1 files changed, 19 insertions, 29 deletions
diff --git a/src/lib/libcrypto/modes/ctr128.c b/src/lib/libcrypto/modes/ctr128.c
index 6d507dfc3a..87d9abb355 100644
--- a/src/lib/libcrypto/modes/ctr128.c
+++ b/src/lib/libcrypto/modes/ctr128.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ctr128.c,v 1.11 2023/07/08 14:56:54 beck Exp $ */
+/* $OpenBSD: ctr128.c,v 1.18 2025/05/18 09:05:59 jsing Exp $ */
 /* ====================================================================
 * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
 *
@@ -49,16 +49,12 @@
 *
 */
-#include <openssl/crypto.h>
-#include "modes_local.h"
 #include <string.h>
-#ifndef MODES_DEBUG
+#include <openssl/crypto.h>
-# ifndef NDEBUG
-#  define NDEBUG
+#include "crypto_internal.h"
-# endif
+#include "modes_local.h"
-#endif
-#include <assert.h>
 /* NOTE: the IV/counter CTR mode is big-endian.  The code itself
 * is endian-neutral. */
@@ -67,8 +63,8 @@
 static void
 ctr128_inc(unsigned char *counter)
 {
-        u32 n = 16;
+        uint32_t n = 16;
-        u8  c;
+        uint8_t  c;
        do {
                --n;
@@ -80,7 +76,6 @@ ctr128_inc(unsigned char *counter)
        } while (n);
 }
-#if !defined(OPENSSL_SMALL_FOOTPRINT)
 static void
 ctr128_inc_aligned(unsigned char *counter)
 {
@@ -100,7 +95,6 @@ ctr128_inc_aligned(unsigned char *counter)
        } while (n);
 #endif
 }
-#endif
 /* The input encrypted as though 128bit counter mode is being
 * used.  The extra state information to record how much of the
@@ -121,14 +115,11 @@ CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
    unsigned char ivec[16], unsigned char ecount_buf[16],
    unsigned int *num, block128_f block)
 {
-        unsigned int n;
+        unsigned int n = *num;
        size_t l = 0;
-        assert(*num < 16);
+        OPENSSL_assert(n < 16);
-        n = *num;
-#if !defined(OPENSSL_SMALL_FOOTPRINT)
        if (16 % sizeof(size_t) == 0)
                do { /* always true actually */
                        while (n && len) {
@@ -166,7 +157,6 @@ CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
                        return;
                } while (0);
        /* the rest would be commonly eliminated by x86* compiler */
-#endif
        while (l < len) {
                if (n == 0) {
                        (*block)(ivec, ecount_buf, key);
@@ -185,8 +175,8 @@ LCRYPTO_ALIAS(CRYPTO_ctr128_encrypt);
 static void
 ctr96_inc(unsigned char *counter)
 {
-        u32 n = 12;
+        uint32_t n = 12;
-        u8  c;
+        uint8_t  c;
        do {
                --n;
@@ -204,11 +194,10 @@ CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out,
    unsigned char ivec[16], unsigned char ecount_buf[16],
    unsigned int *num, ctr128_f func)
 {
-        unsigned int n, ctr32;
+        unsigned int n = *num;
+        unsigned int ctr32;
-        assert(*num < 16);
+        OPENSSL_assert(n < 16);
-        n = *num;
        while (n && len) {
                *(out++) = *(in++) ^ ecount_buf[n];
@@ -216,7 +205,8 @@ CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out,
                n = (n + 1) % 16;
        }
-        ctr32 = GETU32(ivec + 12);
+        ctr32 = crypto_load_be32toh(&ivec[12]);
        while (len >= 16) {
                size_t blocks = len/16;
                /*
@@ -233,14 +223,14 @@ CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out,
                 * overflow, which is then handled by limiting the
                 * amount of blocks to the exact overflow point...
                 */
-                ctr32 += (u32)blocks;
+                ctr32 += (uint32_t)blocks;
                if (ctr32 < blocks) {
                        blocks -= ctr32;
                        ctr32 = 0;
                }
                (*func)(in, out, blocks, key, ivec);
                /* (*ctr) does not update ivec, caller does: */
-                PUTU32(ivec + 12, ctr32);
+                crypto_store_htobe32(&ivec[12], ctr32);
                /* ... overflow was detected, propagate carry. */
                if (ctr32 == 0)
                        ctr96_inc(ivec);
@@ -253,7 +243,7 @@ CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out,
                memset(ecount_buf, 0, 16);
                (*func)(ecount_buf, ecount_buf, 1, key, ivec);
                ++ctr32;
-                PUTU32(ivec + 12, ctr32);
+                crypto_store_htobe32(&ivec[12], ctr32);
                if (ctr32 == 0)
                        ctr96_inc(ivec);
                while (len--) {

diff --git a/src/lib/libcrypto/modes/ctr128.c b/src/lib/libcrypto/modes/ctr128.c index 6d507dfc3a..87d9abb355 100644 --- a/src/lib/libcrypto/modes/ctr128.c +++ b/src/lib/libcrypto/modes/ctr128.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ctr128.c,v 1.11 2023/07/08 14:56:54 beck Exp $ */	1	/* $OpenBSD: ctr128.c,v 1.18 2025/05/18 09:05:59 jsing Exp $ */
2	/* ====================================================================	2	/* ====================================================================
3	* Copyright (c) 2008 The OpenSSL Project. All rights reserved.	3	* Copyright (c) 2008 The OpenSSL Project. All rights reserved.
4	*	4	*
@@ -49,16 +49,12 @@
49	*	49	*
50	*/	50	*/
51		51
52	#include <openssl/crypto.h>
53	#include "modes_local.h"
54	#include <string.h>	52	#include <string.h>
55		53
56	#ifndef MODES_DEBUG	54	#include <openssl/crypto.h>
57	# ifndef NDEBUG	55
58	# define NDEBUG	56	#include "crypto_internal.h"
59	# endif	57	#include "modes_local.h"
60	#endif
61	#include <assert.h>
62		58
63	/* NOTE: the IV/counter CTR mode is big-endian. The code itself	59	/* NOTE: the IV/counter CTR mode is big-endian. The code itself
64	* is endian-neutral. */	60	* is endian-neutral. */
@@ -67,8 +63,8 @@
67	static void	63	static void
68	ctr128_inc(unsigned char *counter)	64	ctr128_inc(unsigned char *counter)
69	{	65	{
70	u32 n = 16;	66	uint32_t n = 16;
71	u8 c;	67	uint8_t c;
72		68
73	do {	69	do {
74	--n;	70	--n;
@@ -80,7 +76,6 @@ ctr128_inc(unsigned char *counter)
80	} while (n);	76	} while (n);
81	}	77	}
82		78
83	#if !defined(OPENSSL_SMALL_FOOTPRINT)
84	static void	79	static void
85	ctr128_inc_aligned(unsigned char *counter)	80	ctr128_inc_aligned(unsigned char *counter)
86	{	81	{
@@ -100,7 +95,6 @@ ctr128_inc_aligned(unsigned char *counter)
100	} while (n);	95	} while (n);
101	#endif	96	#endif
102	}	97	}
103	#endif
104		98
105	/* The input encrypted as though 128bit counter mode is being	99	/* The input encrypted as though 128bit counter mode is being
106	* used. The extra state information to record how much of the	100	* used. The extra state information to record how much of the
@@ -121,14 +115,11 @@ CRYPTO_ctr128_encrypt(const unsigned char in, unsigned char out,
121	unsigned char ivec[16], unsigned char ecount_buf[16],	115	unsigned char ivec[16], unsigned char ecount_buf[16],
122	unsigned int *num, block128_f block)	116	unsigned int *num, block128_f block)
123	{	117	{
124	unsigned int n;	118	unsigned int n = *num;
125	size_t l = 0;	119	size_t l = 0;
126		120
127	assert(*num < 16);	121	OPENSSL_assert(n < 16);
128
129	n = *num;
130		122
131	#if !defined(OPENSSL_SMALL_FOOTPRINT)
132	if (16 % sizeof(size_t) == 0)	123	if (16 % sizeof(size_t) == 0)
133	do { /* always true actually */	124	do { /* always true actually */
134	while (n && len) {	125	while (n && len) {
@@ -166,7 +157,6 @@ CRYPTO_ctr128_encrypt(const unsigned char in, unsigned char out,
166	return;	157	return;
167	} while (0);	158	} while (0);
168	/* the rest would be commonly eliminated by x86* compiler */	159	/* the rest would be commonly eliminated by x86* compiler */
169	#endif
170	while (l < len) {	160	while (l < len) {
171	if (n == 0) {	161	if (n == 0) {
172	(*block)(ivec, ecount_buf, key);	162	(*block)(ivec, ecount_buf, key);
@@ -185,8 +175,8 @@ LCRYPTO_ALIAS(CRYPTO_ctr128_encrypt);
185	static void	175	static void
186	ctr96_inc(unsigned char *counter)	176	ctr96_inc(unsigned char *counter)
187	{	177	{
188	u32 n = 12;	178	uint32_t n = 12;
189	u8 c;	179	uint8_t c;
190		180
191	do {	181	do {
192	--n;	182	--n;
@@ -204,11 +194,10 @@ CRYPTO_ctr128_encrypt_ctr32(const unsigned char in, unsigned char out,
204	unsigned char ivec[16], unsigned char ecount_buf[16],	194	unsigned char ivec[16], unsigned char ecount_buf[16],
205	unsigned int *num, ctr128_f func)	195	unsigned int *num, ctr128_f func)
206	{	196	{
207	unsigned int n, ctr32;	197	unsigned int n = *num;
		198	unsigned int ctr32;
208		199
209	assert(*num < 16);	200	OPENSSL_assert(n < 16);
210
211	n = *num;
212		201
213	while (n && len) {	202	while (n && len) {
214	(out++) = (in++) ^ ecount_buf[n];	203	(out++) = (in++) ^ ecount_buf[n];
@@ -216,7 +205,8 @@ CRYPTO_ctr128_encrypt_ctr32(const unsigned char in, unsigned char out,
216	n = (n + 1) % 16;	205	n = (n + 1) % 16;
217	}	206	}
218		207
219	ctr32 = GETU32(ivec + 12);	208	ctr32 = crypto_load_be32toh(&ivec[12]);
		209
220	while (len >= 16) {	210	while (len >= 16) {
221	size_t blocks = len/16;	211	size_t blocks = len/16;
222	/*	212	/*
@@ -233,14 +223,14 @@ CRYPTO_ctr128_encrypt_ctr32(const unsigned char in, unsigned char out,
233	* overflow, which is then handled by limiting the	223	* overflow, which is then handled by limiting the
234	* amount of blocks to the exact overflow point...	224	* amount of blocks to the exact overflow point...
235	*/	225	*/
236	ctr32 += (u32)blocks;	226	ctr32 += (uint32_t)blocks;
237	if (ctr32 < blocks) {	227	if (ctr32 < blocks) {
238	blocks -= ctr32;	228	blocks -= ctr32;
239	ctr32 = 0;	229	ctr32 = 0;
240	}	230	}
241	(*func)(in, out, blocks, key, ivec);	231	(*func)(in, out, blocks, key, ivec);
242	/* (ctr) does not update ivec, caller does: /	232	/* (ctr) does not update ivec, caller does: /
243	PUTU32(ivec + 12, ctr32);	233	crypto_store_htobe32(&ivec[12], ctr32);
244	/* ... overflow was detected, propagate carry. */	234	/* ... overflow was detected, propagate carry. */
245	if (ctr32 == 0)	235	if (ctr32 == 0)
246	ctr96_inc(ivec);	236	ctr96_inc(ivec);
@@ -253,7 +243,7 @@ CRYPTO_ctr128_encrypt_ctr32(const unsigned char in, unsigned char out,
253	memset(ecount_buf, 0, 16);	243	memset(ecount_buf, 0, 16);
254	(*func)(ecount_buf, ecount_buf, 1, key, ivec);	244	(*func)(ecount_buf, ecount_buf, 1, key, ivec);
255	++ctr32;	245	++ctr32;
256	PUTU32(ivec + 12, ctr32);	246	crypto_store_htobe32(&ivec[12], ctr32);
257	if (ctr32 == 0)	247	if (ctr32 == 0)
258	ctr96_inc(ivec);	248	ctr96_inc(ivec);
259	while (len--) {	249	while (len--) {