Commit 8fb97c9a authored by Ben Laurie's avatar Ben Laurie
Browse files

Fix DES CFB-r.

parent 7312a38d

crypto/des/cfb_enc.c

+45 −36
Original line number Diff line number Diff line
@@ -64,33 +64,22 @@ 
 * the second.  The second 12 bits will come from the 3rd and half the 4th

 * byte.

 */

/* WARNING WARNING: this uses in and out in 8-byte chunks regardless of

 * length */

/* Until Aug 1 2003 this function did not correctly implement CFB-r, so it

 * will not be compatible with any encryption prior to that date. Ben. */

void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,

		     long length, DES_key_schedule *schedule, DES_cblock *ivec,

		     int enc)

	{

	register DES_LONG d0,d1,v0,v1,n=(numbits+7)/8;

	register DES_LONG mask0,mask1;

	register unsigned long l=length;

	register int num=numbits;

	DES_LONG ti[2];

	unsigned char *iv;

	unsigned char ovec[16];



	if (num > 64) return;

	if (num > 32)

		{

		mask0=0xffffffffL;

		if (num == 64)

			mask1=mask0;

		else	mask1=(1L<<(num-32))-1;

		}

	else

		{

		if (num == 32)

			mask0=0xffffffffL;

		else	mask0=(1L<<num)-1;

		mask1=0x00000000L;

		}



	iv = &(*ivec)[0];

	c2l(iv,v0);

	c2l(iv,v1);
@@ -104,8 +93,8 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, 
			DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);

			c2ln(in,d0,d1,n);

			in+=n;

			d0=(d0^ti[0])&mask0;

			d1=(d1^ti[1])&mask1;

			d0^=ti[0];

			d1^=ti[1];

			l2cn(d0,d1,out,n);

			out+=n;

			/* 30-08-94 - eay - changed because l>>32 and
@@ -114,15 +103,25 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, 
				{ v0=v1; v1=d0; }

			else if (num == 64)

				{ v0=d0; v1=d1; }

			else if (num > 32) /* && num != 64 */

			else

				{

				v0=((v1>>(num-32))|(d0<<(64-num)))&0xffffffffL;

				v1=((d0>>(num-32))|(d1<<(64-num)))&0xffffffffL;

				}

			else /* num < 32 */

				iv=&ovec[0];

				l2c(v0,iv);

				l2c(v1,iv);

				l2c(d0,iv);

				l2c(d1,iv);

				/* shift ovec left most of the bits... */

				memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));

				/* now the remaining bits */

				if(num%8 != 0)

					for(n=0 ; n < 8 ; ++n)

						{

				v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL;

				v1=((v1>>num)|(d0<<(32-num)))&0xffffffffL;

						ovec[n]<<=num%8;

						ovec[n]|=ovec[n+1]>>(8-num%8);

						}

				iv=&ovec[0];

				c2l(iv,v0);

				c2l(iv,v1);

				}

			}

		}
@@ -142,18 +141,28 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, 
				{ v0=v1; v1=d0; }

			else if (num == 64)

				{ v0=d0; v1=d1; }

			else if (num > 32) /* && num != 64 */

			else

				{

				v0=((v1>>(num-32))|(d0<<(64-num)))&0xffffffffL;

				v1=((d0>>(num-32))|(d1<<(64-num)))&0xffffffffL;

				}

			else /* num < 32 */

				iv=&ovec[0];

				l2c(v0,iv);

				l2c(v1,iv);

				l2c(d0,iv);

				l2c(d1,iv);

				/* shift ovec left most of the bits... */

				memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));

				/* now the remaining bits */

				if(num%8 != 0)

					for(n=0 ; n < 8 ; ++n)

						{

				v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL;

				v1=((v1>>num)|(d0<<(32-num)))&0xffffffffL;

						ovec[n]<<=num%8;

						ovec[n]|=ovec[n+1]>>(8-num%8);

						}

				iv=&ovec[0];

				c2l(iv,v0);

				c2l(iv,v1);

				}

			d0=(d0^ti[0])&mask0;

			d1=(d1^ti[1])&mask1;

			d0^=ti[0];

			d1^=ti[1];

			l2cn(d0,d1,out,n);

			out+=n;

			}

crypto/evp/c_allc.c

+2 −0
Original line number Diff line number Diff line
@@ -67,6 +67,8 @@ void OpenSSL_add_all_ciphers(void) 


#ifndef OPENSSL_NO_DES

	EVP_add_cipher(EVP_des_cfb());

	EVP_add_cipher(EVP_des_cfb1());

	EVP_add_cipher(EVP_des_cfb8());

	EVP_add_cipher(EVP_des_ede_cfb());

	EVP_add_cipher(EVP_des_ede3_cfb());

crypto/evp/e_des.c

+8 −3
Original line number Diff line number Diff line
@@ -106,7 +106,7 @@ static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 
			   const unsigned char *in, unsigned int inl)

    {

    unsigned int n;

    unsigned char c[1],d[1];

    unsigned char c[8],d[8]; /* DES_cfb_encrypt rudely overwrites the whole buffer*/



    memset(out,0,(inl+7)/8);

    for(n=0 ; n < inl ; ++n)
@@ -114,7 +114,7 @@ static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 
	c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;

	DES_cfb_encrypt(c,d,1,1,ctx->cipher_data,(DES_cblock *)ctx->iv,

			ctx->encrypt);

	out[n/8]=(out[n/8]&~(1 << (7-n%8)))|((d[0]&0x80) >> (n%8));

	out[n/8]=(out[n/8]&~(0x80 >> (n%8)))|((d[0]&0x80) >> (n%8));

	}



    return 1;
@@ -123,8 +123,13 @@ static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 
static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

			   const unsigned char *in, unsigned int inl)

    {

    DES_cfb_encrypt(in,out,8,inl,ctx->cipher_data,(DES_cblock *)ctx->iv,

    unsigned char *tmp; /* DES_cfb_encrypt rudely overwrites the whole buffer*/



    tmp=alloca(inl);

    memcpy(tmp,in,inl);

    DES_cfb_encrypt(tmp,tmp,8,inl,ctx->cipher_data,(DES_cblock *)ctx->iv,

		    ctx->encrypt);

    memcpy(out,tmp,inl);



    return 1;

    }

crypto/evp/evptests.txt

+6 −0
Original line number Diff line number Diff line
@@ -269,6 +269,12 @@ DESX-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363 
# DES EDE3 CBC tests (from destest)

DES-EDE3-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675



# DES CFB1 from FIPS 81

# plaintext: 0100 1110 0110 1111 0111 0111 = 4e6f77

# ciphertext: 1100 1101 0001 1110 1100 1001 = cd1ec9



DES-CFB1*8:0123456789abcdef:1234567890abcdef:4e6f77:cd1ec9



# RC4 tests (from rc4test)

RC4:0123456789abcdef0123456789abcdef::0123456789abcdef:75b7878099e0c596

RC4:0123456789abcdef0123456789abcdef::0000000000000000:7494c2e7104b0879