- deraadt@cvs.openbsd.org 2001/12/19 07:18:56

[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h] [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c] [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c] [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c] [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c] [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c] [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config] [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c] basic KNF done while i was looking for something else
author: Damien Miller <djm@mindrot.org> 2001-12-21 14:45:46 +1100
committer: Damien Miller <djm@mindrot.org> 2001-12-21 14:45:46 +1100
commit: 9f0f5c64bc4b6144e3fed6a7f538f7c21819a492 (patch)
tree: f79317ab211f59181a61b526f566e9c8cfe70c73 /rijndael.c
parent: 89681214ca2f50a1b1ed6164c3afe1ce14995ffc (diff)
1 files changed, 175 insertions, 176 deletions
diff --git a/rijndael.c b/rijndael.c
index f28a9c669..c8ba55e78 100644
--- a/rijndael.c
+++ b/rijndael.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: rijndael.c,v 1.12 2001/09/13 09:48:39 markus Exp $ */
+/*      $OpenBSD: rijndael.c,v 1.13 2001/12/19 07:18:56 deraadt Exp $ */
 /**
 * rijndael-alg-fst.c
@@ -775,32 +775,31 @@ static int rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int
        rk[6] = GETU32(cipherKey + 24);
        rk[7] = GETU32(cipherKey + 28);
        if (keyBits == 256) {
-        for (;;) {
+                for (;;) {
-                temp = rk[ 7];
+                        temp = rk[ 7];
-                rk[ 8] = rk[ 0] ^
+                        rk[ 8] = rk[ 0] ^
-                        (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
+                                (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
-                        (Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
+                                (Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
-                        (Te4[(temp      ) & 0xff] & 0x0000ff00) ^
+                                (Te4[(temp      ) & 0xff] & 0x0000ff00) ^
-                        (Te4[(temp >> 24)       ] & 0x000000ff) ^
+                                (Te4[(temp >> 24)       ] & 0x000000ff) ^
-                        rcon[i];
+                                rcon[i];
-                rk[ 9] = rk[ 1] ^ rk[ 8];
+                        rk[ 9] = rk[ 1] ^ rk[ 8];
-                rk[10] = rk[ 2] ^ rk[ 9];
+                        rk[10] = rk[ 2] ^ rk[ 9];
-                rk[11] = rk[ 3] ^ rk[10];
+                        rk[11] = rk[ 3] ^ rk[10];
-                        if (++i == 7) {
+                                if (++i == 7) {
-                                return 14;
+                                        return 14;
-                        }
+                                }
-                temp = rk[11];
+                        temp = rk[11];
-                rk[12] = rk[ 4] ^
+                        rk[12] = rk[ 4] ^
-                        (Te4[(temp >> 24)       ] & 0xff000000) ^
+                                (Te4[(temp >> 24)       ] & 0xff000000) ^
-                        (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^
+                                (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^
-                        (Te4[(temp >>  8) & 0xff] & 0x0000ff00) ^
+                                (Te4[(temp >>  8) & 0xff] & 0x0000ff00) ^
-                        (Te4[(temp      ) & 0xff] & 0x000000ff);
+                                (Te4[(temp      ) & 0xff] & 0x000000ff);
-                rk[13] = rk[ 5] ^ rk[12];
+                        rk[13] = rk[ 5] ^ rk[12];
-                rk[14] = rk[ 6] ^ rk[13];
+                        rk[14] = rk[ 6] ^ rk[13];
-                rk[15] = rk[ 7] ^ rk[14];
+                        rk[15] = rk[ 7] ^ rk[14];
                        rk += 8;
-        }
+                }
        }
        return 0;
 }
@@ -917,28 +916,28 @@ static void rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16
        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];
        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];
    if (Nr > 10) {
-        /* round 10: */
+        /* round 10: */
-        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];
+        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];
-        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41];
+        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41];
-        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42];
+        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42];
-        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43];
+        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43];
-        /* round 11: */
+        /* round 11: */
-        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44];
+        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44];
-        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45];
+        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45];
-        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46];
+        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46];
-        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47];
+        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47];
-        if (Nr > 12) {
+        if (Nr > 12) {
-            /* round 12: */
+            /* round 12: */
-            s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48];
+            s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48];
-            s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49];
+            s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49];
-            s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50];
+            s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50];
-            s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51];
+            s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51];
-            /* round 13: */
+            /* round 13: */
-            t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52];
+            t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52];
-            t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53];
+            t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53];
-            t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54];
+            t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54];
-            t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55];
+            t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55];
-        }
+        }
    }
    rk += Nr << 2;
 #else  /* !FULL_UNROLL */
@@ -947,60 +946,60 @@ static void rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16
         */
    r = Nr >> 1;
    for (;;) {
-        t0 =
+        t0 =
-            Te0[(s0 >> 24)       ] ^
+            Te0[(s0 >> 24)       ] ^
-            Te1[(s1 >> 16) & 0xff] ^
+            Te1[(s1 >> 16) & 0xff] ^
-            Te2[(s2 >>  8) & 0xff] ^
+            Te2[(s2 >>  8) & 0xff] ^
-            Te3[(s3      ) & 0xff] ^
+            Te3[(s3      ) & 0xff] ^
-            rk[4];
+            rk[4];
-        t1 =
+        t1 =
-            Te0[(s1 >> 24)       ] ^
+            Te0[(s1 >> 24)       ] ^
-            Te1[(s2 >> 16) & 0xff] ^
+            Te1[(s2 >> 16) & 0xff] ^
-            Te2[(s3 >>  8) & 0xff] ^
+            Te2[(s3 >>  8) & 0xff] ^
-            Te3[(s0      ) & 0xff] ^
+            Te3[(s0      ) & 0xff] ^
-            rk[5];
+            rk[5];
-        t2 =
+        t2 =
-            Te0[(s2 >> 24)       ] ^
+            Te0[(s2 >> 24)       ] ^
-            Te1[(s3 >> 16) & 0xff] ^
+            Te1[(s3 >> 16) & 0xff] ^
-            Te2[(s0 >>  8) & 0xff] ^
+            Te2[(s0 >>  8) & 0xff] ^
-            Te3[(s1      ) & 0xff] ^
+            Te3[(s1      ) & 0xff] ^
-            rk[6];
+            rk[6];
-        t3 =
+        t3 =
-            Te0[(s3 >> 24)       ] ^
+            Te0[(s3 >> 24)       ] ^
-            Te1[(s0 >> 16) & 0xff] ^
+            Te1[(s0 >> 16) & 0xff] ^
-            Te2[(s1 >>  8) & 0xff] ^
+            Te2[(s1 >>  8) & 0xff] ^
-            Te3[(s2      ) & 0xff] ^
+            Te3[(s2      ) & 0xff] ^
-            rk[7];
+            rk[7];
-        rk += 8;
+        rk += 8;
-        if (--r == 0) {
+        if (--r == 0) {
-            break;
+            break;
-        }
+        }
-        s0 =
+        s0 =
-            Te0[(t0 >> 24)       ] ^
+            Te0[(t0 >> 24)       ] ^
-            Te1[(t1 >> 16) & 0xff] ^
+            Te1[(t1 >> 16) & 0xff] ^
-            Te2[(t2 >>  8) & 0xff] ^
+            Te2[(t2 >>  8) & 0xff] ^
-            Te3[(t3      ) & 0xff] ^
+            Te3[(t3      ) & 0xff] ^
-            rk[0];
+            rk[0];
-        s1 =
+        s1 =
-            Te0[(t1 >> 24)       ] ^
+            Te0[(t1 >> 24)       ] ^
-            Te1[(t2 >> 16) & 0xff] ^
+            Te1[(t2 >> 16) & 0xff] ^
-            Te2[(t3 >>  8) & 0xff] ^
+            Te2[(t3 >>  8) & 0xff] ^
-            Te3[(t0      ) & 0xff] ^
+            Te3[(t0      ) & 0xff] ^
-            rk[1];
+            rk[1];
-        s2 =
+        s2 =
-            Te0[(t2 >> 24)       ] ^
+            Te0[(t2 >> 24)       ] ^
-            Te1[(t3 >> 16) & 0xff] ^
+            Te1[(t3 >> 16) & 0xff] ^
-            Te2[(t0 >>  8) & 0xff] ^
+            Te2[(t0 >>  8) & 0xff] ^
-            Te3[(t1      ) & 0xff] ^
+            Te3[(t1      ) & 0xff] ^
-            rk[2];
+            rk[2];
-        s3 =
+        s3 =
-            Te0[(t3 >> 24)       ] ^
+            Te0[(t3 >> 24)       ] ^
-            Te1[(t0 >> 16) & 0xff] ^
+            Te1[(t0 >> 16) & 0xff] ^
-            Te2[(t1 >>  8) & 0xff] ^
+            Te2[(t1 >>  8) & 0xff] ^
-            Te3[(t2      ) & 0xff] ^
+            Te3[(t2      ) & 0xff] ^
-            rk[3];
+            rk[3];
    }
 #endif /* ?FULL_UNROLL */
    /*
@@ -1098,28 +1097,28 @@ static void rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16
    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38];
    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39];
    if (Nr > 10) {
-        /* round 10: */
+        /* round 10: */
-        s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40];
+        s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40];
-        s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41];
+        s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41];
-        s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42];
+        s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42];
-        s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43];
+        s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43];
-        /* round 11: */
+        /* round 11: */
-        t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44];
+        t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44];
-        t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45];
+        t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45];
-        t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46];
+        t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46];
-        t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47];
+        t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47];
-        if (Nr > 12) {
+        if (Nr > 12) {
-            /* round 12: */
+            /* round 12: */
-            s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48];
+            s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48];
-            s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49];
+            s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49];
-            s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50];
+            s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50];
-            s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51];
+            s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51];
-            /* round 13: */
+            /* round 13: */
-            t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52];
+            t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52];
-            t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53];
+            t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53];
-            t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54];
+            t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54];
-            t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55];
+            t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55];
-        }
+        }
    }
        rk += Nr << 2;
 #else  /* !FULL_UNROLL */
@@ -1128,60 +1127,60 @@ static void rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16
     */
    r = Nr >> 1;
    for (;;) {
-        t0 =
+        t0 =
-            Td0[(s0 >> 24)       ] ^
+            Td0[(s0 >> 24)       ] ^
-            Td1[(s3 >> 16) & 0xff] ^
+            Td1[(s3 >> 16) & 0xff] ^
-            Td2[(s2 >>  8) & 0xff] ^
+            Td2[(s2 >>  8) & 0xff] ^
-            Td3[(s1      ) & 0xff] ^
+            Td3[(s1      ) & 0xff] ^
-            rk[4];
+            rk[4];
-        t1 =
+        t1 =
-            Td0[(s1 >> 24)       ] ^
+            Td0[(s1 >> 24)       ] ^
-            Td1[(s0 >> 16) & 0xff] ^
+            Td1[(s0 >> 16) & 0xff] ^
-            Td2[(s3 >>  8) & 0xff] ^
+            Td2[(s3 >>  8) & 0xff] ^
-            Td3[(s2      ) & 0xff] ^
+            Td3[(s2      ) & 0xff] ^
-            rk[5];
+            rk[5];
-        t2 =
+        t2 =
-            Td0[(s2 >> 24)       ] ^
+            Td0[(s2 >> 24)       ] ^
-            Td1[(s1 >> 16) & 0xff] ^
+            Td1[(s1 >> 16) & 0xff] ^
-            Td2[(s0 >>  8) & 0xff] ^
+            Td2[(s0 >>  8) & 0xff] ^
-            Td3[(s3      ) & 0xff] ^
+            Td3[(s3      ) & 0xff] ^
-            rk[6];
+            rk[6];
-        t3 =
+        t3 =
-            Td0[(s3 >> 24)       ] ^
+            Td0[(s3 >> 24)       ] ^
-            Td1[(s2 >> 16) & 0xff] ^
+            Td1[(s2 >> 16) & 0xff] ^
-            Td2[(s1 >>  8) & 0xff] ^
+            Td2[(s1 >>  8) & 0xff] ^
-            Td3[(s0      ) & 0xff] ^
+            Td3[(s0      ) & 0xff] ^
-            rk[7];
+            rk[7];
-        rk += 8;
+        rk += 8;
-        if (--r == 0) {
+        if (--r == 0) {
-            break;
+            break;
-        }
+        }
-        s0 =
+        s0 =
-            Td0[(t0 >> 24)       ] ^
+            Td0[(t0 >> 24)       ] ^
-            Td1[(t3 >> 16) & 0xff] ^
+            Td1[(t3 >> 16) & 0xff] ^
-            Td2[(t2 >>  8) & 0xff] ^
+            Td2[(t2 >>  8) & 0xff] ^
-            Td3[(t1      ) & 0xff] ^
+            Td3[(t1      ) & 0xff] ^
-            rk[0];
+            rk[0];
-        s1 =
+        s1 =
-            Td0[(t1 >> 24)       ] ^
+            Td0[(t1 >> 24)       ] ^
-            Td1[(t0 >> 16) & 0xff] ^
+            Td1[(t0 >> 16) & 0xff] ^
-            Td2[(t3 >>  8) & 0xff] ^
+            Td2[(t3 >>  8) & 0xff] ^
-            Td3[(t2      ) & 0xff] ^
+            Td3[(t2      ) & 0xff] ^
-            rk[1];
+            rk[1];
-        s2 =
+        s2 =
-            Td0[(t2 >> 24)       ] ^
+            Td0[(t2 >> 24)       ] ^
-            Td1[(t1 >> 16) & 0xff] ^
+            Td1[(t1 >> 16) & 0xff] ^
-            Td2[(t0 >>  8) & 0xff] ^
+            Td2[(t0 >>  8) & 0xff] ^
-            Td3[(t3      ) & 0xff] ^
+            Td3[(t3      ) & 0xff] ^
-            rk[2];
+            rk[2];
-        s3 =
+        s3 =
-            Td0[(t3 >> 24)       ] ^
+            Td0[(t3 >> 24)       ] ^
-            Td1[(t2 >> 16) & 0xff] ^
+            Td1[(t2 >> 16) & 0xff] ^
-            Td2[(t1 >>  8) & 0xff] ^
+            Td2[(t1 >>  8) & 0xff] ^
-            Td3[(t0      ) & 0xff] ^
+            Td3[(t0      ) & 0xff] ^
-            rk[3];
+            rk[3];
    }
 #endif /* ?FULL_UNROLL */
    /*
@@ -1222,13 +1221,13 @@ void
 rijndael_set_key(rijndael_ctx *ctx, u_char *key, int bits, int encrypt)
 {
        ctx->Nr = rijndaelKeySetupEnc(ctx->ek, key, bits);
-        if (encrypt) {
+        if (encrypt) {
                ctx->decrypt = 0;
                memset(ctx->dk, 0, sizeof(ctx->dk));
        } else {
                ctx->decrypt = 1;
                memcpy(ctx->dk, ctx->ek, sizeof(ctx->ek));
-                rijndaelKeySetupDec(ctx->dk, key, bits, ctx->Nr);
+                rijndaelKeySetupDec(ctx->dk, key, bits, ctx->Nr);
        }
 }
author	Damien Miller <djm@mindrot.org>	2001-12-21 14:45:46 +1100
committer	Damien Miller <djm@mindrot.org>	2001-12-21 14:45:46 +1100
commit	9f0f5c64bc4b6144e3fed6a7f538f7c21819a492 (patch)
tree	f79317ab211f59181a61b526f566e9c8cfe70c73 /rijndael.c
parent	89681214ca2f50a1b1ed6164c3afe1ce14995ffc (diff)

diff --git a/rijndael.c b/rijndael.c index f28a9c669..c8ba55e78 100644 --- a/rijndael.c +++ b/rijndael.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: rijndael.c,v 1.12 2001/09/13 09:48:39 markus Exp $ */	1	/* $OpenBSD: rijndael.c,v 1.13 2001/12/19 07:18:56 deraadt Exp $ */
2		2
3	/**	3	/**
4	* rijndael-alg-fst.c	4	* rijndael-alg-fst.c
@@ -775,32 +775,31 @@ static int rijndaelKeySetupEnc(u32 rk[/4(Nr + 1)*/], const u8 cipherKey[], int
775	rk[6] = GETU32(cipherKey + 24);	775	rk[6] = GETU32(cipherKey + 24);
776	rk[7] = GETU32(cipherKey + 28);	776	rk[7] = GETU32(cipherKey + 28);
777	if (keyBits == 256) {	777	if (keyBits == 256) {
778	for (;;) {	778	for (;;) {
779	temp = rk[ 7];	779	temp = rk[ 7];
780	rk[ 8] = rk[ 0] ^	780	rk[ 8] = rk[ 0] ^
781	(Te4[(temp >> 16) & 0xff] & 0xff000000) ^	781	(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
782	(Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^	782	(Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
783	(Te4[(temp ) & 0xff] & 0x0000ff00) ^	783	(Te4[(temp ) & 0xff] & 0x0000ff00) ^
784	(Te4[(temp >> 24) ] & 0x000000ff) ^	784	(Te4[(temp >> 24) ] & 0x000000ff) ^
785	rcon[i];	785	rcon[i];
786	rk[ 9] = rk[ 1] ^ rk[ 8];	786	rk[ 9] = rk[ 1] ^ rk[ 8];
787	rk[10] = rk[ 2] ^ rk[ 9];	787	rk[10] = rk[ 2] ^ rk[ 9];
788	rk[11] = rk[ 3] ^ rk[10];	788	rk[11] = rk[ 3] ^ rk[10];
789	if (++i == 7) {	789	if (++i == 7) {
790	return 14;	790	return 14;
791	}	791	}
792	temp = rk[11];	792	temp = rk[11];
793	rk[12] = rk[ 4] ^	793	rk[12] = rk[ 4] ^
794	(Te4[(temp >> 24) ] & 0xff000000) ^	794	(Te4[(temp >> 24) ] & 0xff000000) ^
795	(Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^	795	(Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^
796	(Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^	796	(Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^
797	(Te4[(temp ) & 0xff] & 0x000000ff);	797	(Te4[(temp ) & 0xff] & 0x000000ff);
798	rk[13] = rk[ 5] ^ rk[12];	798	rk[13] = rk[ 5] ^ rk[12];
799	rk[14] = rk[ 6] ^ rk[13];	799	rk[14] = rk[ 6] ^ rk[13];
800	rk[15] = rk[ 7] ^ rk[14];	800	rk[15] = rk[ 7] ^ rk[14];
801
802	rk += 8;	801	rk += 8;
803	}	802	}
804	}	803	}
805	return 0;	804	return 0;
806	}	805	}
@@ -917,28 +916,28 @@ static void rijndaelEncrypt(const u32 rk[/4(Nr + 1)*/], int Nr, const u8 pt[16
917	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];	916	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];
918	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];	917	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];
919	if (Nr > 10) {	918	if (Nr > 10) {
920	/* round 10: */	919	/* round 10: */
921	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];	920	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];
922	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41];	921	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41];
923	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42];	922	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42];
924	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43];	923	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43];
925	/* round 11: */	924	/* round 11: */
926	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44];	925	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44];
927	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45];	926	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45];
928	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46];	927	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46];
929	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47];	928	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47];
930	if (Nr > 12) {	929	if (Nr > 12) {
931	/* round 12: */	930	/* round 12: */
932	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48];	931	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48];
933	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49];	932	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49];
934	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50];	933	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50];
935	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51];	934	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51];
936	/* round 13: */	935	/* round 13: */
937	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52];	936	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52];
938	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53];	937	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53];
939	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54];	938	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54];
940	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55];	939	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55];
941	}	940	}
942	}	941	}
943	rk += Nr << 2;	942	rk += Nr << 2;
944	#else /* !FULL_UNROLL */	943	#else /* !FULL_UNROLL */
@@ -947,60 +946,60 @@ static void rijndaelEncrypt(const u32 rk[/4(Nr + 1)*/], int Nr, const u8 pt[16
947	*/	946	*/
948	r = Nr >> 1;	947	r = Nr >> 1;
949	for (;;) {	948	for (;;) {
950	t0 =	949	t0 =
951	Te0[(s0 >> 24) ] ^	950	Te0[(s0 >> 24) ] ^
952	Te1[(s1 >> 16) & 0xff] ^	951	Te1[(s1 >> 16) & 0xff] ^
953	Te2[(s2 >> 8) & 0xff] ^	952	Te2[(s2 >> 8) & 0xff] ^
954	Te3[(s3 ) & 0xff] ^	953	Te3[(s3 ) & 0xff] ^
955	rk[4];	954	rk[4];
956	t1 =	955	t1 =
957	Te0[(s1 >> 24) ] ^	956	Te0[(s1 >> 24) ] ^
958	Te1[(s2 >> 16) & 0xff] ^	957	Te1[(s2 >> 16) & 0xff] ^
959	Te2[(s3 >> 8) & 0xff] ^	958	Te2[(s3 >> 8) & 0xff] ^
960	Te3[(s0 ) & 0xff] ^	959	Te3[(s0 ) & 0xff] ^
961	rk[5];	960	rk[5];
962	t2 =	961	t2 =
963	Te0[(s2 >> 24) ] ^	962	Te0[(s2 >> 24) ] ^
964	Te1[(s3 >> 16) & 0xff] ^	963	Te1[(s3 >> 16) & 0xff] ^
965	Te2[(s0 >> 8) & 0xff] ^	964	Te2[(s0 >> 8) & 0xff] ^
966	Te3[(s1 ) & 0xff] ^	965	Te3[(s1 ) & 0xff] ^
967	rk[6];	966	rk[6];
968	t3 =	967	t3 =
969	Te0[(s3 >> 24) ] ^	968	Te0[(s3 >> 24) ] ^
970	Te1[(s0 >> 16) & 0xff] ^	969	Te1[(s0 >> 16) & 0xff] ^
971	Te2[(s1 >> 8) & 0xff] ^	970	Te2[(s1 >> 8) & 0xff] ^
972	Te3[(s2 ) & 0xff] ^	971	Te3[(s2 ) & 0xff] ^
973	rk[7];	972	rk[7];
974		973
975	rk += 8;	974	rk += 8;
976	if (--r == 0) {	975	if (--r == 0) {
977	break;	976	break;
978	}	977	}
979		978
980	s0 =	979	s0 =
981	Te0[(t0 >> 24) ] ^	980	Te0[(t0 >> 24) ] ^
982	Te1[(t1 >> 16) & 0xff] ^	981	Te1[(t1 >> 16) & 0xff] ^
983	Te2[(t2 >> 8) & 0xff] ^	982	Te2[(t2 >> 8) & 0xff] ^
984	Te3[(t3 ) & 0xff] ^	983	Te3[(t3 ) & 0xff] ^
985	rk[0];	984	rk[0];
986	s1 =	985	s1 =
987	Te0[(t1 >> 24) ] ^	986	Te0[(t1 >> 24) ] ^
988	Te1[(t2 >> 16) & 0xff] ^	987	Te1[(t2 >> 16) & 0xff] ^
989	Te2[(t3 >> 8) & 0xff] ^	988	Te2[(t3 >> 8) & 0xff] ^
990	Te3[(t0 ) & 0xff] ^	989	Te3[(t0 ) & 0xff] ^
991	rk[1];	990	rk[1];
992	s2 =	991	s2 =
993	Te0[(t2 >> 24) ] ^	992	Te0[(t2 >> 24) ] ^
994	Te1[(t3 >> 16) & 0xff] ^	993	Te1[(t3 >> 16) & 0xff] ^
995	Te2[(t0 >> 8) & 0xff] ^	994	Te2[(t0 >> 8) & 0xff] ^
996	Te3[(t1 ) & 0xff] ^	995	Te3[(t1 ) & 0xff] ^
997	rk[2];	996	rk[2];
998	s3 =	997	s3 =
999	Te0[(t3 >> 24) ] ^	998	Te0[(t3 >> 24) ] ^
1000	Te1[(t0 >> 16) & 0xff] ^	999	Te1[(t0 >> 16) & 0xff] ^
1001	Te2[(t1 >> 8) & 0xff] ^	1000	Te2[(t1 >> 8) & 0xff] ^
1002	Te3[(t2 ) & 0xff] ^	1001	Te3[(t2 ) & 0xff] ^
1003	rk[3];	1002	rk[3];
1004	}	1003	}
1005	#endif /* ?FULL_UNROLL */	1004	#endif /* ?FULL_UNROLL */
1006	/*	1005	/*
@@ -1098,28 +1097,28 @@ static void rijndaelDecrypt(const u32 rk[/4(Nr + 1)*/], int Nr, const u8 ct[16
1098	t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38];	1097	t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38];
1099	t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39];	1098	t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39];
1100	if (Nr > 10) {	1099	if (Nr > 10) {
1101	/* round 10: */	1100	/* round 10: */
1102	s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40];	1101	s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40];
1103	s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41];	1102	s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41];
1104	s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42];	1103	s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42];
1105	s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43];	1104	s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43];
1106	/* round 11: */	1105	/* round 11: */
1107	t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44];	1106	t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44];
1108	t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45];	1107	t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45];
1109	t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46];	1108	t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46];
1110	t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47];	1109	t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47];
1111	if (Nr > 12) {	1110	if (Nr > 12) {
1112	/* round 12: */	1111	/* round 12: */
1113	s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48];	1112	s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48];
1114	s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49];	1113	s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49];
1115	s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50];	1114	s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50];
1116	s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51];	1115	s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51];
1117	/* round 13: */	1116	/* round 13: */
1118	t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52];	1117	t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52];
1119	t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53];	1118	t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53];
1120	t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54];	1119	t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54];
1121	t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55];	1120	t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55];
1122	}	1121	}
1123	}	1122	}
1124	rk += Nr << 2;	1123	rk += Nr << 2;
1125	#else /* !FULL_UNROLL */	1124	#else /* !FULL_UNROLL */
@@ -1128,60 +1127,60 @@ static void rijndaelDecrypt(const u32 rk[/4(Nr + 1)*/], int Nr, const u8 ct[16
1128	*/	1127	*/
1129	r = Nr >> 1;	1128	r = Nr >> 1;
1130	for (;;) {	1129	for (;;) {
1131	t0 =	1130	t0 =
1132	Td0[(s0 >> 24) ] ^	1131	Td0[(s0 >> 24) ] ^
1133	Td1[(s3 >> 16) & 0xff] ^	1132	Td1[(s3 >> 16) & 0xff] ^
1134	Td2[(s2 >> 8) & 0xff] ^	1133	Td2[(s2 >> 8) & 0xff] ^
1135	Td3[(s1 ) & 0xff] ^	1134	Td3[(s1 ) & 0xff] ^
1136	rk[4];	1135	rk[4];
1137	t1 =	1136	t1 =
1138	Td0[(s1 >> 24) ] ^	1137	Td0[(s1 >> 24) ] ^
1139	Td1[(s0 >> 16) & 0xff] ^	1138	Td1[(s0 >> 16) & 0xff] ^
1140	Td2[(s3 >> 8) & 0xff] ^	1139	Td2[(s3 >> 8) & 0xff] ^
1141	Td3[(s2 ) & 0xff] ^	1140	Td3[(s2 ) & 0xff] ^
1142	rk[5];	1141	rk[5];
1143	t2 =	1142	t2 =
1144	Td0[(s2 >> 24) ] ^	1143	Td0[(s2 >> 24) ] ^
1145	Td1[(s1 >> 16) & 0xff] ^	1144	Td1[(s1 >> 16) & 0xff] ^
1146	Td2[(s0 >> 8) & 0xff] ^	1145	Td2[(s0 >> 8) & 0xff] ^
1147	Td3[(s3 ) & 0xff] ^	1146	Td3[(s3 ) & 0xff] ^
1148	rk[6];	1147	rk[6];
1149	t3 =	1148	t3 =
1150	Td0[(s3 >> 24) ] ^	1149	Td0[(s3 >> 24) ] ^
1151	Td1[(s2 >> 16) & 0xff] ^	1150	Td1[(s2 >> 16) & 0xff] ^
1152	Td2[(s1 >> 8) & 0xff] ^	1151	Td2[(s1 >> 8) & 0xff] ^
1153	Td3[(s0 ) & 0xff] ^	1152	Td3[(s0 ) & 0xff] ^
1154	rk[7];	1153	rk[7];
1155		1154
1156	rk += 8;	1155	rk += 8;
1157	if (--r == 0) {	1156	if (--r == 0) {
1158	break;	1157	break;
1159	}	1158	}
1160		1159
1161	s0 =	1160	s0 =
1162	Td0[(t0 >> 24) ] ^	1161	Td0[(t0 >> 24) ] ^
1163	Td1[(t3 >> 16) & 0xff] ^	1162	Td1[(t3 >> 16) & 0xff] ^
1164	Td2[(t2 >> 8) & 0xff] ^	1163	Td2[(t2 >> 8) & 0xff] ^
1165	Td3[(t1 ) & 0xff] ^	1164	Td3[(t1 ) & 0xff] ^
1166	rk[0];	1165	rk[0];
1167	s1 =	1166	s1 =
1168	Td0[(t1 >> 24) ] ^	1167	Td0[(t1 >> 24) ] ^
1169	Td1[(t0 >> 16) & 0xff] ^	1168	Td1[(t0 >> 16) & 0xff] ^
1170	Td2[(t3 >> 8) & 0xff] ^	1169	Td2[(t3 >> 8) & 0xff] ^
1171	Td3[(t2 ) & 0xff] ^	1170	Td3[(t2 ) & 0xff] ^
1172	rk[1];	1171	rk[1];
1173	s2 =	1172	s2 =
1174	Td0[(t2 >> 24) ] ^	1173	Td0[(t2 >> 24) ] ^
1175	Td1[(t1 >> 16) & 0xff] ^	1174	Td1[(t1 >> 16) & 0xff] ^
1176	Td2[(t0 >> 8) & 0xff] ^	1175	Td2[(t0 >> 8) & 0xff] ^
1177	Td3[(t3 ) & 0xff] ^	1176	Td3[(t3 ) & 0xff] ^
1178	rk[2];	1177	rk[2];
1179	s3 =	1178	s3 =
1180	Td0[(t3 >> 24) ] ^	1179	Td0[(t3 >> 24) ] ^
1181	Td1[(t2 >> 16) & 0xff] ^	1180	Td1[(t2 >> 16) & 0xff] ^
1182	Td2[(t1 >> 8) & 0xff] ^	1181	Td2[(t1 >> 8) & 0xff] ^
1183	Td3[(t0 ) & 0xff] ^	1182	Td3[(t0 ) & 0xff] ^
1184	rk[3];	1183	rk[3];
1185	}	1184	}
1186	#endif /* ?FULL_UNROLL */	1185	#endif /* ?FULL_UNROLL */
1187	/*	1186	/*
@@ -1222,13 +1221,13 @@ void
1222	rijndael_set_key(rijndael_ctx ctx, u_char key, int bits, int encrypt)	1221	rijndael_set_key(rijndael_ctx ctx, u_char key, int bits, int encrypt)
1223	{	1222	{
1224	ctx->Nr = rijndaelKeySetupEnc(ctx->ek, key, bits);	1223	ctx->Nr = rijndaelKeySetupEnc(ctx->ek, key, bits);
1225	if (encrypt) {	1224	if (encrypt) {
1226	ctx->decrypt = 0;	1225	ctx->decrypt = 0;
1227	memset(ctx->dk, 0, sizeof(ctx->dk));	1226	memset(ctx->dk, 0, sizeof(ctx->dk));
1228	} else {	1227	} else {
1229	ctx->decrypt = 1;	1228	ctx->decrypt = 1;
1230	memcpy(ctx->dk, ctx->ek, sizeof(ctx->ek));	1229	memcpy(ctx->dk, ctx->ek, sizeof(ctx->ek));
1231	rijndaelKeySetupDec(ctx->dk, key, bits, ctx->Nr);	1230	rijndaelKeySetupDec(ctx->dk, key, bits, ctx->Nr);
1232	}	1231	}
1233	}	1232	}
1234		1233