrl = des_ctrl,
303}; 307};
304 308
@@ -314,13 +318,14 @@ static const EVP_CIPHER des_cfb1 = {
314 .block_size = 1, 318 .block_size = 1,
315 .key_len = 8, 319 .key_len = 8,
316 .iv_len = 8, 320 .iv_len = 8,
317 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE, 321 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE |
322 EVP_CIPH_FLAG_DEFAULT_ASN1,
318 .init = des_init_key, 323 .init = des_init_key,
319 .do_cipher = des_cfb1_cipher, 324 .do_cipher = des_cfb1_cipher,
320 .cleanup = NULL, 325 .cleanup = NULL,
321 .ctx_size = sizeof(DES_key_schedule), 326 .ctx_size = sizeof(DES_key_schedule),
322 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 327 .set_asn1_parameters = NULL,
323 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 328 .get_asn1_parameters = NULL,
324 .ctrl = des_ctrl, 329 .ctrl = des_ctrl,
325}; 330};
326 331
@@ -336,13 +341,14 @@ static const EVP_CIPHER des_cfb8 = {
336 .block_size = 1, 341 .block_size = 1,
337 .key_len = 8, 342 .key_len = 8,
338 .iv_len = 8, 343 .iv_len = 8,
339 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE, 344 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE |
345 EVP_CIPH_FLAG_DEFAULT_ASN1,
340 .init = des_init_key, 346 .init = des_init_key,
341 .do_cipher = des_cfb8_cipher, 347 .do_cipher = des_cfb8_cipher,
342 .cleanup = NULL, 348 .cleanup = NULL,
343 .ctx_size = sizeof(DES_key_schedule), 349 .ctx_size = sizeof(DES_key_schedule),
344 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 350 .set_asn1_parameters = NULL,
345 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 351 .get_asn1_parameters = NULL,
346 .ctrl = des_ctrl, 352 .ctrl = des_ctrl,
347}; 353};
348 354
diff --git a/src/lib/libcrypto/evp/e_des3.c b/src/lib/libcrypto/evp/e_des3.c
index 48fbcdb366..f3eb4cce1b 100644
--- a/src/lib/libcrypto/evp/e_des3.c
+++ b/src/lib/libcrypto/evp/e_des3.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: e_des3.c,v 1.30 2024/04/09 13:52:41 beck Exp $ */ 1/* $OpenBSD: e_des3.c,v 1.31 2025/05/27 03:58:12 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -258,13 +258,14 @@ static const EVP_CIPHER des_ede_cbc = {
258 .block_size = 8, 258 .block_size = 8,
259 .key_len = 16, 259 .key_len = 16,
260 .iv_len = 8, 260 .iv_len = 8,
261 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CBC_MODE, 261 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CBC_MODE |
262 EVP_CIPH_FLAG_DEFAULT_ASN1,
262 .init = des_ede_init_key, 263 .init = des_ede_init_key,
263 .do_cipher = des_ede_cbc_cipher, 264 .do_cipher = des_ede_cbc_cipher,
264 .cleanup = NULL, 265 .cleanup = NULL,
265 .ctx_size = sizeof(DES_EDE_KEY), 266 .ctx_size = sizeof(DES_EDE_KEY),
266 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 267 .set_asn1_parameters = NULL,
267 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 268 .get_asn1_parameters = NULL,
268 .ctrl = des3_ctrl, 269 .ctrl = des3_ctrl,
269}; 270};
270 271
@@ -280,13 +281,14 @@ static const EVP_CIPHER des_ede_cfb64 = {
280 .block_size = 1, 281 .block_size = 1,
281 .key_len = 16, 282 .key_len = 16,
282 .iv_len = 8, 283 .iv_len = 8,
283 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE, 284 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE |
285 EVP_CIPH_FLAG_DEFAULT_ASN1,
284 .init = des_ede_init_key, 286 .init = des_ede_init_key,
285 .do_cipher = des_ede_cfb64_cipher, 287 .do_cipher = des_ede_cfb64_cipher,
286 .cleanup = NULL, 288 .cleanup = NULL,
287 .ctx_size = sizeof(DES_EDE_KEY), 289 .ctx_size = sizeof(DES_EDE_KEY),
288 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 290 .set_asn1_parameters = NULL,
289 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 291 .get_asn1_parameters = NULL,
290 .ctrl = des3_ctrl, 292 .ctrl = des3_ctrl,
291}; 293};
292 294
@@ -307,8 +309,8 @@ static const EVP_CIPHER des_ede_ofb = {
307 .do_cipher = des_ede_ofb_cipher, 309 .do_cipher = des_ede_ofb_cipher,
308 .cleanup = NULL, 310 .cleanup = NULL,
309 .ctx_size = sizeof(DES_EDE_KEY), 311 .ctx_size = sizeof(DES_EDE_KEY),
310 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 312 .set_asn1_parameters = NULL,
311 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 313 .get_asn1_parameters = NULL,
312 .ctrl = des3_ctrl, 314 .ctrl = des3_ctrl,
313}; 315};
314 316
@@ -324,13 +326,14 @@ static const EVP_CIPHER des_ede_ecb = {
324 .block_size = 8, 326 .block_size = 8,
325 .key_len = 16, 327 .key_len = 16,
326 .iv_len = 0, 328 .iv_len = 0,
327 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_ECB_MODE, 329 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_ECB_MODE |
330 EVP_CIPH_FLAG_DEFAULT_ASN1,
328 .init = des_ede_init_key, 331 .init = des_ede_init_key,
329 .do_cipher = des_ede_ecb_cipher, 332 .do_cipher = des_ede_ecb_cipher,
330 .cleanup = NULL, 333 .cleanup = NULL,
331 .ctx_size = sizeof(DES_EDE_KEY), 334 .ctx_size = sizeof(DES_EDE_KEY),
332 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 335 .set_asn1_parameters = NULL,
333 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 336 .get_asn1_parameters = NULL,
334 .ctrl = des3_ctrl, 337 .ctrl = des3_ctrl,
335}; 338};
336 339
@@ -352,13 +355,14 @@ static const EVP_CIPHER des_ede3_cbc = {
352 .block_size = 8, 355 .block_size = 8,
353 .key_len = 24, 356 .key_len = 24,
354 .iv_len = 8, 357 .iv_len = 8,
355 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CBC_MODE, 358 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CBC_MODE |
359 EVP_CIPH_FLAG_DEFAULT_ASN1,
356 .init = des_ede3_init_key, 360 .init = des_ede3_init_key,
357 .do_cipher = des_ede3_cbc_cipher, 361 .do_cipher = des_ede3_cbc_cipher,
358 .cleanup = NULL, 362 .cleanup = NULL,
359 .ctx_size = sizeof(DES_EDE_KEY), 363 .ctx_size = sizeof(DES_EDE_KEY),
360 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 364 .set_asn1_parameters = NULL,
361 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 365 .get_asn1_parameters = NULL,
362 .ctrl = des3_ctrl, 366 .ctrl = des3_ctrl,
363}; 367};
364 368
@@ -374,13 +378,14 @@ static const EVP_CIPHER des_ede3_cfb64 = {
374 .block_size = 1, 378 .block_size = 1,
375 .key_len = 24, 379 .key_len = 24,
376 .iv_len = 8, 380 .iv_len = 8,
377 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE, 381 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE |
382 EVP_CIPH_FLAG_DEFAULT_ASN1,
378 .init = des_ede3_init_key, 383 .init = des_ede3_init_key,
379 .do_cipher = des_ede3_cfb64_cipher, 384 .do_cipher = des_ede3_cfb64_cipher,
380 .cleanup = NULL, 385 .cleanup = NULL,
381 .ctx_size = sizeof(DES_EDE_KEY), 386 .ctx_size = sizeof(DES_EDE_KEY),
382 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 387 .set_asn1_parameters = NULL,
383 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 388 .get_asn1_parameters = NULL,
384 .ctrl = des3_ctrl, 389 .ctrl = des3_ctrl,
385}; 390};
386 391
@@ -396,13 +401,14 @@ static const EVP_CIPHER des_ede3_ofb = {
396 .block_size = 1, 401 .block_size = 1,
397 .key_len = 24, 402 .key_len = 24,
398 .iv_len = 8, 403 .iv_len = 8,
399 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_OFB_MODE, 404 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_OFB_MODE |
405 EVP_CIPH_FLAG_DEFAULT_ASN1,
400 .init = des_ede3_init_key, 406 .init = des_ede3_init_key,
401 .do_cipher = des_ede3_ofb_cipher, 407 .do_cipher = des_ede3_ofb_cipher,
402 .cleanup = NULL, 408 .cleanup = NULL,
403 .ctx_size = sizeof(DES_EDE_KEY), 409 .ctx_size = sizeof(DES_EDE_KEY),
404 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 410 .set_asn1_parameters = NULL,
405 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 411 .get_asn1_parameters = NULL,
406 .ctrl = des3_ctrl, 412 .ctrl = des3_ctrl,
407}; 413};
408 414
@@ -418,13 +424,14 @@ static const EVP_CIPHER des_ede3_ecb = {
418 .block_size = 8, 424 .block_size = 8,
419 .key_len = 24, 425 .key_len = 24,
420 .iv_len = 0, 426 .iv_len = 0,
421 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_ECB_MODE, 427 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_ECB_MODE |
428 EVP_CIPH_FLAG_DEFAULT_ASN1,
422 .init = des_ede3_init_key, 429 .init = des_ede3_init_key,
423 .do_cipher = des_ede3_ecb_cipher, 430 .do_cipher = des_ede3_ecb_cipher,
424 .cleanup = NULL, 431 .cleanup = NULL,
425 .ctx_size = sizeof(DES_EDE_KEY), 432 .ctx_size = sizeof(DES_EDE_KEY),
426 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 433 .set_asn1_parameters = NULL,
427 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 434 .get_asn1_parameters = NULL,
428 .ctrl = des3_ctrl, 435 .ctrl = des3_ctrl,
429}; 436};
430 437
@@ -441,13 +448,14 @@ static const EVP_CIPHER des_ede3_cfb1 = {
441 .block_size = 1, 448 .block_size = 1,
442 .key_len = 24, 449 .key_len = 24,
443 .iv_len = 8, 450 .iv_len = 8,
444 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE, 451 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE |
452 EVP_CIPH_FLAG_DEFAULT_ASN1,
445 .init = des_ede3_init_key, 453 .init = des_ede3_init_key,
446 .do_cipher = des_ede3_cfb1_cipher, 454 .do_cipher = des_ede3_cfb1_cipher,
447 .cleanup = NULL, 455 .cleanup = NULL,
448 .ctx_size = sizeof(DES_EDE_KEY), 456 .ctx_size = sizeof(DES_EDE_KEY),
449 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 457 .set_asn1_parameters = NULL,
450 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 458 .get_asn1_parameters = NULL,
451 .ctrl = des3_ctrl, 459 .ctrl = des3_ctrl,
452}; 460};
453 461
@@ -464,13 +472,14 @@ static const EVP_CIPHER des_ede3_cfb8 = {
464 .block_size = 1, 472 .block_size = 1,
465 .key_len = 24, 473 .key_len = 24,
466 .iv_len = 8, 474 .iv_len = 8,
467 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE, 475 .flags = EVP_CIPH_RAND_KEY | EVP_CIPH_CFB_MODE |
476 EVP_CIPH_FLAG_DEFAULT_ASN1,
468 .init = des_ede3_init_key, 477 .init = des_ede3_init_key,
469 .do_cipher = des_ede3_cfb8_cipher, 478 .do_cipher = des_ede3_cfb8_cipher,
470 .cleanup = NULL, 479 .cleanup = NULL,
471 .ctx_size = sizeof(DES_EDE_KEY), 480 .ctx_size = sizeof(DES_EDE_KEY),
472 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 481 .set_asn1_parameters = NULL,
473 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 482 .get_asn1_parameters = NULL,
474 .ctrl = des3_ctrl, 483 .ctrl = des3_ctrl,
475}; 484};
476 485
diff --git a/src/lib/libcrypto/evp/e_idea.c b/src/lib/libcrypto/evp/e_idea.c
index 86cf77602a..5d33a110fd 100644
--- a/src/lib/libcrypto/evp/e_idea.c
+++ b/src/lib/libcrypto/evp/e_idea.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: e_idea.c,v 1.22 2024/04/09 13:52:41 beck Exp $ */ 1/* $OpenBSD: e_idea.c,v 1.23 2025/05/27 03:58:12 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -181,13 +181,13 @@ static const EVP_CIPHER idea_cbc = {
181 .block_size = 8, 181 .block_size = 8,
182 .key_len = 16, 182 .key_len = 16,
183 .iv_len = 8, 183 .iv_len = 8,
184 .flags = 0 | EVP_CIPH_CBC_MODE, 184 .flags = EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
185 .init = idea_init_key, 185 .init = idea_init_key,
186 .do_cipher = idea_cbc_cipher, 186 .do_cipher = idea_cbc_cipher,
187 .cleanup = NULL, 187 .cleanup = NULL,
188 .ctx_size = sizeof(IDEA_KEY_SCHEDULE), 188 .ctx_size = sizeof(IDEA_KEY_SCHEDULE),
189 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 189 .set_asn1_parameters = NULL,
190 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 190 .get_asn1_parameters = NULL,
191 .ctrl = NULL, 191 .ctrl = NULL,
192}; 192};
193 193
@@ -203,13 +203,13 @@ static const EVP_CIPHER idea_cfb64 = {
203 .block_size = 1, 203 .block_size = 1,
204 .key_len = 16, 204 .key_len = 16,
205 .iv_len = 8, 205 .iv_len = 8,
206 .flags = 0 | EVP_CIPH_CFB_MODE, 206 .flags = EVP_CIPH_CFB_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
207 .init = idea_init_key, 207 .init = idea_init_key,
208 .do_cipher = idea_cfb64_cipher, 208 .do_cipher = idea_cfb64_cipher,
209 .cleanup = NULL, 209 .cleanup = NULL,
210 .ctx_size = sizeof(IDEA_KEY_SCHEDULE), 210 .ctx_size = sizeof(IDEA_KEY_SCHEDULE),
211 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 211 .set_asn1_parameters = NULL,
212 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 212 .get_asn1_parameters = NULL,
213 .ctrl = NULL, 213 .ctrl = NULL,
214}; 214};
215 215
@@ -225,13 +225,13 @@ static const EVP_CIPHER idea_ofb = {
225 .block_size = 1, 225 .block_size = 1,
226 .key_len = 16, 226 .key_len = 16,
227 .iv_len = 8, 227 .iv_len = 8,
228 .flags = 0 | EVP_CIPH_OFB_MODE, 228 .flags = EVP_CIPH_OFB_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
229 .init = idea_init_key, 229 .init = idea_init_key,
230 .do_cipher = idea_ofb_cipher, 230 .do_cipher = idea_ofb_cipher,
231 .cleanup = NULL, 231 .cleanup = NULL,
232 .ctx_size = sizeof(IDEA_KEY_SCHEDULE), 232 .ctx_size = sizeof(IDEA_KEY_SCHEDULE),
233 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 233 .set_asn1_parameters = NULL,
234 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 234 .get_asn1_parameters = NULL,
235 .ctrl = NULL, 235 .ctrl = NULL,
236}; 236};
237 237
@@ -247,13 +247,13 @@ static const EVP_CIPHER idea_ecb = {
247 .block_size = 8, 247 .block_size = 8,
248 .key_len = 16, 248 .key_len = 16,
249 .iv_len = 0, 249 .iv_len = 0,
250 .flags = 0 | EVP_CIPH_ECB_MODE, 250 .flags = EVP_CIPH_ECB_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
251 .init = idea_init_key, 251 .init = idea_init_key,
252 .do_cipher = idea_ecb_cipher, 252 .do_cipher = idea_ecb_cipher,
253 .cleanup = NULL, 253 .cleanup = NULL,
254 .ctx_size = sizeof(IDEA_KEY_SCHEDULE), 254 .ctx_size = sizeof(IDEA_KEY_SCHEDULE),
255 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 255 .set_asn1_parameters = NULL,
256 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 256 .get_asn1_parameters = NULL,
257 .ctrl = NULL, 257 .ctrl = NULL,
258}; 258};
259 259
diff --git a/src/lib/libcrypto/evp/e_xcbc_d.c b/src/lib/libcrypto/evp/e_xcbc_d.c
index 1e3bee0791..1c5e6c32b2 100644
--- a/src/lib/libcrypto/evp/e_xcbc_d.c
+++ b/src/lib/libcrypto/evp/e_xcbc_d.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: e_xcbc_d.c,v 1.18 2024/04/09 13:52:41 beck Exp $ */ 1/* $OpenBSD: e_xcbc_d.c,v 1.19 2025/05/27 03:58:12 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -88,13 +88,13 @@ static const EVP_CIPHER d_xcbc_cipher = {
88 .block_size = 8, 88 .block_size = 8,
89 .key_len = 24, 89 .key_len = 24,
90 .iv_len = 8, 90 .iv_len = 8,
91 .flags = EVP_CIPH_CBC_MODE, 91 .flags = EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1,
92 .init = desx_cbc_init_key, 92 .init = desx_cbc_init_key,
93 .do_cipher = desx_cbc_cipher, 93 .do_cipher = desx_cbc_cipher,
94 .cleanup = NULL, 94 .cleanup = NULL,
95 .ctx_size = sizeof(DESX_CBC_KEY), 95 .ctx_size = sizeof(DESX_CBC_KEY),
96 .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, 96 .set_asn1_parameters = NULL,
97 .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, 97 .get_asn1_parameters = NULL,
98 .ctrl = NULL, 98 .ctrl = NULL,
99}; 99};
100 100
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
index c2b81d0576..94295e1262 100644
--- a/src/lib/libcrypto/evp/evp.h
+++ b/src/lib/libcrypto/evp/evp.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: evp.h,v 1.137 2024/08/31 10:38:49 tb Exp $ */ 1/* $OpenBSD: evp.h,v 1.138 2025/07/02 06:36:52 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -778,28 +778,24 @@ void *EVP_PKEY_get0(const EVP_PKEY *pkey);
778const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len); 778const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len);
779 779
780#ifndef OPENSSL_NO_RSA 780#ifndef OPENSSL_NO_RSA
781struct rsa_st; 781RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey);
782struct rsa_st *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); 782RSA *EVP_PKEY_get1_RSA(const EVP_PKEY *pkey);
783struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); 783int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key);
784int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key);
785#endif 784#endif
786#ifndef OPENSSL_NO_DSA 785#ifndef OPENSSL_NO_DSA
787struct dsa_st; 786DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey);
788struct dsa_st *EVP_PKEY_get0_DSA(EVP_PKEY *pkey); 787DSA *EVP_PKEY_get1_DSA(const EVP_PKEY *pkey);
789struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); 788int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key);
790int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, struct dsa_st *key);
791#endif 789#endif
792#ifndef OPENSSL_NO_DH 790#ifndef OPENSSL_NO_DH
793struct dh_st; 791DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey);
794struct dh_st *EVP_PKEY_get0_DH(EVP_PKEY *pkey); 792DH *EVP_PKEY_get1_DH(const EVP_PKEY *pkey);
795struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey); 793int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key);
796int EVP_PKEY_set1_DH(EVP_PKEY *pkey, struct dh_st *key);
797#endif 794#endif
798#ifndef OPENSSL_NO_EC 795#ifndef OPENSSL_NO_EC
799struct ec_key_st; 796EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey);
800struct ec_key_st *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey); 797EC_KEY *EVP_PKEY_get1_EC_KEY(const EVP_PKEY *pkey);
801struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); 798int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
802int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key);
803#endif 799#endif
804 800
805EVP_PKEY *EVP_PKEY_new(void); 801EVP_PKEY *EVP_PKEY_new(void);
diff --git a/src/lib/libcrypto/evp/evp_cipher.c b/src/lib/libcrypto/evp/evp_cipher.c
index 16606991ae..04e0e1c0b0 100644
--- a/src/lib/libcrypto/evp/evp_cipher.c
+++ b/src/lib/libcrypto/evp/evp_cipher.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: evp_cipher.c,v 1.24 2025/05/10 05:54:38 tb Exp $ */ 1/* $OpenBSD: evp_cipher.c,v 1.28 2025/07/02 06:19:46 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -167,7 +167,7 @@ EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *engine,
167 } 167 }
168 168
169 if ((ctx->cipher->flags & EVP_CIPH_CTRL_INIT) != 0) { 169 if ((ctx->cipher->flags & EVP_CIPH_CTRL_INIT) != 0) {
170 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) { 170 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL) <= 0) {
171 EVPerror(EVP_R_INITIALIZATION_ERROR); 171 EVPerror(EVP_R_INITIALIZATION_ERROR);
172 return 0; 172 return 0;
173 } 173 }
@@ -944,14 +944,20 @@ EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx)
944LCRYPTO_ALIAS(EVP_CIPHER_CTX_flags); 944LCRYPTO_ALIAS(EVP_CIPHER_CTX_flags);
945 945
946/* 946/*
947 * Used by CMS and its predecessors. Only GOST and RC2 have a custom method. 947 * Used by CMS and its predecessors. Only RC2 has a custom method.
948 */ 948 */
949 949
950int 950int
951EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type) 951EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type)
952{ 952{
953 int iv_len; 953 int iv_len;
954 954
955 if (ctx->cipher->get_asn1_parameters != NULL)
956 return ctx->cipher->get_asn1_parameters(ctx, type);
957
958 if ((ctx->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) == 0)
959 return -1;
960
955 if (type == NULL) 961 if (type == NULL)
956 return 0; 962 return 0;
957 963
@@ -970,21 +976,15 @@ EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type)
970} 976}
971 977
972int 978int
973EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type) 979EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type)
974{ 980{
975 if (ctx->cipher->get_asn1_parameters != NULL) 981 int iv_len;
976 return ctx->cipher->get_asn1_parameters(ctx, type);
977
978 if ((ctx->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) != 0)
979 return EVP_CIPHER_get_asn1_iv(ctx, type);
980 982
981 return -1; 983 if (ctx->cipher->set_asn1_parameters != NULL)
982} 984 return ctx->cipher->set_asn1_parameters(ctx, type);
983 985
984int 986 if ((ctx->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) == 0)
985EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type) 987 return -1;
986{
987 int iv_len;
988 988
989 if (type == NULL) 989 if (type == NULL)
990 return 0; 990 return 0;
@@ -998,18 +998,6 @@ EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type)
998 return ASN1_TYPE_set_octetstring(type, ctx->oiv, iv_len); 998 return ASN1_TYPE_set_octetstring(type, ctx->oiv, iv_len);
999} 999}
1000 1000
1001int
1002EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type)
1003{
1004 if (ctx->cipher->set_asn1_parameters != NULL)
1005 return ctx->cipher->set_asn1_parameters(ctx, type);
1006
1007 if ((ctx->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) != 0)
1008 return EVP_CIPHER_set_asn1_iv(ctx, type);
1009
1010 return -1;
1011}
1012
1013/* Convert the various cipher NIDs and dummies to a proper OID NID */ 1001/* Convert the various cipher NIDs and dummies to a proper OID NID */
1014int 1002int
1015EVP_CIPHER_type(const EVP_CIPHER *cipher) 1003EVP_CIPHER_type(const EVP_CIPHER *cipher)
diff --git a/src/lib/libcrypto/evp/evp_local.h b/src/lib/libcrypto/evp/evp_local.h
index 54cd65d0af..76465643c6 100644
--- a/src/lib/libcrypto/evp/evp_local.h
+++ b/src/lib/libcrypto/evp/evp_local.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: evp_local.h,v 1.25 2024/08/29 16:58:19 tb Exp $ */ 1/* $OpenBSD: evp_local.h,v 1.26 2025/05/27 03:58:12 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000. 3 * project 2000.
4 */ 4 */
@@ -353,9 +353,7 @@ struct evp_aead_ctx_st {
353}; 353};
354 354
355/* Legacy EVP_CIPHER methods used by CMS and its predecessors. */ 355/* Legacy EVP_CIPHER methods used by CMS and its predecessors. */
356int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *cipher, ASN1_TYPE *type);
357int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *cipher, ASN1_TYPE *type); 356int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *cipher, ASN1_TYPE *type);
358int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *cipher, ASN1_TYPE *type);
359int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *cipher, ASN1_TYPE *type); 357int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *cipher, ASN1_TYPE *type);
360 358
361int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, 359int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
diff --git a/src/lib/libcrypto/evp/p_lib.c b/src/lib/libcrypto/evp/p_lib.c
index 9623bb59a1..3f88185737 100644
--- a/src/lib/libcrypto/evp/p_lib.c
+++ b/src/lib/libcrypto/evp/p_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: p_lib.c,v 1.62 2025/05/10 05:54:38 tb Exp $ */ 1/* $OpenBSD: p_lib.c,v 1.63 2025/07/02 06:36:52 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -628,7 +628,7 @@ LCRYPTO_ALIAS(EVP_PKEY_get0_hmac);
628 628
629#ifndef OPENSSL_NO_RSA 629#ifndef OPENSSL_NO_RSA
630RSA * 630RSA *
631EVP_PKEY_get0_RSA(EVP_PKEY *pkey) 631EVP_PKEY_get0_RSA(const EVP_PKEY *pkey)
632{ 632{
633 if (pkey->type == EVP_PKEY_RSA || pkey->type == EVP_PKEY_RSA_PSS) 633 if (pkey->type == EVP_PKEY_RSA || pkey->type == EVP_PKEY_RSA_PSS)
634 return pkey->pkey.rsa; 634 return pkey->pkey.rsa;
@@ -639,7 +639,7 @@ EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
639LCRYPTO_ALIAS(EVP_PKEY_get0_RSA); 639LCRYPTO_ALIAS(EVP_PKEY_get0_RSA);
640 640
641RSA * 641RSA *
642EVP_PKEY_get1_RSA(EVP_PKEY *pkey) 642EVP_PKEY_get1_RSA(const EVP_PKEY *pkey)
643{ 643{
644 RSA *rsa; 644 RSA *rsa;
645 645
@@ -665,7 +665,7 @@ LCRYPTO_ALIAS(EVP_PKEY_set1_RSA);
665 665
666#ifndef OPENSSL_NO_DSA 666#ifndef OPENSSL_NO_DSA
667DSA * 667DSA *
668EVP_PKEY_get0_DSA(EVP_PKEY *pkey) 668EVP_PKEY_get0_DSA(const EVP_PKEY *pkey)
669{ 669{
670 if (pkey->type != EVP_PKEY_DSA) { 670 if (pkey->type != EVP_PKEY_DSA) {
671 EVPerror(EVP_R_EXPECTING_A_DSA_KEY); 671 EVPerror(EVP_R_EXPECTING_A_DSA_KEY);
@@ -676,7 +676,7 @@ EVP_PKEY_get0_DSA(EVP_PKEY *pkey)
676LCRYPTO_ALIAS(EVP_PKEY_get0_DSA); 676LCRYPTO_ALIAS(EVP_PKEY_get0_DSA);
677 677
678DSA * 678DSA *
679EVP_PKEY_get1_DSA(EVP_PKEY *pkey) 679EVP_PKEY_get1_DSA(const EVP_PKEY *pkey)
680{ 680{
681 DSA *dsa; 681 DSA *dsa;
682 682
@@ -702,7 +702,7 @@ LCRYPTO_ALIAS(EVP_PKEY_set1_DSA);
702 702
703#ifndef OPENSSL_NO_EC 703#ifndef OPENSSL_NO_EC
704EC_KEY * 704EC_KEY *
705EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey) 705EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey)
706{ 706{
707 if (pkey->type != EVP_PKEY_EC) { 707 if (pkey->type != EVP_PKEY_EC) {
708 EVPerror(EVP_R_EXPECTING_A_EC_KEY); 708 EVPerror(EVP_R_EXPECTING_A_EC_KEY);
@@ -713,7 +713,7 @@ EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
713LCRYPTO_ALIAS(EVP_PKEY_get0_EC_KEY); 713LCRYPTO_ALIAS(EVP_PKEY_get0_EC_KEY);
714 714
715EC_KEY * 715EC_KEY *
716EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey) 716EVP_PKEY_get1_EC_KEY(const EVP_PKEY *pkey)
717{ 717{
718 EC_KEY *key; 718 EC_KEY *key;
719 719
@@ -740,7 +740,7 @@ LCRYPTO_ALIAS(EVP_PKEY_set1_EC_KEY);
740 740
741#ifndef OPENSSL_NO_DH 741#ifndef OPENSSL_NO_DH
742DH * 742DH *
743EVP_PKEY_get0_DH(EVP_PKEY *pkey) 743EVP_PKEY_get0_DH(const EVP_PKEY *pkey)
744{ 744{
745 if (pkey->type != EVP_PKEY_DH) { 745 if (pkey->type != EVP_PKEY_DH) {
746 EVPerror(EVP_R_EXPECTING_A_DH_KEY); 746 EVPerror(EVP_R_EXPECTING_A_DH_KEY);
@@ -751,7 +751,7 @@ EVP_PKEY_get0_DH(EVP_PKEY *pkey)
751LCRYPTO_ALIAS(EVP_PKEY_get0_DH); 751LCRYPTO_ALIAS(EVP_PKEY_get0_DH);
752 752
753DH * 753DH *
754EVP_PKEY_get1_DH(EVP_PKEY *pkey) 754EVP_PKEY_get1_DH(const EVP_PKEY *pkey)
755{ 755{
756 DH *dh; 756 DH *dh;
757 757
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2026-01-19 01:41:02 +0000