diff --git a/configure.ac b/configure.ac index 09d9fb492..4eed7ec52 100644 --- a/configure.ac +++ b/configure.ac @@ -6,7 +6,7 @@ # # -AC_INIT([cyassl],[2.0.0rc3c],[http://www.yassl.com]) +AC_INIT([cyassl],[2.0.0rc3d],[http://www.yassl.com]) AC_CONFIG_AUX_DIR(config) @@ -177,6 +177,19 @@ then fi +# Fortress build +AC_ARG_ENABLE(fortress, + [ --enable-fortress Enable SSL fortress build (default: disabled)], + [ ENABLED_FORTRESS=$enableval ], + [ ENABLED_FORTRESS=no ] + ) + +if test "$ENABLED_FORTRESS" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA -DCYASSL_DES_ECB -DCYASSL_AES_DIRECT" +fi + + # ssl bump build AC_ARG_ENABLE(bump, [ --enable-bump Enable SSL Bump build (default: disabled)], diff --git a/ctaocrypt/src/aes.c b/ctaocrypt/src/aes.c index 0756d0ca9..8b6cb7d48 100644 --- a/ctaocrypt/src/aes.c +++ b/ctaocrypt/src/aes.c @@ -847,7 +847,8 @@ int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv, checkAESNI = 1; } if (haveAESNI) { - XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE); + if (iv) + XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE); if (dir == AES_ENCRYPTION) return AES_set_encrypt_key(userKey, keylen * 8, aes); else @@ -975,7 +976,8 @@ int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv, Td[3][Te[4][GETBYTE(rk[3], 0)] & 0xff]; } } - XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE); + if (iv) + XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE); return 0; } @@ -1327,5 +1329,24 @@ void AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) } +#ifdef CYASSL_AES_DIRECT + +/* Allow direct access to one block encrypt */ +void AesEncryptDirect(Aes* aes, byte* out, const byte* in) +{ + return AesEncrypt(aes, in, out); +} + + +/* Allow direct access to one block decrypt */ +void AesDecryptDirect(Aes* aes, byte* out, const byte* in) +{ + return AesDecrypt(aes, in, out); +} + + +#endif + + #endif /* NO_AES */ diff --git a/ctaocrypt/src/des3.c b/ctaocrypt/src/des3.c index ff92e9aa1..1abd7c2cd 100644 --- a/ctaocrypt/src/des3.c +++ b/ctaocrypt/src/des3.c @@ -330,8 +330,9 @@ static INLINE int Reverse(int dir) void Des_SetKey(Des* des, const byte* key, const byte* iv, int dir) { DesSetKey(key, dir, des->key); - - XMEMCPY(des->reg, iv, DES_BLOCK_SIZE); + + if (iv) /* added ecb support so may not have iv */ + XMEMCPY(des->reg, iv, DES_BLOCK_SIZE); } @@ -493,5 +494,22 @@ void Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz) } } +#ifdef CYASSL_DES_ECB + +/* One block, compatibility only */ +void Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz) +{ + word32 blocks = sz / DES_BLOCK_SIZE; + + while (blocks--) { + DesProcessBlock(des, in, out); + + out += DES_BLOCK_SIZE; + in += DES_BLOCK_SIZE; + } +} + +#endif /* CYASSL_DES_ECB */ + #endif /* NO_DES3 */ diff --git a/cyassl/ctaocrypt/aes.h b/cyassl/ctaocrypt/aes.h index 99f200fa9..49a4d44bd 100644 --- a/cyassl/ctaocrypt/aes.h +++ b/cyassl/ctaocrypt/aes.h @@ -74,6 +74,8 @@ CYASSL_API int AesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv, int dir); CYASSL_API void AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz); CYASSL_API void AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz); +CYASSL_API void AesEncryptDirect(Aes* aes, byte* out, const byte* in); +CYASSL_API void AesDecryptDirect(Aes* aes, byte* out, const byte* in); #ifdef __cplusplus diff --git a/cyassl/ctaocrypt/des3.h b/cyassl/ctaocrypt/des3.h index 6b79dbc1e..993c852a0 100644 --- a/cyassl/ctaocrypt/des3.h +++ b/cyassl/ctaocrypt/des3.h @@ -61,6 +61,7 @@ typedef struct Des3 { CYASSL_API void Des_SetKey(Des* des, const byte* key, const byte* iv, int dir); CYASSL_API void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz); CYASSL_API void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz); +CYASSL_API void Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz); CYASSL_API void Des3_SetKey(Des3* des, const byte* key, const byte* iv,int dir); CYASSL_API void Des3_CbcEncrypt(Des3* des, byte* out, const byte* in,word32 sz);