add direct AES one block access and ECB DES for compatibility

configure.ac

@@ -6,7 +6,7 @@
 #
 #
 
-AC_INIT([cyassl],[2.0.0rc3c],[http://www.yassl.com])
+AC_INIT([cyassl],[2.0.0rc3d],[http://www.yassl.com])
 
 AC_CONFIG_AUX_DIR(config)
 
@@ -177,6 +177,19 @@ then
 fi
 
 
+# Fortress build 
+AC_ARG_ENABLE(fortress,
+    [  --enable-fortress       Enable SSL fortress build (default: disabled)],
+    [ ENABLED_FORTRESS=$enableval ],
+    [ ENABLED_FORTRESS=no ]
+    )
+
+if test "$ENABLED_FORTRESS" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA -DCYASSL_DES_ECB -DCYASSL_AES_DIRECT"
+fi
+
+
 # ssl bump build 
 AC_ARG_ENABLE(bump,
     [  --enable-bump           Enable SSL Bump build (default: disabled)],

ctaocrypt/src/aes.c

@@ -847,7 +847,8 @@ int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv,
         checkAESNI = 1;
     }
     if (haveAESNI) {
-        XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
+        if (iv)
+            XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
         if (dir == AES_ENCRYPTION)
             return AES_set_encrypt_key(userKey, keylen * 8, aes);
         else
@@ -975,7 +976,8 @@ int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv,
                 Td[3][Te[4][GETBYTE(rk[3], 0)] & 0xff];
         }
     }
-    XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
+    if (iv)
+        XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
 
     return 0;
 }
@@ -1327,5 +1329,24 @@ void AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 }
 
 
+#ifdef CYASSL_AES_DIRECT
+
+/* Allow direct access to one block encrypt */
+void AesEncryptDirect(Aes* aes, byte* out, const byte* in)
+{
+    return AesEncrypt(aes, in, out);
+}
+
+
+/* Allow direct access to one block decrypt */
+void AesDecryptDirect(Aes* aes, byte* out, const byte* in)
+{
+    return AesDecrypt(aes, in, out);
+}
+
+
+#endif
+
+
 #endif /* NO_AES */
 

ctaocrypt/src/des3.c

@@ -330,8 +330,9 @@ static INLINE int Reverse(int dir)
 void Des_SetKey(Des* des, const byte* key, const byte* iv, int dir)
 {
     DesSetKey(key, dir, des->key);
-    
-    XMEMCPY(des->reg, iv, DES_BLOCK_SIZE);
+
+    if (iv)  /* added ecb support so may not have iv */
+        XMEMCPY(des->reg, iv, DES_BLOCK_SIZE);
 }
 
 
@@ -493,5 +494,22 @@ void Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz)
     }
 }
 
+#ifdef CYASSL_DES_ECB
+
+/* One block, compatibility only */
+void Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz)
+{
+    word32 blocks = sz / DES_BLOCK_SIZE;
+
+    while (blocks--) {
+        DesProcessBlock(des, in, out);
+
+        out += DES_BLOCK_SIZE;
+        in  += DES_BLOCK_SIZE; 
+    }
+}
+
+#endif /* CYASSL_DES_ECB */
+
 
 #endif /* NO_DES3 */

cyassl/ctaocrypt/aes.h

@@ -74,6 +74,8 @@ CYASSL_API int  AesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv,
                           int dir);
 CYASSL_API void AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz);
 CYASSL_API void AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz);
+CYASSL_API void AesEncryptDirect(Aes* aes, byte* out, const byte* in);
+CYASSL_API void AesDecryptDirect(Aes* aes, byte* out, const byte* in);
 
 
 #ifdef __cplusplus

cyassl/ctaocrypt/des3.h

@@ -61,6 +61,7 @@ typedef struct Des3 {
 CYASSL_API void Des_SetKey(Des* des, const byte* key, const byte* iv, int dir);
 CYASSL_API void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz);
 CYASSL_API void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz);
+CYASSL_API void Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz);
 
 CYASSL_API void Des3_SetKey(Des3* des, const byte* key, const byte* iv,int dir);
 CYASSL_API void Des3_CbcEncrypt(Des3* des, byte* out, const byte* in,word32 sz);