Loading Makefile.org +1 −1 Original line number Diff line number Diff line Loading @@ -115,7 +115,7 @@ SHLIBDIRS= crypto ssl SDIRS= \ objects \ md2 md4 md5 sha mdc2 hmac ripemd whrlpool \ des aes rc2 rc4 rc5 idea bf cast camellia seed \ des aes rc2 rc4 rc5 idea bf cast camellia seed modes \ bn ec rsa dsa ecdsa dh ecdh dso engine \ buffer bio stack lhash rand err \ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ Loading crypto/aes/Makefile +8 −12 Original line number Diff line number Diff line Loading @@ -100,18 +100,14 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. aes_cbc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h aes_cbc.o: ../../include/openssl/opensslconf.h aes_cbc.c aes_locl.h aes_cfb.o: ../../e_os.h ../../include/openssl/aes.h aes_cfb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h aes_cfb.o: aes_cfb.c aes_locl.h aes_cbc.o: ../../include/openssl/aes.h ../../include/openssl/modes.h aes_cbc.o: ../../include/openssl/opensslconf.h aes_cbc.c aes_cfb.o: ../../include/openssl/aes.h ../../include/openssl/modes.h aes_cfb.o: ../../include/openssl/opensslconf.h aes_cfb.c aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h aes_core.o: ../../include/openssl/opensslconf.h aes_core.c aes_locl.h aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/crypto.h aes_ctr.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h aes_ctr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h aes_ctr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h aes_ctr.o: ../../include/openssl/symhacks.h aes_ctr.c aes_locl.h aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/modes.h aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c aes_ecb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h aes_ecb.o: ../../include/openssl/opensslconf.h aes_ecb.c aes_locl.h aes_ige.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/bio.h Loading @@ -124,8 +120,8 @@ aes_ige.o: ../../include/openssl/symhacks.h ../cryptlib.h aes_ige.c aes_locl.h aes_misc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h aes_misc.o: ../../include/openssl/opensslconf.h aes_misc.o: ../../include/openssl/opensslv.h aes_locl.h aes_misc.c aes_ofb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h aes_ofb.o: ../../include/openssl/opensslconf.h aes_locl.h aes_ofb.c aes_ofb.o: ../../include/openssl/aes.h ../../include/openssl/modes.h aes_ofb.o: ../../include/openssl/opensslconf.h aes_ofb.c aes_wrap.o: ../../e_os.h ../../include/openssl/aes.h aes_wrap.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h aes_wrap.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h Loading crypto/aes/aes_cbc.c +5 −72 Original line number Diff line number Diff line Loading @@ -49,82 +49,15 @@ * */ #ifndef AES_DEBUG # ifndef NDEBUG # define NDEBUG # endif #endif #include <assert.h> #include <openssl/aes.h> #include "aes_locl.h" #include <openssl/modes.h> void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len, const AES_KEY *key, unsigned char *ivec, const int enc) { size_t n; unsigned char tmp[AES_BLOCK_SIZE]; const unsigned char *iv = ivec; assert(in && out && key && ivec); assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc)); if (AES_ENCRYPT == enc) { while (len >= AES_BLOCK_SIZE) { for(n=0; n < AES_BLOCK_SIZE; ++n) out[n] = in[n] ^ iv[n]; AES_encrypt(out, out, key); iv = out; len -= AES_BLOCK_SIZE; in += AES_BLOCK_SIZE; out += AES_BLOCK_SIZE; } if (len) { for(n=0; n < len; ++n) out[n] = in[n] ^ iv[n]; for(n=len; n < AES_BLOCK_SIZE; ++n) out[n] = iv[n]; AES_encrypt(out, out, key); iv = out; } memcpy(ivec,iv,AES_BLOCK_SIZE); } else if (in != out) { while (len >= AES_BLOCK_SIZE) { AES_decrypt(in, out, key); for(n=0; n < AES_BLOCK_SIZE; ++n) out[n] ^= iv[n]; iv = in; len -= AES_BLOCK_SIZE; in += AES_BLOCK_SIZE; out += AES_BLOCK_SIZE; } if (len) { AES_decrypt(in,tmp,key); for(n=0; n < len; ++n) out[n] = tmp[n] ^ iv[n]; iv = in; } memcpy(ivec,iv,AES_BLOCK_SIZE); } else { while (len >= AES_BLOCK_SIZE) { memcpy(tmp, in, AES_BLOCK_SIZE); AES_decrypt(in, out, key); for(n=0; n < AES_BLOCK_SIZE; ++n) out[n] ^= ivec[n]; memcpy(ivec, tmp, AES_BLOCK_SIZE); len -= AES_BLOCK_SIZE; in += AES_BLOCK_SIZE; out += AES_BLOCK_SIZE; } if (len) { memcpy(tmp, in, AES_BLOCK_SIZE); AES_decrypt(tmp, out, key); for(n=0; n < len; ++n) out[n] ^= ivec[n]; for(n=len; n < AES_BLOCK_SIZE; ++n) out[n] = tmp[n]; memcpy(ivec, tmp, AES_BLOCK_SIZE); } } if (enc) CRYPTO_cbc128_encrypt(in,out,len,key,ivec,(block_f)AES_encrypt); else CRYPTO_cbc128_decrypt(in,out,len,key,ivec,(block_f)AES_decrypt); } crypto/aes/aes_cfb.c +4 −175 Original line number Diff line number Diff line Loading @@ -49,23 +49,8 @@ * */ #ifndef AES_DEBUG # ifndef NDEBUG # define NDEBUG # endif #endif #include <assert.h> #include <openssl/aes.h> #include "aes_locl.h" #include "e_os.h" #define STRICT_ALIGNMENT #if defined(__i386) || defined(__i386__) || \ defined(__x86_64) || defined(__x86_64__) || \ defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) # undef STRICT_ALIGNMENT #endif #include <openssl/modes.h> /* The input and output encrypted as though 128bit cfb mode is being * used. The extra state information to record how much of the Loading @@ -76,145 +61,7 @@ void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, size_t length, const AES_KEY *key, unsigned char *ivec, int *num, const int enc) { unsigned int n; size_t l = 0; assert(in && out && key && ivec && num); n = *num; #if !defined(OPENSSL_SMALL_FOOTPRINT) if (AES_BLOCK_SIZE%sizeof(size_t) == 0) { /* always true actually */ if (enc) { if (n) { while (length) { *(out++) = ivec[n] ^= *(in++); length--; if(!(n = (n + 1) % AES_BLOCK_SIZE)) break; } } #if defined(STRICT_ALIGNMENT) if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) goto enc_unaligned; #endif while ((l + AES_BLOCK_SIZE) <= length) { unsigned int i; AES_encrypt(ivec, ivec, key); for (i=0;i<AES_BLOCK_SIZE;i+=sizeof(size_t)) { *(size_t*)(out+l+i) = *(size_t*)(ivec+i) ^= *(size_t*)(in+l+i); } l += AES_BLOCK_SIZE; } if (l < length) { AES_encrypt(ivec, ivec, key); do { out[l] = ivec[n] ^= in[l]; l++; n++; } while (l < length); } } else { if (n) { while (length) { unsigned char c; *(out++) = ivec[n] ^ (c = *(in++)); ivec[n] = c; length--; if(!(n = (n + 1) % AES_BLOCK_SIZE)) break; } } #if defined(STRICT_ALIGNMENT) if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) goto dec_unaligned; #endif while (l + AES_BLOCK_SIZE <= length) { unsigned int i; AES_encrypt(ivec, ivec, key); for (i=0;i<AES_BLOCK_SIZE;i+=sizeof(size_t)) { size_t t = *(size_t*)(in+l+i); *(size_t*)(out+l+i) = *(size_t*)(ivec+i) ^ t; *(size_t*)(ivec+i) = t; } l += AES_BLOCK_SIZE; } if (l < length) { AES_encrypt(ivec, ivec, key); do { unsigned char c; out[l] = ivec[n] ^ (c = in[l]); ivec[n] = c; l++; n++; } while (l < length); } } *num = n; return; } #endif /* this code would be commonly eliminated by x86* compiler */ if (enc) { #if defined(STRICT_ALIGNMENT) && !defined(OPENSSL_SMALL_FOOTPRINT) enc_unaligned: #endif while (l<length) { if (n == 0) { AES_encrypt(ivec, ivec, key); } out[l] = ivec[n] ^= in[l]; l++; n = (n+1) % AES_BLOCK_SIZE; } } else { #if defined(STRICT_ALIGNMENT) && !defined(OPENSSL_SMALL_FOOTPRINT) dec_unaligned: #endif while (l<length) { unsigned char c; if (n == 0) { AES_encrypt(ivec, ivec, key); } out[l] = ivec[n] ^ (c = in[l]); ivec[n] = c; l++; n = (n+1) % AES_BLOCK_SIZE; } } *num=n; } /* This expects a single block of size nbits for both in and out. Note that it corrupts any extra bits in the last byte of out */ void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out, const int nbits,const AES_KEY *key, unsigned char *ivec,const int enc) { int n,rem,num; unsigned char ovec[AES_BLOCK_SIZE*2 + 1]; /* +1 because we dererefence (but don't use) one byte off the end */ if (nbits<=0 || nbits>128) return; /* fill in the first half of the new IV with the current IV */ memcpy(ovec,ivec,AES_BLOCK_SIZE); /* construct the new IV */ AES_encrypt(ivec,ivec,key); num = (nbits+7)/8; if (enc) /* encrypt the input */ for(n=0 ; n < num ; ++n) out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n] ^ ivec[n]); else /* decrypt the input */ for(n=0 ; n < num ; ++n) out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n]) ^ ivec[n]; /* shift ovec left... */ rem = nbits%8; num = nbits/8; if(rem==0) memcpy(ivec,ovec+num,AES_BLOCK_SIZE); else for(n=0 ; n < AES_BLOCK_SIZE ; ++n) ivec[n] = ovec[n+num]<<rem | ovec[n+num+1]>>(8-rem); /* it is not necessary to cleanse ovec, since the IV is not secret */ CRYPTO_cfb128_encrypt(in,out,length,key,ivec,num,enc,(block128_f)AES_encrypt); } /* N.B. This expects the input to be packed, MS bit first */ Loading @@ -222,31 +69,13 @@ void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, size_t length, const AES_KEY *key, unsigned char *ivec, int *num, const int enc) { size_t n; unsigned char c[1],d[1]; assert(in && out && key && ivec && num); assert(*num == 0); memset(out,0,(length+7)/8); for(n=0 ; n < length ; ++n) { c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0; AES_cfbr_encrypt_block(c,d,1,key,ivec,enc); out[n/8]=(out[n/8]&~(1 << (7-n%8)))|((d[0]&0x80) >> (n%8)); } CRYPTO_cfb128_1_encrypt(in,out,length,key,ivec,num,enc,(block128_f)AES_encrypt); } void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, size_t length, const AES_KEY *key, unsigned char *ivec, int *num, const int enc) { size_t n; assert(in && out && key && ivec && num); assert(*num == 0); for(n=0 ; n < length ; ++n) AES_cfbr_encrypt_block(&in[n],&out[n],8,key,ivec,enc); CRYPTO_cfb128_8_encrypt(in,out,length,key,ivec,num,enc,(block128_f)AES_encrypt); } crypto/aes/aes_ctr.c +2 −78 Original line number Diff line number Diff line Loading @@ -49,89 +49,13 @@ * */ #ifndef AES_DEBUG # ifndef NDEBUG # define NDEBUG # endif #endif #include <openssl/aes.h> #include <openssl/crypto.h> #include "aes_locl.h" /* NOTE: the IV/counter CTR mode is big-endian. The rest of the AES code * is endian-neutral. */ /* increment counter (128-bit int) by 1 */ static void AES_ctr128_inc(unsigned char *counter) { unsigned long c; /* Grab bottom dword of counter and increment */ c = GETU32(counter + 12); c++; c &= 0xFFFFFFFF; PUTU32(counter + 12, c); /* if no overflow, we're done */ if (c) return; #include <openssl/modes.h> /* Grab 1st dword of counter and increment */ c = GETU32(counter + 8); c++; c &= 0xFFFFFFFF; PUTU32(counter + 8, c); /* if no overflow, we're done */ if (c) return; /* Grab 2nd dword of counter and increment */ c = GETU32(counter + 4); c++; c &= 0xFFFFFFFF; PUTU32(counter + 4, c); /* if no overflow, we're done */ if (c) return; /* Grab top dword of counter and increment */ c = GETU32(counter + 0); c++; c &= 0xFFFFFFFF; PUTU32(counter + 0, c); } /* The input encrypted as though 128bit counter mode is being * used. The extra state information to record how much of the * 128bit block we have used is contained in *num, and the * encrypted counter is kept in ecount_buf. Both *num and * ecount_buf must be initialised with zeros before the first * call to AES_ctr128_encrypt(). * * This algorithm assumes that the counter is in the x lower bits * of the IV (ivec), and that the application has full control over * overflow and the rest of the IV. This implementation takes NO * responsability for checking that the counter doesn't overflow * into the rest of the IV when incremented. */ void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, size_t length, const AES_KEY *key, unsigned char ivec[AES_BLOCK_SIZE], unsigned char ecount_buf[AES_BLOCK_SIZE], unsigned int *num) { unsigned int n; OPENSSL_assert(in && out && key && ecount_buf && num); OPENSSL_assert(*num < AES_BLOCK_SIZE); n = *num; while (length--) { if (n == 0) { AES_encrypt(ivec, ecount_buf, key); AES_ctr128_inc(ivec); } *(out++) = *(in++) ^ ecount_buf[n]; n = (n+1) % AES_BLOCK_SIZE; } *num=n; CRYPTO_ctr128_encrypt(in,out,length,key,ivec,ecount_buf,num,(block128_f)AES_encrypt); } Loading
Makefile.org +1 −1 Original line number Diff line number Diff line Loading @@ -115,7 +115,7 @@ SHLIBDIRS= crypto ssl SDIRS= \ objects \ md2 md4 md5 sha mdc2 hmac ripemd whrlpool \ des aes rc2 rc4 rc5 idea bf cast camellia seed \ des aes rc2 rc4 rc5 idea bf cast camellia seed modes \ bn ec rsa dsa ecdsa dh ecdh dso engine \ buffer bio stack lhash rand err \ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ Loading
crypto/aes/Makefile +8 −12 Original line number Diff line number Diff line Loading @@ -100,18 +100,14 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. aes_cbc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h aes_cbc.o: ../../include/openssl/opensslconf.h aes_cbc.c aes_locl.h aes_cfb.o: ../../e_os.h ../../include/openssl/aes.h aes_cfb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h aes_cfb.o: aes_cfb.c aes_locl.h aes_cbc.o: ../../include/openssl/aes.h ../../include/openssl/modes.h aes_cbc.o: ../../include/openssl/opensslconf.h aes_cbc.c aes_cfb.o: ../../include/openssl/aes.h ../../include/openssl/modes.h aes_cfb.o: ../../include/openssl/opensslconf.h aes_cfb.c aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h aes_core.o: ../../include/openssl/opensslconf.h aes_core.c aes_locl.h aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/crypto.h aes_ctr.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h aes_ctr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h aes_ctr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h aes_ctr.o: ../../include/openssl/symhacks.h aes_ctr.c aes_locl.h aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/modes.h aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c aes_ecb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h aes_ecb.o: ../../include/openssl/opensslconf.h aes_ecb.c aes_locl.h aes_ige.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/bio.h Loading @@ -124,8 +120,8 @@ aes_ige.o: ../../include/openssl/symhacks.h ../cryptlib.h aes_ige.c aes_locl.h aes_misc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h aes_misc.o: ../../include/openssl/opensslconf.h aes_misc.o: ../../include/openssl/opensslv.h aes_locl.h aes_misc.c aes_ofb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h aes_ofb.o: ../../include/openssl/opensslconf.h aes_locl.h aes_ofb.c aes_ofb.o: ../../include/openssl/aes.h ../../include/openssl/modes.h aes_ofb.o: ../../include/openssl/opensslconf.h aes_ofb.c aes_wrap.o: ../../e_os.h ../../include/openssl/aes.h aes_wrap.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h aes_wrap.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h Loading
crypto/aes/aes_cbc.c +5 −72 Original line number Diff line number Diff line Loading @@ -49,82 +49,15 @@ * */ #ifndef AES_DEBUG # ifndef NDEBUG # define NDEBUG # endif #endif #include <assert.h> #include <openssl/aes.h> #include "aes_locl.h" #include <openssl/modes.h> void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len, const AES_KEY *key, unsigned char *ivec, const int enc) { size_t n; unsigned char tmp[AES_BLOCK_SIZE]; const unsigned char *iv = ivec; assert(in && out && key && ivec); assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc)); if (AES_ENCRYPT == enc) { while (len >= AES_BLOCK_SIZE) { for(n=0; n < AES_BLOCK_SIZE; ++n) out[n] = in[n] ^ iv[n]; AES_encrypt(out, out, key); iv = out; len -= AES_BLOCK_SIZE; in += AES_BLOCK_SIZE; out += AES_BLOCK_SIZE; } if (len) { for(n=0; n < len; ++n) out[n] = in[n] ^ iv[n]; for(n=len; n < AES_BLOCK_SIZE; ++n) out[n] = iv[n]; AES_encrypt(out, out, key); iv = out; } memcpy(ivec,iv,AES_BLOCK_SIZE); } else if (in != out) { while (len >= AES_BLOCK_SIZE) { AES_decrypt(in, out, key); for(n=0; n < AES_BLOCK_SIZE; ++n) out[n] ^= iv[n]; iv = in; len -= AES_BLOCK_SIZE; in += AES_BLOCK_SIZE; out += AES_BLOCK_SIZE; } if (len) { AES_decrypt(in,tmp,key); for(n=0; n < len; ++n) out[n] = tmp[n] ^ iv[n]; iv = in; } memcpy(ivec,iv,AES_BLOCK_SIZE); } else { while (len >= AES_BLOCK_SIZE) { memcpy(tmp, in, AES_BLOCK_SIZE); AES_decrypt(in, out, key); for(n=0; n < AES_BLOCK_SIZE; ++n) out[n] ^= ivec[n]; memcpy(ivec, tmp, AES_BLOCK_SIZE); len -= AES_BLOCK_SIZE; in += AES_BLOCK_SIZE; out += AES_BLOCK_SIZE; } if (len) { memcpy(tmp, in, AES_BLOCK_SIZE); AES_decrypt(tmp, out, key); for(n=0; n < len; ++n) out[n] ^= ivec[n]; for(n=len; n < AES_BLOCK_SIZE; ++n) out[n] = tmp[n]; memcpy(ivec, tmp, AES_BLOCK_SIZE); } } if (enc) CRYPTO_cbc128_encrypt(in,out,len,key,ivec,(block_f)AES_encrypt); else CRYPTO_cbc128_decrypt(in,out,len,key,ivec,(block_f)AES_decrypt); }
crypto/aes/aes_cfb.c +4 −175 Original line number Diff line number Diff line Loading @@ -49,23 +49,8 @@ * */ #ifndef AES_DEBUG # ifndef NDEBUG # define NDEBUG # endif #endif #include <assert.h> #include <openssl/aes.h> #include "aes_locl.h" #include "e_os.h" #define STRICT_ALIGNMENT #if defined(__i386) || defined(__i386__) || \ defined(__x86_64) || defined(__x86_64__) || \ defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) # undef STRICT_ALIGNMENT #endif #include <openssl/modes.h> /* The input and output encrypted as though 128bit cfb mode is being * used. The extra state information to record how much of the Loading @@ -76,145 +61,7 @@ void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, size_t length, const AES_KEY *key, unsigned char *ivec, int *num, const int enc) { unsigned int n; size_t l = 0; assert(in && out && key && ivec && num); n = *num; #if !defined(OPENSSL_SMALL_FOOTPRINT) if (AES_BLOCK_SIZE%sizeof(size_t) == 0) { /* always true actually */ if (enc) { if (n) { while (length) { *(out++) = ivec[n] ^= *(in++); length--; if(!(n = (n + 1) % AES_BLOCK_SIZE)) break; } } #if defined(STRICT_ALIGNMENT) if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) goto enc_unaligned; #endif while ((l + AES_BLOCK_SIZE) <= length) { unsigned int i; AES_encrypt(ivec, ivec, key); for (i=0;i<AES_BLOCK_SIZE;i+=sizeof(size_t)) { *(size_t*)(out+l+i) = *(size_t*)(ivec+i) ^= *(size_t*)(in+l+i); } l += AES_BLOCK_SIZE; } if (l < length) { AES_encrypt(ivec, ivec, key); do { out[l] = ivec[n] ^= in[l]; l++; n++; } while (l < length); } } else { if (n) { while (length) { unsigned char c; *(out++) = ivec[n] ^ (c = *(in++)); ivec[n] = c; length--; if(!(n = (n + 1) % AES_BLOCK_SIZE)) break; } } #if defined(STRICT_ALIGNMENT) if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) goto dec_unaligned; #endif while (l + AES_BLOCK_SIZE <= length) { unsigned int i; AES_encrypt(ivec, ivec, key); for (i=0;i<AES_BLOCK_SIZE;i+=sizeof(size_t)) { size_t t = *(size_t*)(in+l+i); *(size_t*)(out+l+i) = *(size_t*)(ivec+i) ^ t; *(size_t*)(ivec+i) = t; } l += AES_BLOCK_SIZE; } if (l < length) { AES_encrypt(ivec, ivec, key); do { unsigned char c; out[l] = ivec[n] ^ (c = in[l]); ivec[n] = c; l++; n++; } while (l < length); } } *num = n; return; } #endif /* this code would be commonly eliminated by x86* compiler */ if (enc) { #if defined(STRICT_ALIGNMENT) && !defined(OPENSSL_SMALL_FOOTPRINT) enc_unaligned: #endif while (l<length) { if (n == 0) { AES_encrypt(ivec, ivec, key); } out[l] = ivec[n] ^= in[l]; l++; n = (n+1) % AES_BLOCK_SIZE; } } else { #if defined(STRICT_ALIGNMENT) && !defined(OPENSSL_SMALL_FOOTPRINT) dec_unaligned: #endif while (l<length) { unsigned char c; if (n == 0) { AES_encrypt(ivec, ivec, key); } out[l] = ivec[n] ^ (c = in[l]); ivec[n] = c; l++; n = (n+1) % AES_BLOCK_SIZE; } } *num=n; } /* This expects a single block of size nbits for both in and out. Note that it corrupts any extra bits in the last byte of out */ void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out, const int nbits,const AES_KEY *key, unsigned char *ivec,const int enc) { int n,rem,num; unsigned char ovec[AES_BLOCK_SIZE*2 + 1]; /* +1 because we dererefence (but don't use) one byte off the end */ if (nbits<=0 || nbits>128) return; /* fill in the first half of the new IV with the current IV */ memcpy(ovec,ivec,AES_BLOCK_SIZE); /* construct the new IV */ AES_encrypt(ivec,ivec,key); num = (nbits+7)/8; if (enc) /* encrypt the input */ for(n=0 ; n < num ; ++n) out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n] ^ ivec[n]); else /* decrypt the input */ for(n=0 ; n < num ; ++n) out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n]) ^ ivec[n]; /* shift ovec left... */ rem = nbits%8; num = nbits/8; if(rem==0) memcpy(ivec,ovec+num,AES_BLOCK_SIZE); else for(n=0 ; n < AES_BLOCK_SIZE ; ++n) ivec[n] = ovec[n+num]<<rem | ovec[n+num+1]>>(8-rem); /* it is not necessary to cleanse ovec, since the IV is not secret */ CRYPTO_cfb128_encrypt(in,out,length,key,ivec,num,enc,(block128_f)AES_encrypt); } /* N.B. This expects the input to be packed, MS bit first */ Loading @@ -222,31 +69,13 @@ void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, size_t length, const AES_KEY *key, unsigned char *ivec, int *num, const int enc) { size_t n; unsigned char c[1],d[1]; assert(in && out && key && ivec && num); assert(*num == 0); memset(out,0,(length+7)/8); for(n=0 ; n < length ; ++n) { c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0; AES_cfbr_encrypt_block(c,d,1,key,ivec,enc); out[n/8]=(out[n/8]&~(1 << (7-n%8)))|((d[0]&0x80) >> (n%8)); } CRYPTO_cfb128_1_encrypt(in,out,length,key,ivec,num,enc,(block128_f)AES_encrypt); } void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, size_t length, const AES_KEY *key, unsigned char *ivec, int *num, const int enc) { size_t n; assert(in && out && key && ivec && num); assert(*num == 0); for(n=0 ; n < length ; ++n) AES_cfbr_encrypt_block(&in[n],&out[n],8,key,ivec,enc); CRYPTO_cfb128_8_encrypt(in,out,length,key,ivec,num,enc,(block128_f)AES_encrypt); }
crypto/aes/aes_ctr.c +2 −78 Original line number Diff line number Diff line Loading @@ -49,89 +49,13 @@ * */ #ifndef AES_DEBUG # ifndef NDEBUG # define NDEBUG # endif #endif #include <openssl/aes.h> #include <openssl/crypto.h> #include "aes_locl.h" /* NOTE: the IV/counter CTR mode is big-endian. The rest of the AES code * is endian-neutral. */ /* increment counter (128-bit int) by 1 */ static void AES_ctr128_inc(unsigned char *counter) { unsigned long c; /* Grab bottom dword of counter and increment */ c = GETU32(counter + 12); c++; c &= 0xFFFFFFFF; PUTU32(counter + 12, c); /* if no overflow, we're done */ if (c) return; #include <openssl/modes.h> /* Grab 1st dword of counter and increment */ c = GETU32(counter + 8); c++; c &= 0xFFFFFFFF; PUTU32(counter + 8, c); /* if no overflow, we're done */ if (c) return; /* Grab 2nd dword of counter and increment */ c = GETU32(counter + 4); c++; c &= 0xFFFFFFFF; PUTU32(counter + 4, c); /* if no overflow, we're done */ if (c) return; /* Grab top dword of counter and increment */ c = GETU32(counter + 0); c++; c &= 0xFFFFFFFF; PUTU32(counter + 0, c); } /* The input encrypted as though 128bit counter mode is being * used. The extra state information to record how much of the * 128bit block we have used is contained in *num, and the * encrypted counter is kept in ecount_buf. Both *num and * ecount_buf must be initialised with zeros before the first * call to AES_ctr128_encrypt(). * * This algorithm assumes that the counter is in the x lower bits * of the IV (ivec), and that the application has full control over * overflow and the rest of the IV. This implementation takes NO * responsability for checking that the counter doesn't overflow * into the rest of the IV when incremented. */ void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, size_t length, const AES_KEY *key, unsigned char ivec[AES_BLOCK_SIZE], unsigned char ecount_buf[AES_BLOCK_SIZE], unsigned int *num) { unsigned int n; OPENSSL_assert(in && out && key && ecount_buf && num); OPENSSL_assert(*num < AES_BLOCK_SIZE); n = *num; while (length--) { if (n == 0) { AES_encrypt(ivec, ecount_buf, key); AES_ctr128_inc(ivec); } *(out++) = *(in++) ^ ecount_buf[n]; n = (n+1) % AES_BLOCK_SIZE; } *num=n; CRYPTO_ctr128_encrypt(in,out,length,key,ivec,ecount_buf,num,(block128_f)AES_encrypt); }
