diff options
Diffstat (limited to 'src/lib/libcrypto/modes/ccm128.c')
| -rw-r--r-- | src/lib/libcrypto/modes/ccm128.c | 90 |
1 files changed, 45 insertions, 45 deletions
diff --git a/src/lib/libcrypto/modes/ccm128.c b/src/lib/libcrypto/modes/ccm128.c index 0f592dd9e5..c4df198c0b 100644 --- a/src/lib/libcrypto/modes/ccm128.c +++ b/src/lib/libcrypto/modes/ccm128.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ccm128.c,v 1.10 2025/04/21 16:01:18 jsing Exp $ */ | 1 | /* $OpenBSD: ccm128.c,v 1.11 2025/05/18 09:05:59 jsing Exp $ */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright (c) 2011 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 2011 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| @@ -61,7 +61,7 @@ CRYPTO_ccm128_init(CCM128_CONTEXT *ctx, | |||
| 61 | unsigned int M, unsigned int L, void *key, block128_f block) | 61 | unsigned int M, unsigned int L, void *key, block128_f block) |
| 62 | { | 62 | { |
| 63 | memset(ctx->nonce.c, 0, sizeof(ctx->nonce.c)); | 63 | memset(ctx->nonce.c, 0, sizeof(ctx->nonce.c)); |
| 64 | ctx->nonce.c[0] = ((u8)(L - 1) & 7) | (u8)(((M - 2)/2) & 7) << 3; | 64 | ctx->nonce.c[0] = ((uint8_t)(L - 1) & 7) | (uint8_t)(((M - 2)/2) & 7) << 3; |
| 65 | ctx->blocks = 0; | 65 | ctx->blocks = 0; |
| 66 | ctx->block = block; | 66 | ctx->block = block; |
| 67 | ctx->key = key; | 67 | ctx->key = key; |
| @@ -81,17 +81,17 @@ CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx, | |||
| 81 | return -1; /* nonce is too short */ | 81 | return -1; /* nonce is too short */ |
| 82 | 82 | ||
| 83 | if (sizeof(mlen) == 8 && L >= 3) { | 83 | if (sizeof(mlen) == 8 && L >= 3) { |
| 84 | ctx->nonce.c[8] = (u8)(mlen >> (56 % (sizeof(mlen)*8))); | 84 | ctx->nonce.c[8] = (uint8_t)(mlen >> (56 % (sizeof(mlen)*8))); |
| 85 | ctx->nonce.c[9] = (u8)(mlen >> (48 % (sizeof(mlen)*8))); | 85 | ctx->nonce.c[9] = (uint8_t)(mlen >> (48 % (sizeof(mlen)*8))); |
| 86 | ctx->nonce.c[10] = (u8)(mlen >> (40 % (sizeof(mlen)*8))); | 86 | ctx->nonce.c[10] = (uint8_t)(mlen >> (40 % (sizeof(mlen)*8))); |
| 87 | ctx->nonce.c[11] = (u8)(mlen >> (32 % (sizeof(mlen)*8))); | 87 | ctx->nonce.c[11] = (uint8_t)(mlen >> (32 % (sizeof(mlen)*8))); |
| 88 | } else | 88 | } else |
| 89 | ctx->nonce.u[1] = 0; | 89 | ctx->nonce.u[1] = 0; |
| 90 | 90 | ||
| 91 | ctx->nonce.c[12] = (u8)(mlen >> 24); | 91 | ctx->nonce.c[12] = (uint8_t)(mlen >> 24); |
| 92 | ctx->nonce.c[13] = (u8)(mlen >> 16); | 92 | ctx->nonce.c[13] = (uint8_t)(mlen >> 16); |
| 93 | ctx->nonce.c[14] = (u8)(mlen >> 8); | 93 | ctx->nonce.c[14] = (uint8_t)(mlen >> 8); |
| 94 | ctx->nonce.c[15] = (u8)mlen; | 94 | ctx->nonce.c[15] = (uint8_t)mlen; |
| 95 | 95 | ||
| 96 | ctx->nonce.c[0] &= ~0x40; /* clear Adata flag */ | 96 | ctx->nonce.c[0] &= ~0x40; /* clear Adata flag */ |
| 97 | memcpy(&ctx->nonce.c[1], nonce, 14 - L); | 97 | memcpy(&ctx->nonce.c[1], nonce, 14 - L); |
| @@ -116,29 +116,29 @@ CRYPTO_ccm128_aad(CCM128_CONTEXT *ctx, | |||
| 116 | ctx->blocks++; | 116 | ctx->blocks++; |
| 117 | 117 | ||
| 118 | if (alen < (0x10000 - 0x100)) { | 118 | if (alen < (0x10000 - 0x100)) { |
| 119 | ctx->cmac.c[0] ^= (u8)(alen >> 8); | 119 | ctx->cmac.c[0] ^= (uint8_t)(alen >> 8); |
| 120 | ctx->cmac.c[1] ^= (u8)alen; | 120 | ctx->cmac.c[1] ^= (uint8_t)alen; |
| 121 | i = 2; | 121 | i = 2; |
| 122 | } else if (sizeof(alen) == 8 && | 122 | } else if (sizeof(alen) == 8 && |
| 123 | alen >= (size_t)1 << (32 % (sizeof(alen)*8))) { | 123 | alen >= (size_t)1 << (32 % (sizeof(alen)*8))) { |
| 124 | ctx->cmac.c[0] ^= 0xFF; | 124 | ctx->cmac.c[0] ^= 0xFF; |
| 125 | ctx->cmac.c[1] ^= 0xFF; | 125 | ctx->cmac.c[1] ^= 0xFF; |
| 126 | ctx->cmac.c[2] ^= (u8)(alen >> (56 % (sizeof(alen)*8))); | 126 | ctx->cmac.c[2] ^= (uint8_t)(alen >> (56 % (sizeof(alen)*8))); |
| 127 | ctx->cmac.c[3] ^= (u8)(alen >> (48 % (sizeof(alen)*8))); | 127 | ctx->cmac.c[3] ^= (uint8_t)(alen >> (48 % (sizeof(alen)*8))); |
| 128 | ctx->cmac.c[4] ^= (u8)(alen >> (40 % (sizeof(alen)*8))); | 128 | ctx->cmac.c[4] ^= (uint8_t)(alen >> (40 % (sizeof(alen)*8))); |
| 129 | ctx->cmac.c[5] ^= (u8)(alen >> (32 % (sizeof(alen)*8))); | 129 | ctx->cmac.c[5] ^= (uint8_t)(alen >> (32 % (sizeof(alen)*8))); |
| 130 | ctx->cmac.c[6] ^= (u8)(alen >> 24); | 130 | ctx->cmac.c[6] ^= (uint8_t)(alen >> 24); |
| 131 | ctx->cmac.c[7] ^= (u8)(alen >> 16); | 131 | ctx->cmac.c[7] ^= (uint8_t)(alen >> 16); |
| 132 | ctx->cmac.c[8] ^= (u8)(alen >> 8); | 132 | ctx->cmac.c[8] ^= (uint8_t)(alen >> 8); |
| 133 | ctx->cmac.c[9] ^= (u8)alen; | 133 | ctx->cmac.c[9] ^= (uint8_t)alen; |
| 134 | i = 10; | 134 | i = 10; |
| 135 | } else { | 135 | } else { |
| 136 | ctx->cmac.c[0] ^= 0xFF; | 136 | ctx->cmac.c[0] ^= 0xFF; |
| 137 | ctx->cmac.c[1] ^= 0xFE; | 137 | ctx->cmac.c[1] ^= 0xFE; |
| 138 | ctx->cmac.c[2] ^= (u8)(alen >> 24); | 138 | ctx->cmac.c[2] ^= (uint8_t)(alen >> 24); |
| 139 | ctx->cmac.c[3] ^= (u8)(alen >> 16); | 139 | ctx->cmac.c[3] ^= (uint8_t)(alen >> 16); |
| 140 | ctx->cmac.c[4] ^= (u8)(alen >> 8); | 140 | ctx->cmac.c[4] ^= (uint8_t)(alen >> 8); |
| 141 | ctx->cmac.c[5] ^= (u8)alen; | 141 | ctx->cmac.c[5] ^= (uint8_t)alen; |
| 142 | i = 6; | 142 | i = 6; |
| 143 | } | 143 | } |
| 144 | 144 | ||
| @@ -160,7 +160,7 @@ static void | |||
| 160 | ctr64_inc(unsigned char *counter) | 160 | ctr64_inc(unsigned char *counter) |
| 161 | { | 161 | { |
| 162 | unsigned int n = 8; | 162 | unsigned int n = 8; |
| 163 | u8 c; | 163 | uint8_t c; |
| 164 | 164 | ||
| 165 | counter += 8; | 165 | counter += 8; |
| 166 | do { | 166 | do { |
| @@ -184,8 +184,8 @@ CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx, | |||
| 184 | block128_f block = ctx->block; | 184 | block128_f block = ctx->block; |
| 185 | void *key = ctx->key; | 185 | void *key = ctx->key; |
| 186 | union { | 186 | union { |
| 187 | u64 u[2]; | 187 | uint64_t u[2]; |
| 188 | u8 c[16]; | 188 | uint8_t c[16]; |
| 189 | } scratch; | 189 | } scratch; |
| 190 | 190 | ||
| 191 | if (!(flags0 & 0x40)) | 191 | if (!(flags0 & 0x40)) |
| @@ -211,16 +211,16 @@ CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx, | |||
| 211 | while (len >= 16) { | 211 | while (len >= 16) { |
| 212 | #ifdef __STRICT_ALIGNMENT | 212 | #ifdef __STRICT_ALIGNMENT |
| 213 | union { | 213 | union { |
| 214 | u64 u[2]; | 214 | uint64_t u[2]; |
| 215 | u8 c[16]; | 215 | uint8_t c[16]; |
| 216 | } temp; | 216 | } temp; |
| 217 | 217 | ||
| 218 | memcpy(temp.c, inp, 16); | 218 | memcpy(temp.c, inp, 16); |
| 219 | ctx->cmac.u[0] ^= temp.u[0]; | 219 | ctx->cmac.u[0] ^= temp.u[0]; |
| 220 | ctx->cmac.u[1] ^= temp.u[1]; | 220 | ctx->cmac.u[1] ^= temp.u[1]; |
| 221 | #else | 221 | #else |
| 222 | ctx->cmac.u[0] ^= ((u64 *)inp)[0]; | 222 | ctx->cmac.u[0] ^= ((uint64_t *)inp)[0]; |
| 223 | ctx->cmac.u[1] ^= ((u64 *)inp)[1]; | 223 | ctx->cmac.u[1] ^= ((uint64_t *)inp)[1]; |
| 224 | #endif | 224 | #endif |
| 225 | (*block)(ctx->cmac.c, ctx->cmac.c, key); | 225 | (*block)(ctx->cmac.c, ctx->cmac.c, key); |
| 226 | (*block)(ctx->nonce.c, scratch.c, key); | 226 | (*block)(ctx->nonce.c, scratch.c, key); |
| @@ -230,8 +230,8 @@ CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx, | |||
| 230 | temp.u[1] ^= scratch.u[1]; | 230 | temp.u[1] ^= scratch.u[1]; |
| 231 | memcpy(out, temp.c, 16); | 231 | memcpy(out, temp.c, 16); |
| 232 | #else | 232 | #else |
| 233 | ((u64 *)out)[0] = scratch.u[0] ^ ((u64 *)inp)[0]; | 233 | ((uint64_t *)out)[0] = scratch.u[0] ^ ((u64 *)inp)[0]; |
| 234 | ((u64 *)out)[1] = scratch.u[1] ^ ((u64 *)inp)[1]; | 234 | ((uint64_t *)out)[1] = scratch.u[1] ^ ((u64 *)inp)[1]; |
| 235 | #endif | 235 | #endif |
| 236 | inp += 16; | 236 | inp += 16; |
| 237 | out += 16; | 237 | out += 16; |
| @@ -271,8 +271,8 @@ CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx, | |||
| 271 | block128_f block = ctx->block; | 271 | block128_f block = ctx->block; |
| 272 | void *key = ctx->key; | 272 | void *key = ctx->key; |
| 273 | union { | 273 | union { |
| 274 | u64 u[2]; | 274 | uint64_t u[2]; |
| 275 | u8 c[16]; | 275 | uint8_t c[16]; |
| 276 | } scratch; | 276 | } scratch; |
| 277 | 277 | ||
| 278 | if (!(flags0 & 0x40)) | 278 | if (!(flags0 & 0x40)) |
| @@ -293,8 +293,8 @@ CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx, | |||
| 293 | while (len >= 16) { | 293 | while (len >= 16) { |
| 294 | #ifdef __STRICT_ALIGNMENT | 294 | #ifdef __STRICT_ALIGNMENT |
| 295 | union { | 295 | union { |
| 296 | u64 u[2]; | 296 | uint64_t u[2]; |
| 297 | u8 c[16]; | 297 | uint8_t c[16]; |
| 298 | } temp; | 298 | } temp; |
| 299 | #endif | 299 | #endif |
| 300 | (*block)(ctx->nonce.c, scratch.c, key); | 300 | (*block)(ctx->nonce.c, scratch.c, key); |
| @@ -305,10 +305,10 @@ CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx, | |||
| 305 | ctx->cmac.u[1] ^= (scratch.u[1] ^= temp.u[1]); | 305 | ctx->cmac.u[1] ^= (scratch.u[1] ^= temp.u[1]); |
| 306 | memcpy(out, scratch.c, 16); | 306 | memcpy(out, scratch.c, 16); |
| 307 | #else | 307 | #else |
| 308 | ctx->cmac.u[0] ^= (((u64 *)out)[0] = scratch.u[0] ^ | 308 | ctx->cmac.u[0] ^= (((uint64_t *)out)[0] = scratch.u[0] ^ |
| 309 | ((u64 *)inp)[0]); | 309 | ((uint64_t *)inp)[0]); |
| 310 | ctx->cmac.u[1] ^= (((u64 *)out)[1] = scratch.u[1] ^ | 310 | ctx->cmac.u[1] ^= (((uint64_t *)out)[1] = scratch.u[1] ^ |
| 311 | ((u64 *)inp)[1]); | 311 | ((uint64_t *)inp)[1]); |
| 312 | #endif | 312 | #endif |
| 313 | (*block)(ctx->cmac.c, ctx->cmac.c, key); | 313 | (*block)(ctx->cmac.c, ctx->cmac.c, key); |
| 314 | 314 | ||
| @@ -363,8 +363,8 @@ CRYPTO_ccm128_encrypt_ccm64(CCM128_CONTEXT *ctx, | |||
| 363 | block128_f block = ctx->block; | 363 | block128_f block = ctx->block; |
| 364 | void *key = ctx->key; | 364 | void *key = ctx->key; |
| 365 | union { | 365 | union { |
| 366 | u64 u[2]; | 366 | uint64_t u[2]; |
| 367 | u8 c[16]; | 367 | uint8_t c[16]; |
| 368 | } scratch; | 368 | } scratch; |
| 369 | 369 | ||
| 370 | if (!(flags0 & 0x40)) | 370 | if (!(flags0 & 0x40)) |
| @@ -430,8 +430,8 @@ CRYPTO_ccm128_decrypt_ccm64(CCM128_CONTEXT *ctx, | |||
| 430 | block128_f block = ctx->block; | 430 | block128_f block = ctx->block; |
| 431 | void *key = ctx->key; | 431 | void *key = ctx->key; |
| 432 | union { | 432 | union { |
| 433 | u64 u[2]; | 433 | uint64_t u[2]; |
| 434 | u8 c[16]; | 434 | uint8_t c[16]; |
| 435 | } scratch; | 435 | } scratch; |
| 436 | 436 | ||
| 437 | if (!(flags0 & 0x40)) | 437 | if (!(flags0 & 0x40)) |