update DRBG to handle new file format

(backport from HEAD)

Configure

@@ -463,8 +463,8 @@ my %table=(
 "aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-pthread:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:${ppc64_asm}:aix64:dlfcn:aix-shared::-maix64 -shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64",
 # Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE
 # at build time. $OBJECT_MODE is respected at ./config stage!
-"aix-cc",   "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::BN_LLONG RC4_CHAR:${ppc32_asm}:aix32:dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
-"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:${ppc64_asm}:aix64:dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
+"aix-cc",   "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR:${ppc32_asm}:aix32:dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
+"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:${ppc64_asm}:aix64:dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
 
 #
 # Cray T90 and similar (SDSC)

TABLE

@@ -862,7 +862,7 @@ $multilib     =
 $cc           = cc
 $cflags       = -q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst
 $unistd       = 
-$thread_cflag = -qthreaded
+$thread_cflag = -qthreaded -D_THREAD_SAFE
 $sys_id       = AIX
 $lflags       = 
 $bn_ops       = BN_LLONG RC4_CHAR
@@ -961,7 +961,7 @@ $multilib     =
 $cc           = cc
 $cflags       = -q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst
 $unistd       = 
-$thread_cflag = -qthreaded
+$thread_cflag = -qthreaded -D_THREAD_SAFE
 $sys_id       = AIX
 $lflags       = 
 $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR

crypto/cmac/cmac.c

@@ -77,19 +77,17 @@ struct CMAC_CTX_st
 
 /* Make temporary keys K1 and K2 */
 
-static void make_kn(unsigned char *k1, unsigned char *l, int bl)
+static void make_kn(unsigned char *k1, const unsigned char *l, int bl)
 	{
 	int i;
+	unsigned char c = l[0], carry = c>>7, cnext;
+
 	/* Shift block to left, including carry */
-	for (i = 0; i < bl; i++)
-		{
-		k1[i] = l[i] << 1;
-		if (i < bl - 1 && l[i + 1] & 0x80)
-			k1[i] |= 1;
-		}
+	for (i = 0; i < bl-1; i++, c = cnext)
+		k1[i] = (c << 1) | ((cnext=l[i+1]) >> 7);
+
 	/* If MSB set fixup with R */
-	if (l[0] & 0x80)
-		k1[bl - 1] ^= bl == 16 ? 0x87 : 0x1b;
+	k1[i] = (c << 1) ^ ((0-carry)&(bl==16?0x87:0x1b));
 	}
 
 CMAC_CTX *CMAC_CTX_new(void)
@@ -153,6 +151,8 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
 			return 0;
 		if (!M_EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv))
 			return 0;
+		memset(ctx->tbl, 0, M_EVP_CIPHER_CTX_block_size(&ctx->cctx));	
+		ctx->nlast_block = 0;
 		return 1;
 		}
 	/* Initialiase context */

crypto/evp/e_aes.c

@@ -956,8 +956,6 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
 	if (!gctx->iv_set)
 		return -1;
-	if (!ctx->encrypt && gctx->taglen < 0)
-		return -1;
 	if (in)
 		{
 		if (out == NULL)
@@ -999,6 +997,8 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 		{
 		if (!ctx->encrypt)
 			{
+			if (gctx->taglen < 0)
+				return -1;
 			if (CRYPTO_gcm128_finish(&gctx->gcm,
 					ctx->buf, gctx->taglen) != 0)
 				return -1;
@@ -1195,6 +1195,7 @@ static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 			vpaes_set_encrypt_key(key, ctx->key_len*8, &cctx->ks);
 			CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
 					&cctx->ks, (block128_f)vpaes_encrypt);
+			cctx->str = NULL;
 			cctx->key_set = 1;
 			break;
 			}

crypto/modes/gcm128.c

@@ -1403,7 +1403,7 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx,const unsigned char *tag,
 	void (*gcm_gmult_p)(u64 Xi[2],const u128 Htable[16])	= ctx->gmult;
 #endif
 
-	if (ctx->mres)
+	if (ctx->mres || ctx->ares)
 		GCM_MUL(ctx,Xi);
 
 	if (is_endian.little) {

crypto/sha/asm/sha1-armv4-large.pl

@@ -177,6 +177,7 @@ for($i=0;$i<5;$i++) {
 $code.=<<___;
 	teq	$Xi,sp
 	bne	.L_00_15		@ [((11+4)*5+2)*3]
+	sub	sp,sp,#25*4
 ___
 	&BODY_00_15(@V);	unshift(@V,pop(@V));
 	&BODY_16_19(@V);	unshift(@V,pop(@V));
@@ -186,7 +187,6 @@ ___
 $code.=<<___;
 
 	ldr	$K,.LK_20_39		@ [+15+16*4]
-	sub	sp,sp,#25*4
 	cmn	sp,#0			@ [+3], clear carry to denote 20_39
 .L_20_39_or_60_79:
 ___

fips/aes/fips_gcmtest.c

@@ -208,6 +208,8 @@ static void gcmtest(FILE *in, FILE *out, int encrypt)
 				ct = OPENSSL_malloc(ptlen);
 				rv = FIPS_cipher(&ctx, ct, pt, ptlen);
 				}
+			else
+				FIPS_cipher(&ctx, iv, iv, 0);
 			FIPS_cipher(&ctx, NULL, NULL, 0);
 			FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG,
 								taglen, tag);	
@@ -242,6 +244,8 @@ static void gcmtest(FILE *in, FILE *out, int encrypt)
 				pt = OPENSSL_malloc(ptlen);
 				rv = FIPS_cipher(&ctx, pt, ct, ptlen);
 				}
+			else
+				FIPS_cipher(&ctx, iv, iv, 0);
 			rv = FIPS_cipher(&ctx, NULL, NULL, 0);
 			if (rv < 0)
 				fprintf(out, "FAIL" RESP_EOL);

fips/fips_canister.c

@@ -34,8 +34,7 @@ const void         *FIPS_text_end(void);
 				  defined(__mips__)|| defined(__mips)))	|| \
         (defined(__NetBSD__)  && (defined(__powerpc__) || defined(__i386))) || \
 	(defined(__linux)     && ((defined(__PPC__) && !defined(__PPC64__)) || \
-				  defined(__arm__) || defined(__arm)) || \
-				  defined(__mips__))	|| \
+				  defined(__arm__) || defined(__arm)))	|| \
 	(defined(__APPLE__) /* verified on all MacOS X & iOS flavors */)|| \
 	(defined(_TMS320C6X))						|| \
 	(defined(_WIN32)      && defined(_MSC_VER))

fips/rand/fips_drbgvs.c

@@ -182,7 +182,7 @@ int main(int argc,char **argv)
 	int r, nid = 0;
 	int pr = 0;
 	char buf[2048], lbuf[2048];
-	unsigned char randout[2048];
+	unsigned char *randout = NULL;
 	char *keyword = NULL, *value = NULL;
 
 	unsigned char *ent = NULL, *nonce = NULL, *pers = NULL, *adin = NULL;
@@ -298,6 +298,8 @@ int main(int argc,char **argv)
 			else
 				exit(1);
 			}
+		if (!strcmp(keyword, "[ReturnedBitsLen"))
+			randoutlen = atoi(value) / 8;
 
 		if (!strcmp(keyword, "EntropyInput"))
 			{
@@ -327,7 +329,11 @@ int main(int argc,char **argv)
 			FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0,
 							test_nonce, 0);
 			FIPS_drbg_set_app_data(dctx, &t);
-			randoutlen = (int)FIPS_drbg_get_blocklength(dctx);
+			if (randoutlen == 0)
+				randoutlen = (int)FIPS_drbg_get_blocklength(dctx);
+			if (randout)
+				OPENSSL_free(randout);
+			randout = OPENSSL_malloc(randoutlen);
 			r = FIPS_drbg_instantiate(dctx, pers, perslen);
 			if (!r)
 				{
@@ -406,6 +412,8 @@ int main(int argc,char **argv)
 			}
 
 		}
+	if (randout)
+		OPENSSL_free(randout);
 	if (in && in != stdin)
 		fclose(in);
 	if (out && out != stdout)

fips/utl/fips_enc.c

@@ -208,6 +208,7 @@ int FIPS_cipherinit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
 			break;
 
 			case EVP_CIPH_CTR_MODE:
+			ctx->num = 0;
 			/* Don't reuse IV for CTR mode */
 			if(iv)
 				memcpy(ctx->iv, iv, M_EVP_CIPHER_CTX_iv_length(ctx));

util/pl/VC-32.pl

@@ -127,14 +127,8 @@ elsif ($FLAVOR =~ /CE/)
     $base_cflags.=" $wcecdefs";
     $base_cflags.=' -I$(WCECOMPAT)/include'		if (defined($ENV{'WCECOMPAT'}));
     $base_cflags.=' -I$(PORTSDK_LIBPATH)/../../include'	if (defined($ENV{'PORTSDK_LIBPATH'}));
-    if ($ENV{PLATFORM} =~ /wce7/i) {
-      $opt_cflags=' /MT /O1i';	# optimize for space, but with intrinsics...
-      $dbg_cflags=' /MT /Od -DDEBUG -D_DEBUG';
-    } else {
-      $opt_cflags=' /MC /O1i';	# optimize for space, but with intrinsics...
-      $dbg_cflags=' /MC /Od -DDEBUG -D_DEBUG';
-    }
-
+    $opt_cflags=' /MC /O1i';	# optimize for space, but with intrinsics...
+    $dbg_clfags=' /MC /Od -DDEBUG -D_DEBUG';
     $lflags="/nologo /opt:ref $wcelflag";
     }
 else	# Win32