From 8fb97c9acd72931836728af404f0cbe4df8e751e Mon Sep 17 00:00:00 2001 From: Ben Laurie Date: Fri, 1 Aug 2003 10:25:58 +0000 Subject: Fix DES CFB-r. --- crypto/des/cfb_enc.c | 81 +++++++++++++++++++++++++++---------------------- crypto/evp/c_allc.c | 2 ++ crypto/evp/e_des.c | 11 +++++-- crypto/evp/evptests.txt | 6 ++++ 4 files changed, 61 insertions(+), 39 deletions(-) diff --git a/crypto/des/cfb_enc.c b/crypto/des/cfb_enc.c index 185a63ea04..2600bdfc93 100644 --- a/crypto/des/cfb_enc.c +++ b/crypto/des/cfb_enc.c @@ -64,33 +64,22 @@ * the second. The second 12 bits will come from the 3rd and half the 4th * byte. */ +/* WARNING WARNING: this uses in and out in 8-byte chunks regardless of + * length */ +/* Until Aug 1 2003 this function did not correctly implement CFB-r, so it + * will not be compatible with any encryption prior to that date. Ben. */ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, long length, DES_key_schedule *schedule, DES_cblock *ivec, int enc) { register DES_LONG d0,d1,v0,v1,n=(numbits+7)/8; - register DES_LONG mask0,mask1; register unsigned long l=length; register int num=numbits; DES_LONG ti[2]; unsigned char *iv; + unsigned char ovec[16]; if (num > 64) return; - if (num > 32) - { - mask0=0xffffffffL; - if (num == 64) - mask1=mask0; - else mask1=(1L<<(num-32))-1; - } - else - { - if (num == 32) - mask0=0xffffffffL; - else mask0=(1L<>32 and @@ -114,15 +103,25 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, { v0=v1; v1=d0; } else if (num == 64) { v0=d0; v1=d1; } - else if (num > 32) /* && num != 64 */ - { - v0=((v1>>(num-32))|(d0<<(64-num)))&0xffffffffL; - v1=((d0>>(num-32))|(d1<<(64-num)))&0xffffffffL; - } - else /* num < 32 */ + else { - v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL; - v1=((v1>>num)|(d0<<(32-num)))&0xffffffffL; + iv=&ovec[0]; + l2c(v0,iv); + l2c(v1,iv); + l2c(d0,iv); + l2c(d1,iv); + /* shift ovec left most of the bits... */ + memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0)); + /* now the remaining bits */ + if(num%8 != 0) + for(n=0 ; n < 8 ; ++n) + { + ovec[n]<<=num%8; + ovec[n]|=ovec[n+1]>>(8-num%8); + } + iv=&ovec[0]; + c2l(iv,v0); + c2l(iv,v1); } } } @@ -142,18 +141,28 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, { v0=v1; v1=d0; } else if (num == 64) { v0=d0; v1=d1; } - else if (num > 32) /* && num != 64 */ - { - v0=((v1>>(num-32))|(d0<<(64-num)))&0xffffffffL; - v1=((d0>>(num-32))|(d1<<(64-num)))&0xffffffffL; - } - else /* num < 32 */ + else { - v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL; - v1=((v1>>num)|(d0<<(32-num)))&0xffffffffL; + iv=&ovec[0]; + l2c(v0,iv); + l2c(v1,iv); + l2c(d0,iv); + l2c(d1,iv); + /* shift ovec left most of the bits... */ + memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0)); + /* now the remaining bits */ + if(num%8 != 0) + for(n=0 ; n < 8 ; ++n) + { + ovec[n]<<=num%8; + ovec[n]|=ovec[n+1]>>(8-num%8); + } + iv=&ovec[0]; + c2l(iv,v0); + c2l(iv,v1); } - d0=(d0^ti[0])&mask0; - d1=(d1^ti[1])&mask1; + d0^=ti[0]; + d1^=ti[1]; l2cn(d0,d1,out,n); out+=n; } diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c index 65b3fd9766..8b12ede41a 100644 --- a/crypto/evp/c_allc.c +++ b/crypto/evp/c_allc.c @@ -67,6 +67,8 @@ void OpenSSL_add_all_ciphers(void) #ifndef OPENSSL_NO_DES EVP_add_cipher(EVP_des_cfb()); + EVP_add_cipher(EVP_des_cfb1()); + EVP_add_cipher(EVP_des_cfb8()); EVP_add_cipher(EVP_des_ede_cfb()); EVP_add_cipher(EVP_des_ede3_cfb()); diff --git a/crypto/evp/e_des.c b/crypto/evp/e_des.c index 0b05c11611..4e1337449b 100644 --- a/crypto/evp/e_des.c +++ b/crypto/evp/e_des.c @@ -106,7 +106,7 @@ static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { unsigned int n; - unsigned char c[1],d[1]; + unsigned char c[8],d[8]; /* DES_cfb_encrypt rudely overwrites the whole buffer*/ memset(out,0,(inl+7)/8); for(n=0 ; n < inl ; ++n) @@ -114,7 +114,7 @@ static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0; DES_cfb_encrypt(c,d,1,1,ctx->cipher_data,(DES_cblock *)ctx->iv, ctx->encrypt); - out[n/8]=(out[n/8]&~(1 << (7-n%8)))|((d[0]&0x80) >> (n%8)); + out[n/8]=(out[n/8]&~(0x80 >> (n%8)))|((d[0]&0x80) >> (n%8)); } return 1; @@ -123,8 +123,13 @@ static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { - DES_cfb_encrypt(in,out,8,inl,ctx->cipher_data,(DES_cblock *)ctx->iv, + unsigned char *tmp; /* DES_cfb_encrypt rudely overwrites the whole buffer*/ + + tmp=alloca(inl); + memcpy(tmp,in,inl); + DES_cfb_encrypt(tmp,tmp,8,inl,ctx->cipher_data,(DES_cblock *)ctx->iv, ctx->encrypt); + memcpy(out,tmp,inl); return 1; } diff --git a/crypto/evp/evptests.txt b/crypto/evp/evptests.txt index 772aa18f49..2857fa552b 100644 --- a/crypto/evp/evptests.txt +++ b/crypto/evp/evptests.txt @@ -269,6 +269,12 @@ DESX-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363 # DES EDE3 CBC tests (from destest) DES-EDE3-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675 +# DES CFB1 from FIPS 81 +# plaintext: 0100 1110 0110 1111 0111 0111 = 4e6f77 +# ciphertext: 1100 1101 0001 1110 1100 1001 = cd1ec9 + +DES-CFB1*8:0123456789abcdef:1234567890abcdef:4e6f77:cd1ec9 + # RC4 tests (from rc4test) RC4:0123456789abcdef0123456789abcdef::0123456789abcdef:75b7878099e0c596 RC4:0123456789abcdef0123456789abcdef::0000000000000000:7494c2e7104b0879 -- cgit v1.2.1