Hello this is Jun-ichiro (Itoh) Hagino of KAME project.
RFC2144 says that, CAST128 must be performed only 12 rounds if
key length <= 80bits. The following patch should fix the behavior.
Assembly language versions needs some fix too.
This bug was found on SSLeay 0.9.0b, report has been sent to SSLeay
team, but OpenSSL is using a version prior to the fix (0.9.0b?),
so I'm sending this report to you.
I'm not on the openssl-dev mailing list so please send comments to
[EMAIL PROTECTED] or [EMAIL PROTECTED] too. Thanks.
itojun
---
Only in cast: c_cfb64.o
Only in cast: c_ecb.o
diff -cr cast-/c_enc.c cast/c_enc.c
*** cast-/c_enc.c Mon Nov 2 02:07:36 1998
--- cast/c_enc.c Mon Nov 2 02:10:09 1998
***************
*** 81,91 ****
--- 81,94 ----
E_CAST( 9,k,r,l,+,^,-);
E_CAST(10,k,l,r,^,-,+);
E_CAST(11,k,r,l,-,+,^);
+ if (key->round < 13)
+ goto done;
E_CAST(12,k,l,r,+,^,-);
E_CAST(13,k,r,l,^,-,+);
E_CAST(14,k,l,r,-,+,^);
E_CAST(15,k,r,l,+,^,-);
+ done:
data[1]=l&0xffffffffL;
data[0]=r&0xffffffffL;
}
***************
*** 100,109 ****
--- 103,115 ----
l=data[0];
r=data[1];
+ if (key->round < 13)
+ goto round12;
E_CAST(15,k,l,r,+,^,-);
E_CAST(14,k,r,l,-,+,^);
E_CAST(13,k,l,r,^,-,+);
E_CAST(12,k,r,l,+,^,-);
+ round12:
E_CAST(11,k,l,r,-,+,^);
E_CAST(10,k,r,l,^,-,+);
E_CAST( 9,k,l,r,+,^,-);
Only in cast: c_enc.o
Only in cast: c_ofb64.o
diff -cr cast-/c_skey.c cast/c_skey.c
*** cast-/c_skey.c Mon Nov 2 02:07:36 1998
--- cast/c_skey.c Mon Nov 2 02:39:13 1998
***************
*** 88,93 ****
--- 88,97 ----
if (len > 16) len=16;
for (i=0; i<len; i++)
x[i]=data[i];
+ if (len * 8 <= 80)
+ key->round = 12;
+ else
+ key->round = 16;
K= &k[0];
X[0]=((x[ 0]<<24)|(x[ 1]<<16)|(x[ 2]<<8)|x[ 3])&0xffffffffL;
Only in cast: c_skey.o
diff -cr cast-/cast.h cast/cast.h
*** cast-/cast.h Mon Nov 2 02:07:36 1998
--- cast/cast.h Tue Nov 3 17:47:23 1998
***************
*** 74,79 ****
--- 74,80 ----
typedef struct cast_key_st
{
CAST_LONG data[32];
+ int round;
} CAST_KEY;
#ifndef NOPROTO
diff -cr cast-/casttest.c cast/casttest.c
*** cast-/casttest.c Mon Nov 2 02:07:36 1998
--- cast/casttest.c Mon Nov 2 02:21:01 1998
***************
*** 70,76 ****
unsigned char in[8]={ 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF};
! int k_len[3]={16,10};
unsigned char c[3][8]={
{0x23,0x8B,0x4F,0xE5,0x84,0x7E,0x44,0xB2},
{0xEB,0x6A,0x71,0x1A,0x2C,0x02,0x27,0x1B},
--- 70,76 ----
unsigned char in[8]={ 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF};
! int k_len[3]={16,10,5};
unsigned char c[3][8]={
{0x23,0x8B,0x4F,0xE5,0x84,0x7E,0x44,0xB2},
{0xEB,0x6A,0x71,0x1A,0x2C,0x02,0x27,0x1B},
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
