diff options
Diffstat (limited to 'openssl/crypto/evp')
-rw-r--r-- | openssl/crypto/evp/Makefile | 1 | ||||
-rw-r--r-- | openssl/crypto/evp/e_aes_cbc_hmac_sha1.c | 8 | ||||
-rw-r--r-- | openssl/crypto/evp/e_rc4_hmac_md5.c | 19 | ||||
-rw-r--r-- | openssl/crypto/evp/evp_enc.c | 12 | ||||
-rw-r--r-- | openssl/crypto/evp/p5_crpt.c | 1 |
5 files changed, 25 insertions, 16 deletions
diff --git a/openssl/crypto/evp/Makefile b/openssl/crypto/evp/Makefile index 9c79f66f5..0fe1b96bf 100644 --- a/openssl/crypto/evp/Makefile +++ b/openssl/crypto/evp/Makefile @@ -211,6 +211,7 @@ e_aes_cbc_hmac_sha1.o: ../../include/openssl/safestack.h e_aes_cbc_hmac_sha1.o: ../../include/openssl/sha.h e_aes_cbc_hmac_sha1.o: ../../include/openssl/stack.h e_aes_cbc_hmac_sha1.o: ../../include/openssl/symhacks.h e_aes_cbc_hmac_sha1.c +e_aes_cbc_hmac_sha1.o: evp_locl.h e_bf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/buffer.h e_bf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h diff --git a/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c b/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c index 278c6caa2..710fb79ba 100644 --- a/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c +++ b/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -83,6 +83,8 @@ typedef struct } aux; } EVP_AES_HMAC_SHA1; +#define NO_PAYLOAD_LENGTH ((size_t)-1) + #if defined(AES_ASM) && ( \ defined(__x86_64) || defined(__x86_64__) || \ defined(_M_AMD64) || defined(_M_X64) || \ @@ -124,7 +126,7 @@ static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, key->tail = key->head; key->md = key->head; - key->payload_length = 0; + key->payload_length = NO_PAYLOAD_LENGTH; return ret<0?0:1; } @@ -185,7 +187,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (len%AES_BLOCK_SIZE) return 0; if (ctx->encrypt) { - if (plen==0) + if (plen==NO_PAYLOAD_LENGTH) plen = len; else if (len!=((plen+SHA_DIGEST_LENGTH+AES_BLOCK_SIZE)&-AES_BLOCK_SIZE)) return 0; @@ -271,7 +273,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } } - key->payload_length = 0; + key->payload_length = NO_PAYLOAD_LENGTH; return 1; } diff --git a/openssl/crypto/evp/e_rc4_hmac_md5.c b/openssl/crypto/evp/e_rc4_hmac_md5.c index eaa7a5312..56563191b 100644 --- a/openssl/crypto/evp/e_rc4_hmac_md5.c +++ b/openssl/crypto/evp/e_rc4_hmac_md5.c @@ -75,6 +75,8 @@ typedef struct size_t payload_length; } EVP_RC4_HMAC_MD5; +#define NO_PAYLOAD_LENGTH ((size_t)-1) + void rc4_md5_enc (RC4_KEY *key, const void *in0, void *out, MD5_CTX *ctx,const void *inp,size_t blocks); @@ -93,7 +95,7 @@ static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx, key->tail = key->head; key->md = key->head; - key->payload_length = 0; + key->payload_length = NO_PAYLOAD_LENGTH; return 1; } @@ -120,18 +122,20 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, md5_off = MD5_CBLOCK-key->md.num, blocks; unsigned int l; + extern unsigned int OPENSSL_ia32cap_P[]; #endif size_t plen = key->payload_length; - if (plen && len!=(plen+MD5_DIGEST_LENGTH)) return 0; + if (plen!=NO_PAYLOAD_LENGTH && len!=(plen+MD5_DIGEST_LENGTH)) return 0; if (ctx->encrypt) { - if (plen==0) plen = len; + if (plen==NO_PAYLOAD_LENGTH) plen = len; #if defined(STITCHED_CALL) /* cipher has to "fall behind" */ if (rc4_off>md5_off) md5_off+=MD5_CBLOCK; - if (plen>md5_off && (blocks=(plen-md5_off)/MD5_CBLOCK)) { + if (plen>md5_off && (blocks=(plen-md5_off)/MD5_CBLOCK) && + (OPENSSL_ia32cap_P[0]&(1<<20))==0) { MD5_Update(&key->md,in,md5_off); RC4(&key->ks,rc4_off,in,out); @@ -171,7 +175,8 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (md5_off>rc4_off) rc4_off += 2*MD5_CBLOCK; else rc4_off += MD5_CBLOCK; - if (len>rc4_off && (blocks=(len-rc4_off)/MD5_CBLOCK)) { + if (len>rc4_off && (blocks=(len-rc4_off)/MD5_CBLOCK) && + (OPENSSL_ia32cap_P[0]&(1<<20))==0) { RC4(&key->ks,rc4_off,in,out); MD5_Update(&key->md,out,md5_off); @@ -191,7 +196,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, #endif /* decrypt HMAC at once */ RC4(&key->ks,len-rc4_off,in+rc4_off,out+rc4_off); - if (plen) { /* "TLS" mode of operation */ + if (plen!=NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */ MD5_Update(&key->md,out+md5_off,plen-md5_off); /* calculate HMAC and verify it */ @@ -207,7 +212,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } } - key->payload_length = 0; + key->payload_length = NO_PAYLOAD_LENGTH; return 1; } diff --git a/openssl/crypto/evp/evp_enc.c b/openssl/crypto/evp/evp_enc.c index 691072655..0c54f05e6 100644 --- a/openssl/crypto/evp/evp_enc.c +++ b/openssl/crypto/evp/evp_enc.c @@ -170,8 +170,9 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp #endif #ifdef OPENSSL_FIPS - return FIPS_cipherinit(ctx, cipher, key, iv, enc); -#else + if (FIPS_mode()) + return FIPS_cipherinit(ctx, cipher, key, iv, enc); +#endif ctx->cipher=cipher; if (ctx->cipher->ctx_size) { @@ -196,7 +197,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp return 0; } } -#endif } else if(!ctx->cipher) { @@ -207,8 +207,9 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp skip_to_init: #endif #ifdef OPENSSL_FIPS - return FIPS_cipherinit(ctx, cipher, key, iv, enc); -#else + if (FIPS_mode()) + return FIPS_cipherinit(ctx, cipher, key, iv, enc); +#endif /* we assume block size is a power of 2 in *cryptUpdate */ OPENSSL_assert(ctx->cipher->block_size == 1 || ctx->cipher->block_size == 8 @@ -255,7 +256,6 @@ skip_to_init: ctx->final_used=0; ctx->block_mask=ctx->cipher->block_size-1; return 1; -#endif } int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, diff --git a/openssl/crypto/evp/p5_crpt.c b/openssl/crypto/evp/p5_crpt.c index 7d9c1f012..294cc90d8 100644 --- a/openssl/crypto/evp/p5_crpt.c +++ b/openssl/crypto/evp/p5_crpt.c @@ -138,5 +138,6 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); rv = 1; err: + EVP_MD_CTX_cleanup(&ctx); return rv; } |