diff options
Diffstat (limited to 'crypto/evp')
-rw-r--r-- | crypto/evp/e_aes_cbc_hmac_sha1.c | 8 | ||||
-rw-r--r-- | crypto/evp/e_rc4_hmac_md5.c | 22 | ||||
-rw-r--r-- | crypto/evp/evp_enc.c | 6 | ||||
-rw-r--r-- | crypto/evp/p5_crpt.c | 1 |
4 files changed, 23 insertions, 14 deletions
diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c index 278c6ca..710fb79 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha1.c +++ b/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -83,6 +83,8 @@ typedef struct } aux; } EVP_AES_HMAC_SHA1; +#define NO_PAYLOAD_LENGTH ((size_t)-1) + #if defined(AES_ASM) && ( \ defined(__x86_64) || defined(__x86_64__) || \ defined(_M_AMD64) || defined(_M_X64) || \ @@ -124,7 +126,7 @@ static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, key->tail = key->head; key->md = key->head; - key->payload_length = 0; + key->payload_length = NO_PAYLOAD_LENGTH; return ret<0?0:1; } @@ -185,7 +187,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (len%AES_BLOCK_SIZE) return 0; if (ctx->encrypt) { - if (plen==0) + if (plen==NO_PAYLOAD_LENGTH) plen = len; else if (len!=((plen+SHA_DIGEST_LENGTH+AES_BLOCK_SIZE)&-AES_BLOCK_SIZE)) return 0; @@ -271,7 +273,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } } - key->payload_length = 0; + key->payload_length = NO_PAYLOAD_LENGTH; return 1; } diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c index eaa7a53..5f1490c 100644 --- a/crypto/evp/e_rc4_hmac_md5.c +++ b/crypto/evp/e_rc4_hmac_md5.c @@ -75,6 +75,8 @@ typedef struct size_t payload_length; } EVP_RC4_HMAC_MD5; +#define NO_PAYLOAD_LENGTH ((size_t)-1) + void rc4_md5_enc (RC4_KEY *key, const void *in0, void *out, MD5_CTX *ctx,const void *inp,size_t blocks); @@ -93,7 +95,7 @@ static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx, key->tail = key->head; key->md = key->head; - key->payload_length = 0; + key->payload_length = NO_PAYLOAD_LENGTH; return 1; } @@ -101,8 +103,7 @@ static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx, #if !defined(OPENSSL_NO_ASM) && ( \ defined(__x86_64) || defined(__x86_64__) || \ defined(_M_AMD64) || defined(_M_X64) || \ - defined(__INTEL__) ) && \ - !(defined(__APPLE__) && defined(__MACH__)) + defined(__INTEL__) ) #define STITCHED_CALL #endif @@ -120,18 +121,20 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, md5_off = MD5_CBLOCK-key->md.num, blocks; unsigned int l; + extern unsigned int OPENSSL_ia32cap_P[]; #endif size_t plen = key->payload_length; - if (plen && len!=(plen+MD5_DIGEST_LENGTH)) return 0; + if (plen!=NO_PAYLOAD_LENGTH && len!=(plen+MD5_DIGEST_LENGTH)) return 0; if (ctx->encrypt) { - if (plen==0) plen = len; + if (plen==NO_PAYLOAD_LENGTH) plen = len; #if defined(STITCHED_CALL) /* cipher has to "fall behind" */ if (rc4_off>md5_off) md5_off+=MD5_CBLOCK; - if (plen>md5_off && (blocks=(plen-md5_off)/MD5_CBLOCK)) { + if (plen>md5_off && (blocks=(plen-md5_off)/MD5_CBLOCK) && + (OPENSSL_ia32cap_P[0]&(1<<20))==0) { MD5_Update(&key->md,in,md5_off); RC4(&key->ks,rc4_off,in,out); @@ -171,7 +174,8 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (md5_off>rc4_off) rc4_off += 2*MD5_CBLOCK; else rc4_off += MD5_CBLOCK; - if (len>rc4_off && (blocks=(len-rc4_off)/MD5_CBLOCK)) { + if (len>rc4_off && (blocks=(len-rc4_off)/MD5_CBLOCK) && + (OPENSSL_ia32cap_P[0]&(1<<20))==0) { RC4(&key->ks,rc4_off,in,out); MD5_Update(&key->md,out,md5_off); @@ -191,7 +195,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, #endif /* decrypt HMAC at once */ RC4(&key->ks,len-rc4_off,in+rc4_off,out+rc4_off); - if (plen) { /* "TLS" mode of operation */ + if (plen!=NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */ MD5_Update(&key->md,out+md5_off,plen-md5_off); /* calculate HMAC and verify it */ @@ -207,7 +211,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } } - key->payload_length = 0; + key->payload_length = NO_PAYLOAD_LENGTH; return 1; } diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 6910726..8835d9a 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -170,7 +170,8 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp #endif #ifdef OPENSSL_FIPS - return FIPS_cipherinit(ctx, cipher, key, iv, enc); + if (FIPS_mode()) + return FIPS_cipherinit(ctx, cipher, key, iv, enc); #else ctx->cipher=cipher; if (ctx->cipher->ctx_size) @@ -207,7 +208,8 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp skip_to_init: #endif #ifdef OPENSSL_FIPS - return FIPS_cipherinit(ctx, cipher, key, iv, enc); + if (FIPS_mode()) + return FIPS_cipherinit(ctx, cipher, key, iv, enc); #else /* we assume block size is a power of 2 in *cryptUpdate */ OPENSSL_assert(ctx->cipher->block_size == 1 diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c index 7d9c1f0..294cc90 100644 --- a/crypto/evp/p5_crpt.c +++ b/crypto/evp/p5_crpt.c @@ -138,5 +138,6 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); rv = 1; err: + EVP_MD_CTX_cleanup(&ctx); return rv; } |