Remove AES_bi_ige_encrypt() from libcrypto. This routine is supposed to use

two keys and four IVs to do much magic, is specified as such with test vectors, but the implementation actually always uses the first key, and the test vectors were computed with it, so they are wrong. Fixing the code to match the intended specification would break interoperability with existing code (assuming such code would exist), so it is better to remove this interface, which is obviously too complex for mere mortals if even its author can not implement it correctly. Riding on the libcrypto major bump.
author: miod <> 2014-05-12 19:19:55 +0000
committer: miod <> 2014-05-12 19:19:55 +0000
commit: 5dc223660bd1bba54e5ec9930856977e8a32fd40 (patch)
tree: 42e5e55055ced76b801684e0cba1811fd8b55d8f /src/lib
parent: b1c75aa00fec08eaff27dbc4f3f73dd5ffedb2b3 (diff)
download: openbsd-5dc223660bd1bba54e5ec9930856977e8a32fd40.tar.gz
openbsd-5dc223660bd1bba54e5ec9930856977e8a32fd40.tar.bz2
openbsd-5dc223660bd1bba54e5ec9930856977e8a32fd40.zip
4 files changed, 0 insertions, 232 deletions
diff --git a/src/lib/libcrypto/aes/aes.h b/src/lib/libcrypto/aes/aes.h
index d05f803494..0b3db6420b 100644
--- a/src/lib/libcrypto/aes/aes.h
+++ b/src/lib/libcrypto/aes/aes.h
@@ -117,10 +117,6 @@ void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
 /* NB: the IV is _two_ blocks long */
 void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
    size_t length, const AES_KEY *key, unsigned char *ivec, const int enc);
-/* NB: the IV is _four_ blocks long */
-void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
-    size_t length, const AES_KEY *key, const AES_KEY *key2,
-    const unsigned char *ivec, const int enc);
 int AES_wrap_key(AES_KEY *key, const unsigned char *iv, unsigned char *out,
    const unsigned char *in, unsigned int inlen);
diff --git a/src/lib/libcrypto/aes/aes_ige.c b/src/lib/libcrypto/aes/aes_ige.c
index 0882a3d853..883dff7d29 100644
--- a/src/lib/libcrypto/aes/aes_ige.c
+++ b/src/lib/libcrypto/aes/aes_ige.c
@@ -194,115 +194,3 @@ AES_ige_encrypt(const unsigned char *in, unsigned char *out, size_t length,
                }
        }
 }
-/*
- * Note that its effectively impossible to do biIGE in anything other
- * than a single pass, so no provision is made for chaining.
- */
-/* N.B. The IV for this mode is _four times_ the block size */
-void
-AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, size_t length,
-    const AES_KEY *key, const AES_KEY *key2, const unsigned char *ivec,
-    const int enc)
-{
-        size_t n;
-        size_t len = length;
-        unsigned char tmp[AES_BLOCK_SIZE];
-        unsigned char tmp2[AES_BLOCK_SIZE];
-        unsigned char tmp3[AES_BLOCK_SIZE];
-        unsigned char prev[AES_BLOCK_SIZE];
-        const unsigned char *iv;
-        const unsigned char *iv2;
-        OPENSSL_assert(in && out && key && ivec);
-        OPENSSL_assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc));
-        OPENSSL_assert((length % AES_BLOCK_SIZE) == 0);
-        if (AES_ENCRYPT == enc) {
-                /* XXX: Do a separate case for when in != out (strictly should
-                   check for overlap, too) */
-                /* First the forward pass */
-                iv = ivec;
-                iv2 = ivec + AES_BLOCK_SIZE;
-                while (len >= AES_BLOCK_SIZE) {
-                        for (n = 0; n < AES_BLOCK_SIZE; ++n)
-                                out[n] = in[n] ^ iv[n];
-                        AES_encrypt(out, out, key);
-                        for (n = 0; n < AES_BLOCK_SIZE; ++n)
-                                out[n] ^= iv2[n];
-                        iv = out;
-                        memcpy(prev, in, AES_BLOCK_SIZE);
-                        iv2 = prev;
-                        len -= AES_BLOCK_SIZE;
-                        in += AES_BLOCK_SIZE;
-                        out += AES_BLOCK_SIZE;
-                }
-                /* And now backwards */
-                iv = ivec + AES_BLOCK_SIZE*2;
-                iv2 = ivec + AES_BLOCK_SIZE*3;
-                len = length;
-                while (len >= AES_BLOCK_SIZE) {
-                        out -= AES_BLOCK_SIZE;
-                        /* XXX: reduce copies by alternating between buffers */
-                        memcpy(tmp, out, AES_BLOCK_SIZE);
-                        for (n = 0; n < AES_BLOCK_SIZE; ++n)
-                                out[n] ^= iv[n];
-                        /*                      hexdump(stdout, "out ^ iv", out, AES_BLOCK_SIZE); */
-                        AES_encrypt(out, out, key);
-                        /*                      hexdump(stdout,"enc", out, AES_BLOCK_SIZE); */
-                        /*                      hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); */
-                        for (n = 0; n < AES_BLOCK_SIZE; ++n)
-                                out[n] ^= iv2[n];
-                        /*                      hexdump(stdout,"out", out, AES_BLOCK_SIZE); */
-                        iv = out;
-                        memcpy(prev, tmp, AES_BLOCK_SIZE);
-                        iv2 = prev;
-                        len -= AES_BLOCK_SIZE;
-                }
-        } else {
-                /* First backwards */
-                iv = ivec + AES_BLOCK_SIZE*2;
-                iv2 = ivec + AES_BLOCK_SIZE*3;
-                in += length;
-                out += length;
-                while (len >= AES_BLOCK_SIZE) {
-                        in -= AES_BLOCK_SIZE;
-                        out -= AES_BLOCK_SIZE;
-                        memcpy(tmp, in, AES_BLOCK_SIZE);
-                        memcpy(tmp2, in, AES_BLOCK_SIZE);
-                        for (n = 0; n < AES_BLOCK_SIZE; ++n)
-                                tmp[n] ^= iv2[n];
-                        AES_decrypt(tmp, out, key);
-                        for (n = 0; n < AES_BLOCK_SIZE; ++n)
-                                out[n] ^= iv[n];
-                        memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
-                        iv = tmp3;
-                        iv2 = out;
-                        len -= AES_BLOCK_SIZE;
-                }
-                /* And now forwards */
-                iv = ivec;
-                iv2 = ivec + AES_BLOCK_SIZE;
-                len = length;
-                while (len >= AES_BLOCK_SIZE) {
-                        memcpy(tmp, out, AES_BLOCK_SIZE);
-                        memcpy(tmp2, out, AES_BLOCK_SIZE);
-                        for (n = 0; n < AES_BLOCK_SIZE; ++n)
-                                tmp[n] ^= iv2[n];
-                        AES_decrypt(tmp, out, key);
-                        for (n = 0; n < AES_BLOCK_SIZE; ++n)
-                                out[n] ^= iv[n];
-                        memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
-                        iv = tmp3;
-                        iv2 = out;
-                        len -= AES_BLOCK_SIZE;
-                        in += AES_BLOCK_SIZE;
-                        out += AES_BLOCK_SIZE;
-                }
-        }
-}
diff --git a/src/lib/libssl/src/crypto/aes/aes.h b/src/lib/libssl/src/crypto/aes/aes.h
index d05f803494..0b3db6420b 100644
--- a/src/lib/libssl/src/crypto/aes/aes.h
+++ b/src/lib/libssl/src/crypto/aes/aes.h
@@ -117,10 +117,6 @@ void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
 /* NB: the IV is _two_ blocks long */
 void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
    size_t length, const AES_KEY *key, unsigned char *ivec, const int enc);
-/* NB: the IV is _four_ blocks long */
-void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
-    size_t length, const AES_KEY *key, const AES_KEY *key2,
-    const unsigned char *ivec, const int enc);
 int AES_wrap_key(AES_KEY *key, const unsigned char *iv, unsigned char *out,
    const unsigned char *in, unsigned int inlen);
diff --git a/src/lib/libssl/src/crypto/aes/aes_ige.c b/src/lib/libssl/src/crypto/aes/aes_ige.c
index 0882a3d853..883dff7d29 100644
--- a/src/lib/libssl/src/crypto/aes/aes_ige.c
+++ b/src/lib/libssl/src/crypto/aes/aes_ige.c
@@ -194,115 +194,3 @@ AES_ige_encrypt(const unsigned char *in, unsigned char *out, size_t length,
                }
        }
 }
-/*
- * Note that its effectively impossible to do biIGE in anything other
- * than a single pass, so no provision is made for chaining.
- */
-/* N.B. The IV for this mode is _four times_ the block size */
-void
-AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, size_t length,
-    const AES_KEY *key, const AES_KEY *key2, const unsigned char *ivec,
-    const int enc)
-{
-        size_t n;
-        size_t len = length;
-        unsigned char tmp[AES_BLOCK_SIZE];
-        unsigned char tmp2[AES_BLOCK_SIZE];
-        unsigned char tmp3[AES_BLOCK_SIZE];
-        unsigned char prev[AES_BLOCK_SIZE];
-        const unsigned char *iv;
-        const unsigned char *iv2;
-        OPENSSL_assert(in && out && key && ivec);
-        OPENSSL_assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc));
-        OPENSSL_assert((length % AES_BLOCK_SIZE) == 0);
-        if (AES_ENCRYPT == enc) {
-                /* XXX: Do a separate case for when in != out (strictly should
-                   check for overlap, too) */
-                /* First the forward pass */
-                iv = ivec;
-                iv2 = ivec + AES_BLOCK_SIZE;
-                while (len >= AES_BLOCK_SIZE) {
-                        for (n = 0; n < AES_BLOCK_SIZE; ++n)
-                                out[n] = in[n] ^ iv[n];
-                        AES_encrypt(out, out, key);
-                        for (n = 0; n < AES_BLOCK_SIZE; ++n)
-                                out[n] ^= iv2[n];
-                        iv = out;
-                        memcpy(prev, in, AES_BLOCK_SIZE);
-                        iv2 = prev;
-                        len -= AES_BLOCK_SIZE;
-                        in += AES_BLOCK_SIZE;
-                        out += AES_BLOCK_SIZE;
-                }
-                /* And now backwards */
-                iv = ivec + AES_BLOCK_SIZE*2;
-                iv2 = ivec + AES_BLOCK_SIZE*3;
-                len = length;
-                while (len >= AES_BLOCK_SIZE) {
-                        out -= AES_BLOCK_SIZE;
-                        /* XXX: reduce copies by alternating between buffers */
-                        memcpy(tmp, out, AES_BLOCK_SIZE);
-                        for (n = 0; n < AES_BLOCK_SIZE; ++n)
-                                out[n] ^= iv[n];
-                        /*                      hexdump(stdout, "out ^ iv", out, AES_BLOCK_SIZE); */
-                        AES_encrypt(out, out, key);
-                        /*                      hexdump(stdout,"enc", out, AES_BLOCK_SIZE); */
-                        /*                      hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); */
-                        for (n = 0; n < AES_BLOCK_SIZE; ++n)
-                                out[n] ^= iv2[n];
-                        /*                      hexdump(stdout,"out", out, AES_BLOCK_SIZE); */
-                        iv = out;
-                        memcpy(prev, tmp, AES_BLOCK_SIZE);
-                        iv2 = prev;
-                        len -= AES_BLOCK_SIZE;
-                }
-        } else {
-                /* First backwards */
-                iv = ivec + AES_BLOCK_SIZE*2;
-                iv2 = ivec + AES_BLOCK_SIZE*3;
-                in += length;
-                out += length;
-                while (len >= AES_BLOCK_SIZE) {
-                        in -= AES_BLOCK_SIZE;
-                        out -= AES_BLOCK_SIZE;
-                        memcpy(tmp, in, AES_BLOCK_SIZE);
-                        memcpy(tmp2, in, AES_BLOCK_SIZE);
-                        for (n = 0; n < AES_BLOCK_SIZE; ++n)
-                                tmp[n] ^= iv2[n];
-                        AES_decrypt(tmp, out, key);
-                        for (n = 0; n < AES_BLOCK_SIZE; ++n)
-                                out[n] ^= iv[n];
-                        memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
-                        iv = tmp3;
-                        iv2 = out;
-                        len -= AES_BLOCK_SIZE;
-                }
-                /* And now forwards */
-                iv = ivec;
-                iv2 = ivec + AES_BLOCK_SIZE;
-                len = length;
-                while (len >= AES_BLOCK_SIZE) {
-                        memcpy(tmp, out, AES_BLOCK_SIZE);
-                        memcpy(tmp2, out, AES_BLOCK_SIZE);
-                        for (n = 0; n < AES_BLOCK_SIZE; ++n)
-                                tmp[n] ^= iv2[n];
-                        AES_decrypt(tmp, out, key);
-                        for (n = 0; n < AES_BLOCK_SIZE; ++n)
-                                out[n] ^= iv[n];
-                        memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
-                        iv = tmp3;
-                        iv2 = out;
-                        len -= AES_BLOCK_SIZE;
-                        in += AES_BLOCK_SIZE;
-                        out += AES_BLOCK_SIZE;
-                }
-        }
-}
author	miod <>	2014-05-12 19:19:55 +0000
committer	miod <>	2014-05-12 19:19:55 +0000
commit	5dc223660bd1bba54e5ec9930856977e8a32fd40 (patch)
tree	42e5e55055ced76b801684e0cba1811fd8b55d8f /src/lib
parent	b1c75aa00fec08eaff27dbc4f3f73dd5ffedb2b3 (diff)
download	openbsd-5dc223660bd1bba54e5ec9930856977e8a32fd40.tar.gz openbsd-5dc223660bd1bba54e5ec9930856977e8a32fd40.tar.bz2 openbsd-5dc223660bd1bba54e5ec9930856977e8a32fd40.zip

diff --git a/src/lib/libcrypto/aes/aes.h b/src/lib/libcrypto/aes/aes.h index d05f803494..0b3db6420b 100644 --- a/src/lib/libcrypto/aes/aes.h +++ b/src/lib/libcrypto/aes/aes.h
@@ -117,10 +117,6 @@ void AES_ctr128_encrypt(const unsigned char in, unsigned char out,
117	/* NB: the IV is _two_ blocks long */	117	/* NB: the IV is _two_ blocks long */
118	void AES_ige_encrypt(const unsigned char in, unsigned char out,	118	void AES_ige_encrypt(const unsigned char in, unsigned char out,
119	size_t length, const AES_KEY key, unsigned char ivec, const int enc);	119	size_t length, const AES_KEY key, unsigned char ivec, const int enc);
120	/* NB: the IV is _four_ blocks long */
121	void AES_bi_ige_encrypt(const unsigned char in, unsigned char out,
122	size_t length, const AES_KEY key, const AES_KEY key2,
123	const unsigned char *ivec, const int enc);
124		120
125	int AES_wrap_key(AES_KEY key, const unsigned char iv, unsigned char *out,	121	int AES_wrap_key(AES_KEY key, const unsigned char iv, unsigned char *out,
126	const unsigned char *in, unsigned int inlen);	122	const unsigned char *in, unsigned int inlen);


diff --git a/src/lib/libcrypto/aes/aes_ige.c b/src/lib/libcrypto/aes/aes_ige.c index 0882a3d853..883dff7d29 100644 --- a/src/lib/libcrypto/aes/aes_ige.c +++ b/src/lib/libcrypto/aes/aes_ige.c
@@ -194,115 +194,3 @@ AES_ige_encrypt(const unsigned char in, unsigned char out, size_t length,
194	}	194	}
195	}	195	}
196	}	196	}
197
198	/*
199	* Note that its effectively impossible to do biIGE in anything other
200	* than a single pass, so no provision is made for chaining.
201	*/
202
203	/* N.B. The IV for this mode is _four times_ the block size */
204
205	void
206	AES_bi_ige_encrypt(const unsigned char in, unsigned char out, size_t length,
207	const AES_KEY key, const AES_KEY key2, const unsigned char *ivec,
208	const int enc)
209	{
210	size_t n;
211	size_t len = length;
212	unsigned char tmp[AES_BLOCK_SIZE];
213	unsigned char tmp2[AES_BLOCK_SIZE];
214	unsigned char tmp3[AES_BLOCK_SIZE];
215	unsigned char prev[AES_BLOCK_SIZE];
216	const unsigned char *iv;
217	const unsigned char *iv2;
218
219	OPENSSL_assert(in && out && key && ivec);
220	OPENSSL_assert((AES_ENCRYPT == enc) \|\| (AES_DECRYPT == enc));
221	OPENSSL_assert((length % AES_BLOCK_SIZE) == 0);
222
223	if (AES_ENCRYPT == enc) {
224	/* XXX: Do a separate case for when in != out (strictly should
225	check for overlap, too) */
226
227	/* First the forward pass */
228	iv = ivec;
229	iv2 = ivec + AES_BLOCK_SIZE;
230	while (len >= AES_BLOCK_SIZE) {
231	for (n = 0; n < AES_BLOCK_SIZE; ++n)
232	out[n] = in[n] ^ iv[n];
233	AES_encrypt(out, out, key);
234	for (n = 0; n < AES_BLOCK_SIZE; ++n)
235	out[n] ^= iv2[n];
236	iv = out;
237	memcpy(prev, in, AES_BLOCK_SIZE);
238	iv2 = prev;
239	len -= AES_BLOCK_SIZE;
240	in += AES_BLOCK_SIZE;
241	out += AES_BLOCK_SIZE;
242	}
243
244	/* And now backwards */
245	iv = ivec + AES_BLOCK_SIZE*2;
246	iv2 = ivec + AES_BLOCK_SIZE*3;
247	len = length;
248	while (len >= AES_BLOCK_SIZE) {
249	out -= AES_BLOCK_SIZE;
250	/* XXX: reduce copies by alternating between buffers */
251	memcpy(tmp, out, AES_BLOCK_SIZE);
252	for (n = 0; n < AES_BLOCK_SIZE; ++n)
253	out[n] ^= iv[n];
254	/* hexdump(stdout, "out ^ iv", out, AES_BLOCK_SIZE); */
255	AES_encrypt(out, out, key);
256	/* hexdump(stdout,"enc", out, AES_BLOCK_SIZE); */
257	/* hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); */
258	for (n = 0; n < AES_BLOCK_SIZE; ++n)
259	out[n] ^= iv2[n];
260	/* hexdump(stdout,"out", out, AES_BLOCK_SIZE); */
261	iv = out;
262	memcpy(prev, tmp, AES_BLOCK_SIZE);
263	iv2 = prev;
264	len -= AES_BLOCK_SIZE;
265	}
266	} else {
267	/* First backwards */
268	iv = ivec + AES_BLOCK_SIZE*2;
269	iv2 = ivec + AES_BLOCK_SIZE*3;
270	in += length;
271	out += length;
272	while (len >= AES_BLOCK_SIZE) {
273	in -= AES_BLOCK_SIZE;
274	out -= AES_BLOCK_SIZE;
275	memcpy(tmp, in, AES_BLOCK_SIZE);
276	memcpy(tmp2, in, AES_BLOCK_SIZE);
277	for (n = 0; n < AES_BLOCK_SIZE; ++n)
278	tmp[n] ^= iv2[n];
279	AES_decrypt(tmp, out, key);
280	for (n = 0; n < AES_BLOCK_SIZE; ++n)
281	out[n] ^= iv[n];
282	memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
283	iv = tmp3;
284	iv2 = out;
285	len -= AES_BLOCK_SIZE;
286	}
287
288	/* And now forwards */
289	iv = ivec;
290	iv2 = ivec + AES_BLOCK_SIZE;
291	len = length;
292	while (len >= AES_BLOCK_SIZE) {
293	memcpy(tmp, out, AES_BLOCK_SIZE);
294	memcpy(tmp2, out, AES_BLOCK_SIZE);
295	for (n = 0; n < AES_BLOCK_SIZE; ++n)
296	tmp[n] ^= iv2[n];
297	AES_decrypt(tmp, out, key);
298	for (n = 0; n < AES_BLOCK_SIZE; ++n)
299	out[n] ^= iv[n];
300	memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
301	iv = tmp3;
302	iv2 = out;
303	len -= AES_BLOCK_SIZE;
304	in += AES_BLOCK_SIZE;
305	out += AES_BLOCK_SIZE;
306	}
307	}
308	}


diff --git a/src/lib/libssl/src/crypto/aes/aes.h b/src/lib/libssl/src/crypto/aes/aes.h index d05f803494..0b3db6420b 100644 --- a/src/lib/libssl/src/crypto/aes/aes.h +++ b/src/lib/libssl/src/crypto/aes/aes.h
@@ -117,10 +117,6 @@ void AES_ctr128_encrypt(const unsigned char in, unsigned char out,
117	/* NB: the IV is _two_ blocks long */	117	/* NB: the IV is _two_ blocks long */
118	void AES_ige_encrypt(const unsigned char in, unsigned char out,	118	void AES_ige_encrypt(const unsigned char in, unsigned char out,
119	size_t length, const AES_KEY key, unsigned char ivec, const int enc);	119	size_t length, const AES_KEY key, unsigned char ivec, const int enc);
120	/* NB: the IV is _four_ blocks long */
121	void AES_bi_ige_encrypt(const unsigned char in, unsigned char out,
122	size_t length, const AES_KEY key, const AES_KEY key2,
123	const unsigned char *ivec, const int enc);
124		120
125	int AES_wrap_key(AES_KEY key, const unsigned char iv, unsigned char *out,	121	int AES_wrap_key(AES_KEY key, const unsigned char iv, unsigned char *out,
126	const unsigned char *in, unsigned int inlen);	122	const unsigned char *in, unsigned int inlen);


diff --git a/src/lib/libssl/src/crypto/aes/aes_ige.c b/src/lib/libssl/src/crypto/aes/aes_ige.c index 0882a3d853..883dff7d29 100644 --- a/src/lib/libssl/src/crypto/aes/aes_ige.c +++ b/src/lib/libssl/src/crypto/aes/aes_ige.c
@@ -194,115 +194,3 @@ AES_ige_encrypt(const unsigned char in, unsigned char out, size_t length,
194	}	194	}
195	}	195	}
196	}	196	}
197
198	/*
199	* Note that its effectively impossible to do biIGE in anything other
200	* than a single pass, so no provision is made for chaining.
201	*/
202
203	/* N.B. The IV for this mode is _four times_ the block size */
204
205	void
206	AES_bi_ige_encrypt(const unsigned char in, unsigned char out, size_t length,
207	const AES_KEY key, const AES_KEY key2, const unsigned char *ivec,
208	const int enc)
209	{
210	size_t n;
211	size_t len = length;
212	unsigned char tmp[AES_BLOCK_SIZE];
213	unsigned char tmp2[AES_BLOCK_SIZE];
214	unsigned char tmp3[AES_BLOCK_SIZE];
215	unsigned char prev[AES_BLOCK_SIZE];
216	const unsigned char *iv;
217	const unsigned char *iv2;
218
219	OPENSSL_assert(in && out && key && ivec);
220	OPENSSL_assert((AES_ENCRYPT == enc) \|\| (AES_DECRYPT == enc));
221	OPENSSL_assert((length % AES_BLOCK_SIZE) == 0);
222
223	if (AES_ENCRYPT == enc) {
224	/* XXX: Do a separate case for when in != out (strictly should
225	check for overlap, too) */
226
227	/* First the forward pass */
228	iv = ivec;
229	iv2 = ivec + AES_BLOCK_SIZE;
230	while (len >= AES_BLOCK_SIZE) {
231	for (n = 0; n < AES_BLOCK_SIZE; ++n)
232	out[n] = in[n] ^ iv[n];
233	AES_encrypt(out, out, key);
234	for (n = 0; n < AES_BLOCK_SIZE; ++n)
235	out[n] ^= iv2[n];
236	iv = out;
237	memcpy(prev, in, AES_BLOCK_SIZE);
238	iv2 = prev;
239	len -= AES_BLOCK_SIZE;
240	in += AES_BLOCK_SIZE;
241	out += AES_BLOCK_SIZE;
242	}
243
244	/* And now backwards */
245	iv = ivec + AES_BLOCK_SIZE*2;
246	iv2 = ivec + AES_BLOCK_SIZE*3;
247	len = length;
248	while (len >= AES_BLOCK_SIZE) {
249	out -= AES_BLOCK_SIZE;
250	/* XXX: reduce copies by alternating between buffers */
251	memcpy(tmp, out, AES_BLOCK_SIZE);
252	for (n = 0; n < AES_BLOCK_SIZE; ++n)
253	out[n] ^= iv[n];
254	/* hexdump(stdout, "out ^ iv", out, AES_BLOCK_SIZE); */
255	AES_encrypt(out, out, key);
256	/* hexdump(stdout,"enc", out, AES_BLOCK_SIZE); */
257	/* hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); */
258	for (n = 0; n < AES_BLOCK_SIZE; ++n)
259	out[n] ^= iv2[n];
260	/* hexdump(stdout,"out", out, AES_BLOCK_SIZE); */
261	iv = out;
262	memcpy(prev, tmp, AES_BLOCK_SIZE);
263	iv2 = prev;
264	len -= AES_BLOCK_SIZE;
265	}
266	} else {
267	/* First backwards */
268	iv = ivec + AES_BLOCK_SIZE*2;
269	iv2 = ivec + AES_BLOCK_SIZE*3;
270	in += length;
271	out += length;
272	while (len >= AES_BLOCK_SIZE) {
273	in -= AES_BLOCK_SIZE;
274	out -= AES_BLOCK_SIZE;
275	memcpy(tmp, in, AES_BLOCK_SIZE);
276	memcpy(tmp2, in, AES_BLOCK_SIZE);
277	for (n = 0; n < AES_BLOCK_SIZE; ++n)
278	tmp[n] ^= iv2[n];
279	AES_decrypt(tmp, out, key);
280	for (n = 0; n < AES_BLOCK_SIZE; ++n)
281	out[n] ^= iv[n];
282	memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
283	iv = tmp3;
284	iv2 = out;
285	len -= AES_BLOCK_SIZE;
286	}
287
288	/* And now forwards */
289	iv = ivec;
290	iv2 = ivec + AES_BLOCK_SIZE;
291	len = length;
292	while (len >= AES_BLOCK_SIZE) {
293	memcpy(tmp, out, AES_BLOCK_SIZE);
294	memcpy(tmp2, out, AES_BLOCK_SIZE);
295	for (n = 0; n < AES_BLOCK_SIZE; ++n)
296	tmp[n] ^= iv2[n];
297	AES_decrypt(tmp, out, key);
298	for (n = 0; n < AES_BLOCK_SIZE; ++n)
299	out[n] ^= iv[n];
300	memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
301	iv = tmp3;
302	iv2 = out;
303	len -= AES_BLOCK_SIZE;
304	in += AES_BLOCK_SIZE;
305	out += AES_BLOCK_SIZE;
306	}
307	}
308	}