summaryrefslogtreecommitdiffstats
path: root/crypto/evp
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/evp')
-rw-r--r--crypto/evp/e_aes_cbc_hmac_sha1.c8
-rw-r--r--crypto/evp/e_rc4_hmac_md5.c22
-rw-r--r--crypto/evp/evp_enc.c6
-rw-r--r--crypto/evp/p5_crpt.c1
4 files changed, 23 insertions, 14 deletions
diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
index 278c6ca..710fb79 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -83,6 +83,8 @@ typedef struct
} aux;
} EVP_AES_HMAC_SHA1;
+#define NO_PAYLOAD_LENGTH ((size_t)-1)
+
#if defined(AES_ASM) && ( \
defined(__x86_64) || defined(__x86_64__) || \
defined(_M_AMD64) || defined(_M_X64) || \
@@ -124,7 +126,7 @@ static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
key->tail = key->head;
key->md = key->head;
- key->payload_length = 0;
+ key->payload_length = NO_PAYLOAD_LENGTH;
return ret<0?0:1;
}
@@ -185,7 +187,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (len%AES_BLOCK_SIZE) return 0;
if (ctx->encrypt) {
- if (plen==0)
+ if (plen==NO_PAYLOAD_LENGTH)
plen = len;
else if (len!=((plen+SHA_DIGEST_LENGTH+AES_BLOCK_SIZE)&-AES_BLOCK_SIZE))
return 0;
@@ -271,7 +273,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
}
- key->payload_length = 0;
+ key->payload_length = NO_PAYLOAD_LENGTH;
return 1;
}
diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c
index eaa7a53..5f1490c 100644
--- a/crypto/evp/e_rc4_hmac_md5.c
+++ b/crypto/evp/e_rc4_hmac_md5.c
@@ -75,6 +75,8 @@ typedef struct
size_t payload_length;
} EVP_RC4_HMAC_MD5;
+#define NO_PAYLOAD_LENGTH ((size_t)-1)
+
void rc4_md5_enc (RC4_KEY *key, const void *in0, void *out,
MD5_CTX *ctx,const void *inp,size_t blocks);
@@ -93,7 +95,7 @@ static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx,
key->tail = key->head;
key->md = key->head;
- key->payload_length = 0;
+ key->payload_length = NO_PAYLOAD_LENGTH;
return 1;
}
@@ -101,8 +103,7 @@ static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx,
#if !defined(OPENSSL_NO_ASM) && ( \
defined(__x86_64) || defined(__x86_64__) || \
defined(_M_AMD64) || defined(_M_X64) || \
- defined(__INTEL__) ) && \
- !(defined(__APPLE__) && defined(__MACH__))
+ defined(__INTEL__) )
#define STITCHED_CALL
#endif
@@ -120,18 +121,20 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
md5_off = MD5_CBLOCK-key->md.num,
blocks;
unsigned int l;
+ extern unsigned int OPENSSL_ia32cap_P[];
#endif
size_t plen = key->payload_length;
- if (plen && len!=(plen+MD5_DIGEST_LENGTH)) return 0;
+ if (plen!=NO_PAYLOAD_LENGTH && len!=(plen+MD5_DIGEST_LENGTH)) return 0;
if (ctx->encrypt) {
- if (plen==0) plen = len;
+ if (plen==NO_PAYLOAD_LENGTH) plen = len;
#if defined(STITCHED_CALL)
/* cipher has to "fall behind" */
if (rc4_off>md5_off) md5_off+=MD5_CBLOCK;
- if (plen>md5_off && (blocks=(plen-md5_off)/MD5_CBLOCK)) {
+ if (plen>md5_off && (blocks=(plen-md5_off)/MD5_CBLOCK) &&
+ (OPENSSL_ia32cap_P[0]&(1<<20))==0) {
MD5_Update(&key->md,in,md5_off);
RC4(&key->ks,rc4_off,in,out);
@@ -171,7 +174,8 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (md5_off>rc4_off) rc4_off += 2*MD5_CBLOCK;
else rc4_off += MD5_CBLOCK;
- if (len>rc4_off && (blocks=(len-rc4_off)/MD5_CBLOCK)) {
+ if (len>rc4_off && (blocks=(len-rc4_off)/MD5_CBLOCK) &&
+ (OPENSSL_ia32cap_P[0]&(1<<20))==0) {
RC4(&key->ks,rc4_off,in,out);
MD5_Update(&key->md,out,md5_off);
@@ -191,7 +195,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
#endif
/* decrypt HMAC at once */
RC4(&key->ks,len-rc4_off,in+rc4_off,out+rc4_off);
- if (plen) { /* "TLS" mode of operation */
+ if (plen!=NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */
MD5_Update(&key->md,out+md5_off,plen-md5_off);
/* calculate HMAC and verify it */
@@ -207,7 +211,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
}
- key->payload_length = 0;
+ key->payload_length = NO_PAYLOAD_LENGTH;
return 1;
}
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 6910726..8835d9a 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -170,7 +170,8 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
#endif
#ifdef OPENSSL_FIPS
- return FIPS_cipherinit(ctx, cipher, key, iv, enc);
+ if (FIPS_mode())
+ return FIPS_cipherinit(ctx, cipher, key, iv, enc);
#else
ctx->cipher=cipher;
if (ctx->cipher->ctx_size)
@@ -207,7 +208,8 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
skip_to_init:
#endif
#ifdef OPENSSL_FIPS
- return FIPS_cipherinit(ctx, cipher, key, iv, enc);
+ if (FIPS_mode())
+ return FIPS_cipherinit(ctx, cipher, key, iv, enc);
#else
/* we assume block size is a power of 2 in *cryptUpdate */
OPENSSL_assert(ctx->cipher->block_size == 1
diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c
index 7d9c1f0..294cc90 100644
--- a/crypto/evp/p5_crpt.c
+++ b/crypto/evp/p5_crpt.c
@@ -138,5 +138,6 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
rv = 1;
err:
+ EVP_MD_CTX_cleanup(&ctx);
return rv;
}
generated by cgit v1.1 at 2024-09-22 18:20:38 +0000