evp/e_aes_cbc_hmac_sha*.c: harmonize names, fix bugs.
authorAndy Polyakov <appro@openssl.org>
Tue, 8 Oct 2013 21:39:26 +0000 (23:39 +0200)
committerAndy Polyakov <appro@openssl.org>
Tue, 8 Oct 2013 21:39:26 +0000 (23:39 +0200)
crypto/evp/e_aes_cbc_hmac_sha1.c
crypto/evp/e_aes_cbc_hmac_sha256.c

index 583fe8c..15e9638 100644 (file)
@@ -71,8 +71,8 @@
 #define EVP_CIPH_FLAG_DEFAULT_ASN1 0
 #endif
 
-#if !defined(EVP_CIPH_FLAG_TLS11_MULTI_BLOCK)
-#define EVP_CIPH_FLAG_TLS11_MULTI_BLOCK 0
+#if !defined(EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)
+#define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0
 #endif
 
 #define TLS1_1_VERSION 0x0302
@@ -95,7 +95,7 @@ typedef struct
        defined(_M_AMD64)       || defined(_M_X64)      || \
        defined(__INTEL__)      )
 
-extern unsigned int OPENSSL_ia32cap_P[2];
+extern unsigned int OPENSSL_ia32cap_P[3];
 #define AESNI_CAPABLE   (1<<(57-32))
 
 int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
@@ -177,7 +177,7 @@ static void sha1_update(SHA_CTX *c,const void *data,size_t len)
 #endif
 #define SHA1_Update sha1_update
 
-#if EVP_CIPH_FLAG_TLS11_MULTI_BLOCK
+#if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
 
 typedef struct { unsigned int A[8],B[8],C[8],D[8],E[8]; } SHA1_MB_CTX;
 typedef struct { const unsigned char *ptr; int blocks;  } HASH_DESC;
@@ -185,11 +185,11 @@ typedef struct { const unsigned char *ptr; int blocks;  } HASH_DESC;
 void sha1_multi_block(SHA1_MB_CTX *,const HASH_DESC *,int);
 
 typedef struct { const unsigned char *inp; unsigned char *out;
-                int blocks; double iv[2]; } CIPH_DESC; 
+                int blocks; u64 iv[2]; } CIPH_DESC; 
 
 void aesni_multi_cbc_encrypt(CIPH_DESC *,void *,int);
 
-static size_t tls11_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
+static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
        unsigned char *out, const unsigned char *inp, size_t inp_len,
        int n4x)        /* n4x is 1 or 2 */
 {
@@ -202,6 +202,7 @@ static size_t tls11_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
        SHA1_MB_CTX     *ctx;
        unsigned int    frag, last, packlen, i, x4=4*n4x;
        size_t          ret = 0;
+       u8              *IVs;
 
        ctx = (SHA1_MB_CTX *)(storage+32-((size_t)storage%32)); /* align */
 
@@ -228,21 +229,21 @@ static size_t tls11_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
 #if defined(BSWAP8)
                blocks[i].q[0] = BSWAP8(BSWAP8(*(u64*)key->md.data)+i);
 #else
-               blocks[i].c[7] += key->md.data[7]+i;
+               blocks[i].c[7] += ((u8*)key->md.data)[7]+i;
                if (blocks[i].c[7] < i) {
                        int j;
 
                        for (j=6;j>=0;j--) {
-                               if (blocks[i].c[j]=key->md.data[j]+1) break;
+                               if (blocks[i].c[j]=((u8*)key->md.data)[j]+1) break;
                        }
                }
 #endif
-               blocks[i].c[8] = key->md.data[8];
-               blocks[i].c[9] = key->md.data[9];
-               blocks[i].c[10] = key->md.data[10];
+               blocks[i].c[8] = ((u8*)key->md.data)[8];
+               blocks[i].c[9] = ((u8*)key->md.data)[9];
+               blocks[i].c[10] = ((u8*)key->md.data)[10];
                /* fix length */
-               blocks[i].c[11] = (unsigned char)(len>>8);
-               blocks[i].c[12] = (unsigned char)(len);
+               blocks[i].c[11] = (u8)(len>>8);
+               blocks[i].c[12] = (u8)(len);
 
                memcpy(blocks[i].c+13,hash_d[i].ptr,64-13);
                hash_d[i].ptr += 64-13;
@@ -252,7 +253,9 @@ static size_t tls11_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
                edges[i].blocks = 1;
        }
 
+       /* hash 13-byte headers and first 64-13 bytes of inputs */
        sha1_multi_block(ctx,edges,n4x);
+       /* hash bulk inputs */
        sha1_multi_block(ctx,hash_d,n4x);
 
        memset(blocks,0,sizeof(blocks));
@@ -276,6 +279,7 @@ static size_t tls11_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
                edges[i].ptr = blocks[i].c;
        }
 
+       /* hash input tails and finalize */
        sha1_multi_block(ctx,edges,n4x);
 
        memset(blocks,0,sizeof(blocks));
@@ -291,6 +295,7 @@ static size_t tls11_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
                edges[i].blocks = 1;
        }
 
+       /* finalize MACs */
        sha1_multi_block(ctx,edges,n4x);
 
        packlen = 5+16+((frag+20+16)&-16);
@@ -298,6 +303,8 @@ static size_t tls11_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
        out += (packlen<<(1+n4x))-packlen;
        inp += (frag<<(1+n4x))-frag;
 
+       RAND_bytes((IVs=blocks[0].c),16*x4);    /* ask for IVs in bulk */
+
        for (i=x4-1;;i--) {
                unsigned int len = (i==(x4-1)?last:frag), pad, j;
                unsigned char *out0 = out;
@@ -308,42 +315,49 @@ static size_t tls11_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
 
                memmove(out,inp,len);
                out += len;
-               inp -= frag;
 
+               /* write MAC */
                ((u32 *)out)[0] = BSWAP4(ctx->A[i]);
                ((u32 *)out)[1] = BSWAP4(ctx->B[i]);
                ((u32 *)out)[2] = BSWAP4(ctx->C[i]);
                ((u32 *)out)[3] = BSWAP4(ctx->D[i]);
                ((u32 *)out)[4] = BSWAP4(ctx->E[i]);
                out += 20;
-               len += 20+16;
+               len += 20;
 
+               /* pad */
                pad = 15-len%16;
                for (j=0;j<=pad;j++) *(out++) = pad;
                len += pad+1;
 
                ciph_d[i].blocks = len/16;
+               len += 16;      /* account for explicit iv */
 
                /* arrange header */
-               out0[0] = key->md.data[8];
-               out0[1] = key->md.data[9];
-               out0[2] = key->md.data[10];
-               out0[3] = (unsigned char)(len>>8);
-               out0[4] = (unsigned char)(len);
+               out0[0] = ((u8*)key->md.data)[8];
+               out0[1] = ((u8*)key->md.data)[9];
+               out0[2] = ((u8*)key->md.data)[10];
+               out0[3] = (u8)(len>>8);
+               out0[4] = (u8)(len);
 
                /* explicit iv */
-               RAND_bytes((u8 *)ciph_d[i].iv, 16);
-               memcpy(&out[5], ciph_d[i].iv, 16);
+               memcpy(ciph_d[i].iv, IVs, 16);
+               memcpy(&out0[5],     IVs, 16);
 
                ret += len+5;
 
                if (i==0) break;
 
                out = out0-packlen;
+               inp -= frag;
+               IVs += 16;
        }
 
        aesni_multi_cbc_encrypt(ciph_d,&key->ks,n4x);
 
+       OPENSSL_cleanse(blocks,sizeof(blocks));
+       OPENSSL_cleanse(ctx,sizeof(*ctx));
+
        return ret;
 }
 #endif
@@ -686,15 +700,15 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void
                        return SHA_DIGEST_LENGTH;
                        }
                }
-#if EVP_EVP_CIPH_FLAG_TLS11_MULTI_BLOCK
-       case EVP_CTRL_TLS11_MULTI_BLOCK_AAD:
+#if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
+       case EVP_CTRL_TLS1_1_MULTIBLOCK_AAD:
                {
-               EVP_CTRL_TLS11_MULTI_BLOCK_PARAM *param =
-                       (EVP_CTRL_TLS11_MULTI_BLOCK_PARAM *)ptr;
+               EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param =
+                       (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *)ptr;
                unsigned int n4x=1, x4;
                unsigned int frag, last, packlen, inp_len;
 
-               if (arg<sizeof(EVP_CTRL_TLS11_MULTI_BLOCK_PARAM)) return -1;
+               if (arg<sizeof(EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM)) return -1;
 
                inp_len = param->inp[11]<<8|param->inp[12];
 
@@ -702,10 +716,10 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void
                        {
                        if ((param->inp[9]<<8|param->inp[10]) < TLS1_1_VERSION)
                                return -1;
-       
-                       if (inp_len<2048) return -1;    /* too short */
 
-                       if (inp_len>=6144) n4x=2;
+                       if (inp_len<4096) return 0;     /* too short */
+
+                       if (OPENSSL_ia32cap_P[2]&(1<<5)) n4x=2; /* AVX2 */
 
                        key->md = key->head;
                        SHA1_Update(&key->md,param->inp,13);
@@ -720,7 +734,7 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void
                        }
 
                        packlen = 5+16+((frag+20+16)&-16);
-                       packlen = (packlen<<(1+n4x))-packlen;
+                       packlen = (packlen<<n4x)-packlen;
                        packlen += 5+16+((last+20+16)&-16);
 
                        param->interleave = x4;
@@ -730,15 +744,15 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void
                else
                        return -1;      /* not yet */
                }
-       case EVP_CTRL_TLS11_MULTI_BLOCK_ENCRYPT:
+       case EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT:
                {
-               EVP_CTRL_TLS11_MULTI_BLOCK_PARAM *param =
-                       (EVP_CTRL_TLS11_MULTI_BLOCK_PARAM *)ptr;
+               EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param =
+                       (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *)ptr;
 
-               return tls11_multi_block_encrypt(key,param->out,param->inp,
+               return (int)tls1_1_multi_block_encrypt(key,param->out,param->inp,
                                                param->len,param->interleave/4);
                }
-       case EVP_CTRL_TLS11_MULTI_BLOCK_DECRYPT:
+       case EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT:
 #endif
        default:
                return -1;
@@ -754,7 +768,7 @@ static EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher =
 #endif
        16,16,16,
        EVP_CIPH_CBC_MODE|EVP_CIPH_FLAG_DEFAULT_ASN1|
-       EVP_CIPH_FLAG_AEAD_CIPHER|EVP_CIPH_FLAG_TLS11_MULTI_BLOCK,
+       EVP_CIPH_FLAG_AEAD_CIPHER|EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK,
        aesni_cbc_hmac_sha1_init_key,
        aesni_cbc_hmac_sha1_cipher,
        NULL,
@@ -774,7 +788,7 @@ static EVP_CIPHER aesni_256_cbc_hmac_sha1_cipher =
 #endif
        16,32,16,
        EVP_CIPH_CBC_MODE|EVP_CIPH_FLAG_DEFAULT_ASN1|
-       EVP_CIPH_FLAG_AEAD_CIPHER|EVP_CIPH_FLAG_TLS11_MULTI_BLOCK,
+       EVP_CIPH_FLAG_AEAD_CIPHER|EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK,
        aesni_cbc_hmac_sha1_init_key,
        aesni_cbc_hmac_sha1_cipher,
        NULL,
index 7d03abc..602bfa9 100644 (file)
@@ -71,8 +71,8 @@
 #define EVP_CIPH_FLAG_DEFAULT_ASN1 0
 #endif
 
-#if !defined(EVP_CIPH_FLAG_TLS11_MULTI_BLOCK)
-#define EVP_CIPH_FLAG_TLS11_MULTI_BLOCK 0
+#if !defined(EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)
+#define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0
 #endif
 
 #define TLS1_1_VERSION 0x0302
@@ -178,7 +178,7 @@ static void sha256_update(SHA256_CTX *c,const void *data,size_t len)
 #endif
 #define SHA256_Update sha256_update
 
-#if EVP_CIPH_FLAG_TLS11_MULTI_BLOCK
+#if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
 
 typedef struct { unsigned int A[8],B[8],C[8],D[8],E[8],F[8],G[8],H[8]; } SHA256_MB_CTX;
 typedef struct { const unsigned char *ptr; int blocks;  } HASH_DESC;
@@ -186,11 +186,11 @@ typedef struct { const unsigned char *ptr; int blocks;  } HASH_DESC;
 void sha256_multi_block(SHA256_MB_CTX *,const HASH_DESC *,int);
 
 typedef struct { const unsigned char *inp; unsigned char *out;
-                int blocks; double iv[2]; } CIPH_DESC; 
+                int blocks; u64 iv[2]; } CIPH_DESC; 
 
 void aesni_multi_cbc_encrypt(CIPH_DESC *,void *,int);
 
-static size_t tls11_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
+static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
        unsigned char *out, const unsigned char *inp, size_t inp_len,
        int n4x)        /* n4x is 1 or 2 */
 {
@@ -203,6 +203,7 @@ static size_t tls11_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
        SHA256_MB_CTX   *ctx;
        unsigned int    frag, last, packlen, i, x4=4*n4x;
        size_t          ret = 0;
+       u8              *IVs;
 
        ctx = (SHA256_MB_CTX *)(storage+32-((size_t)storage%32));       /* align */
 
@@ -232,21 +233,21 @@ static size_t tls11_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
 #if defined(BSWAP8)
                blocks[i].q[0] = BSWAP8(BSWAP8(*(u64*)key->md.data)+i);
 #else
-               blocks[i].c[7] += key->md.data[7]+i;
+               blocks[i].c[7] += ((u8*)key->md.data)[7]+i;
                if (blocks[i].c[7] < i) {
                        int j;
 
                        for (j=6;j>=0;j--) {
-                               if (blocks[i].c[j]=key->md.data[j]+1) break;
+                               if (blocks[i].c[j]=((u8*)key->md.data)[j]+1) break;
                        }
                }
 #endif
-               blocks[i].c[8] = key->md.data[8];
-               blocks[i].c[9] = key->md.data[9];
-               blocks[i].c[10] = key->md.data[10];
+               blocks[i].c[8] = ((u8*)key->md.data)[8];
+               blocks[i].c[9] = ((u8*)key->md.data)[9];
+               blocks[i].c[10] = ((u8*)key->md.data)[10];
                /* fix length */
-               blocks[i].c[11] = (unsigned char)(len>>8);
-               blocks[i].c[12] = (unsigned char)(len);
+               blocks[i].c[11] = (u8)(len>>8);
+               blocks[i].c[12] = (u8)(len);
 
                memcpy(blocks[i].c+13,hash_d[i].ptr,64-13);
                hash_d[i].ptr += 64-13;
@@ -256,7 +257,9 @@ static size_t tls11_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
                edges[i].blocks = 1;
        }
 
+       /* hash 13-byte headers and first 64-13 bytes of inputs */
        sha256_multi_block(ctx,edges,n4x);
+       /* hash bulk inputs */
        sha256_multi_block(ctx,hash_d,n4x);
 
        memset(blocks,0,sizeof(blocks));
@@ -280,6 +283,7 @@ static size_t tls11_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
                edges[i].ptr = blocks[i].c;
        }
 
+       /* hash input tails and finalize */
        sha256_multi_block(ctx,edges,n4x);
 
        memset(blocks,0,sizeof(blocks));
@@ -298,6 +302,7 @@ static size_t tls11_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
                edges[i].blocks = 1;
        }
 
+       /* finalize MACs */
        sha256_multi_block(ctx,edges,n4x);
 
        packlen = 5+16+((frag+32+16)&-16);
@@ -305,6 +310,8 @@ static size_t tls11_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
        out += (packlen<<(1+n4x))-packlen;
        inp += (frag<<(1+n4x))-frag;
 
+       RAND_bytes((IVs=blocks[0].c),16*x4);    /* ask for IVs in bulk */
+
        for (i=x4-1;;i--) {
                unsigned int len = (i==(x4-1)?last:frag), pad, j;
                unsigned char *out0 = out;
@@ -315,8 +322,8 @@ static size_t tls11_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
 
                memmove(out,inp,len);
                out += len;
-               inp -= frag;
 
+               /* write MAC */
                ((u32 *)out)[0] = BSWAP4(ctx->A[i]);
                ((u32 *)out)[1] = BSWAP4(ctx->B[i]);
                ((u32 *)out)[2] = BSWAP4(ctx->C[i]);
@@ -326,34 +333,41 @@ static size_t tls11_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
                ((u32 *)out)[6] = BSWAP4(ctx->G[i]);
                ((u32 *)out)[7] = BSWAP4(ctx->H[i]);
                out += 32;
-               len += 32+16;
+               len += 32;
 
+               /* pad */
                pad = 15-len%16;
                for (j=0;j<=pad;j++) *(out++) = pad;
                len += pad+1;
 
                ciph_d[i].blocks = len/16;
+               len += 16;      /* account for explicit iv */
 
                /* arrange header */
-               out0[0] = key->md.data[8];
-               out0[1] = key->md.data[9];
-               out0[2] = key->md.data[10];
-               out0[3] = (unsigned char)(len>>8);
-               out0[4] = (unsigned char)(len);
+               out0[0] = ((u8*)key->md.data)[8];
+               out0[1] = ((u8*)key->md.data)[9];
+               out0[2] = ((u8*)key->md.data)[10];
+               out0[3] = (u8)(len>>8);
+               out0[4] = (u8)(len);
 
                /* explicit iv */
-               RAND_bytes((u8 *)ciph_d[i].iv, 16);
-               memcpy(&out[5], ciph_d[i].iv, 16);
+               memcpy(ciph_d[i].iv, IVs, 16);
+               memcpy(&out0[5],     IVs, 16);
 
                ret += len+5;
 
                if (i==0) break;
 
                out = out0-packlen;
+               inp -= frag;
+               IVs += 16;
        }
 
        aesni_multi_cbc_encrypt(ciph_d,&key->ks,n4x);
 
+       OPENSSL_cleanse(blocks,sizeof(blocks));
+       OPENSSL_cleanse(ctx,sizeof(*ctx));
+
        return ret;
 }
 #endif
@@ -713,15 +727,15 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, vo
                        return SHA256_DIGEST_LENGTH;
                        }
                }
-#if EVP_EVP_CIPH_FLAG_TLS11_MULTI_BLOCK
-       case EVP_CTRL_TLS11_MULTI_BLOCK_AAD:
+#if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
+       case EVP_CTRL_TLS1_1_MULTIBLOCK_AAD:
                {
-               EVP_CTRL_TLS11_MULTI_BLOCK_PARAM *param =
-                       (EVP_CTRL_TLS11_MULTI_BLOCK_PARAM *)ptr;
+               EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param =
+                       (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *)ptr;
                unsigned int n4x=1, x4;
                unsigned int frag, last, packlen, inp_len;
 
-               if (arg<sizeof(EVP_CTRL_TLS11_MULTI_BLOCK_PARAM)) return -1;
+               if (arg<sizeof(EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM)) return -1;
 
                inp_len = param->inp[11]<<8|param->inp[12];
 
@@ -729,10 +743,10 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, vo
                        {
                        if ((param->inp[9]<<8|param->inp[10]) < TLS1_1_VERSION)
                                return -1;
-       
-                       if (inp_len<2048) return -1;    /* too short */
 
-                       if (inp_len>=6144) n4x=2;
+                       if (inp_len<2048) return 0;     /* too short */
+
+                       if (OPENSSL_ia32cap_P[2]&(1<<5)) n4x=2; /* AVX2 */
 
                        key->md = key->head;
                        SHA256_Update(&key->md,param->inp,13);
@@ -747,7 +761,7 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, vo
                        }
 
                        packlen = 5+16+((frag+32+16)&-16);
-                       packlen = (packlen<<(1+n4x))-packlen;
+                       packlen = (packlen<<n4x)-packlen;
                        packlen += 5+16+((last+32+16)&-16);
 
                        param->interleave = x4;
@@ -757,15 +771,15 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, vo
                else
                        return -1;      /* not yet */
                }
-       case EVP_CTRL_TLS11_MULTI_BLOCK_ENCRYPT:
+       case EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT:
                {
-               EVP_CTRL_TLS11_MULTI_BLOCK_PARAM *param =
-                       (EVP_CTRL_TLS11_MULTI_BLOCK_PARAM *)ptr;
+               EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param =
+                       (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *)ptr;
 
-               return tls11_multi_block_encrypt(key,param->out,param->inp,
+               return (int)tls1_1_multi_block_encrypt(key,param->out,param->inp,
                                                param->len,param->interleave/4);
                }
-       case EVP_CTRL_TLS11_MULTI_BLOCK_DECRYPT:
+       case EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT:
 #endif
        default:
                return -1;
@@ -781,7 +795,7 @@ static EVP_CIPHER aesni_128_cbc_hmac_sha256_cipher =
 #endif
        16,16,16,
        EVP_CIPH_CBC_MODE|EVP_CIPH_FLAG_DEFAULT_ASN1|
-       EVP_CIPH_FLAG_AEAD_CIPHER|EVP_CIPH_FLAG_TLS11_MULTI_BLOCK,
+       EVP_CIPH_FLAG_AEAD_CIPHER|EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK,
        aesni_cbc_hmac_sha256_init_key,
        aesni_cbc_hmac_sha256_cipher,
        NULL,
@@ -801,7 +815,7 @@ static EVP_CIPHER aesni_256_cbc_hmac_sha256_cipher =
 #endif
        16,32,16,
        EVP_CIPH_CBC_MODE|EVP_CIPH_FLAG_DEFAULT_ASN1|
-       EVP_CIPH_FLAG_AEAD_CIPHER|EVP_CIPH_FLAG_TLS11_MULTI_BLOCK,
+       EVP_CIPH_FLAG_AEAD_CIPHER|EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK,
        aesni_cbc_hmac_sha256_init_key,
        aesni_cbc_hmac_sha256_cipher,
        NULL,