1 files changed, 48 insertions, 52 deletions
diff --git a/src/lib/libcrypto/modes/ccm128.c b/src/lib/libcrypto/modes/ccm128.c
index 68c5cce5da..e27681ee62 100644
--- a/src/lib/libcrypto/modes/ccm128.c
+++ b/src/lib/libcrypto/modes/ccm128.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ccm128.c,v 1.8 2023/07/08 14:56:54 beck Exp $ */
+/* $OpenBSD: ccm128.c,v 1.12 2025/05/18 09:21:29 bcook Exp $ */
 /* ====================================================================
 * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
 *
@@ -48,15 +48,11 @@
 * ====================================================================
 */
-#include <openssl/crypto.h>
-#include "modes_local.h"
 #include <string.h>
-#ifndef MODES_DEBUG
+#include <openssl/crypto.h>
-# ifndef NDEBUG
-#  define NDEBUG
+#include "modes_local.h"
-# endif
-#endif
 /* First you setup M and L parameters and pass the key schedule.
 * This is called once per session setup... */
@@ -65,7 +61,7 @@ CRYPTO_ccm128_init(CCM128_CONTEXT *ctx,
    unsigned int M, unsigned int L, void *key, block128_f block)
 {
        memset(ctx->nonce.c, 0, sizeof(ctx->nonce.c));
-        ctx->nonce.c[0] = ((u8)(L - 1) & 7) | (u8)(((M - 2)/2) & 7) << 3;
+        ctx->nonce.c[0] = ((uint8_t)(L - 1) & 7) | (uint8_t)(((M - 2)/2) & 7) << 3;
        ctx->blocks = 0;
        ctx->block = block;
        ctx->key = key;
@@ -85,17 +81,17 @@ CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx,
                return -1;              /* nonce is too short */
        if (sizeof(mlen) == 8 && L >= 3) {
-                ctx->nonce.c[8] = (u8)(mlen >> (56 % (sizeof(mlen)*8)));
+                ctx->nonce.c[8] = (uint8_t)(mlen >> (56 % (sizeof(mlen)*8)));
-                ctx->nonce.c[9] = (u8)(mlen >> (48 % (sizeof(mlen)*8)));
+                ctx->nonce.c[9] = (uint8_t)(mlen >> (48 % (sizeof(mlen)*8)));
-                ctx->nonce.c[10] = (u8)(mlen >> (40 % (sizeof(mlen)*8)));
+                ctx->nonce.c[10] = (uint8_t)(mlen >> (40 % (sizeof(mlen)*8)));
-                ctx->nonce.c[11] = (u8)(mlen >> (32 % (sizeof(mlen)*8)));
+                ctx->nonce.c[11] = (uint8_t)(mlen >> (32 % (sizeof(mlen)*8)));
        } else
                ctx->nonce.u[1] = 0;
-        ctx->nonce.c[12] = (u8)(mlen >> 24);
+        ctx->nonce.c[12] = (uint8_t)(mlen >> 24);
-        ctx->nonce.c[13] = (u8)(mlen >> 16);
+        ctx->nonce.c[13] = (uint8_t)(mlen >> 16);
-        ctx->nonce.c[14] = (u8)(mlen >> 8);
+        ctx->nonce.c[14] = (uint8_t)(mlen >> 8);
-        ctx->nonce.c[15] = (u8)mlen;
+        ctx->nonce.c[15] = (uint8_t)mlen;
        ctx->nonce.c[0] &= ~0x40;       /* clear Adata flag */
        memcpy(&ctx->nonce.c[1], nonce, 14 - L);
@@ -120,29 +116,29 @@ CRYPTO_ccm128_aad(CCM128_CONTEXT *ctx,
            ctx->blocks++;
        if (alen < (0x10000 - 0x100)) {
-                ctx->cmac.c[0] ^= (u8)(alen >> 8);
+                ctx->cmac.c[0] ^= (uint8_t)(alen >> 8);
-                ctx->cmac.c[1] ^= (u8)alen;
+                ctx->cmac.c[1] ^= (uint8_t)alen;
                i = 2;
        } else if (sizeof(alen) == 8 &&
            alen >= (size_t)1 << (32 % (sizeof(alen)*8))) {
                ctx->cmac.c[0] ^= 0xFF;
                ctx->cmac.c[1] ^= 0xFF;
-                ctx->cmac.c[2] ^= (u8)(alen >> (56 % (sizeof(alen)*8)));
+                ctx->cmac.c[2] ^= (uint8_t)(alen >> (56 % (sizeof(alen)*8)));
-                ctx->cmac.c[3] ^= (u8)(alen >> (48 % (sizeof(alen)*8)));
+                ctx->cmac.c[3] ^= (uint8_t)(alen >> (48 % (sizeof(alen)*8)));
-                ctx->cmac.c[4] ^= (u8)(alen >> (40 % (sizeof(alen)*8)));
+                ctx->cmac.c[4] ^= (uint8_t)(alen >> (40 % (sizeof(alen)*8)));
-                ctx->cmac.c[5] ^= (u8)(alen >> (32 % (sizeof(alen)*8)));
+                ctx->cmac.c[5] ^= (uint8_t)(alen >> (32 % (sizeof(alen)*8)));
-                ctx->cmac.c[6] ^= (u8)(alen >> 24);
+                ctx->cmac.c[6] ^= (uint8_t)(alen >> 24);
-                ctx->cmac.c[7] ^= (u8)(alen >> 16);
+                ctx->cmac.c[7] ^= (uint8_t)(alen >> 16);
-                ctx->cmac.c[8] ^= (u8)(alen >> 8);
+                ctx->cmac.c[8] ^= (uint8_t)(alen >> 8);
-                ctx->cmac.c[9] ^= (u8)alen;
+                ctx->cmac.c[9] ^= (uint8_t)alen;
                i = 10;
        } else {
                ctx->cmac.c[0] ^= 0xFF;
                ctx->cmac.c[1] ^= 0xFE;
-                ctx->cmac.c[2] ^= (u8)(alen >> 24);
+                ctx->cmac.c[2] ^= (uint8_t)(alen >> 24);
-                ctx->cmac.c[3] ^= (u8)(alen >> 16);
+                ctx->cmac.c[3] ^= (uint8_t)(alen >> 16);
-                ctx->cmac.c[4] ^= (u8)(alen >> 8);
+                ctx->cmac.c[4] ^= (uint8_t)(alen >> 8);
-                ctx->cmac.c[5] ^= (u8)alen;
+                ctx->cmac.c[5] ^= (uint8_t)alen;
                i = 6;
        }
@@ -164,7 +160,7 @@ static void
 ctr64_inc(unsigned char *counter)
 {
        unsigned int n = 8;
-        u8 c;
+        uint8_t c;
        counter += 8;
        do {
@@ -188,8 +184,8 @@ CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx,
        block128_f       block = ctx->block;
        void            *key = ctx->key;
        union {
-                u64 u[2];
+                uint64_t u[2];
-                u8 c[16];
+                uint8_t c[16];
        } scratch;
        if (!(flags0 & 0x40))
@@ -215,16 +211,16 @@ CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx,
        while (len >= 16) {
 #ifdef __STRICT_ALIGNMENT
                union {
-                        u64 u[2];
+                        uint64_t u[2];
-                        u8 c[16];
+                        uint8_t c[16];
                } temp;
                memcpy(temp.c, inp, 16);
                ctx->cmac.u[0] ^= temp.u[0];
                ctx->cmac.u[1] ^= temp.u[1];
 #else
-                ctx->cmac.u[0] ^= ((u64 *)inp)[0];
+                ctx->cmac.u[0] ^= ((uint64_t *)inp)[0];
-                ctx->cmac.u[1] ^= ((u64 *)inp)[1];
+                ctx->cmac.u[1] ^= ((uint64_t *)inp)[1];
 #endif
                (*block)(ctx->cmac.c, ctx->cmac.c, key);
                (*block)(ctx->nonce.c, scratch.c, key);
@@ -234,8 +230,8 @@ CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx,
                temp.u[1] ^= scratch.u[1];
                memcpy(out, temp.c, 16);
 #else
-                ((u64 *)out)[0] = scratch.u[0] ^ ((u64 *)inp)[0];
+                ((uint64_t *)out)[0] = scratch.u[0] ^ ((uint64_t *)inp)[0];
-                ((u64 *)out)[1] = scratch.u[1] ^ ((u64 *)inp)[1];
+                ((uint64_t *)out)[1] = scratch.u[1] ^ ((uint64_t *)inp)[1];
 #endif
                inp += 16;
                out += 16;
@@ -275,8 +271,8 @@ CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx,
        block128_f       block = ctx->block;
        void            *key = ctx->key;
        union {
-                u64 u[2];
+                uint64_t u[2];
-                u8 c[16];
+                uint8_t c[16];
        } scratch;
        if (!(flags0 & 0x40))
@@ -297,8 +293,8 @@ CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx,
        while (len >= 16) {
 #ifdef __STRICT_ALIGNMENT
                union {
-                        u64 u[2];
+                        uint64_t u[2];
-                        u8 c[16];
+                        uint8_t c[16];
                } temp;
 #endif
                (*block)(ctx->nonce.c, scratch.c, key);
@@ -309,10 +305,10 @@ CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx,
                ctx->cmac.u[1] ^= (scratch.u[1] ^= temp.u[1]);
                memcpy(out, scratch.c, 16);
 #else
-                ctx->cmac.u[0] ^= (((u64 *)out)[0] = scratch.u[0] ^
+                ctx->cmac.u[0] ^= (((uint64_t *)out)[0] = scratch.u[0] ^
-                    ((u64 *)inp)[0]);
+                    ((uint64_t *)inp)[0]);
-                ctx->cmac.u[1] ^= (((u64 *)out)[1] = scratch.u[1] ^
+                ctx->cmac.u[1] ^= (((uint64_t *)out)[1] = scratch.u[1] ^
-                    ((u64 *)inp)[1]);
+                    ((uint64_t *)inp)[1]);
 #endif
                (*block)(ctx->cmac.c, ctx->cmac.c, key);
@@ -367,8 +363,8 @@ CRYPTO_ccm128_encrypt_ccm64(CCM128_CONTEXT *ctx,
        block128_f       block = ctx->block;
        void            *key = ctx->key;
        union {
-                u64 u[2];
+                uint64_t u[2];
-                u8 c[16];
+                uint8_t c[16];
        } scratch;
        if (!(flags0 & 0x40))
@@ -434,8 +430,8 @@ CRYPTO_ccm128_decrypt_ccm64(CCM128_CONTEXT *ctx,
        block128_f       block = ctx->block;
        void            *key = ctx->key;
        union {
-                u64 u[2];
+                uint64_t u[2];
-                u8 c[16];
+                uint8_t c[16];
        } scratch;
        if (!(flags0 & 0x40))

diff --git a/src/lib/libcrypto/modes/ccm128.c b/src/lib/libcrypto/modes/ccm128.c index 68c5cce5da..e27681ee62 100644 --- a/src/lib/libcrypto/modes/ccm128.c +++ b/src/lib/libcrypto/modes/ccm128.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ccm128.c,v 1.8 2023/07/08 14:56:54 beck Exp $ */	1	/* $OpenBSD: ccm128.c,v 1.12 2025/05/18 09:21:29 bcook Exp $ */
2	/* ====================================================================	2	/* ====================================================================
3	* Copyright (c) 2011 The OpenSSL Project. All rights reserved.	3	* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
4	*	4	*
@@ -48,15 +48,11 @@
48	* ====================================================================	48	* ====================================================================
49	*/	49	*/
50		50
51	#include <openssl/crypto.h>
52	#include "modes_local.h"
53	#include <string.h>	51	#include <string.h>
54		52
55	#ifndef MODES_DEBUG	53	#include <openssl/crypto.h>
56	# ifndef NDEBUG	54
57	# define NDEBUG	55	#include "modes_local.h"
58	# endif
59	#endif
60		56
61	/* First you setup M and L parameters and pass the key schedule.	57	/* First you setup M and L parameters and pass the key schedule.
62	* This is called once per session setup... */	58	* This is called once per session setup... */
@@ -65,7 +61,7 @@ CRYPTO_ccm128_init(CCM128_CONTEXT *ctx,
65	unsigned int M, unsigned int L, void *key, block128_f block)	61	unsigned int M, unsigned int L, void *key, block128_f block)
66	{	62	{
67	memset(ctx->nonce.c, 0, sizeof(ctx->nonce.c));	63	memset(ctx->nonce.c, 0, sizeof(ctx->nonce.c));
68	ctx->nonce.c[0] = ((u8)(L - 1) & 7) \| (u8)(((M - 2)/2) & 7) << 3;	64	ctx->nonce.c[0] = ((uint8_t)(L - 1) & 7) \| (uint8_t)(((M - 2)/2) & 7) << 3;
69	ctx->blocks = 0;	65	ctx->blocks = 0;
70	ctx->block = block;	66	ctx->block = block;
71	ctx->key = key;	67	ctx->key = key;
@@ -85,17 +81,17 @@ CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx,
85	return -1; /* nonce is too short */	81	return -1; /* nonce is too short */
86		82
87	if (sizeof(mlen) == 8 && L >= 3) {	83	if (sizeof(mlen) == 8 && L >= 3) {
88	ctx->nonce.c[8] = (u8)(mlen >> (56 % (sizeof(mlen)*8)));	84	ctx->nonce.c[8] = (uint8_t)(mlen >> (56 % (sizeof(mlen)*8)));
89	ctx->nonce.c[9] = (u8)(mlen >> (48 % (sizeof(mlen)*8)));	85	ctx->nonce.c[9] = (uint8_t)(mlen >> (48 % (sizeof(mlen)*8)));
90	ctx->nonce.c[10] = (u8)(mlen >> (40 % (sizeof(mlen)*8)));	86	ctx->nonce.c[10] = (uint8_t)(mlen >> (40 % (sizeof(mlen)*8)));
91	ctx->nonce.c[11] = (u8)(mlen >> (32 % (sizeof(mlen)*8)));	87	ctx->nonce.c[11] = (uint8_t)(mlen >> (32 % (sizeof(mlen)*8)));
92	} else	88	} else
93	ctx->nonce.u[1] = 0;	89	ctx->nonce.u[1] = 0;
94		90
95	ctx->nonce.c[12] = (u8)(mlen >> 24);	91	ctx->nonce.c[12] = (uint8_t)(mlen >> 24);
96	ctx->nonce.c[13] = (u8)(mlen >> 16);	92	ctx->nonce.c[13] = (uint8_t)(mlen >> 16);
97	ctx->nonce.c[14] = (u8)(mlen >> 8);	93	ctx->nonce.c[14] = (uint8_t)(mlen >> 8);
98	ctx->nonce.c[15] = (u8)mlen;	94	ctx->nonce.c[15] = (uint8_t)mlen;
99		95
100	ctx->nonce.c[0] &= ~0x40; /* clear Adata flag */	96	ctx->nonce.c[0] &= ~0x40; /* clear Adata flag */
101	memcpy(&ctx->nonce.c[1], nonce, 14 - L);	97	memcpy(&ctx->nonce.c[1], nonce, 14 - L);
@@ -120,29 +116,29 @@ CRYPTO_ccm128_aad(CCM128_CONTEXT *ctx,
120	ctx->blocks++;	116	ctx->blocks++;
121		117
122	if (alen < (0x10000 - 0x100)) {	118	if (alen < (0x10000 - 0x100)) {
123	ctx->cmac.c[0] ^= (u8)(alen >> 8);	119	ctx->cmac.c[0] ^= (uint8_t)(alen >> 8);
124	ctx->cmac.c[1] ^= (u8)alen;	120	ctx->cmac.c[1] ^= (uint8_t)alen;
125	i = 2;	121	i = 2;
126	} else if (sizeof(alen) == 8 &&	122	} else if (sizeof(alen) == 8 &&
127	alen >= (size_t)1 << (32 % (sizeof(alen)*8))) {	123	alen >= (size_t)1 << (32 % (sizeof(alen)*8))) {
128	ctx->cmac.c[0] ^= 0xFF;	124	ctx->cmac.c[0] ^= 0xFF;
129	ctx->cmac.c[1] ^= 0xFF;	125	ctx->cmac.c[1] ^= 0xFF;
130	ctx->cmac.c[2] ^= (u8)(alen >> (56 % (sizeof(alen)*8)));	126	ctx->cmac.c[2] ^= (uint8_t)(alen >> (56 % (sizeof(alen)*8)));
131	ctx->cmac.c[3] ^= (u8)(alen >> (48 % (sizeof(alen)*8)));	127	ctx->cmac.c[3] ^= (uint8_t)(alen >> (48 % (sizeof(alen)*8)));
132	ctx->cmac.c[4] ^= (u8)(alen >> (40 % (sizeof(alen)*8)));	128	ctx->cmac.c[4] ^= (uint8_t)(alen >> (40 % (sizeof(alen)*8)));
133	ctx->cmac.c[5] ^= (u8)(alen >> (32 % (sizeof(alen)*8)));	129	ctx->cmac.c[5] ^= (uint8_t)(alen >> (32 % (sizeof(alen)*8)));
134	ctx->cmac.c[6] ^= (u8)(alen >> 24);	130	ctx->cmac.c[6] ^= (uint8_t)(alen >> 24);
135	ctx->cmac.c[7] ^= (u8)(alen >> 16);	131	ctx->cmac.c[7] ^= (uint8_t)(alen >> 16);
136	ctx->cmac.c[8] ^= (u8)(alen >> 8);	132	ctx->cmac.c[8] ^= (uint8_t)(alen >> 8);
137	ctx->cmac.c[9] ^= (u8)alen;	133	ctx->cmac.c[9] ^= (uint8_t)alen;
138	i = 10;	134	i = 10;
139	} else {	135	} else {
140	ctx->cmac.c[0] ^= 0xFF;	136	ctx->cmac.c[0] ^= 0xFF;
141	ctx->cmac.c[1] ^= 0xFE;	137	ctx->cmac.c[1] ^= 0xFE;
142	ctx->cmac.c[2] ^= (u8)(alen >> 24);	138	ctx->cmac.c[2] ^= (uint8_t)(alen >> 24);
143	ctx->cmac.c[3] ^= (u8)(alen >> 16);	139	ctx->cmac.c[3] ^= (uint8_t)(alen >> 16);
144	ctx->cmac.c[4] ^= (u8)(alen >> 8);	140	ctx->cmac.c[4] ^= (uint8_t)(alen >> 8);
145	ctx->cmac.c[5] ^= (u8)alen;	141	ctx->cmac.c[5] ^= (uint8_t)alen;
146	i = 6;	142	i = 6;
147	}	143	}
148		144
@@ -164,7 +160,7 @@ static void
164	ctr64_inc(unsigned char *counter)	160	ctr64_inc(unsigned char *counter)
165	{	161	{
166	unsigned int n = 8;	162	unsigned int n = 8;
167	u8 c;	163	uint8_t c;
168		164
169	counter += 8;	165	counter += 8;
170	do {	166	do {
@@ -188,8 +184,8 @@ CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx,
188	block128_f block = ctx->block;	184	block128_f block = ctx->block;
189	void *key = ctx->key;	185	void *key = ctx->key;
190	union {	186	union {
191	u64 u[2];	187	uint64_t u[2];
192	u8 c[16];	188	uint8_t c[16];
193	} scratch;	189	} scratch;
194		190
195	if (!(flags0 & 0x40))	191	if (!(flags0 & 0x40))
@@ -215,16 +211,16 @@ CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx,
215	while (len >= 16) {	211	while (len >= 16) {
216	#ifdef __STRICT_ALIGNMENT	212	#ifdef __STRICT_ALIGNMENT
217	union {	213	union {
218	u64 u[2];	214	uint64_t u[2];
219	u8 c[16];	215	uint8_t c[16];
220	} temp;	216	} temp;
221		217
222	memcpy(temp.c, inp, 16);	218	memcpy(temp.c, inp, 16);
223	ctx->cmac.u[0] ^= temp.u[0];	219	ctx->cmac.u[0] ^= temp.u[0];
224	ctx->cmac.u[1] ^= temp.u[1];	220	ctx->cmac.u[1] ^= temp.u[1];
225	#else	221	#else
226	ctx->cmac.u[0] ^= ((u64 *)inp)[0];	222	ctx->cmac.u[0] ^= ((uint64_t *)inp)[0];
227	ctx->cmac.u[1] ^= ((u64 *)inp)[1];	223	ctx->cmac.u[1] ^= ((uint64_t *)inp)[1];
228	#endif	224	#endif
229	(*block)(ctx->cmac.c, ctx->cmac.c, key);	225	(*block)(ctx->cmac.c, ctx->cmac.c, key);
230	(*block)(ctx->nonce.c, scratch.c, key);	226	(*block)(ctx->nonce.c, scratch.c, key);
@@ -234,8 +230,8 @@ CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx,
234	temp.u[1] ^= scratch.u[1];	230	temp.u[1] ^= scratch.u[1];
235	memcpy(out, temp.c, 16);	231	memcpy(out, temp.c, 16);
236	#else	232	#else
237	((u64 )out)[0] = scratch.u[0] ^ ((u64 )inp)[0];	233	((uint64_t )out)[0] = scratch.u[0] ^ ((uint64_t )inp)[0];
238	((u64 )out)[1] = scratch.u[1] ^ ((u64 )inp)[1];	234	((uint64_t )out)[1] = scratch.u[1] ^ ((uint64_t )inp)[1];
239	#endif	235	#endif
240	inp += 16;	236	inp += 16;
241	out += 16;	237	out += 16;
@@ -275,8 +271,8 @@ CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx,
275	block128_f block = ctx->block;	271	block128_f block = ctx->block;
276	void *key = ctx->key;	272	void *key = ctx->key;
277	union {	273	union {
278	u64 u[2];	274	uint64_t u[2];
279	u8 c[16];	275	uint8_t c[16];
280	} scratch;	276	} scratch;
281		277
282	if (!(flags0 & 0x40))	278	if (!(flags0 & 0x40))
@@ -297,8 +293,8 @@ CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx,
297	while (len >= 16) {	293	while (len >= 16) {
298	#ifdef __STRICT_ALIGNMENT	294	#ifdef __STRICT_ALIGNMENT
299	union {	295	union {
300	u64 u[2];	296	uint64_t u[2];
301	u8 c[16];	297	uint8_t c[16];
302	} temp;	298	} temp;
303	#endif	299	#endif
304	(*block)(ctx->nonce.c, scratch.c, key);	300	(*block)(ctx->nonce.c, scratch.c, key);
@@ -309,10 +305,10 @@ CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx,
309	ctx->cmac.u[1] ^= (scratch.u[1] ^= temp.u[1]);	305	ctx->cmac.u[1] ^= (scratch.u[1] ^= temp.u[1]);
310	memcpy(out, scratch.c, 16);	306	memcpy(out, scratch.c, 16);
311	#else	307	#else
312	ctx->cmac.u[0] ^= (((u64 *)out)[0] = scratch.u[0] ^	308	ctx->cmac.u[0] ^= (((uint64_t *)out)[0] = scratch.u[0] ^
313	((u64 *)inp)[0]);	309	((uint64_t *)inp)[0]);
314	ctx->cmac.u[1] ^= (((u64 *)out)[1] = scratch.u[1] ^	310	ctx->cmac.u[1] ^= (((uint64_t *)out)[1] = scratch.u[1] ^
315	((u64 *)inp)[1]);	311	((uint64_t *)inp)[1]);
316	#endif	312	#endif
317	(*block)(ctx->cmac.c, ctx->cmac.c, key);	313	(*block)(ctx->cmac.c, ctx->cmac.c, key);
318		314
@@ -367,8 +363,8 @@ CRYPTO_ccm128_encrypt_ccm64(CCM128_CONTEXT *ctx,
367	block128_f block = ctx->block;	363	block128_f block = ctx->block;
368	void *key = ctx->key;	364	void *key = ctx->key;
369	union {	365	union {
370	u64 u[2];	366	uint64_t u[2];
371	u8 c[16];	367	uint8_t c[16];
372	} scratch;	368	} scratch;
373		369
374	if (!(flags0 & 0x40))	370	if (!(flags0 & 0x40))
@@ -434,8 +430,8 @@ CRYPTO_ccm128_decrypt_ccm64(CCM128_CONTEXT *ctx,
434	block128_f block = ctx->block;	430	block128_f block = ctx->block;
435	void *key = ctx->key;	431	void *key = ctx->key;
436	union {	432	union {
437	u64 u[2];	433	uint64_t u[2];
438	u8 c[16];	434	uint8_t c[16];
439	} scratch;	435	} scratch;
440		436
441	if (!(flags0 & 0x40))	437	if (!(flags0 & 0x40))