Don't do loop detection for self signed check.

[openssl.git] / crypto / modes / xts128.c

diff --git a/crypto/modes/xts128.c b/crypto/modes/xts128.c
index de1f5a11fa244eafaed4597d8fa34a7547499ad1..9cf27a25e9607b67cfcd5b696b5cdbf1e9aae77f 100644 (file)
--- a/crypto/modes/xts128.c
+++ b/crypto/modes/xts128.c
@@ -58,12 +58,7 @@
 #endif
 #include <assert.h>
 
-typedef struct {
-       void      *key1, *key2;
-       block128_f block1,block2;
-} XTS128_CONTEXT;
-
-int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, u64 secno,
+int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, const unsigned char iv[16],
        const unsigned char *inp, unsigned char *out,
        size_t len, int enc)
 {
@@ -73,15 +68,7 @@ int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, u64 secno,
 
        if (len<16) return -1;
 
-       if (is_endian.little) {
-               tweak.u[0] = secno;
-               tweak.u[1] = 0;
-       }
-       else {
-               PUTU32(tweak.c,secno);
-               PUTU32(tweak.c+4,secno>>32);
-               tweak.u[1] = 0;
-       }
+       memcpy(tweak.c, iv, 16);
 
        (*ctx->block2)(tweak.c,tweak.c,ctx->key2);
 
@@ -97,9 +84,14 @@ int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, u64 secno,
                scratch.u[1] = ((u64*)inp)[1]^tweak.u[1];
 #endif
                (*ctx->block1)(scratch.c,scratch.c,ctx->key1);
+#if defined(STRICT_ALIGNMENT)
                scratch.u[0] ^= tweak.u[0];
                scratch.u[1] ^= tweak.u[1];
                memcpy(out,scratch.c,16);
+#else
+               ((u64*)out)[0] = scratch.u[0]^=tweak.u[0];
+               ((u64*)out)[1] = scratch.u[1]^=tweak.u[1];
+#endif
                inp += 16;
                out += 16;
                len -= 16;
@@ -110,19 +102,20 @@ int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, u64 secno,
                        unsigned int carry,res;
                        
                        res = 0x87&(((int)tweak.d[3])>>31);
-                       carry = tweak.u[0]>>63;
+                       carry = (unsigned int)(tweak.u[0]>>63);
                        tweak.u[0] = (tweak.u[0]<<1)^res;
                        tweak.u[1] = (tweak.u[1]<<1)|carry;
                }
                else {
-                       unsigned int carry,c;
+                       size_t c;
 
-                       for (carry=0,i=0;i<16;++i) {
-                               c = tweak.c[i];
-                               tweak.c[i] = (c<<1)|carry;
-                               carry = c>>7;
+                       for (c=0,i=0;i<16;++i) {
+                               /*+ substitutes for |, because c is 1 bit */ 
+                               c += ((size_t)tweak.c[i])<<1;
+                               tweak.c[i] = (u8)c;
+                               c = c>>8;
                        }
-                       tweak.c[0] ^= 0x87&(0-carry);
+                       tweak.c[0] ^= (u8)(0x87&(0-c));
                }
        }
        if (enc) {
@@ -145,19 +138,20 @@ int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, u64 secno,
                        unsigned int carry,res;
 
                        res = 0x87&(((int)tweak.d[3])>>31);
-                       carry = tweak.u[0]>>63;
+                       carry = (unsigned int)(tweak.u[0]>>63);
                        tweak1.u[0] = (tweak.u[0]<<1)^res;
                        tweak1.u[1] = (tweak.u[1]<<1)|carry;
                }
                else {
-                       unsigned int carry,c;
+                       size_t c;
 
-                       for (carry=0,i=0;i<16;++i) {
-                               c = tweak.c[i];
-                               tweak1.c[i] = (c<<1)|carry;
-                               carry = c>>7;
+                       for (c=0,i=0;i<16;++i) {
+                               /*+ substitutes for |, because c is 1 bit */ 
+                               c += ((size_t)tweak.c[i])<<1;
+                               tweak1.c[i] = (u8)c;
+                               c = c>>8;
                        }
-                       tweak1.c[0] ^= 0x87&(0-carry);
+                       tweak1.c[0] ^= (u8)(0x87&(0-c));
                }
 #if defined(STRICT_ALIGNMENT)
                memcpy(scratch.c,inp,16);
@@ -179,9 +173,14 @@ int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, u64 secno,
                scratch.u[0] ^= tweak.u[0];
                scratch.u[1] ^= tweak.u[1];
                (*ctx->block1)(scratch.c,scratch.c,ctx->key1);
+#if defined(STRICT_ALIGNMENT)
                scratch.u[0] ^= tweak.u[0];
                scratch.u[1] ^= tweak.u[1];
                memcpy (out,scratch.c,16);
+#else
+               ((u64*)out)[0] = scratch.u[0]^tweak.u[0];
+               ((u64*)out)[1] = scratch.u[1]^tweak.u[1];
+#endif
        }
 
        return 0;