X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fevp%2Fe_aes_cbc_hmac_sha256.c;h=e3156039c618c0e454ad9c1815f16b5e2a7cf73f;hp=c2c48f045c3131c2ba5d18d71fdafc22571a8f10;hb=2893a302a9b6a70161d1859d985a52af11b2195d;hpb=9587429fa07a34066107e926fbc8708220f058fa

diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c
index c2c48f045c..e3156039c6 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha256.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha256.c
@@ -208,7 +208,8 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
 	u64		seqnum;
 #endif
 
-	RAND_bytes((IVs=blocks[0].c),16*x4);	/* ask for IVs in bulk */
+	if (RAND_bytes((IVs=blocks[0].c),16*x4)<=0)	/* ask for IVs in bulk */
+		return 0;
 
 	ctx = (SHA256_MB_CTX *)(storage+32-((size_t)storage%32));	/* align */
 
@@ -241,6 +242,9 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
 #endif
 	for (i=0;i<x4;i++) {
 		unsigned int len = (i==(x4-1)?last:frag);
+#if !defined(BSWAP8)
+		unsigned int carry, j;
+#endif
 
 		ctx->A[i] = key->md.h[0];
 		ctx->B[i] = key->md.h[1];
@@ -255,13 +259,9 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
 #if defined(BSWAP8)
 		blocks[i].q[0] = BSWAP8(seqnum+i);
 #else
-		blocks[i].c[7] += ((u8*)key->md.data)[7]+i;
-		if (blocks[i].c[7] < i) {
-			int j;
-
-			for (j=6;j>=0;j--) {
-				if (blocks[i].c[j]=((u8*)key->md.data)[j]+1) break;
-			}
+		for (carry=i,j=8;j--;) {
+			blocks[i].c[j] = ((u8*)key->md.data)[j]+carry;
+			carry = (blocks[i].c[j]-carry)>>(sizeof(carry)*8-1);
 		}
 #endif
 		blocks[i].c[8] = ((u8*)key->md.data)[8];
@@ -329,10 +329,18 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
 		len += 64+13;		/* 64 is HMAC header */
 		len *= 8;		/* convert to bits */
 		if (off<(64-8)) {
+#ifdef BSWAP4
 			blocks[i].d[15] = BSWAP4(len);
+#else
+			PUTU32(blocks[i].c+60,len);
+#endif
 			edges[i].blocks = 1;			
 		} else {
+#ifdef BSWAP4
 			blocks[i].d[31] = BSWAP4(len);
+#else
+			PUTU32(blocks[i].c+124,len);
+#endif
 			edges[i].blocks = 2;
 		}
 		edges[i].ptr = blocks[i].c;
@@ -343,6 +351,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
 
 	memset(blocks,0,sizeof(blocks));
 	for (i=0;i<x4;i++) {
+#ifdef BSWAP4
 		blocks[i].d[0] = BSWAP4(ctx->A[i]);	ctx->A[i] = key->tail.h[0];
 		blocks[i].d[1] = BSWAP4(ctx->B[i]);	ctx->B[i] = key->tail.h[1];
 		blocks[i].d[2] = BSWAP4(ctx->C[i]);	ctx->C[i] = key->tail.h[2];
@@ -353,6 +362,18 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
 		blocks[i].d[7] = BSWAP4(ctx->H[i]);	ctx->H[i] = key->tail.h[7];
 		blocks[i].c[32] = 0x80;
 		blocks[i].d[15] = BSWAP4((64+32)*8);
+#else
+		PUTU32(blocks[i].c+0,ctx->A[i]);	ctx->A[i] = key->tail.h[0];
+		PUTU32(blocks[i].c+4,ctx->B[i]);	ctx->B[i] = key->tail.h[1];
+		PUTU32(blocks[i].c+8,ctx->C[i]);	ctx->C[i] = key->tail.h[2];
+		PUTU32(blocks[i].c+12,ctx->D[i]);	ctx->D[i] = key->tail.h[3];
+		PUTU32(blocks[i].c+16,ctx->E[i]);	ctx->E[i] = key->tail.h[4];
+		PUTU32(blocks[i].c+20,ctx->F[i]);	ctx->F[i] = key->tail.h[5];
+		PUTU32(blocks[i].c+24,ctx->G[i]);	ctx->G[i] = key->tail.h[6];
+		PUTU32(blocks[i].c+28,ctx->H[i]);	ctx->H[i] = key->tail.h[7];
+		blocks[i].c[32] = 0x80;
+		PUTU32(blocks[i].c+60,(64+32)*8);
+#endif
 		edges[i].ptr = blocks[i].c;
 		edges[i].blocks = 1;
 	}
@@ -370,14 +391,14 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
 		out += 5+16+len;
 
 		/* write MAC */
-		((u32 *)out)[0] = BSWAP4(ctx->A[i]);
-		((u32 *)out)[1] = BSWAP4(ctx->B[i]);
-		((u32 *)out)[2] = BSWAP4(ctx->C[i]);
-		((u32 *)out)[3] = BSWAP4(ctx->D[i]);
-		((u32 *)out)[4] = BSWAP4(ctx->E[i]);
-		((u32 *)out)[5] = BSWAP4(ctx->F[i]);
-		((u32 *)out)[6] = BSWAP4(ctx->G[i]);
-		((u32 *)out)[7] = BSWAP4(ctx->H[i]);
+		PUTU32(out+0,ctx->A[i]);
+		PUTU32(out+4,ctx->B[i]);
+		PUTU32(out+8,ctx->C[i]);
+		PUTU32(out+12,ctx->D[i]);
+		PUTU32(out+16,ctx->E[i]);
+		PUTU32(out+20,ctx->F[i]);
+		PUTU32(out+24,ctx->G[i]);
+		PUTU32(out+28,ctx->H[i]);
 		out += 32;
 		len += 32;
 
@@ -704,6 +725,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
 	{
 	EVP_AES_HMAC_SHA256 *key = data(ctx);
+	unsigned int u_arg = (unsigned int)arg;
 
 	switch (type)
 		{
@@ -714,7 +736,10 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, vo
 
 		memset (hmac_key,0,sizeof(hmac_key));
 
-		if (arg > (int)sizeof(hmac_key)) {
+		if (arg < 0)
+			return -1;
+
+		if (u_arg > sizeof(hmac_key)) {
 			SHA256_Init(&key->head);
 			SHA256_Update(&key->head,ptr,arg);
 			SHA256_Final(hmac_key,&key->head);
@@ -774,7 +799,10 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, vo
 		unsigned int n4x=1, x4;
 		unsigned int frag, last, packlen, inp_len;
 
-		if (arg<sizeof(EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM)) return -1;
+		if (arg < 0)
+			return -1;
+
+		if (u_arg < sizeof(EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM)) return -1;
 
 		inp_len = param->inp[11]<<8|param->inp[12];