Fix DES CFB-r.
authorBen Laurie <ben@openssl.org>
Fri, 1 Aug 2003 10:25:58 +0000 (10:25 +0000)
committerBen Laurie <ben@openssl.org>
Fri, 1 Aug 2003 10:25:58 +0000 (10:25 +0000)
crypto/des/cfb_enc.c
crypto/evp/c_allc.c
crypto/evp/e_des.c
crypto/evp/evptests.txt

index 185a63ea0402182a41839820efb89037d22a429c..2600bdfc93a9a4cdbed01cccec9e56c7e7d6f12a 100644 (file)
  * the second.  The second 12 bits will come from the 3rd and half the 4th
  * byte.
  */
+/* WARNING WARNING: this uses in and out in 8-byte chunks regardless of
+ * length */
+/* Until Aug 1 2003 this function did not correctly implement CFB-r, so it
+ * will not be compatible with any encryption prior to that date. Ben. */
 void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
                     long length, DES_key_schedule *schedule, DES_cblock *ivec,
                     int enc)
        {
        register DES_LONG d0,d1,v0,v1,n=(numbits+7)/8;
-       register DES_LONG mask0,mask1;
        register unsigned long l=length;
        register int num=numbits;
        DES_LONG ti[2];
        unsigned char *iv;
+       unsigned char ovec[16];
 
        if (num > 64) return;
-       if (num > 32)
-               {
-               mask0=0xffffffffL;
-               if (num == 64)
-                       mask1=mask0;
-               else    mask1=(1L<<(num-32))-1;
-               }
-       else
-               {
-               if (num == 32)
-                       mask0=0xffffffffL;
-               else    mask0=(1L<<num)-1;
-               mask1=0x00000000L;
-               }
-
        iv = &(*ivec)[0];
        c2l(iv,v0);
        c2l(iv,v1);
@@ -104,8 +93,8 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
                        DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
                        c2ln(in,d0,d1,n);
                        in+=n;
-                       d0=(d0^ti[0])&mask0;
-                       d1=(d1^ti[1])&mask1;
+                       d0^=ti[0];
+                       d1^=ti[1];
                        l2cn(d0,d1,out,n);
                        out+=n;
                        /* 30-08-94 - eay - changed because l>>32 and
@@ -114,15 +103,25 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
                                { v0=v1; v1=d0; }
                        else if (num == 64)
                                { v0=d0; v1=d1; }
-                       else if (num > 32) /* && num != 64 */
-                               {
-                               v0=((v1>>(num-32))|(d0<<(64-num)))&0xffffffffL;
-                               v1=((d0>>(num-32))|(d1<<(64-num)))&0xffffffffL;
-                               }
-                       else /* num < 32 */
+                       else
                                {
-                               v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL;
-                               v1=((v1>>num)|(d0<<(32-num)))&0xffffffffL;
+                               iv=&ovec[0];
+                               l2c(v0,iv);
+                               l2c(v1,iv);
+                               l2c(d0,iv);
+                               l2c(d1,iv);
+                               /* shift ovec left most of the bits... */
+                               memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
+                               /* now the remaining bits */
+                               if(num%8 != 0)
+                                       for(n=0 ; n < 8 ; ++n)
+                                               {
+                                               ovec[n]<<=num%8;
+                                               ovec[n]|=ovec[n+1]>>(8-num%8);
+                                               }
+                               iv=&ovec[0];
+                               c2l(iv,v0);
+                               c2l(iv,v1);
                                }
                        }
                }
@@ -142,18 +141,28 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
                                { v0=v1; v1=d0; }
                        else if (num == 64)
                                { v0=d0; v1=d1; }
-                       else if (num > 32) /* && num != 64 */
-                               {
-                               v0=((v1>>(num-32))|(d0<<(64-num)))&0xffffffffL;
-                               v1=((d0>>(num-32))|(d1<<(64-num)))&0xffffffffL;
-                               }
-                       else /* num < 32 */
+                       else
                                {
-                               v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL;
-                               v1=((v1>>num)|(d0<<(32-num)))&0xffffffffL;
+                               iv=&ovec[0];
+                               l2c(v0,iv);
+                               l2c(v1,iv);
+                               l2c(d0,iv);
+                               l2c(d1,iv);
+                               /* shift ovec left most of the bits... */
+                               memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
+                               /* now the remaining bits */
+                               if(num%8 != 0)
+                                       for(n=0 ; n < 8 ; ++n)
+                                               {
+                                               ovec[n]<<=num%8;
+                                               ovec[n]|=ovec[n+1]>>(8-num%8);
+                                               }
+                               iv=&ovec[0];
+                               c2l(iv,v0);
+                               c2l(iv,v1);
                                }
-                       d0=(d0^ti[0])&mask0;
-                       d1=(d1^ti[1])&mask1;
+                       d0^=ti[0];
+                       d1^=ti[1];
                        l2cn(d0,d1,out,n);
                        out+=n;
                        }
index 65b3fd9766416701a45e6483564b39e3c6fd3cfb..8b12ede41a281d34bba42340c06cd40b4d6f30bc 100644 (file)
@@ -67,6 +67,8 @@ void OpenSSL_add_all_ciphers(void)
 
 #ifndef OPENSSL_NO_DES
        EVP_add_cipher(EVP_des_cfb());
+       EVP_add_cipher(EVP_des_cfb1());
+       EVP_add_cipher(EVP_des_cfb8());
        EVP_add_cipher(EVP_des_ede_cfb());
        EVP_add_cipher(EVP_des_ede3_cfb());
 
index 0b05c116112e2d31acb4b43799b80045b242c009..4e1337449bb7abbedb04afb45e4efe4ee85bb4ed 100644 (file)
@@ -106,7 +106,7 @@ static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                           const unsigned char *in, unsigned int inl)
     {
     unsigned int n;
-    unsigned char c[1],d[1];
+    unsigned char c[8],d[8]; /* DES_cfb_encrypt rudely overwrites the whole buffer*/
 
     memset(out,0,(inl+7)/8);
     for(n=0 ; n < inl ; ++n)
@@ -114,7 +114,7 @@ static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
        c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
        DES_cfb_encrypt(c,d,1,1,ctx->cipher_data,(DES_cblock *)ctx->iv,
                        ctx->encrypt);
-       out[n/8]=(out[n/8]&~(1 << (7-n%8)))|((d[0]&0x80) >> (n%8));
+       out[n/8]=(out[n/8]&~(0x80 >> (n%8)))|((d[0]&0x80) >> (n%8));
        }
 
     return 1;
@@ -123,8 +123,13 @@ static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                           const unsigned char *in, unsigned int inl)
     {
-    DES_cfb_encrypt(in,out,8,inl,ctx->cipher_data,(DES_cblock *)ctx->iv,
+    unsigned char *tmp; /* DES_cfb_encrypt rudely overwrites the whole buffer*/
+
+    tmp=alloca(inl);
+    memcpy(tmp,in,inl);
+    DES_cfb_encrypt(tmp,tmp,8,inl,ctx->cipher_data,(DES_cblock *)ctx->iv,
                    ctx->encrypt);
+    memcpy(out,tmp,inl);
 
     return 1;
     }
index 772aa18f49fe9f84b01288fe50ccefe803edf116..2857fa552bb881a77a37b5ea8f8bd49e6f398cd7 100644 (file)
@@ -269,6 +269,12 @@ DESX-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363
 # DES EDE3 CBC tests (from destest)
 DES-EDE3-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675
 
+# DES CFB1 from FIPS 81
+# plaintext: 0100 1110 0110 1111 0111 0111 = 4e6f77
+# ciphertext: 1100 1101 0001 1110 1100 1001 = cd1ec9
+
+DES-CFB1*8:0123456789abcdef:1234567890abcdef:4e6f77:cd1ec9
+
 # RC4 tests (from rc4test)
 RC4:0123456789abcdef0123456789abcdef::0123456789abcdef:75b7878099e0c596
 RC4:0123456789abcdef0123456789abcdef::0000000000000000:7494c2e7104b0879