diff options
| author | Miod Vallat <miod@cvs.openbsd.org> | 2014-05-12 19:19:56 +0000 |
|---|---|---|
| committer | Miod Vallat <miod@cvs.openbsd.org> | 2014-05-12 19:19:56 +0000 |
| commit | 492af4e395d044223d8eee5c4572613abc0efc6a (patch) | |
| tree | e0bf0e206c849c43a5953416379a7a6566486987 /lib/libcrypto | |
| parent | de82ea6d4e9a0a555528d969c66336b41305e064 (diff) | |
Remove AES_bi_ige_encrypt() from libcrypto. This routine is supposed to use
two keys and four IVs to do much magic, is specified as such with test vectors,
but the implementation actually always uses the first key, and the test vectors
were computed with it, so they are wrong.
Fixing the code to match the intended specification would break
interoperability with existing code (assuming such code would exist), so it is
better to remove this interface, which is obviously too complex for mere
mortals if even its author can not implement it correctly.
Riding on the libcrypto major bump.
Diffstat (limited to 'lib/libcrypto')
| -rw-r--r-- | lib/libcrypto/aes/aes.h | 4 | ||||
| -rw-r--r-- | lib/libcrypto/aes/aes_ige.c | 112 |
2 files changed, 0 insertions, 116 deletions
diff --git a/lib/libcrypto/aes/aes.h b/lib/libcrypto/aes/aes.h index d05f803494b..0b3db6420ba 100644 --- a/lib/libcrypto/aes/aes.h +++ b/lib/libcrypto/aes/aes.h @@ -117,10 +117,6 @@ void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, /* NB: the IV is _two_ blocks long */ void AES_ige_encrypt(const unsigned char *in, unsigned char *out, size_t length, const AES_KEY *key, unsigned char *ivec, const int enc); -/* NB: the IV is _four_ blocks long */ -void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, const AES_KEY *key2, - const unsigned char *ivec, const int enc); int AES_wrap_key(AES_KEY *key, const unsigned char *iv, unsigned char *out, const unsigned char *in, unsigned int inlen); diff --git a/lib/libcrypto/aes/aes_ige.c b/lib/libcrypto/aes/aes_ige.c index 0882a3d853a..883dff7d295 100644 --- a/lib/libcrypto/aes/aes_ige.c +++ b/lib/libcrypto/aes/aes_ige.c @@ -194,115 +194,3 @@ AES_ige_encrypt(const unsigned char *in, unsigned char *out, size_t length, } } } - -/* - * Note that its effectively impossible to do biIGE in anything other - * than a single pass, so no provision is made for chaining. - */ - -/* N.B. The IV for this mode is _four times_ the block size */ - -void -AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, size_t length, - const AES_KEY *key, const AES_KEY *key2, const unsigned char *ivec, - const int enc) -{ - size_t n; - size_t len = length; - unsigned char tmp[AES_BLOCK_SIZE]; - unsigned char tmp2[AES_BLOCK_SIZE]; - unsigned char tmp3[AES_BLOCK_SIZE]; - unsigned char prev[AES_BLOCK_SIZE]; - const unsigned char *iv; - const unsigned char *iv2; - - OPENSSL_assert(in && out && key && ivec); - OPENSSL_assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc)); - OPENSSL_assert((length % AES_BLOCK_SIZE) == 0); - - if (AES_ENCRYPT == enc) { - /* XXX: Do a separate case for when in != out (strictly should - check for overlap, too) */ - - /* First the forward pass */ - iv = ivec; - iv2 = ivec + AES_BLOCK_SIZE; - while (len >= AES_BLOCK_SIZE) { - for (n = 0; n < AES_BLOCK_SIZE; ++n) - out[n] = in[n] ^ iv[n]; - AES_encrypt(out, out, key); - for (n = 0; n < AES_BLOCK_SIZE; ++n) - out[n] ^= iv2[n]; - iv = out; - memcpy(prev, in, AES_BLOCK_SIZE); - iv2 = prev; - len -= AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - } - - /* And now backwards */ - iv = ivec + AES_BLOCK_SIZE*2; - iv2 = ivec + AES_BLOCK_SIZE*3; - len = length; - while (len >= AES_BLOCK_SIZE) { - out -= AES_BLOCK_SIZE; - /* XXX: reduce copies by alternating between buffers */ - memcpy(tmp, out, AES_BLOCK_SIZE); - for (n = 0; n < AES_BLOCK_SIZE; ++n) - out[n] ^= iv[n]; - /* hexdump(stdout, "out ^ iv", out, AES_BLOCK_SIZE); */ - AES_encrypt(out, out, key); - /* hexdump(stdout,"enc", out, AES_BLOCK_SIZE); */ - /* hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); */ - for (n = 0; n < AES_BLOCK_SIZE; ++n) - out[n] ^= iv2[n]; - /* hexdump(stdout,"out", out, AES_BLOCK_SIZE); */ - iv = out; - memcpy(prev, tmp, AES_BLOCK_SIZE); - iv2 = prev; - len -= AES_BLOCK_SIZE; - } - } else { - /* First backwards */ - iv = ivec + AES_BLOCK_SIZE*2; - iv2 = ivec + AES_BLOCK_SIZE*3; - in += length; - out += length; - while (len >= AES_BLOCK_SIZE) { - in -= AES_BLOCK_SIZE; - out -= AES_BLOCK_SIZE; - memcpy(tmp, in, AES_BLOCK_SIZE); - memcpy(tmp2, in, AES_BLOCK_SIZE); - for (n = 0; n < AES_BLOCK_SIZE; ++n) - tmp[n] ^= iv2[n]; - AES_decrypt(tmp, out, key); - for (n = 0; n < AES_BLOCK_SIZE; ++n) - out[n] ^= iv[n]; - memcpy(tmp3, tmp2, AES_BLOCK_SIZE); - iv = tmp3; - iv2 = out; - len -= AES_BLOCK_SIZE; - } - - /* And now forwards */ - iv = ivec; - iv2 = ivec + AES_BLOCK_SIZE; - len = length; - while (len >= AES_BLOCK_SIZE) { - memcpy(tmp, out, AES_BLOCK_SIZE); - memcpy(tmp2, out, AES_BLOCK_SIZE); - for (n = 0; n < AES_BLOCK_SIZE; ++n) - tmp[n] ^= iv2[n]; - AES_decrypt(tmp, out, key); - for (n = 0; n < AES_BLOCK_SIZE; ++n) - out[n] ^= iv[n]; - memcpy(tmp3, tmp2, AES_BLOCK_SIZE); - iv = tmp3; - iv2 = out; - len -= AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - } - } -} |