SecBSD/src
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sync with OpenBSD -current

Browse source
This commit is contained in:
purplerain 2024-03-28 05:02:39 +00:00
parent 0189975fb5
commit cc5edceac3
Signed by: purplerain
GPG key ID: F42C07F07E2E35B7
87 changed files with 1329 additions and 4278 deletions
Download patch file Download diff file Expand all files Collapse all files

23
lib/libcrypto/Makefile
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.175 2024/03/19 19:27:33 tb Exp $
# $OpenBSD: Makefile,v 1.183 2024/03/28 02:09:28 jsing Exp $
LIB= crypto
LIBREBUILD=y
@ -72,12 +72,8 @@ SRCS+= o_fips.c
SRCS+= o_str.c
# aes/
SRCS+= aes_cfb.c
SRCS+= aes_ctr.c
SRCS+= aes_ecb.c
SRCS+= aes.c
SRCS+= aes_ige.c
SRCS+= aes_ofb.c
SRCS+= aes_wrap.c
# asn1/
SRCS+= a_bitstr.c
@ -142,10 +138,7 @@ SRCS+= x_x509.c
SRCS+= x_x509a.c
# bf/
SRCS+= bf_cfb64.c
SRCS+= bf_ecb.c
SRCS+= bf_ofb64.c
SRCS+= bf_skey.c
SRCS+= blowfish.c
# bio/
SRCS+= b_dump.c
@ -273,12 +266,14 @@ SRCS+= cbc_enc.c
SRCS+= cfb64ede.c
SRCS+= cfb64enc.c
SRCS+= cfb_enc.c
SRCS+= des_enc.c
SRCS+= ecb3_enc.c
SRCS+= ecb_enc.c
SRCS+= ede_cbcm_enc.c
SRCS+= enc_read.c
SRCS+= enc_writ.c
SRCS+= fcrypt.c
SRCS+= fcrypt_b.c
SRCS+= ofb64ede.c
SRCS+= ofb64enc.c
SRCS+= ofb_enc.c
@ -497,6 +492,9 @@ SRCS+= rc2_skey.c
SRCS+= rc2cfb64.c
SRCS+= rc2ofb64.c
# rc4/
SRCS+= rc4.c
# ripemd/
SRCS+= ripemd.c
@ -793,14 +791,9 @@ obj_dat.h: obj_mac.h ${SSL_OBJECTS}/obj_dat.pl
CFLAGS+=-DOPENSSL_NO_ASM
SRCS+= aes_core.c
SRCS+= aes_cbc.c
SRCS+= bf_enc.c
SRCS+= camellia.c
SRCS+= cmll_cbc.c
SRCS+= cmll_misc.c
SRCS+= des_enc.c
SRCS+= fcrypt_b.c
SRCS+= rc4_enc.c
SRCS+= rc4_skey.c
SRCS+= wp_block.c
.endif

19
lib/libcrypto/Symbols.namespace
View file

@ -2523,3 +2523,22 @@ _libre_OPENSSL_gmtime
_libre_OPENSSL_timegm
_libre_OPENSSL_posix_to_tm
_libre_OPENSSL_tm_to_posix
_libre_ENGINE_load_builtin_engines
_libre_ENGINE_load_dynamic
_libre_ENGINE_load_openssl
_libre_ENGINE_register_all_complete
_libre_ENGINE_cleanup
_libre_ENGINE_new
_libre_ENGINE_free
_libre_ENGINE_init
_libre_ENGINE_finish
_libre_ENGINE_by_id
_libre_ENGINE_get_id
_libre_ENGINE_get_name
_libre_ENGINE_set_default
_libre_ENGINE_get_default_RSA
_libre_ENGINE_set_default_RSA
_libre_ENGINE_ctrl_cmd
_libre_ENGINE_ctrl_cmd_string
_libre_ENGINE_load_private_key
_libre_ENGINE_load_public_key

190
lib/libcrypto/aes/aes.c Normal file
View file

@ -0,0 +1,190 @@
/* $OpenBSD: aes.c,v 1.1 2024/03/28 00:57:26 jsing Exp $ */
/* ====================================================================
* Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
#include <string.h>
#include <openssl/aes.h>
#include <openssl/bio.h>
#include <openssl/modes.h>
static const unsigned char aes_wrap_default_iv[] = {
0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6,
};
/*
* The input and output encrypted as though 128bit cfb mode is being
* used. The extra state information to record how much of the
* 128bit block we have used is contained in *num;
*/
void
AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, size_t length,
const AES_KEY *key, unsigned char *ivec, int *num, const int enc)
{
CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc,
(block128_f)AES_encrypt);
}
/* N.B. This expects the input to be packed, MS bit first */
void
AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, size_t length,
const AES_KEY *key, unsigned char *ivec, int *num, const int enc)
{
CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc,
(block128_f)AES_encrypt);
}
void
AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, size_t length,
const AES_KEY *key, unsigned char *ivec, int *num, const int enc)
{
CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc,
(block128_f)AES_encrypt);
}
void
AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const AES_KEY *key, unsigned char ivec[AES_BLOCK_SIZE],
unsigned char ecount_buf[AES_BLOCK_SIZE], unsigned int *num)
{
CRYPTO_ctr128_encrypt(in, out, length, key, ivec, ecount_buf, num,
(block128_f)AES_encrypt);
}
void
AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
const AES_KEY *key, const int enc)
{
if (AES_ENCRYPT == enc)
AES_encrypt(in, out, key);
else
AES_decrypt(in, out, key);
}
void
AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, size_t length,
const AES_KEY *key, unsigned char *ivec, int *num)
{
CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num,
(block128_f)AES_encrypt);
}
int
AES_wrap_key(AES_KEY *key, const unsigned char *iv, unsigned char *out,
const unsigned char *in, unsigned int inlen)
{
unsigned char *A, B[16], *R;
unsigned int i, j, t;
if ((inlen & 0x7) || (inlen < 16))
return -1;
A = B;
t = 1;
memmove(out + 8, in, inlen);
if (!iv)
iv = aes_wrap_default_iv;
memcpy(A, iv, 8);
for (j = 0; j < 6; j++) {
R = out + 8;
for (i = 0; i < inlen; i += 8, t++, R += 8) {
memcpy(B + 8, R, 8);
AES_encrypt(B, B, key);
A[7] ^= (unsigned char)(t & 0xff);
if (t > 0xff) {
A[6] ^= (unsigned char)((t >> 8) & 0xff);
A[5] ^= (unsigned char)((t >> 16) & 0xff);
A[4] ^= (unsigned char)((t >> 24) & 0xff);
}
memcpy(R, B + 8, 8);
}
}
memcpy(out, A, 8);
return inlen + 8;
}
int
AES_unwrap_key(AES_KEY *key, const unsigned char *iv, unsigned char *out,
const unsigned char *in, unsigned int inlen)
{
unsigned char *A, B[16], *R;
unsigned int i, j, t;
if ((inlen & 0x7) || (inlen < 24))
return -1;
inlen -= 8;
A = B;
t = 6 * (inlen >> 3);
memcpy(A, in, 8);
memmove(out, in + 8, inlen);
for (j = 0; j < 6; j++) {
R = out + inlen - 8;
for (i = 0; i < inlen; i += 8, t--, R -= 8) {
A[7] ^= (unsigned char)(t & 0xff);
if (t > 0xff) {
A[6] ^= (unsigned char)((t >> 8) & 0xff);
A[5] ^= (unsigned char)((t >> 16) & 0xff);
A[4] ^= (unsigned char)((t >> 24) & 0xff);
}
memcpy(B + 8, R, 8);
AES_decrypt(B, B, key);
memcpy(R, B + 8, 8);
}
}
if (!iv)
iv = aes_wrap_default_iv;
if (memcmp(A, iv, 8)) {
explicit_bzero(out, inlen);
return 0;
}
return inlen;
}

282
lib/libcrypto/aes/aes_core.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: aes_core.c,v 1.14 2022/11/26 16:08:50 tb Exp $ */
/* $OpenBSD: aes_core.c,v 1.19 2024/03/27 11:15:44 jsing Exp $ */
/**
* rijndael-alg-fst.c
*
@ -25,20 +25,18 @@
* EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/* Note: rewritten a little bit to provide error control and an OpenSSL-
compatible API */
#ifndef AES_DEBUG
# ifndef NDEBUG
# define NDEBUG
# endif
#endif
/*
* Note: rewritten a little bit to provide error control and an OpenSSL-
* compatible API.
*/
#include <stdlib.h>
#include <openssl/aes.h>
#include "aes_local.h"
#ifndef AES_ASM
#include <openssl/aes.h>
#include "aes_local.h"
#include "crypto_internal.h"
/*
Te0[x] = S [x].[02, 01, 01, 03];
Te1[x] = S [x].[03, 02, 01, 01];
@ -645,10 +643,10 @@ AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key)
else
key->rounds = 14;
rk[0] = GETU32(userKey);
rk[1] = GETU32(userKey + 4);
rk[2] = GETU32(userKey + 8);
rk[3] = GETU32(userKey + 12);
rk[0] = crypto_load_be32toh(&userKey[0 * 4]);
rk[1] = crypto_load_be32toh(&userKey[1 * 4]);
rk[2] = crypto_load_be32toh(&userKey[2 * 4]);
rk[3] = crypto_load_be32toh(&userKey[3 * 4]);
if (bits == 128) {
while (1) {
temp = rk[3];
@ -667,8 +665,8 @@ AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key)
rk += 4;
}
}
rk[4] = GETU32(userKey + 16);
rk[5] = GETU32(userKey + 20);
rk[4] = crypto_load_be32toh(&userKey[4 * 4]);
rk[5] = crypto_load_be32toh(&userKey[5 * 4]);
if (bits == 192) {
while (1) {
temp = rk[5];
@ -689,8 +687,8 @@ AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key)
rk += 6;
}
}
rk[6] = GETU32(userKey + 24);
rk[7] = GETU32(userKey + 28);
rk[6] = crypto_load_be32toh(&userKey[6 * 4]);
rk[7] = crypto_load_be32toh(&userKey[7 * 4]);
if (bits == 256) {
while (1) {
temp = rk[7];
@ -781,6 +779,7 @@ AES_set_decrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key)
return 0;
}
#ifndef AES_ASM
/*
* Encrypt a single block
* in and out can overlap
@ -800,10 +799,10 @@ AES_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key)
* map byte array block to cipher state
* and add initial round key:
*/
s0 = GETU32(in ) ^ rk[0];
s1 = GETU32(in + 4) ^ rk[1];
s2 = GETU32(in + 8) ^ rk[2];
s3 = GETU32(in + 12) ^ rk[3];
s0 = crypto_load_be32toh(&in[0 * 4]) ^ rk[0];
s1 = crypto_load_be32toh(&in[1 * 4]) ^ rk[1];
s2 = crypto_load_be32toh(&in[2 * 4]) ^ rk[2];
s3 = crypto_load_be32toh(&in[3 * 4]) ^ rk[3];
#ifdef FULL_UNROLL
/* round 1: */
t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4];
@ -947,28 +946,28 @@ AES_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key)
(Te0[(t2 >> 8) & 0xff] & 0x0000ff00) ^
(Te1[(t3) & 0xff] & 0x000000ff) ^
rk[0];
PUTU32(out, s0);
crypto_store_htobe32(&out[0 * 4], s0);
s1 =
(Te2[(t1 >> 24)] & 0xff000000) ^
(Te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^
(Te0[(t3 >> 8) & 0xff] & 0x0000ff00) ^
(Te1[(t0) & 0xff] & 0x000000ff) ^
rk[1];
PUTU32(out + 4, s1);
crypto_store_htobe32(&out[1 * 4], s1);
s2 =
(Te2[(t2 >> 24)] & 0xff000000) ^
(Te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^
(Te0[(t0 >> 8) & 0xff] & 0x0000ff00) ^
(Te1[(t1) & 0xff] & 0x000000ff) ^
rk[2];
PUTU32(out + 8, s2);
crypto_store_htobe32(&out[2 * 4], s2);
s3 =
(Te2[(t3 >> 24)] & 0xff000000) ^
(Te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^
(Te0[(t1 >> 8) & 0xff] & 0x0000ff00) ^
(Te1[(t2) & 0xff] & 0x000000ff) ^
rk[3];
PUTU32(out + 12, s3);
crypto_store_htobe32(&out[3 * 4], s3);
}
/*
@ -990,10 +989,10 @@ AES_decrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key)
* map byte array block to cipher state
* and add initial round key:
*/
s0 = GETU32(in) ^ rk[0];
s1 = GETU32(in + 4) ^ rk[1];
s2 = GETU32(in + 8) ^ rk[2];
s3 = GETU32(in + 12) ^ rk[3];
s0 = crypto_load_be32toh(&in[0 * 4]) ^ rk[0];
s1 = crypto_load_be32toh(&in[1 * 4]) ^ rk[1];
s2 = crypto_load_be32toh(&in[2 * 4]) ^ rk[2];
s3 = crypto_load_be32toh(&in[3 * 4]) ^ rk[3];
#ifdef FULL_UNROLL
/* round 1: */
t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[ 4];
@ -1137,238 +1136,27 @@ AES_decrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key)
(Td4[(t2 >> 8) & 0xff] << 8) ^
(Td4[(t1) & 0xff]) ^
rk[0];
PUTU32(out, s0);
crypto_store_htobe32(&out[0 * 4], s0);
s1 =
(((uint32_t)Td4[(t1 >> 24)]) << 24) ^
(Td4[(t0 >> 16) & 0xff] << 16) ^
(Td4[(t3 >> 8) & 0xff] << 8) ^
(Td4[(t2) & 0xff]) ^
rk[1];
PUTU32(out + 4, s1);
crypto_store_htobe32(&out[1 * 4], s1);
s2 =
(((uint32_t)Td4[(t2 >> 24)]) << 24) ^
(Td4[(t1 >> 16) & 0xff] << 16) ^
(Td4[(t0 >> 8) & 0xff] << 8) ^
(Td4[(t3) & 0xff]) ^
rk[2];
PUTU32(out + 8, s2);
crypto_store_htobe32(&out[2 * 4], s2);
s3 =
(((uint32_t)Td4[(t3 >> 24)]) << 24) ^
(Td4[(t2 >> 16) & 0xff] << 16) ^
(Td4[(t1 >> 8) & 0xff] << 8) ^
(Td4[(t0) & 0xff]) ^
rk[3];
PUTU32(out + 12, s3);
crypto_store_htobe32(&out[3 * 4], s3);
}
#else /* AES_ASM */
static const u8 Te4[256] = {
0x63U, 0x7cU, 0x77U, 0x7bU, 0xf2U, 0x6bU, 0x6fU, 0xc5U,
0x30U, 0x01U, 0x67U, 0x2bU, 0xfeU, 0xd7U, 0xabU, 0x76U,
0xcaU, 0x82U, 0xc9U, 0x7dU, 0xfaU, 0x59U, 0x47U, 0xf0U,
0xadU, 0xd4U, 0xa2U, 0xafU, 0x9cU, 0xa4U, 0x72U, 0xc0U,
0xb7U, 0xfdU, 0x93U, 0x26U, 0x36U, 0x3fU, 0xf7U, 0xccU,
0x34U, 0xa5U, 0xe5U, 0xf1U, 0x71U, 0xd8U, 0x31U, 0x15U,
0x04U, 0xc7U, 0x23U, 0xc3U, 0x18U, 0x96U, 0x05U, 0x9aU,
0x07U, 0x12U, 0x80U, 0xe2U, 0xebU, 0x27U, 0xb2U, 0x75U,
0x09U, 0x83U, 0x2cU, 0x1aU, 0x1bU, 0x6eU, 0x5aU, 0xa0U,
0x52U, 0x3bU, 0xd6U, 0xb3U, 0x29U, 0xe3U, 0x2fU, 0x84U,
0x53U, 0xd1U, 0x00U, 0xedU, 0x20U, 0xfcU, 0xb1U, 0x5bU,
0x6aU, 0xcbU, 0xbeU, 0x39U, 0x4aU, 0x4cU, 0x58U, 0xcfU,
0xd0U, 0xefU, 0xaaU, 0xfbU, 0x43U, 0x4dU, 0x33U, 0x85U,
0x45U, 0xf9U, 0x02U, 0x7fU, 0x50U, 0x3cU, 0x9fU, 0xa8U,
0x51U, 0xa3U, 0x40U, 0x8fU, 0x92U, 0x9dU, 0x38U, 0xf5U,
0xbcU, 0xb6U, 0xdaU, 0x21U, 0x10U, 0xffU, 0xf3U, 0xd2U,
0xcdU, 0x0cU, 0x13U, 0xecU, 0x5fU, 0x97U, 0x44U, 0x17U,
0xc4U, 0xa7U, 0x7eU, 0x3dU, 0x64U, 0x5dU, 0x19U, 0x73U,
0x60U, 0x81U, 0x4fU, 0xdcU, 0x22U, 0x2aU, 0x90U, 0x88U,
0x46U, 0xeeU, 0xb8U, 0x14U, 0xdeU, 0x5eU, 0x0bU, 0xdbU,
0xe0U, 0x32U, 0x3aU, 0x0aU, 0x49U, 0x06U, 0x24U, 0x5cU,
0xc2U, 0xd3U, 0xacU, 0x62U, 0x91U, 0x95U, 0xe4U, 0x79U,
0xe7U, 0xc8U, 0x37U, 0x6dU, 0x8dU, 0xd5U, 0x4eU, 0xa9U,
0x6cU, 0x56U, 0xf4U, 0xeaU, 0x65U, 0x7aU, 0xaeU, 0x08U,
0xbaU, 0x78U, 0x25U, 0x2eU, 0x1cU, 0xa6U, 0xb4U, 0xc6U,
0xe8U, 0xddU, 0x74U, 0x1fU, 0x4bU, 0xbdU, 0x8bU, 0x8aU,
0x70U, 0x3eU, 0xb5U, 0x66U, 0x48U, 0x03U, 0xf6U, 0x0eU,
0x61U, 0x35U, 0x57U, 0xb9U, 0x86U, 0xc1U, 0x1dU, 0x9eU,
0xe1U, 0xf8U, 0x98U, 0x11U, 0x69U, 0xd9U, 0x8eU, 0x94U,
0x9bU, 0x1eU, 0x87U, 0xe9U, 0xceU, 0x55U, 0x28U, 0xdfU,
0x8cU, 0xa1U, 0x89U, 0x0dU, 0xbfU, 0xe6U, 0x42U, 0x68U,
0x41U, 0x99U, 0x2dU, 0x0fU, 0xb0U, 0x54U, 0xbbU, 0x16U
};
static const u32 rcon[] = {
0x01000000, 0x02000000, 0x04000000, 0x08000000,
0x10000000, 0x20000000, 0x40000000, 0x80000000,
0x1B000000, 0x36000000,
/* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
};
/**
* Expand the cipher key into the encryption key schedule.
*/
int
AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key)
{
u32 *rk;
int i = 0;
u32 temp;
if (!userKey || !key)
return -1;
if (bits != 128 && bits != 192 && bits != 256)
return -2;
rk = key->rd_key;
if (bits == 128)
key->rounds = 10;
else if (bits == 192)
key->rounds = 12;
else
key->rounds = 14;
rk[0] = GETU32(userKey);
rk[1] = GETU32(userKey + 4);
rk[2] = GETU32(userKey + 8);
rk[3] = GETU32(userKey + 12);
if (bits == 128) {
while (1) {
temp = rk[3];
rk[4] = rk[0] ^
(Te4[(temp >> 16) & 0xff] << 24) ^
(Te4[(temp >> 8) & 0xff] << 16) ^
(Te4[(temp) & 0xff] << 8) ^
(Te4[(temp >> 24)]) ^
rcon[i];
rk[5] = rk[1] ^ rk[4];
rk[6] = rk[2] ^ rk[5];
rk[7] = rk[3] ^ rk[6];
if (++i == 10) {
return 0;
}
rk += 4;
}
}
rk[4] = GETU32(userKey + 16);
rk[5] = GETU32(userKey + 20);
if (bits == 192) {
while (1) {
temp = rk[5];
rk[6] = rk[0] ^
(Te4[(temp >> 16) & 0xff] << 24) ^
(Te4[(temp >> 8) & 0xff] << 16) ^
(Te4[(temp) & 0xff] << 8) ^
(Te4[(temp >> 24)]) ^
rcon[i];
rk[7] = rk[1] ^ rk[6];
rk[8] = rk[2] ^ rk[7];
rk[9] = rk[3] ^ rk[8];
if (++i == 8) {
return 0;
}
rk[10] = rk[4] ^ rk[9];
rk[11] = rk[5] ^ rk[10];
rk += 6;
}
}
rk[6] = GETU32(userKey + 24);
rk[7] = GETU32(userKey + 28);
if (bits == 256) {
while (1) {
temp = rk[7];
rk[8] = rk[0] ^
(Te4[(temp >> 16) & 0xff] << 24) ^
(Te4[(temp >> 8) & 0xff] << 16) ^
(Te4[(temp) & 0xff] << 8) ^
(Te4[(temp >> 24)]) ^
rcon[i];
rk[9] = rk[1] ^ rk[8];
rk[10] = rk[2] ^ rk[9];
rk[11] = rk[3] ^ rk[10];
if (++i == 7) {
return 0;
}
temp = rk[11];
rk[12] = rk[4] ^
(Te4[(temp >> 24)] << 24) ^
(Te4[(temp >> 16) & 0xff] << 16) ^
(Te4[(temp >> 8) & 0xff] << 8) ^
(Te4[(temp) & 0xff]);
rk[13] = rk[5] ^ rk[12];
rk[14] = rk[6] ^ rk[13];
rk[15] = rk[7] ^ rk[14];
rk += 8;
}
}
return 0;
}
/**
* Expand the cipher key into the decryption key schedule.
*/
int
AES_set_decrypt_key(const unsigned char *userKey, const int bits,
AES_KEY *key)
{
u32 *rk;
int i, j, status;
u32 temp;
/* first, start with an encryption schedule */
status = AES_set_encrypt_key(userKey, bits, key);
if (status < 0)
return status;
rk = key->rd_key;
/* invert the order of the round keys: */
for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
temp = rk[i];
rk[i] = rk[j];
rk[j] = temp;
temp = rk[i + 1];
rk[i + 1] = rk[j + 1];
rk[j + 1] = temp;
temp = rk[i + 2];
rk[i + 2] = rk[j + 2];
rk[j + 2] = temp;
temp = rk[i + 3];
rk[i + 3] = rk[j + 3];
rk[j + 3] = temp;
}
/* apply the inverse MixColumn transform to all round keys but the first and the last: */
for (i = 1; i < (key->rounds); i++) {
rk += 4;
for (j = 0; j < 4; j++) {
u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m;
tp1 = rk[j];
m = tp1 & 0x80808080;
tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^
((m - (m >> 7)) & 0x1b1b1b1b);
m = tp2 & 0x80808080;
tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^
((m - (m >> 7)) & 0x1b1b1b1b);
m = tp4 & 0x80808080;
tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^
((m - (m >> 7)) & 0x1b1b1b1b);
tp9 = tp8 ^ tp1;
tpb = tp9 ^ tp2;
tpd = tp9 ^ tp4;
tpe = tp8 ^ tp4 ^ tp2;
#if defined(ROTATE)
rk[j] = tpe ^ ROTATE(tpd, 16) ^
ROTATE(tp9, 24) ^ ROTATE(tpb, 8);
#else
rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^
(tp9 >> 8) ^ (tp9 << 24) ^
(tpb >> 24) ^ (tpb << 8);
#endif
}
}
return 0;
}
#endif /* AES_ASM */

5
lib/libcrypto/aes/aes_local.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: aes_local.h,v 1.2 2022/11/26 17:23:17 tb Exp $ */
/* $OpenBSD: aes_local.h,v 1.3 2024/03/27 11:15:44 jsing Exp $ */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*
@ -64,9 +64,6 @@
__BEGIN_HIDDEN_DECLS
#define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3]))
#define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); }
typedef unsigned int u32;
typedef unsigned short u16;
typedef unsigned char u8;

1081
lib/libcrypto/aes/aes_x86core.c
View file

File diff suppressed because it is too large Load diff

1237
lib/libcrypto/aes/asm/aesni-sha1-x86_64.pl
View file

File diff suppressed because it is too large Load diff

8
lib/libcrypto/arch/aarch64/Makefile.inc
View file

@ -1,19 +1,13 @@
# $OpenBSD: Makefile.inc,v 1.5 2023/04/05 11:07:40 kettenis Exp $
# $OpenBSD: Makefile.inc,v 1.9 2024/03/28 01:57:00 jsing Exp $
# aarch64-specific libcrypto build rules
# aes
SRCS+= aes_core.c aes_cbc.c
# bf
SRCS+= bf_enc.c
# bn
# camellia
SRCS+= camellia.c cmll_cbc.c cmll_misc.c
# des
SRCS+= des_enc.c fcrypt_b.c
# modes
# rc4
SRCS+= rc4_enc.c rc4_skey.c
# sha
# whrlpool
SRCS+= wp_block.c

10
lib/libcrypto/arch/alpha/Makefile.inc
View file

@ -1,23 +1,17 @@
# $OpenBSD: Makefile.inc,v 1.6 2023/01/31 06:17:10 jsing Exp $
# $OpenBSD: Makefile.inc,v 1.10 2024/03/28 01:57:00 jsing Exp $
# alpha-specific libcrypto build rules
# aes
SRCS+= aes_core.c aes_cbc.c
# bf
SRCS+= bf_enc.c
SRCS+= aes_core.c aes_cbc.c
# bn
SSLASM+= bn alpha-mont
CFLAGS+= -DOPENSSL_BN_ASM_MONT
# camellia
SRCS+= camellia.c cmll_cbc.c cmll_misc.c
# des
SRCS+= des_enc.c fcrypt_b.c
# modes
CFLAGS+= -DGHASH_ASM
SSLASM+= modes ghash-alpha
# rc4
SRCS+= rc4_enc.c rc4_skey.c
# sha
CFLAGS+= -DSHA1_ASM
SSLASM+= sha sha1-alpha

11
lib/libcrypto/arch/amd64/Makefile.inc
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile.inc,v 1.13 2023/04/15 18:23:54 tb Exp $
# $OpenBSD: Makefile.inc,v 1.18 2024/03/28 01:57:00 jsing Exp $
# amd64-specific libcrypto build rules
@ -13,9 +13,6 @@ SSLASM+= aes bsaes-x86_64
CFLAGS+= -DVPAES_ASM
SSLASM+= aes vpaes-x86_64
SSLASM+= aes aesni-x86_64
SSLASM+= aes aesni-sha1-x86_64
# bf
SRCS+= bf_enc.c
# bn
CFLAGS+= -DOPENSSL_IA32_SSE2
CFLAGS+= -DRSA_ASM
@ -42,8 +39,6 @@ SRCS += word_clz.S
# camellia
SRCS+= cmll_misc.c
SSLASM+= camellia cmll-x86_64
# des
SRCS+= des_enc.c fcrypt_b.c
# md5
CFLAGS+= -DMD5_ASM
SSLASM+= md5 md5-x86_64
@ -51,9 +46,9 @@ SSLASM+= md5 md5-x86_64
CFLAGS+= -DGHASH_ASM
SSLASM+= modes ghash-x86_64
# rc4
CFLAGS+= -DRC4_MD5_ASM
CFLAGS+= -DHAVE_RC4_INTERNAL
CFLAGS+= -DHAVE_RC4_SET_KEY_INTERNAL
SSLASM+= rc4 rc4-x86_64
SSLASM+= rc4 rc4-md5-x86_64
# ripemd
# sha
CFLAGS+= -DSHA1_ASM

6
lib/libcrypto/arch/arm/Makefile.inc
View file

@ -6,20 +6,14 @@
SRCS+= aes_cbc.c
CFLAGS+= -DAES_ASM
SSLASM+= aes aes-armv4
# bf
SRCS+= bf_enc.c
# bn
CFLAGS+= -DOPENSSL_BN_ASM_MONT
SSLASM+= bn armv4-mont
# camellia
SRCS+= camellia.c cmll_cbc.c cmll_misc.c
# des
SRCS+= des_enc.c fcrypt_b.c
# modes
CFLAGS+= -DGHASH_ASM
SSLASM+= modes ghash-armv4
# rc4
SRCS+= rc4_enc.c rc4_skey.c
# sha
CFLAGS+= -DSHA1_ASM
SSLASM+= sha sha1-armv4-large

12
lib/libcrypto/arch/hppa/Makefile.inc
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile.inc,v 1.14 2023/01/31 06:17:10 jsing Exp $
# $OpenBSD: Makefile.inc,v 1.19 2024/03/28 01:57:00 jsing Exp $
# hppa-specific libcrypto build rules
@ -6,24 +6,14 @@
SRCS+= aes_core.c aes_cbc.c
CFLAGS+= -DAES_ASM
SSLASM+= aes aes-parisc aes-parisc
# bf
SRCS+= bf_enc.c
# bn
SSLASM+= bn parisc-mont parisc-mont
CFLAGS+= -DOPENSSL_BN_ASM_MONT -DBN_DIV2W
# camellia
SRCS+= camellia.c cmll_cbc.c cmll_misc.c
# des
SRCS+= des_enc.c fcrypt_b.c
# modes
CFLAGS+= -DGHASH_ASM
SSLASM+= modes ghash-parisc ghash-parisc
# rc4
.if 0 # about 35% slower than C code
SSLASM+= rc4 rc4-parisc rc4-parisc
.else
SRCS+= rc4_enc.c rc4_skey.c
.endif
# sha
CFLAGS+= -DSHA1_ASM
SSLASM+= sha sha1-parisc sha1-parisc

13
lib/libcrypto/arch/i386/Makefile.inc
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile.inc,v 1.9 2023/04/15 18:23:54 tb Exp $
# $OpenBSD: Makefile.inc,v 1.15 2024/03/28 01:57:00 jsing Exp $
# i386-specific libcrypto build rules
@ -11,9 +11,6 @@ SSLASM+= aes aes-586
CFLAGS+= -DVPAES_ASM
SSLASM+= aes vpaes-x86
SSLASM+= aes aesni-x86
# bf
SRCS+= bf_cbc.c
SSLASM+= bf bf-586
# bn
CFLAGS+= -DOPENSSL_IA32_SSE2
SSLASM+= bn bn-586
@ -22,9 +19,6 @@ CFLAGS+= -DOPENSSL_BN_ASM_MONT
SSLASM+= bn x86-mont
# camellia
SSLASM+= camellia cmll-x86
# des
SRCS+= fcrypt_b.c
SSLASM+= des des-586
# md5
CFLAGS+= -DMD5_ASM
SSLASM+= md5 md5-586
@ -32,10 +26,9 @@ SSLASM+= md5 md5-586
CFLAGS+= -DGHASH_ASM
SSLASM+= modes ghash-x86
# rc4
CFLAGS+= -DHAVE_RC4_INTERNAL
CFLAGS+= -DHAVE_RC4_SET_KEY_INTERNAL
SSLASM+= rc4 rc4-586
# ripemd
CFLAGS+= -DRMD160_ASM
SSLASM+= ripemd rmd-586
# sha
CFLAGS+= -DSHA1_ASM
SSLASM+= sha sha1-586

8
lib/libcrypto/arch/mips64/Makefile.inc
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile.inc,v 1.7 2023/01/20 10:07:52 jsing Exp $
# $OpenBSD: Makefile.inc,v 1.11 2024/03/28 01:57:00 jsing Exp $
# mips64-specific libcrypto build rules
@ -6,18 +6,12 @@
SRCS+= aes_cbc.c
CFLAGS+= -DAES_ASM
SSLASM+= aes aes-mips aes-mips
# bf
SRCS+= bf_enc.c
# bn
SSLASM+= bn mips bn-mips
SSLASM+= bn mips-mont mips-mont
CFLAGS+= -DOPENSSL_BN_ASM_MONT
# camellia
SRCS+= camellia.c cmll_cbc.c cmll_misc.c
# des
SRCS+= des_enc.c fcrypt_b.c
# rc4
SRCS+= rc4_enc.c rc4_skey.c
# sha
SSLASM+= sha sha1-mips sha1-mips
CFLAGS+= -DSHA1_ASM

8
lib/libcrypto/arch/powerpc/Makefile.inc
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile.inc,v 1.4 2023/01/17 15:04:27 miod Exp $
# $OpenBSD: Makefile.inc,v 1.8 2024/03/28 01:57:00 jsing Exp $
# powerpc-specific libcrypto build rules
@ -7,8 +7,6 @@ SRCS+= aes_core.c aes_cbc.c
# slower than C code
#CFLAGS+= -DAES_ASM
#SSLASM+= aes aes-ppc aes-ppc
# bf
SRCS+= bf_enc.c
# bn
SSLASM+= bn ppc bn-ppc
SSLASM+= bn ppc-mont ppc-mont # bn_mul_mont_int
@ -16,10 +14,6 @@ SSLASM+= bn ppc-mont ppc-mont # bn_mul_mont_int
CFLAGS+= -DOPENSSL_BN_ASM_MONT
# camellia
SRCS+= camellia.c cmll_cbc.c cmll_misc.c
# des
SRCS+= des_enc.c fcrypt_b.c
# rc4
SRCS+= rc4_enc.c rc4_skey.c
# sha
CFLAGS+= -DSHA1_ASM
SSLASM+= sha sha1-ppc sha1-ppc

8
lib/libcrypto/arch/powerpc64/Makefile.inc
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile.inc,v 1.6 2023/01/31 06:17:10 jsing Exp $
# $OpenBSD: Makefile.inc,v 1.10 2024/03/28 01:57:00 jsing Exp $
# powerpc-specific libcrypto build rules
@ -7,8 +7,6 @@ SRCS+= aes_core.c aes_cbc.c
# slower than C code
#CFLAGS+= -DAES_ASM
#SSLASM+= aes aes-ppc aes-ppc
# bf
SRCS+= bf_enc.c
# bn
#SSLASM+= bn ppc bn-ppc
#SSLASM+= bn ppc-mont ppc-mont # bn_mul_mont_int
@ -16,10 +14,6 @@ SRCS+= bf_enc.c
#CFLAGS+= -DOPENSSL_BN_ASM_MONT
# camellia
SRCS+= camellia.c cmll_cbc.c cmll_misc.c
# des
SRCS+= des_enc.c fcrypt_b.c
# rc4
SRCS+= rc4_enc.c rc4_skey.c
# sha
#CFLAGS+= -DSHA1_ASM
#SSLASM+= sha sha1-ppc sha1-ppc

13
lib/libcrypto/arch/riscv64/Makefile.inc
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile.inc,v 1.2 2023/08/25 02:17:41 tb Exp $
# $OpenBSD: Makefile.inc,v 1.6 2024/03/28 01:57:00 jsing Exp $
# riscv64 libcrypto build rules
@ -6,21 +6,10 @@
SRCS+= aes_core.c
SRCS+= aes_cbc.c
# bf
SRCS+= bf_enc.c
# camellia
SRCS+= camellia.c
SRCS+= cmll_cbc.c
SRCS+= cmll_misc.c
# des
SRCS+= des_enc.c
SRCS+= fcrypt_b.c
# rc4
SRCS+= rc4_enc.c
SRCS+= rc4_skey.c
# whrlpool
SRCS+= wp_block.c

12
lib/libcrypto/arch/sparc64/Makefile.inc
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile.inc,v 1.8 2023/01/31 06:17:10 jsing Exp $
# $OpenBSD: Makefile.inc,v 1.13 2024/03/28 01:57:00 jsing Exp $
# sparc64-specific libcrypto build rules
@ -6,22 +6,12 @@
SRCS+= aes_core.c aes_cbc.c
CFLAGS+= -DAES_ASM
SSLASM+= aes aes-sparcv9 aes-sparcv9
# bf
SRCS+= bf_enc.c
# bn
# camellia
SRCS+= camellia.c cmll_cbc.c cmll_misc.c
# des
SRCS+= fcrypt_b.c
SRCS+= des_enc-sparc.S
GENERATED+= des_enc-sparc.S
des_enc-sparc.S: ${LCRYPTO_SRC}/des/asm/des_enc.m4
m4 ${LCRYPTO_SRC}/des/asm/des_enc.m4 > ${.TARGET}
# modes
CFLAGS+= -DGHASH_ASM
SSLASM+= modes ghash-sparcv9 ghash-sparcv9
# rc4
SRCS+= rc4_enc.c rc4_skey.c
# sha
SSLASM+= sha sha1-sparcv9 sha1-sparcv9
CFLAGS+= -DSHA1_ASM

5
lib/libcrypto/asn1/p5_pbe.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: p5_pbe.c,v 1.26 2024/03/02 10:17:37 tb Exp $ */
/* $OpenBSD: p5_pbe.c,v 1.27 2024/03/28 00:44:26 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@ -127,8 +127,7 @@ PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
ASN1_STRING *pbe_str = NULL;
unsigned char *sstr;
pbe = PBEPARAM_new();
if (!pbe) {
if ((pbe = PBEPARAM_new()) == NULL) {
ASN1error(ERR_R_MALLOC_FAILURE);
goto err;
}

137
lib/libcrypto/bf/asm/bf-586.pl
View file

@ -1,137 +0,0 @@
#!/usr/local/bin/perl
$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
push(@INC,"${dir}","${dir}../../perlasm");
require "x86asm.pl";
require "cbc.pl";
&asm_init($ARGV[0],"bf-586.pl",$ARGV[$#ARGV] eq "386");
$BF_ROUNDS=16;
$BF_OFF=($BF_ROUNDS+2)*4;
$L="edi";
$R="esi";
$P="ebp";
$tmp1="eax";
$tmp2="ebx";
$tmp3="ecx";
$tmp4="edx";
&BF_encrypt("BF_encrypt",1);
&BF_encrypt("BF_decrypt",0);
&cbc("BF_cbc_encrypt","BF_encrypt","BF_decrypt",1,4,5,3,-1,-1) unless $main'openbsd;
&asm_finish();
sub BF_encrypt
{
local($name,$enc)=@_;
&function_begin_B($name,"");
&comment("");
&push("ebp");
&push("ebx");
&mov($tmp2,&wparam(0));
&mov($P,&wparam(1));
&push("esi");
&push("edi");
&comment("Load the 2 words");
&mov($L,&DWP(0,$tmp2,"",0));
&mov($R,&DWP(4,$tmp2,"",0));
&xor( $tmp1, $tmp1);
# encrypting part
if ($enc)
{
&mov($tmp2,&DWP(0,$P,"",0));
&xor( $tmp3, $tmp3);
&xor($L,$tmp2);
for ($i=0; $i<$BF_ROUNDS; $i+=2)
{
&comment("");
&comment("Round $i");
&BF_ENCRYPT($i+1,$R,$L,$P,$tmp1,$tmp2,$tmp3,$tmp4,1);
&comment("");
&comment("Round ".sprintf("%d",$i+1));
&BF_ENCRYPT($i+2,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,1);
}
# &mov($tmp1,&wparam(0)); In last loop
&mov($tmp4,&DWP(($BF_ROUNDS+1)*4,$P,"",0));
}
else
{
&mov($tmp2,&DWP(($BF_ROUNDS+1)*4,$P,"",0));
&xor( $tmp3, $tmp3);
&xor($L,$tmp2);
for ($i=$BF_ROUNDS; $i>0; $i-=2)
{
&comment("");
&comment("Round $i");
&BF_ENCRYPT($i,$R,$L,$P,$tmp1,$tmp2,$tmp3,$tmp4,0);
&comment("");
&comment("Round ".sprintf("%d",$i-1));
&BF_ENCRYPT($i-1,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,0);
}
# &mov($tmp1,&wparam(0)); In last loop
&mov($tmp4,&DWP(0,$P,"",0));
}
&xor($R,$tmp4);
&mov(&DWP(4,$tmp1,"",0),$L);
&mov(&DWP(0,$tmp1,"",0),$R);
&function_end($name);
}
sub BF_ENCRYPT
{
local($i,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,$enc)=@_;
&mov( $tmp4, &DWP(&n2a($i*4),$P,"",0)); # for next round
&mov( $tmp2, $R);
&xor( $L, $tmp4);
&shr( $tmp2, 16);
&mov( $tmp4, $R);
&movb( &LB($tmp1), &HB($tmp2)); # A
&and( $tmp2, 0xff); # B
&movb( &LB($tmp3), &HB($tmp4)); # C
&and( $tmp4, 0xff); # D
&mov( $tmp1, &DWP(&n2a($BF_OFF+0x0000),$P,$tmp1,4));
&mov( $tmp2, &DWP(&n2a($BF_OFF+0x0400),$P,$tmp2,4));
&add( $tmp2, $tmp1);
&mov( $tmp1, &DWP(&n2a($BF_OFF+0x0800),$P,$tmp3,4));
&xor( $tmp2, $tmp1);
&mov( $tmp4, &DWP(&n2a($BF_OFF+0x0C00),$P,$tmp4,4));
&add( $tmp2, $tmp4);
if (($enc && ($i != 16)) || ((!$enc) && ($i != 1)))
{ &xor( $tmp1, $tmp1); }
else
{
&comment("Load parameter 0 ($i) enc=$enc");
&mov($tmp1,&wparam(0));
} # In last loop
&xor( $L, $tmp2);
# delay
}
sub n2a
{
sprintf("%d",$_[0]);
}

137
lib/libcrypto/bf/bf_cbc.c
View file

@ -1,137 +0,0 @@
/* $OpenBSD: bf_cbc.c,v 1.8 2022/11/26 16:08:51 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <openssl/blowfish.h>
#include "bf_local.h"
void
BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
const BF_KEY *schedule, unsigned char *ivec, int encrypt)
{
BF_LONG tin0, tin1;
BF_LONG tout0, tout1, xor0, xor1;
long l = length;
BF_LONG tin[2];
if (encrypt) {
n2l(ivec, tout0);
n2l(ivec, tout1);
ivec -= 8;
for (l -= 8; l >= 0; l -= 8) {
n2l(in, tin0);
n2l(in, tin1);
tin0 ^= tout0;
tin1 ^= tout1;
tin[0] = tin0;
tin[1] = tin1;
BF_encrypt(tin, schedule);
tout0 = tin[0];
tout1 = tin[1];
l2n(tout0, out);
l2n(tout1, out);
}
if (l != -8) {
n2ln(in, tin0, tin1, l + 8);
tin0 ^= tout0;
tin1 ^= tout1;
tin[0] = tin0;
tin[1] = tin1;
BF_encrypt(tin, schedule);
tout0 = tin[0];
tout1 = tin[1];
l2n(tout0, out);
l2n(tout1, out);
}
l2n(tout0, ivec);
l2n(tout1, ivec);
} else {
n2l(ivec, xor0);
n2l(ivec, xor1);
ivec -= 8;
for (l -= 8; l >= 0; l -= 8) {
n2l(in, tin0);
n2l(in, tin1);
tin[0] = tin0;
tin[1] = tin1;
BF_decrypt(tin, schedule);
tout0 = tin[0]^xor0;
tout1 = tin[1]^xor1;
l2n(tout0, out);
l2n(tout1, out);
xor0 = tin0;
xor1 = tin1;
}
if (l != -8) {
n2l(in, tin0);
n2l(in, tin1);
tin[0] = tin0;
tin[1] = tin1;
BF_decrypt(tin, schedule);
tout0 = tin[0]^xor0;
tout1 = tin[1]^xor1;
l2nn(tout0, tout1, out, l + 8);
xor0 = tin0;
xor1 = tin1;
}
l2n(xor0, ivec);
l2n(xor1, ivec);
}
tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
tin[0] = tin[1] = 0;
}

124
lib/libcrypto/bf/bf_cfb64.c
View file

@ -1,124 +0,0 @@
/* $OpenBSD: bf_cfb64.c,v 1.8 2022/11/26 16:08:51 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <openssl/blowfish.h>
#include "bf_local.h"
/*
* The input and output encrypted as though 64bit cfb mode is being
* used. The extra state information to record how much of the
* 64bit block we have used is contained in *num;
*/
void
BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length,
const BF_KEY *schedule, unsigned char *ivec, int *num, int encrypt)
{
BF_LONG v0, v1, t;
int n= *num;
long l = length;
BF_LONG ti[2];
unsigned char *iv, c, cc;
iv = (unsigned char *)ivec;
if (encrypt) {
while (l--) {
if (n == 0) {
n2l(iv, v0);
ti[0] = v0;
n2l(iv, v1);
ti[1] = v1;
BF_encrypt((BF_LONG *)ti, schedule);
iv = (unsigned char *)ivec;
t = ti[0];
l2n(t, iv);
t = ti[1];
l2n(t, iv);
iv = (unsigned char *)ivec;
}
c= *(in++)^iv[n];
*(out++) = c;
iv[n] = c;
n = (n + 1)&0x07;
}
} else {
while (l--) {
if (n == 0) {
n2l(iv, v0);
ti[0] = v0;
n2l(iv, v1);
ti[1] = v1;
BF_encrypt((BF_LONG *)ti, schedule);
iv = (unsigned char *)ivec;
t = ti[0];
l2n(t, iv);
t = ti[1];
l2n(t, iv);
iv = (unsigned char *)ivec;
}
cc= *(in++);
c = iv[n];
iv[n] = cc;
*(out++) = c^cc;
n = (n + 1)&0x07;
}
}
v0 = v1 = ti[0] = ti[1] = t=c = cc = 0;
*num = n;
}

89
lib/libcrypto/bf/bf_ecb.c
View file

@ -1,89 +0,0 @@
/* $OpenBSD: bf_ecb.c,v 1.10 2023/07/28 10:35:14 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <openssl/blowfish.h>
#include <openssl/opensslv.h>
#include "bf_local.h"
/*
* Blowfish as implemented from 'Blowfish: Springer-Verlag paper'
* (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
* CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
*/
void
BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
const BF_KEY *key, int encrypt)
{
BF_LONG l, d[2];
n2l(in, l);
d[0] = l;
n2l(in, l);
d[1] = l;
if (encrypt)
BF_encrypt(d, key);
else
BF_decrypt(d, key);
l = d[0];
l2n(l, out);
l = d[1];
l2n(l, out);
l = d[0] = d[1] = 0;
}

304
lib/libcrypto/bf/bf_enc.c
View file

@ -1,304 +0,0 @@
/* $OpenBSD: bf_enc.c,v 1.9 2022/11/26 16:08:51 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <openssl/blowfish.h>
#include "bf_local.h"
/*
* Blowfish as implemented from 'Blowfish: Springer-Verlag paper'
* (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
* CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
*/
#if (BF_ROUNDS != 16) && (BF_ROUNDS != 20)
#error If you set BF_ROUNDS to some value other than 16 or 20, you will have \
to modify the code.
#endif
void
BF_encrypt(BF_LONG *data, const BF_KEY *key)
{
#ifndef BF_PTR2
BF_LONG l, r;
const BF_LONG *p, *s;
p = key->P;
s = &(key->S[0]);
l = data[0];
r = data[1];
l ^= p[0];
BF_ENC(r, l,s, p[1]);
BF_ENC(l, r,s, p[2]);
BF_ENC(r, l,s, p[3]);
BF_ENC(l, r,s, p[4]);
BF_ENC(r, l,s, p[5]);
BF_ENC(l, r,s, p[6]);
BF_ENC(r, l,s, p[7]);
BF_ENC(l, r,s, p[8]);
BF_ENC(r, l,s, p[9]);
BF_ENC(l, r,s, p[10]);
BF_ENC(r, l,s, p[11]);
BF_ENC(l, r,s, p[12]);
BF_ENC(r, l,s, p[13]);
BF_ENC(l, r,s, p[14]);
BF_ENC(r, l,s, p[15]);
BF_ENC(l, r,s, p[16]);
#if BF_ROUNDS == 20
BF_ENC(r, l,s, p[17]);
BF_ENC(l, r,s, p[18]);
BF_ENC(r, l,s, p[19]);
BF_ENC(l, r,s, p[20]);
#endif
r ^= p[BF_ROUNDS + 1];
data[1] = l&0xffffffffL;
data[0] = r&0xffffffffL;
#else
BF_LONG l, r,t, *k;
l = data[0];
r = data[1];
k = (BF_LONG*)key;
l ^= k[0];
BF_ENC(r, l, k, 1);
BF_ENC(l, r, k, 2);
BF_ENC(r, l, k, 3);
BF_ENC(l, r, k, 4);
BF_ENC(r, l, k, 5);
BF_ENC(l, r, k, 6);
BF_ENC(r, l, k, 7);
BF_ENC(l, r, k, 8);
BF_ENC(r, l, k, 9);
BF_ENC(l, r,k, 10);
BF_ENC(r, l,k, 11);
BF_ENC(l, r,k, 12);
BF_ENC(r, l,k, 13);
BF_ENC(l, r,k, 14);
BF_ENC(r, l,k, 15);
BF_ENC(l, r,k, 16);
#if BF_ROUNDS == 20
BF_ENC(r, l,k, 17);
BF_ENC(l, r,k, 18);
BF_ENC(r, l,k, 19);
BF_ENC(l, r,k, 20);
#endif
r ^= k[BF_ROUNDS + 1];
data[1] = l&0xffffffffL;
data[0] = r&0xffffffffL;
#endif
}
#ifndef BF_DEFAULT_OPTIONS
void
BF_decrypt(BF_LONG *data, const BF_KEY *key)
{
#ifndef BF_PTR2
BF_LONG l, r;
const BF_LONG *p, *s;
p = key->P;
s = &(key->S[0]);
l = data[0];
r = data[1];
l ^= p[BF_ROUNDS + 1];
#if BF_ROUNDS == 20
BF_ENC(r, l,s, p[20]);
BF_ENC(l, r,s, p[19]);
BF_ENC(r, l,s, p[18]);
BF_ENC(l, r,s, p[17]);
#endif
BF_ENC(r, l,s, p[16]);
BF_ENC(l, r,s, p[15]);
BF_ENC(r, l,s, p[14]);
BF_ENC(l, r,s, p[13]);
BF_ENC(r, l,s, p[12]);
BF_ENC(l, r,s, p[11]);
BF_ENC(r, l,s, p[10]);
BF_ENC(l, r,s, p[9]);
BF_ENC(r, l,s, p[8]);
BF_ENC(l, r,s, p[7]);
BF_ENC(r, l,s, p[6]);
BF_ENC(l, r,s, p[5]);
BF_ENC(r, l,s, p[4]);
BF_ENC(l, r,s, p[3]);
BF_ENC(r, l,s, p[2]);
BF_ENC(l, r,s, p[1]);
r ^= p[0];
data[1] = l&0xffffffffL;
data[0] = r&0xffffffffL;
#else
BF_LONG l, r,t, *k;
l = data[0];
r = data[1];
k = (BF_LONG *)key;
l ^= k[BF_ROUNDS + 1];
#if BF_ROUNDS == 20
BF_ENC(r, l,k, 20);
BF_ENC(l, r,k, 19);
BF_ENC(r, l,k, 18);
BF_ENC(l, r,k, 17);
#endif
BF_ENC(r, l,k, 16);
BF_ENC(l, r,k, 15);
BF_ENC(r, l,k, 14);
BF_ENC(l, r,k, 13);
BF_ENC(r, l,k, 12);
BF_ENC(l, r,k, 11);
BF_ENC(r, l,k, 10);
BF_ENC(l, r, k, 9);
BF_ENC(r, l, k, 8);
BF_ENC(l, r, k, 7);
BF_ENC(r, l, k, 6);
BF_ENC(l, r, k, 5);
BF_ENC(r, l, k, 4);
BF_ENC(l, r, k, 3);
BF_ENC(r, l, k, 2);
BF_ENC(l, r, k, 1);
r ^= k[0];
data[1] = l&0xffffffffL;
data[0] = r&0xffffffffL;
#endif
}
void
BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
const BF_KEY *schedule, unsigned char *ivec, int encrypt)
{
BF_LONG tin0, tin1;
BF_LONG tout0, tout1, xor0, xor1;
long l = length;
BF_LONG tin[2];
if (encrypt) {
n2l(ivec, tout0);
n2l(ivec, tout1);
ivec -= 8;
for (l -= 8; l >= 0; l -= 8) {
n2l(in, tin0);
n2l(in, tin1);
tin0 ^= tout0;
tin1 ^= tout1;
tin[0] = tin0;
tin[1] = tin1;
BF_encrypt(tin, schedule);
tout0 = tin[0];
tout1 = tin[1];
l2n(tout0, out);
l2n(tout1, out);
}
if (l != -8) {
n2ln(in, tin0, tin1, l + 8);
tin0 ^= tout0;
tin1 ^= tout1;
tin[0] = tin0;
tin[1] = tin1;
BF_encrypt(tin, schedule);
tout0 = tin[0];
tout1 = tin[1];
l2n(tout0, out);
l2n(tout1, out);
}
l2n(tout0, ivec);
l2n(tout1, ivec);
} else {
n2l(ivec, xor0);
n2l(ivec, xor1);
ivec -= 8;
for (l -= 8; l >= 0; l -= 8) {
n2l(in, tin0);
n2l(in, tin1);
tin[0] = tin0;
tin[1] = tin1;
BF_decrypt(tin, schedule);
tout0 = tin[0]^xor0;
tout1 = tin[1]^xor1;
l2n(tout0, out);
l2n(tout1, out);
xor0 = tin0;
xor1 = tin1;
}
if (l != -8) {
n2l(in, tin0);
n2l(in, tin1);
tin[0] = tin0;
tin[1] = tin1;
BF_decrypt(tin, schedule);
tout0 = tin[0]^xor0;
tout1 = tin[1]^xor1;
l2nn(tout0, tout1, out, l + 8);
xor0 = tin0;
xor1 = tin1;
}
l2n(xor0, ivec);
l2n(xor1, ivec);
}
tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
tin[0] = tin[1] = 0;
}
#endif

71
lib/libcrypto/bf/bf_local.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: bf_local.h,v 1.1 2022/11/26 16:08:51 tb Exp $ */
/* $OpenBSD: bf_local.h,v 1.3 2024/03/27 11:54:29 jsing Exp $ */
/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -56,54 +56,10 @@
* [including the GNU Public Licence.]
*/
#include <openssl/opensslconf.h> /* BF_PTR */
#ifndef HEADER_BF_LOCL_H
#define HEADER_BF_LOCL_H
#include <openssl/opensslconf.h> /* BF_PTR, BF_PTR2 */
#undef c2l
#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \
l|=((unsigned long)(*((c)++)))<< 8L, \
l|=((unsigned long)(*((c)++)))<<16L, \
l|=((unsigned long)(*((c)++)))<<24L)
/* NOTE - c is not incremented as per c2l */
#undef c2ln
#define c2ln(c,l1,l2,n) { \
c+=n; \
l1=l2=0; \
switch (n) { \
case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
case 5: l2|=((unsigned long)(*(--(c)))); \
case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
case 1: l1|=((unsigned long)(*(--(c)))); \
} \
}
#undef l2c
#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
*((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
*((c)++)=(unsigned char)(((l)>>16L)&0xff), \
*((c)++)=(unsigned char)(((l)>>24L)&0xff))
/* NOTE - c is not incremented as per l2c */
#undef l2cn
#define l2cn(l1,l2,c,n) { \
c+=n; \
switch (n) { \
case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \
case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \
} \
}
/* NOTE - c is not incremented as per n2l */
#define n2ln(c,l1,l2,n) { \
@ -151,26 +107,7 @@
/* This is actually a big endian algorithm, the most significant byte
* is used to lookup array 0 */
#if defined(BF_PTR2)
/*
* This is basically a special Intel version. Point is that Intel
* doesn't have many registers, but offers a reach choice of addressing
* modes. So we spare some registers by directly traversing BF_KEY
* structure and hiring the most decorated addressing mode. The code
* generated by EGCS is *perfectly* competitive with assembler
* implementation!
*/
#define BF_ENC(LL,R,KEY,Pi) (\
LL^=KEY[Pi], \
t= KEY[BF_ROUNDS+2 + 0 + ((R>>24)&0xFF)], \
t+= KEY[BF_ROUNDS+2 + 256 + ((R>>16)&0xFF)], \
t^= KEY[BF_ROUNDS+2 + 512 + ((R>>8 )&0xFF)], \
t+= KEY[BF_ROUNDS+2 + 768 + ((R )&0xFF)], \
LL^=t \
)
#elif defined(BF_PTR)
#if defined(BF_PTR)
#ifndef BF_LONG_LOG2
#define BF_LONG_LOG2 2 /* default to BF_LONG being 32 bits */

111
lib/libcrypto/bf/bf_ofb64.c
View file

@ -1,111 +0,0 @@
/* $OpenBSD: bf_ofb64.c,v 1.8 2022/11/26 16:08:51 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <openssl/blowfish.h>
#include "bf_local.h"
/*
* The input and output encrypted as though 64bit ofb mode is being
* used. The extra state information to record how much of the
* 64bit block we have used is contained in *num;
*/
void
BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length,
const BF_KEY *schedule, unsigned char *ivec, int *num)
{
BF_LONG v0, v1, t;
int n= *num;
long l = length;
unsigned char d[8];
char *dp;
BF_LONG ti[2];
unsigned char *iv;
int save = 0;
iv = (unsigned char *)ivec;
n2l(iv, v0);
n2l(iv, v1);
ti[0] = v0;
ti[1] = v1;
dp = (char *)d;
l2n(v0, dp);
l2n(v1, dp);
while (l--) {
if (n == 0) {
BF_encrypt((BF_LONG *)ti, schedule);
dp = (char *)d;
t = ti[0];
l2n(t, dp);
t = ti[1];
l2n(t, dp);
save++;
}
*(out++)= *(in++)^d[n];
n = (n + 1)&0x07;
}
if (save) {
v0 = ti[0];
v1 = ti[1];
iv = (unsigned char *)ivec;
l2n(v0, iv);
l2n(v1, iv);
}
t = v0 = v1 = ti[0] = ti[1] = 0;
*num = n;
}

312
lib/libcrypto/bf/bf_skey.c → lib/libcrypto/bf/blowfish.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: bf_skey.c,v 1.17 2022/11/26 16:08:51 tb Exp $ */
/* $OpenBSD: blowfish.c,v 1.2 2024/03/27 11:54:29 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -56,14 +56,23 @@
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/blowfish.h>
#include <string.h>
#include "bf_local.h"
/*
* Blowfish as implemented from 'Blowfish: Springer-Verlag paper'
* (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
* CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
*/
#if (BF_ROUNDS != 16) && (BF_ROUNDS != 20)
#error If you set BF_ROUNDS to some value other than 16 or 20, you will have \
to modify the code.
#endif
static const BF_KEY bf_init = {
.P = {
0x243f6a88L, 0x85a308d3L, 0x13198a2eL, 0x03707344L,
@ -332,6 +341,298 @@ static const BF_KEY bf_init = {
}
};
void
BF_encrypt(BF_LONG *data, const BF_KEY *key)
{
BF_LONG l, r;
const BF_LONG *p, *s;
p = key->P;
s = &(key->S[0]);
l = data[0];
r = data[1];
l ^= p[0];
BF_ENC(r, l,s, p[1]);
BF_ENC(l, r,s, p[2]);
BF_ENC(r, l,s, p[3]);
BF_ENC(l, r,s, p[4]);
BF_ENC(r, l,s, p[5]);
BF_ENC(l, r,s, p[6]);
BF_ENC(r, l,s, p[7]);
BF_ENC(l, r,s, p[8]);
BF_ENC(r, l,s, p[9]);
BF_ENC(l, r,s, p[10]);
BF_ENC(r, l,s, p[11]);
BF_ENC(l, r,s, p[12]);
BF_ENC(r, l,s, p[13]);
BF_ENC(l, r,s, p[14]);
BF_ENC(r, l,s, p[15]);
BF_ENC(l, r,s, p[16]);
#if BF_ROUNDS == 20
BF_ENC(r, l,s, p[17]);
BF_ENC(l, r,s, p[18]);
BF_ENC(r, l,s, p[19]);
BF_ENC(l, r,s, p[20]);
#endif
r ^= p[BF_ROUNDS + 1];
data[1] = l&0xffffffffL;
data[0] = r&0xffffffffL;
}
#ifndef BF_DEFAULT_OPTIONS
void
BF_decrypt(BF_LONG *data, const BF_KEY *key)
{
BF_LONG l, r;
const BF_LONG *p, *s;
p = key->P;
s = &(key->S[0]);
l = data[0];
r = data[1];
l ^= p[BF_ROUNDS + 1];
#if BF_ROUNDS == 20
BF_ENC(r, l,s, p[20]);
BF_ENC(l, r,s, p[19]);
BF_ENC(r, l,s, p[18]);
BF_ENC(l, r,s, p[17]);
#endif
BF_ENC(r, l,s, p[16]);
BF_ENC(l, r,s, p[15]);
BF_ENC(r, l,s, p[14]);
BF_ENC(l, r,s, p[13]);
BF_ENC(r, l,s, p[12]);
BF_ENC(l, r,s, p[11]);
BF_ENC(r, l,s, p[10]);
BF_ENC(l, r,s, p[9]);
BF_ENC(r, l,s, p[8]);
BF_ENC(l, r,s, p[7]);
BF_ENC(r, l,s, p[6]);
BF_ENC(l, r,s, p[5]);
BF_ENC(r, l,s, p[4]);
BF_ENC(l, r,s, p[3]);
BF_ENC(r, l,s, p[2]);
BF_ENC(l, r,s, p[1]);
r ^= p[0];
data[1] = l&0xffffffffL;
data[0] = r&0xffffffffL;
}
void
BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
const BF_KEY *schedule, unsigned char *ivec, int encrypt)
{
BF_LONG tin0, tin1;
BF_LONG tout0, tout1, xor0, xor1;
long l = length;
BF_LONG tin[2];
if (encrypt) {
n2l(ivec, tout0);
n2l(ivec, tout1);
ivec -= 8;
for (l -= 8; l >= 0; l -= 8) {
n2l(in, tin0);
n2l(in, tin1);
tin0 ^= tout0;
tin1 ^= tout1;
tin[0] = tin0;
tin[1] = tin1;
BF_encrypt(tin, schedule);
tout0 = tin[0];
tout1 = tin[1];
l2n(tout0, out);
l2n(tout1, out);
}
if (l != -8) {
n2ln(in, tin0, tin1, l + 8);
tin0 ^= tout0;
tin1 ^= tout1;
tin[0] = tin0;
tin[1] = tin1;
BF_encrypt(tin, schedule);
tout0 = tin[0];
tout1 = tin[1];
l2n(tout0, out);
l2n(tout1, out);
}
l2n(tout0, ivec);
l2n(tout1, ivec);
} else {
n2l(ivec, xor0);
n2l(ivec, xor1);
ivec -= 8;
for (l -= 8; l >= 0; l -= 8) {
n2l(in, tin0);
n2l(in, tin1);
tin[0] = tin0;
tin[1] = tin1;
BF_decrypt(tin, schedule);
tout0 = tin[0]^xor0;
tout1 = tin[1]^xor1;
l2n(tout0, out);
l2n(tout1, out);
xor0 = tin0;
xor1 = tin1;
}
if (l != -8) {
n2l(in, tin0);
n2l(in, tin1);
tin[0] = tin0;
tin[1] = tin1;
BF_decrypt(tin, schedule);
tout0 = tin[0]^xor0;
tout1 = tin[1]^xor1;
l2nn(tout0, tout1, out, l + 8);
xor0 = tin0;
xor1 = tin1;
}
l2n(xor0, ivec);
l2n(xor1, ivec);
}
tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
tin[0] = tin[1] = 0;
}
/*
* The input and output encrypted as though 64bit cfb mode is being
* used. The extra state information to record how much of the
* 64bit block we have used is contained in *num;
*/
void
BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length,
const BF_KEY *schedule, unsigned char *ivec, int *num, int encrypt)
{
BF_LONG v0, v1, t;
int n= *num;
long l = length;
BF_LONG ti[2];
unsigned char *iv, c, cc;
iv = (unsigned char *)ivec;
if (encrypt) {
while (l--) {
if (n == 0) {
n2l(iv, v0);
ti[0] = v0;
n2l(iv, v1);
ti[1] = v1;
BF_encrypt((BF_LONG *)ti, schedule);
iv = (unsigned char *)ivec;
t = ti[0];
l2n(t, iv);
t = ti[1];
l2n(t, iv);
iv = (unsigned char *)ivec;
}
c= *(in++)^iv[n];
*(out++) = c;
iv[n] = c;
n = (n + 1)&0x07;
}
} else {
while (l--) {
if (n == 0) {
n2l(iv, v0);
ti[0] = v0;
n2l(iv, v1);
ti[1] = v1;
BF_encrypt((BF_LONG *)ti, schedule);
iv = (unsigned char *)ivec;
t = ti[0];
l2n(t, iv);
t = ti[1];
l2n(t, iv);
iv = (unsigned char *)ivec;
}
cc= *(in++);
c = iv[n];
iv[n] = cc;
*(out++) = c^cc;
n = (n + 1)&0x07;
}
}
v0 = v1 = ti[0] = ti[1] = t=c = cc = 0;
*num = n;
}
void
BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
const BF_KEY *key, int encrypt)
{
BF_LONG l, d[2];
n2l(in, l);
d[0] = l;
n2l(in, l);
d[1] = l;
if (encrypt)
BF_encrypt(d, key);
else
BF_decrypt(d, key);
l = d[0];
l2n(l, out);
l = d[1];
l2n(l, out);
l = d[0] = d[1] = 0;
}
/*
* The input and output encrypted as though 64bit ofb mode is being
* used. The extra state information to record how much of the
* 64bit block we have used is contained in *num;
*/
void
BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length,
const BF_KEY *schedule, unsigned char *ivec, int *num)
{
BF_LONG v0, v1, t;
int n= *num;
long l = length;
unsigned char d[8];
char *dp;
BF_LONG ti[2];
unsigned char *iv;
int save = 0;
iv = (unsigned char *)ivec;
n2l(iv, v0);
n2l(iv, v1);
ti[0] = v0;
ti[1] = v1;
dp = (char *)d;
l2n(v0, dp);
l2n(v1, dp);
while (l--) {
if (n == 0) {
BF_encrypt((BF_LONG *)ti, schedule);
dp = (char *)d;
t = ti[0];
l2n(t, dp);
t = ti[1];
l2n(t, dp);
save++;
}
*(out++)= *(in++)^d[n];
n = (n + 1)&0x07;
}
if (save) {
v0 = ti[0];
v1 = ti[1];
iv = (unsigned char *)ivec;
l2n(v0, iv);
l2n(v1, iv);
}
t = v0 = v1 = ti[0] = ti[1] = 0;
*num = n;
}
void
BF_set_key(BF_KEY *key, int len, const unsigned char *data)
{
@ -385,3 +686,4 @@ BF_set_key(BF_KEY *key, int len, const unsigned char *data)
p[i + 1] = in[1];
}
}
#endif

21
lib/libcrypto/engine/engine_stubs.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: engine_stubs.c,v 1.3 2023/11/19 15:47:40 tb Exp $ */
/* $OpenBSD: engine_stubs.c,v 1.4 2024/03/27 06:08:45 tb Exp $ */
/*
* Written by Theo Buehler. Public domain.
@ -10,87 +10,102 @@ void
ENGINE_load_builtin_engines(void)
{
}
LCRYPTO_ALIAS(ENGINE_load_builtin_engines);
void
ENGINE_load_dynamic(void)
{
}
LCRYPTO_ALIAS(ENGINE_load_dynamic);
void
ENGINE_load_openssl(void)
{
}
LCRYPTO_ALIAS(ENGINE_load_openssl);
int
ENGINE_register_all_complete(void)
{
return 0;
}
LCRYPTO_ALIAS(ENGINE_register_all_complete);
void
ENGINE_cleanup(void)
{
}
LCRYPTO_ALIAS(ENGINE_cleanup);
ENGINE *
ENGINE_new(void)
{
return NULL;
}
LCRYPTO_ALIAS(ENGINE_new);
int
ENGINE_free(ENGINE *engine)
{
return 0;
}
LCRYPTO_ALIAS(ENGINE_free);
int
ENGINE_init(ENGINE *engine)
{
return 0;
}
LCRYPTO_ALIAS(ENGINE_init);
int
ENGINE_finish(ENGINE *engine)
{
return 0;
}
LCRYPTO_ALIAS(ENGINE_finish);
ENGINE *
ENGINE_by_id(const char *id)
{
return NULL;
}
LCRYPTO_ALIAS(ENGINE_by_id);
const char *
ENGINE_get_id(const ENGINE *engine)
{
return "";
}
LCRYPTO_ALIAS(ENGINE_get_id);
const char *
ENGINE_get_name(const ENGINE *engine)
{
return "";
}
LCRYPTO_ALIAS(ENGINE_get_name);
int
ENGINE_set_default(ENGINE *engine, unsigned int flags)
{
return 0;
}
LCRYPTO_ALIAS(ENGINE_set_default);
ENGINE *
ENGINE_get_default_RSA(void)
{
return NULL;
}
LCRYPTO_ALIAS(ENGINE_get_default_RSA);
int
ENGINE_set_default_RSA(ENGINE *engine)
{
return 0;
}
LCRYPTO_ALIAS(ENGINE_set_default_RSA);
int
ENGINE_ctrl_cmd(ENGINE *engine, const char *cmd_name, long i, void *p,
@ -98,6 +113,7 @@ ENGINE_ctrl_cmd(ENGINE *engine, const char *cmd_name, long i, void *p,
{
return 0;
}
LCRYPTO_ALIAS(ENGINE_ctrl_cmd);
int
ENGINE_ctrl_cmd_string(ENGINE *engine, const char *cmd, const char *arg,
@ -105,6 +121,7 @@ ENGINE_ctrl_cmd_string(ENGINE *engine, const char *cmd, const char *arg,
{
return 0;
}
LCRYPTO_ALIAS(ENGINE_ctrl_cmd_string);
EVP_PKEY *
ENGINE_load_private_key(ENGINE *engine, const char *key_id,
@ -112,6 +129,7 @@ ENGINE_load_private_key(ENGINE *engine, const char *key_id,
{
return NULL;
}
LCRYPTO_ALIAS(ENGINE_load_private_key);
EVP_PKEY *
ENGINE_load_public_key(ENGINE *engine, const char *key_id,
@ -119,3 +137,4 @@ ENGINE_load_public_key(ENGINE *engine, const char *key_id,
{
return NULL;
}
LCRYPTO_ALIAS(ENGINE_load_public_key);

18
lib/libcrypto/evp/m_sigver.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: m_sigver.c,v 1.21 2024/03/27 01:55:40 joshua Exp $ */
/* $OpenBSD: m_sigver.c,v 1.26 2024/03/27 07:36:59 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2006.
*/
@ -186,25 +186,27 @@ EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen)
if ((s = EVP_MD_size(ctx->digest)) < 0)
return 0;
if (EVP_PKEY_sign(ctx->pctx, NULL, siglen, NULL, s) <= 0)
return 0;
return 0;
return 1;
}
/* Use a copy since EVP_DigestFinal_ex() clears secrets. */
if ((md_ctx = EVP_MD_CTX_new()) == NULL)
goto err;
if (!EVP_MD_CTX_copy_ex(md_ctx, ctx))
goto err;
if (md_ctx->pctx->pmeth->signctx != NULL) {
if(md_ctx->pctx->pmeth->signctx(md_ctx->pctx,
if (md_ctx->pctx->pmeth->signctx(md_ctx->pctx,
sigret, siglen, md_ctx) <= 0)
goto err;
} else {
if (!EVP_DigestFinal_ex(md_ctx, md, &mdlen))
goto err;
/* Use the original ctx since secrets were cleared. */
if (EVP_PKEY_sign(ctx->pctx, sigret, siglen, md, mdlen) <= 0)
goto err;
}
if (!EVP_DigestFinal_ex(md_ctx, md, &mdlen))
goto err;
if (EVP_PKEY_sign(ctx->pctx, sigret, siglen, md, mdlen) <= 0)
goto err;
ret = 1;

8
lib/libcrypto/evp/p_legacy.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: p_legacy.c,v 1.4 2024/03/26 05:22:50 joshua Exp $ */
/* $OpenBSD: p_legacy.c,v 1.5 2024/03/28 01:42:02 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -99,7 +99,8 @@ EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
int i, size = 0, ret = 0;
if (type) {
EVP_CIPHER_CTX_reset(ctx);
if (!EVP_CIPHER_CTX_reset(ctx))
return 0;
if (!EVP_DecryptInit_ex(ctx, type, NULL, NULL, NULL))
return 0;
}
@ -154,7 +155,8 @@ EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek,
int i, iv_len;
if (type) {
EVP_CIPHER_CTX_reset(ctx);
if (!EVP_CIPHER_CTX_reset(ctx))
return 0;
if (!EVP_EncryptInit_ex(ctx, type, NULL, NULL, NULL))
return 0;
}

48
lib/libcrypto/hidden/openssl/engine.h Normal file
View file

@ -0,0 +1,48 @@
/* $OpenBSD: engine.h,v 1.1 2024/03/27 06:08:45 tb Exp $ */
/*
* Copyright (c) 2024 Theo Buehler <tb@openbsd.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#ifndef _LIBCRYPTO_ENGINE_H
#define _LIBCRYPTO_ENGINE_H
#ifndef _MSC_VER
#include_next <openssl/engine.h>
#else
#include "../include/openssl/engine.h"
#endif
#include "crypto_namespace.h"
LCRYPTO_USED(ENGINE_load_builtin_engines);
LCRYPTO_USED(ENGINE_load_dynamic);
LCRYPTO_USED(ENGINE_load_openssl);
LCRYPTO_USED(ENGINE_register_all_complete);
LCRYPTO_USED(ENGINE_cleanup);
LCRYPTO_USED(ENGINE_new);
LCRYPTO_USED(ENGINE_free);
LCRYPTO_USED(ENGINE_init);
LCRYPTO_USED(ENGINE_finish);
LCRYPTO_USED(ENGINE_by_id);
LCRYPTO_USED(ENGINE_get_id);
LCRYPTO_USED(ENGINE_get_name);
LCRYPTO_USED(ENGINE_set_default);
LCRYPTO_USED(ENGINE_get_default_RSA);
LCRYPTO_USED(ENGINE_set_default_RSA);
LCRYPTO_USED(ENGINE_ctrl_cmd);
LCRYPTO_USED(ENGINE_ctrl_cmd_string);
LCRYPTO_USED(ENGINE_load_private_key);
LCRYPTO_USED(ENGINE_load_public_key);
#endif /* _LIBCRYPTO_ENGINE_H */

184
lib/libcrypto/md4/md4.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: md4.c,v 1.15 2024/03/26 12:23:02 jsing Exp $ */
/* $OpenBSD: md4.c,v 1.16 2024/03/27 06:15:18 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -57,6 +57,7 @@
*/
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
@ -69,61 +70,46 @@
/* Ensure that MD4_LONG and uint32_t are equivalent size. */
CTASSERT(sizeof(MD4_LONG) == sizeof(uint32_t));
__BEGIN_HIDDEN_DECLS
static inline uint32_t
md4_f(uint32_t x, uint32_t y, uint32_t z)
{
return (x & y) | (~x & z);
}
void md4_block_data_order (MD4_CTX *c, const void *p, size_t num);
static inline uint32_t
md4_g(uint32_t x, uint32_t y, uint32_t z)
{
return (x & y) | (x & z) | (y & z);
}
__END_HIDDEN_DECLS
static inline uint32_t
md4_h(uint32_t x, uint32_t y, uint32_t z)
{
return x ^ y ^ z;
}
#define DATA_ORDER_IS_LITTLE_ENDIAN
static inline void
md4_round1(uint32_t *a, uint32_t b, uint32_t c, uint32_t d, uint32_t x,
uint32_t s)
{
*a = crypto_rol_u32(*a + md4_f(b, c, d) + x, s);
}
#define HASH_LONG MD4_LONG
#define HASH_CTX MD4_CTX
#define HASH_CBLOCK MD4_CBLOCK
#define HASH_UPDATE MD4_Update
#define HASH_TRANSFORM MD4_Transform
#define HASH_FINAL MD4_Final
#define HASH_BLOCK_DATA_ORDER md4_block_data_order
static inline void
md4_round2(uint32_t *a, uint32_t b, uint32_t c, uint32_t d, uint32_t x,
uint32_t s)
{
*a = crypto_rol_u32(*a + md4_g(b, c, d) + x + 0x5a827999UL, s);
}
#define HASH_NO_UPDATE
#define HASH_NO_TRANSFORM
#define HASH_NO_FINAL
static inline void
md4_round3(uint32_t *a, uint32_t b, uint32_t c, uint32_t d, uint32_t x,
uint32_t s)
{
*a = crypto_rol_u32(*a + md4_h(b, c, d) + x + 0x6ed9eba1UL, s);
}
#include "md32_common.h"
/*
#define F(x,y,z) (((x) & (y)) | ((~(x)) & (z)))
#define G(x,y,z) (((x) & (y)) | ((x) & ((z))) | ((y) & ((z))))
*/
/* As pointed out by Wei Dai <weidai@eskimo.com>, the above can be
* simplified to the code below. Wei attributes these optimizations
* to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
*/
#define F(b,c,d) ((((c) ^ (d)) & (b)) ^ (d))
#define G(b,c,d) (((b) & (c)) | ((b) & (d)) | ((c) & (d)))
#define H(b,c,d) ((b) ^ (c) ^ (d))
#define R0(a,b,c,d,k,s,t) { \
a+=((k)+(t)+F((b),(c),(d))); \
a=ROTATE(a,s); };
#define R1(a,b,c,d,k,s,t) { \
a+=((k)+(t)+G((b),(c),(d))); \
a=ROTATE(a,s); };\
#define R2(a,b,c,d,k,s,t) { \
a+=((k)+(t)+H((b),(c),(d))); \
a=ROTATE(a,s); };
/* Implemented from RFC1186 The MD4 Message-Digest Algorithm
*/
#ifndef md4_block_data_order
#ifdef X
#undef X
#endif
void
static void
md4_block_data_order(MD4_CTX *c, const void *_in, size_t num)
{
const uint8_t *in = _in;
@ -178,59 +164,58 @@ md4_block_data_order(MD4_CTX *c, const void *_in, size_t num)
}
in += MD4_CBLOCK;
/* Round 0 */
R0(A, B, C, D, X0, 3, 0);
R0(D, A, B, C, X1, 7, 0);
R0(C, D, A, B, X2, 11, 0);
R0(B, C, D, A, X3, 19, 0);
R0(A, B, C, D, X4, 3, 0);
R0(D, A, B, C, X5, 7, 0);
R0(C, D, A, B, X6, 11, 0);
R0(B, C, D, A, X7, 19, 0);
R0(A, B, C, D, X8, 3, 0);
R0(D, A,B, C,X9, 7, 0);
R0(C, D,A, B,X10, 11, 0);
R0(B, C,D, A,X11, 19, 0);
R0(A, B,C, D,X12, 3, 0);
R0(D, A,B, C,X13, 7, 0);
R0(C, D,A, B,X14, 11, 0);
R0(B, C,D, A,X15, 19, 0);
md4_round1(&A, B, C, D, X0, 3);
md4_round1(&D, A, B, C, X1, 7);
md4_round1(&C, D, A, B, X2, 11);
md4_round1(&B, C, D, A, X3, 19);
md4_round1(&A, B, C, D, X4, 3);
md4_round1(&D, A, B, C, X5, 7);
md4_round1(&C, D, A, B, X6, 11);
md4_round1(&B, C, D, A, X7, 19);
md4_round1(&A, B, C, D, X8, 3);
md4_round1(&D, A, B, C, X9, 7);
md4_round1(&C, D, A, B, X10, 11);
md4_round1(&B, C, D, A, X11, 19);
md4_round1(&A, B, C, D, X12, 3);
md4_round1(&D, A, B, C, X13, 7);
md4_round1(&C, D, A, B, X14, 11);
md4_round1(&B, C, D, A, X15, 19);
/* Round 1 */
R1(A, B, C, D, X0, 3, 0x5A827999L);
R1(D, A, B, C, X4, 5, 0x5A827999L);
R1(C, D, A, B, X8, 9, 0x5A827999L);
R1(B, C, D, A, X12, 13, 0x5A827999L);
R1(A, B, C, D, X1, 3, 0x5A827999L);
R1(D, A, B, C, X5, 5, 0x5A827999L);
R1(C, D, A, B, X9, 9, 0x5A827999L);
R1(B, C, D, A, X13, 13, 0x5A827999L);
R1(A, B, C, D, X2, 3, 0x5A827999L);
R1(D, A, B, C, X6, 5, 0x5A827999L);
R1(C, D, A, B, X10, 9, 0x5A827999L);
R1(B, C, D, A, X14, 13, 0x5A827999L);
R1(A, B, C, D, X3, 3, 0x5A827999L);
R1(D, A, B, C, X7, 5, 0x5A827999L);
R1(C, D, A, B, X11, 9, 0x5A827999L);
R1(B, C, D, A, X15, 13, 0x5A827999L);
md4_round2(&A, B, C, D, X0, 3);
md4_round2(&D, A, B, C, X4, 5);
md4_round2(&C, D, A, B, X8, 9);
md4_round2(&B, C, D, A, X12, 13);
md4_round2(&A, B, C, D, X1, 3);
md4_round2(&D, A, B, C, X5, 5);
md4_round2(&C, D, A, B, X9, 9);
md4_round2(&B, C, D, A, X13, 13);
md4_round2(&A, B, C, D, X2, 3);
md4_round2(&D, A, B, C, X6, 5);
md4_round2(&C, D, A, B, X10, 9);
md4_round2(&B, C, D, A, X14, 13);
md4_round2(&A, B, C, D, X3, 3);
md4_round2(&D, A, B, C, X7, 5);
md4_round2(&C, D, A, B, X11, 9);
md4_round2(&B, C, D, A, X15, 13);
/* Round 2 */
R2(A, B, C, D, X0, 3, 0x6ED9EBA1L);
R2(D, A, B, C, X8, 9, 0x6ED9EBA1L);
R2(C, D, A, B, X4, 11, 0x6ED9EBA1L);
R2(B, C, D, A, X12, 15, 0x6ED9EBA1L);
R2(A, B, C, D, X2, 3, 0x6ED9EBA1L);
R2(D, A, B, C, X10, 9, 0x6ED9EBA1L);
R2(C, D, A, B, X6, 11, 0x6ED9EBA1L);
R2(B, C, D, A, X14, 15, 0x6ED9EBA1L);
R2(A, B, C, D, X1, 3, 0x6ED9EBA1L);
R2(D, A, B, C, X9, 9, 0x6ED9EBA1L);
R2(C, D, A, B, X5, 11, 0x6ED9EBA1L);
R2(B, C, D, A, X13, 15, 0x6ED9EBA1L);
R2(A, B, C, D, X3, 3, 0x6ED9EBA1L);
R2(D, A, B, C, X11, 9, 0x6ED9EBA1L);
R2(C, D, A, B, X7, 11, 0x6ED9EBA1L);
R2(B, C, D, A, X15, 15, 0x6ED9EBA1L);
md4_round3(&A, B, C, D, X0, 3);
md4_round3(&D, A, B, C, X8, 9);
md4_round3(&C, D, A, B, X4, 11);
md4_round3(&B, C, D, A, X12, 15);
md4_round3(&A, B, C, D, X2, 3);
md4_round3(&D, A, B, C, X10, 9);
md4_round3(&C, D, A, B, X6, 11);
md4_round3(&B, C, D, A, X14, 15);
md4_round3(&A, B, C, D, X1, 3);
md4_round3(&D, A, B, C, X9, 9);
md4_round3(&C, D, A, B, X5, 11);
md4_round3(&B, C, D, A, X13, 15);
md4_round3(&A, B, C, D, X3, 3);
md4_round3(&D, A, B, C, X11, 9);
md4_round3(&C, D, A, B, X7, 11);
md4_round3(&B, C, D, A, X15, 15);
A = c->A += A;
B = c->B += B;
@ -238,7 +223,6 @@ md4_block_data_order(MD4_CTX *c, const void *_in, size_t num)
D = c->D += D;
}
}
#endif
int
MD4_Init(MD4_CTX *c)

13
lib/libcrypto/rc4/asm/rc4-586.pl
View file

@ -152,8 +152,9 @@ if ($alt=0) {
&external_label("OPENSSL_ia32cap_P");
# void RC4(RC4_KEY *key,size_t len,const unsigned char *inp,unsigned char *out);
&function_begin("RC4");
# void rc4_internal(RC4_KEY *key, size_t len, const unsigned char *inp,
# unsigned char *out);
&function_begin("rc4_internal");
&mov ($dat,&wparam(0)); # load key schedule pointer
&mov ($ty, &wparam(1)); # load len
&mov ($inp,&wparam(2)); # load inp
@ -291,7 +292,7 @@ if ($alt=0) {
&mov (&DWP(-4,$dat),$yy); # save key->y
&mov (&BP(-8,$dat),&LB($xx)); # save key->x
&set_label("abort");
&function_end("RC4");
&function_end("rc4_internal");
########################################################################
@ -301,8 +302,8 @@ $idi="ebp";
$ido="ecx";
$idx="edx";
# void RC4_set_key(RC4_KEY *key,int len,const unsigned char *data);
&function_begin("RC4_set_key");
# void rc4_set_key_internal(RC4_KEY *key,int len,const unsigned char *data);
&function_begin("rc4_set_key_internal");
&mov ($out,&wparam(0)); # load key
&mov ($idi,&wparam(1)); # load len
&mov ($inp,&wparam(2)); # load data
@ -382,6 +383,6 @@ $idx="edx";
&xor ("eax","eax");
&mov (&DWP(-8,$out),"eax"); # key->x=0;
&mov (&DWP(-4,$out),"eax"); # key->y=0;
&function_end("RC4_set_key");
&function_end("rc4_set_key_internal");
&asm_finish();

16
lib/libcrypto/rc4/asm/rc4-x86_64.pl
View file

@ -124,10 +124,10 @@ $code=<<___;
.extern OPENSSL_ia32cap_P
.hidden OPENSSL_ia32cap_P
.globl RC4
.type RC4,\@function,4
.globl rc4_internal
.type rc4_internal,\@function,4
.align 16
RC4:
rc4_internal:
_CET_ENDBR
or $len,$len
jne .Lentry
@ -423,7 +423,7 @@ $code.=<<___;
add \$24,%rsp
.Lepilogue:
ret
.size RC4,.-RC4
.size rc4_internal,.-rc4_internal
___
}
@ -431,10 +431,10 @@ $idx="%r8";
$ido="%r9";
$code.=<<___;
.globl RC4_set_key
.type RC4_set_key,\@function,3
.globl rc4_set_key_internal
.type rc4_set_key_internal,\@function,3
.align 16
RC4_set_key:
rc4_set_key_internal:
_CET_ENDBR
lea 8($dat),$dat
lea ($inp,$len),$inp
@ -502,7 +502,7 @@ RC4_set_key:
mov %eax,-8($dat)
mov %eax,-4($dat)
ret
.size RC4_set_key,.-RC4_set_key
.size rc4_set_key_internal,.-rc4_set_key_internal
___
sub reg_part {

61
lib/libcrypto/rc4/rc4_enc.c → lib/libcrypto/rc4/rc4.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: rc4_enc.c,v 1.18 2022/11/26 16:08:54 tb Exp $ */
/* $OpenBSD: rc4.c,v 1.9 2024/03/28 01:49:29 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -59,7 +59,6 @@
#include <endian.h>
#include <openssl/rc4.h>
#include "rc4_local.h"
/* RC4 as implemented from a posting from
* Newsgroups: sci.crypt
@ -69,8 +68,13 @@
* Date: Wed, 14 Sep 1994 06:35:31 GMT
*/
void
RC4(RC4_KEY *key, size_t len, const unsigned char *indata,
#ifdef HAVE_RC4_INTERNAL
void rc4_internal(RC4_KEY *key, size_t len, const unsigned char *indata,
unsigned char *outdata);
#else
static void
rc4_internal(RC4_KEY *key, size_t len, const unsigned char *indata,
unsigned char *outdata)
{
RC4_INT *d;
@ -252,3 +256,52 @@ RC4(RC4_KEY *key, size_t len, const unsigned char *indata,
key->x = x;
key->y = y;
}
#endif
#ifdef HAVE_RC4_SET_KEY_INTERNAL
void rc4_set_key_internal(RC4_KEY *key, int len, const unsigned char *data);
#else
static void
rc4_set_key_internal(RC4_KEY *key, int len, const unsigned char *data)
{
RC4_INT tmp;
int id1, id2;
RC4_INT *d;
unsigned int i;
d = &(key->data[0]);
key->x = 0;
key->y = 0;
id1 = id2 = 0;
#define SK_LOOP(d,n) { \
tmp=d[(n)]; \
id2 = (data[id1] + tmp + id2) & 0xff; \
if (++id1 == len) id1=0; \
d[(n)]=d[id2]; \
d[id2]=tmp; }
for (i = 0; i < 256; i++)
d[i] = i;
for (i = 0; i < 256; i += 4) {
SK_LOOP(d, i + 0);
SK_LOOP(d, i + 1);
SK_LOOP(d, i + 2);
SK_LOOP(d, i + 3);
}
}
#endif
void
RC4(RC4_KEY *key, size_t len, const unsigned char *indata,
unsigned char *outdata)
{
rc4_internal(key, len, indata, outdata);
}
void
RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
{
rc4_set_key_internal(key, len, data);
}

3
lib/libcrypto/rc4/rc4.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: rc4.h,v 1.14 2023/07/28 10:35:14 tb Exp $ */
/* $OpenBSD: rc4.h,v 1.15 2024/03/27 12:13:08 jsing Exp $ */
/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -77,7 +77,6 @@ typedef struct rc4_key_st {
} RC4_KEY;
void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
void RC4(RC4_KEY *key, size_t len, const unsigned char *indata,
unsigned char *outdata);

5
lib/libcrypto/rc4/rc4_local.h
View file

@ -1,5 +0,0 @@
/* $OpenBSD: rc4_local.h,v 1.1 2022/11/26 16:08:54 tb Exp $ */
#ifndef HEADER_RC4_LOCL_H
#define HEADER_RC4_LOCL_H
#endif

99
lib/libcrypto/rc4/rc4_skey.c
View file

@ -1,99 +0,0 @@
/* $OpenBSD: rc4_skey.c,v 1.16 2023/07/28 10:35:14 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <openssl/rc4.h>
#include "rc4_local.h"
/* RC4 as implemented from a posting from
* Newsgroups: sci.crypt
* From: sterndark@netcom.com (David Sterndark)
* Subject: RC4 Algorithm revealed.
* Message-ID: <sternCvKL4B.Hyy@netcom.com>
* Date: Wed, 14 Sep 1994 06:35:31 GMT
*/
void
RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
{
RC4_INT tmp;
int id1, id2;
RC4_INT *d;
unsigned int i;
d = &(key->data[0]);
key->x = 0;
key->y = 0;
id1 = id2 = 0;
#define SK_LOOP(d,n) { \
tmp=d[(n)]; \
id2 = (data[id1] + tmp + id2) & 0xff; \
if (++id1 == len) id1=0; \
d[(n)]=d[id2]; \
d[id2]=tmp; }
for (i = 0; i < 256; i++)
d[i] = i;
for (i = 0; i < 256; i += 4) {
SK_LOOP(d, i + 0);
SK_LOOP(d, i + 1);
SK_LOOP(d, i + 2);
SK_LOOP(d, i + 3);
}
}