e_aes_cbc_hmac_sha1.c: fix rare bad record mac on AES-NI plaforms.
[openssl.git] / crypto / evp / e_aes.c
index 0c6ef73..1bfb5d9 100644 (file)
@@ -144,6 +144,14 @@ void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
                        size_t blocks, const AES_KEY *key,
                        const unsigned char ivec[AES_BLOCK_SIZE]);
 #endif
+#ifdef AES_XTS_ASM
+void AES_xts_encrypt(const char *inp,char *out,size_t len,
+                       const AES_KEY *key1, const AES_KEY *key2,
+                       const unsigned char iv[16]);
+void AES_xts_decrypt(const char *inp,char *out,size_t len,
+                       const AES_KEY *key1, const AES_KEY *key2,
+                       const unsigned char iv[16]);
+#endif
 
 #if    defined(AES_ASM) && !defined(I386_ONLY) &&      (  \
        ((defined(__i386)       || defined(__i386__)    || \
@@ -961,8 +969,6 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
        if (!gctx->iv_set)
                return -1;
-       if (!ctx->encrypt && gctx->taglen < 0)
-               return -1;
        if (in)
                {
                if (out == NULL)
@@ -1004,6 +1010,8 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                {
                if (!ctx->encrypt)
                        {
+                       if (gctx->taglen < 0)
+                               return -1;
                        if (CRYPTO_gcm128_finish(&gctx->gcm,
                                        ctx->buf, gctx->taglen) != 0)
                                return -1;
@@ -1050,7 +1058,11 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 
        if (key) do
                {
+#ifdef AES_XTS_ASM
+               xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt;
+#else
                xctx->stream = NULL;
+#endif
                /* key_len is two AES keys */
 #ifdef BSAES_CAPABLE
                if (BSAES_CAPABLE)
@@ -1205,6 +1217,7 @@ static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                        vpaes_set_encrypt_key(key, ctx->key_len*8, &cctx->ks);
                        CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
                                        &cctx->ks, (block128_f)vpaes_encrypt);
+                       cctx->str = NULL;
                        cctx->key_set = 1;
                        break;
                        }