aboutsummaryrefslogtreecommitdiff
path: root/openssl/crypto/evp
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/crypto/evp')
-rw-r--r--openssl/crypto/evp/Makefile1
-rw-r--r--openssl/crypto/evp/e_aes_cbc_hmac_sha1.c8
-rw-r--r--openssl/crypto/evp/e_rc4_hmac_md5.c19
-rw-r--r--openssl/crypto/evp/evp_enc.c12
-rw-r--r--openssl/crypto/evp/p5_crpt.c1
5 files changed, 25 insertions, 16 deletions
diff --git a/openssl/crypto/evp/Makefile b/openssl/crypto/evp/Makefile
index 9c79f66f5..0fe1b96bf 100644
--- a/openssl/crypto/evp/Makefile
+++ b/openssl/crypto/evp/Makefile
@@ -211,6 +211,7 @@ e_aes_cbc_hmac_sha1.o: ../../include/openssl/safestack.h
e_aes_cbc_hmac_sha1.o: ../../include/openssl/sha.h
e_aes_cbc_hmac_sha1.o: ../../include/openssl/stack.h
e_aes_cbc_hmac_sha1.o: ../../include/openssl/symhacks.h e_aes_cbc_hmac_sha1.c
+e_aes_cbc_hmac_sha1.o: evp_locl.h
e_bf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
e_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/buffer.h
e_bf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
diff --git a/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c b/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c
index 278c6caa2..710fb79ba 100644
--- a/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -83,6 +83,8 @@ typedef struct
} aux;
} EVP_AES_HMAC_SHA1;
+#define NO_PAYLOAD_LENGTH ((size_t)-1)
+
#if defined(AES_ASM) && ( \
defined(__x86_64) || defined(__x86_64__) || \
defined(_M_AMD64) || defined(_M_X64) || \
@@ -124,7 +126,7 @@ static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
key->tail = key->head;
key->md = key->head;
- key->payload_length = 0;
+ key->payload_length = NO_PAYLOAD_LENGTH;
return ret<0?0:1;
}
@@ -185,7 +187,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (len%AES_BLOCK_SIZE) return 0;
if (ctx->encrypt) {
- if (plen==0)
+ if (plen==NO_PAYLOAD_LENGTH)
plen = len;
else if (len!=((plen+SHA_DIGEST_LENGTH+AES_BLOCK_SIZE)&-AES_BLOCK_SIZE))
return 0;
@@ -271,7 +273,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
}
- key->payload_length = 0;
+ key->payload_length = NO_PAYLOAD_LENGTH;
return 1;
}
diff --git a/openssl/crypto/evp/e_rc4_hmac_md5.c b/openssl/crypto/evp/e_rc4_hmac_md5.c
index eaa7a5312..56563191b 100644
--- a/openssl/crypto/evp/e_rc4_hmac_md5.c
+++ b/openssl/crypto/evp/e_rc4_hmac_md5.c
@@ -75,6 +75,8 @@ typedef struct
size_t payload_length;
} EVP_RC4_HMAC_MD5;
+#define NO_PAYLOAD_LENGTH ((size_t)-1)
+
void rc4_md5_enc (RC4_KEY *key, const void *in0, void *out,
MD5_CTX *ctx,const void *inp,size_t blocks);
@@ -93,7 +95,7 @@ static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx,
key->tail = key->head;
key->md = key->head;
- key->payload_length = 0;
+ key->payload_length = NO_PAYLOAD_LENGTH;
return 1;
}
@@ -120,18 +122,20 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
md5_off = MD5_CBLOCK-key->md.num,
blocks;
unsigned int l;
+ extern unsigned int OPENSSL_ia32cap_P[];
#endif
size_t plen = key->payload_length;
- if (plen && len!=(plen+MD5_DIGEST_LENGTH)) return 0;
+ if (plen!=NO_PAYLOAD_LENGTH && len!=(plen+MD5_DIGEST_LENGTH)) return 0;
if (ctx->encrypt) {
- if (plen==0) plen = len;
+ if (plen==NO_PAYLOAD_LENGTH) plen = len;
#if defined(STITCHED_CALL)
/* cipher has to "fall behind" */
if (rc4_off>md5_off) md5_off+=MD5_CBLOCK;
- if (plen>md5_off && (blocks=(plen-md5_off)/MD5_CBLOCK)) {
+ if (plen>md5_off && (blocks=(plen-md5_off)/MD5_CBLOCK) &&
+ (OPENSSL_ia32cap_P[0]&(1<<20))==0) {
MD5_Update(&key->md,in,md5_off);
RC4(&key->ks,rc4_off,in,out);
@@ -171,7 +175,8 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (md5_off>rc4_off) rc4_off += 2*MD5_CBLOCK;
else rc4_off += MD5_CBLOCK;
- if (len>rc4_off && (blocks=(len-rc4_off)/MD5_CBLOCK)) {
+ if (len>rc4_off && (blocks=(len-rc4_off)/MD5_CBLOCK) &&
+ (OPENSSL_ia32cap_P[0]&(1<<20))==0) {
RC4(&key->ks,rc4_off,in,out);
MD5_Update(&key->md,out,md5_off);
@@ -191,7 +196,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
#endif
/* decrypt HMAC at once */
RC4(&key->ks,len-rc4_off,in+rc4_off,out+rc4_off);
- if (plen) { /* "TLS" mode of operation */
+ if (plen!=NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */
MD5_Update(&key->md,out+md5_off,plen-md5_off);
/* calculate HMAC and verify it */
@@ -207,7 +212,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
}
- key->payload_length = 0;
+ key->payload_length = NO_PAYLOAD_LENGTH;
return 1;
}
diff --git a/openssl/crypto/evp/evp_enc.c b/openssl/crypto/evp/evp_enc.c
index 691072655..0c54f05e6 100644
--- a/openssl/crypto/evp/evp_enc.c
+++ b/openssl/crypto/evp/evp_enc.c
@@ -170,8 +170,9 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
#endif
#ifdef OPENSSL_FIPS
- return FIPS_cipherinit(ctx, cipher, key, iv, enc);
-#else
+ if (FIPS_mode())
+ return FIPS_cipherinit(ctx, cipher, key, iv, enc);
+#endif
ctx->cipher=cipher;
if (ctx->cipher->ctx_size)
{
@@ -196,7 +197,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
return 0;
}
}
-#endif
}
else if(!ctx->cipher)
{
@@ -207,8 +207,9 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
skip_to_init:
#endif
#ifdef OPENSSL_FIPS
- return FIPS_cipherinit(ctx, cipher, key, iv, enc);
-#else
+ if (FIPS_mode())
+ return FIPS_cipherinit(ctx, cipher, key, iv, enc);
+#endif
/* we assume block size is a power of 2 in *cryptUpdate */
OPENSSL_assert(ctx->cipher->block_size == 1
|| ctx->cipher->block_size == 8
@@ -255,7 +256,6 @@ skip_to_init:
ctx->final_used=0;
ctx->block_mask=ctx->cipher->block_size-1;
return 1;
-#endif
}
int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
diff --git a/openssl/crypto/evp/p5_crpt.c b/openssl/crypto/evp/p5_crpt.c
index 7d9c1f012..294cc90d8 100644
--- a/openssl/crypto/evp/p5_crpt.c
+++ b/openssl/crypto/evp/p5_crpt.c
@@ -138,5 +138,6 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
rv = 1;
err:
+ EVP_MD_CTX_cleanup(&ctx);
return rv;
}