summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/libcrypto/Makefile8
-rw-r--r--src/lib/libcrypto/cast/c_cfb64.c124
-rw-r--r--src/lib/libcrypto/cast/c_ecb.c83
-rw-r--r--src/lib/libcrypto/cast/c_enc.c207
-rw-r--r--src/lib/libcrypto/cast/c_ofb64.c111
-rw-r--r--src/lib/libcrypto/cast/c_skey.c169
-rw-r--r--src/lib/libcrypto/cast/cast.c (renamed from src/lib/libcrypto/cast/cast_s.h)399
7 files changed, 398 insertions, 703 deletions
diff --git a/src/lib/libcrypto/Makefile b/src/lib/libcrypto/Makefile
index 7f67fcd823..7ed583fe4b 100644
--- a/src/lib/libcrypto/Makefile
+++ b/src/lib/libcrypto/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.191 2024/03/29 07:26:21 jsing Exp $ 1# $OpenBSD: Makefile,v 1.192 2024/03/29 07:36:38 jsing Exp $
2 2
3LIB= crypto 3LIB= crypto
4LIBREBUILD=y 4LIBREBUILD=y
@@ -204,11 +204,7 @@ SRCS+= bs_cbs.c
204SRCS+= camellia.c 204SRCS+= camellia.c
205 205
206# cast/ 206# cast/
207SRCS+= c_cfb64.c 207SRCS+= cast.c
208SRCS+= c_ecb.c
209SRCS+= c_enc.c
210SRCS+= c_ofb64.c
211SRCS+= c_skey.c
212 208
213# chacha/ 209# chacha/
214SRCS+= chacha.c 210SRCS+= chacha.c
diff --git a/src/lib/libcrypto/cast/c_cfb64.c b/src/lib/libcrypto/cast/c_cfb64.c
deleted file mode 100644
index 2acf7632e7..0000000000
--- a/src/lib/libcrypto/cast/c_cfb64.c
+++ /dev/null
@@ -1,124 +0,0 @@
1/* $OpenBSD: c_cfb64.c,v 1.8 2023/07/08 10:43:59 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <openssl/cast.h>
60#include "cast_local.h"
61
62/* The input and output encrypted as though 64bit cfb mode is being
63 * used. The extra state information to record how much of the
64 * 64bit block we have used is contained in *num;
65 */
66
67void
68CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
69 long length, const CAST_KEY *schedule, unsigned char *ivec,
70 int *num, int enc)
71{
72 CAST_LONG v0, v1, t;
73 int n= *num;
74 long l = length;
75 CAST_LONG ti[2];
76 unsigned char *iv, c, cc;
77
78 iv = ivec;
79 if (enc) {
80 while (l--) {
81 if (n == 0) {
82 n2l(iv, v0);
83 ti[0] = v0;
84 n2l(iv, v1);
85 ti[1] = v1;
86 CAST_encrypt((CAST_LONG *)ti, schedule);
87 iv = ivec;
88 t = ti[0];
89 l2n(t, iv);
90 t = ti[1];
91 l2n(t, iv);
92 iv = ivec;
93 }
94 c= *(in++)^iv[n];
95 *(out++) = c;
96 iv[n] = c;
97 n = (n + 1)&0x07;
98 }
99 } else {
100 while (l--) {
101 if (n == 0) {
102 n2l(iv, v0);
103 ti[0] = v0;
104 n2l(iv, v1);
105 ti[1] = v1;
106 CAST_encrypt((CAST_LONG *)ti, schedule);
107 iv = ivec;
108 t = ti[0];
109 l2n(t, iv);
110 t = ti[1];
111 l2n(t, iv);
112 iv = ivec;
113 }
114 cc= *(in++);
115 c = iv[n];
116 iv[n] = cc;
117 *(out++) = c^cc;
118 n = (n + 1)&0x07;
119 }
120 }
121 v0 = v1 = ti[0] = ti[1] = t=c = cc = 0;
122 *num = n;
123}
124LCRYPTO_ALIAS(CAST_cfb64_encrypt);
diff --git a/src/lib/libcrypto/cast/c_ecb.c b/src/lib/libcrypto/cast/c_ecb.c
deleted file mode 100644
index 89338a18e5..0000000000
--- a/src/lib/libcrypto/cast/c_ecb.c
+++ /dev/null
@@ -1,83 +0,0 @@
1/* $OpenBSD: c_ecb.c,v 1.10 2023/07/08 10:43:59 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <openssl/cast.h>
60#include "cast_local.h"
61#include <openssl/opensslv.h>
62
63void
64CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
65 const CAST_KEY *ks, int enc)
66{
67 CAST_LONG l, d[2];
68
69 n2l(in, l);
70 d[0] = l;
71 n2l(in, l);
72 d[1] = l;
73 if (enc)
74 CAST_encrypt(d, ks);
75 else
76 CAST_decrypt(d, ks);
77 l = d[0];
78 l2n(l, out);
79 l = d[1];
80 l2n(l, out);
81 l = d[0] = d[1] = 0;
82}
83LCRYPTO_ALIAS(CAST_ecb_encrypt);
diff --git a/src/lib/libcrypto/cast/c_enc.c b/src/lib/libcrypto/cast/c_enc.c
deleted file mode 100644
index 34fe69f0a0..0000000000
--- a/src/lib/libcrypto/cast/c_enc.c
+++ /dev/null
@@ -1,207 +0,0 @@
1/* $OpenBSD: c_enc.c,v 1.10 2023/07/08 10:43:59 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <openssl/cast.h>
60#include "cast_local.h"
61
62#ifndef OPENBSD_CAST_ASM
63void
64CAST_encrypt(CAST_LONG *data, const CAST_KEY *key)
65{
66 CAST_LONG l, r, t;
67 const CAST_LONG *k;
68
69 k = &(key->data[0]);
70 l = data[0];
71 r = data[1];
72
73 E_CAST( 0, k,l, r,+,^, -);
74 E_CAST( 1, k,r, l,^, -,+);
75 E_CAST( 2, k,l, r, -,+,^);
76 E_CAST( 3, k,r, l,+,^, -);
77 E_CAST( 4, k,l, r,^, -,+);
78 E_CAST( 5, k,r, l, -,+,^);
79 E_CAST( 6, k,l, r,+,^, -);
80 E_CAST( 7, k,r, l,^, -,+);
81 E_CAST( 8, k,l, r, -,+,^);
82 E_CAST( 9, k,r, l,+,^, -);
83 E_CAST(10, k,l, r,^, -,+);
84 E_CAST(11, k,r, l, -,+,^);
85 if (!key->short_key) {
86 E_CAST(12, k,l, r,+,^, -);
87 E_CAST(13, k,r, l,^, -,+);
88 E_CAST(14, k,l, r, -,+,^);
89 E_CAST(15, k,r, l,+,^, -);
90 }
91
92 data[1] = l&0xffffffffL;
93 data[0] = r&0xffffffffL;
94}
95LCRYPTO_ALIAS(CAST_encrypt);
96
97void
98CAST_decrypt(CAST_LONG *data, const CAST_KEY *key)
99{
100 CAST_LONG l, r, t;
101 const CAST_LONG *k;
102
103 k = &(key->data[0]);
104 l = data[0];
105 r = data[1];
106
107 if (!key->short_key) {
108 E_CAST(15, k,l, r,+,^, -);
109 E_CAST(14, k,r, l, -,+,^);
110 E_CAST(13, k,l, r,^, -,+);
111 E_CAST(12, k,r, l,+,^, -);
112 }
113 E_CAST(11, k,l, r, -,+,^);
114 E_CAST(10, k,r, l,^, -,+);
115 E_CAST( 9, k,l, r,+,^, -);
116 E_CAST( 8, k,r, l, -,+,^);
117 E_CAST( 7, k,l, r,^, -,+);
118 E_CAST( 6, k,r, l,+,^, -);
119 E_CAST( 5, k,l, r, -,+,^);
120 E_CAST( 4, k,r, l,^, -,+);
121 E_CAST( 3, k,l, r,+,^, -);
122 E_CAST( 2, k,r, l, -,+,^);
123 E_CAST( 1, k,l, r,^, -,+);
124 E_CAST( 0, k,r, l,+,^, -);
125
126 data[1] = l&0xffffffffL;
127 data[0] = r&0xffffffffL;
128}
129LCRYPTO_ALIAS(CAST_decrypt);
130#endif
131
132void
133CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
134 const CAST_KEY *ks, unsigned char *iv, int enc)
135{
136 CAST_LONG tin0, tin1;
137 CAST_LONG tout0, tout1, xor0, xor1;
138 long l = length;
139 CAST_LONG tin[2];
140
141 if (enc) {
142 n2l(iv, tout0);
143 n2l(iv, tout1);
144 iv -= 8;
145 for (l -= 8; l >= 0; l -= 8) {
146 n2l(in, tin0);
147 n2l(in, tin1);
148 tin0 ^= tout0;
149 tin1 ^= tout1;
150 tin[0] = tin0;
151 tin[1] = tin1;
152 CAST_encrypt(tin, ks);
153 tout0 = tin[0];
154 tout1 = tin[1];
155 l2n(tout0, out);
156 l2n(tout1, out);
157 }
158 if (l != -8) {
159 n2ln(in, tin0, tin1, l + 8);
160 tin0 ^= tout0;
161 tin1 ^= tout1;
162 tin[0] = tin0;
163 tin[1] = tin1;
164 CAST_encrypt(tin, ks);
165 tout0 = tin[0];
166 tout1 = tin[1];
167 l2n(tout0, out);
168 l2n(tout1, out);
169 }
170 l2n(tout0, iv);
171 l2n(tout1, iv);
172 } else {
173 n2l(iv, xor0);
174 n2l(iv, xor1);
175 iv -= 8;
176 for (l -= 8; l >= 0; l -= 8) {
177 n2l(in, tin0);
178 n2l(in, tin1);
179 tin[0] = tin0;
180 tin[1] = tin1;
181 CAST_decrypt(tin, ks);
182 tout0 = tin[0]^xor0;
183 tout1 = tin[1]^xor1;
184 l2n(tout0, out);
185 l2n(tout1, out);
186 xor0 = tin0;
187 xor1 = tin1;
188 }
189 if (l != -8) {
190 n2l(in, tin0);
191 n2l(in, tin1);
192 tin[0] = tin0;
193 tin[1] = tin1;
194 CAST_decrypt(tin, ks);
195 tout0 = tin[0]^xor0;
196 tout1 = tin[1]^xor1;
197 l2nn(tout0, tout1, out, l + 8);
198 xor0 = tin0;
199 xor1 = tin1;
200 }
201 l2n(xor0, iv);
202 l2n(xor1, iv);
203 }
204 tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
205 tin[0] = tin[1] = 0;
206}
207LCRYPTO_ALIAS(CAST_cbc_encrypt);
diff --git a/src/lib/libcrypto/cast/c_ofb64.c b/src/lib/libcrypto/cast/c_ofb64.c
deleted file mode 100644
index 48ebab9069..0000000000
--- a/src/lib/libcrypto/cast/c_ofb64.c
+++ /dev/null
@@ -1,111 +0,0 @@
1/* $OpenBSD: c_ofb64.c,v 1.8 2023/07/08 10:43:59 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <openssl/cast.h>
60#include "cast_local.h"
61
62/* The input and output encrypted as though 64bit ofb mode is being
63 * used. The extra state information to record how much of the
64 * 64bit block we have used is contained in *num;
65 */
66void
67CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
68 long length, const CAST_KEY *schedule, unsigned char *ivec,
69 int *num)
70{
71 CAST_LONG v0, v1, t;
72 int n= *num;
73 long l = length;
74 unsigned char d[8];
75 char *dp;
76 CAST_LONG ti[2];
77 unsigned char *iv;
78 int save = 0;
79
80 iv = ivec;
81 n2l(iv, v0);
82 n2l(iv, v1);
83 ti[0] = v0;
84 ti[1] = v1;
85 dp = (char *)d;
86 l2n(v0, dp);
87 l2n(v1, dp);
88 while (l--) {
89 if (n == 0) {
90 CAST_encrypt((CAST_LONG *)ti, schedule);
91 dp = (char *)d;
92 t = ti[0];
93 l2n(t, dp);
94 t = ti[1];
95 l2n(t, dp);
96 save++;
97 }
98 *(out++)= *(in++)^d[n];
99 n = (n + 1)&0x07;
100 }
101 if (save) {
102 v0 = ti[0];
103 v1 = ti[1];
104 iv = ivec;
105 l2n(v0, iv);
106 l2n(v1, iv);
107 }
108 t = v0 = v1 = ti[0] = ti[1] = 0;
109 *num = n;
110}
111LCRYPTO_ALIAS(CAST_ofb64_encrypt);
diff --git a/src/lib/libcrypto/cast/c_skey.c b/src/lib/libcrypto/cast/c_skey.c
deleted file mode 100644
index ecce7bad7f..0000000000
--- a/src/lib/libcrypto/cast/c_skey.c
+++ /dev/null
@@ -1,169 +0,0 @@
1/* $OpenBSD: c_skey.c,v 1.14 2023/07/08 10:43:59 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <openssl/crypto.h>
60#include <openssl/cast.h>
61#include "cast_local.h"
62#include "cast_s.h"
63
64#define CAST_exp(l,A,a,n) \
65 A[n/4]=l; \
66 a[n+3]=(l )&0xff; \
67 a[n+2]=(l>> 8)&0xff; \
68 a[n+1]=(l>>16)&0xff; \
69 a[n+0]=(l>>24)&0xff;
70
71#define S4 CAST_S_table4
72#define S5 CAST_S_table5
73#define S6 CAST_S_table6
74#define S7 CAST_S_table7
75void
76CAST_set_key(CAST_KEY *key, int len, const unsigned char *data)
77{
78 CAST_LONG x[16];
79 CAST_LONG z[16];
80 CAST_LONG k[32];
81 CAST_LONG X[4], Z[4];
82 CAST_LONG l, *K;
83 int i;
84
85 for (i = 0;
86 i < 16;
87 i++) x[i] = 0;
88 if (len > 16)
89 len = 16;
90 for (i = 0; i < len; i++)
91 x[i] = data[i];
92 if (len <= 10)
93 key->short_key = 1;
94 else
95 key->short_key = 0;
96
97 K = &k[0];
98 X[0] = ((x[ 0]<<24)|(x[ 1]<<16)|(x[ 2]<<8)|x[ 3])&0xffffffffL;
99 X[1] = ((x[ 4]<<24)|(x[ 5]<<16)|(x[ 6]<<8)|x[ 7])&0xffffffffL;
100 X[2] = ((x[ 8]<<24)|(x[ 9]<<16)|(x[10]<<8)|x[11])&0xffffffffL;
101 X[3] = ((x[12]<<24)|(x[13]<<16)|(x[14]<<8)|x[15])&0xffffffffL;
102
103 for (;;) {
104 l = X[0]^S4[x[13]]^S5[x[15]]^S6[x[12]]^S7[x[14]]^S6[x[ 8]];
105 CAST_exp(l, Z, z, 0);
106 l = X[2]^S4[z[ 0]]^S5[z[ 2]]^S6[z[ 1]]^S7[z[ 3]]^S7[x[10]];
107 CAST_exp(l, Z, z, 4);
108 l = X[3]^S4[z[ 7]]^S5[z[ 6]]^S6[z[ 5]]^S7[z[ 4]]^S4[x[ 9]];
109 CAST_exp(l, Z, z, 8);
110 l = X[1]^S4[z[10]]^S5[z[ 9]]^S6[z[11]]^S7[z[ 8]]^S5[x[11]];
111 CAST_exp(l, Z,z, 12);
112
113 K[0] = S4[z[ 8]]^S5[z[ 9]]^S6[z[ 7]]^S7[z[ 6]]^S4[z[ 2]];
114 K[1] = S4[z[10]]^S5[z[11]]^S6[z[ 5]]^S7[z[ 4]]^S5[z[ 6]];
115 K[2] = S4[z[12]]^S5[z[13]]^S6[z[ 3]]^S7[z[ 2]]^S6[z[ 9]];
116 K[3] = S4[z[14]]^S5[z[15]]^S6[z[ 1]]^S7[z[ 0]]^S7[z[12]];
117
118 l = Z[2]^S4[z[ 5]]^S5[z[ 7]]^S6[z[ 4]]^S7[z[ 6]]^S6[z[ 0]];
119 CAST_exp(l, X, x, 0);
120 l = Z[0]^S4[x[ 0]]^S5[x[ 2]]^S6[x[ 1]]^S7[x[ 3]]^S7[z[ 2]];
121 CAST_exp(l, X, x, 4);
122 l = Z[1]^S4[x[ 7]]^S5[x[ 6]]^S6[x[ 5]]^S7[x[ 4]]^S4[z[ 1]];
123 CAST_exp(l, X, x, 8);
124 l = Z[3]^S4[x[10]]^S5[x[ 9]]^S6[x[11]]^S7[x[ 8]]^S5[z[ 3]];
125 CAST_exp(l, X,x, 12);
126
127 K[4] = S4[x[ 3]]^S5[x[ 2]]^S6[x[12]]^S7[x[13]]^S4[x[ 8]];
128 K[5] = S4[x[ 1]]^S5[x[ 0]]^S6[x[14]]^S7[x[15]]^S5[x[13]];
129 K[6] = S4[x[ 7]]^S5[x[ 6]]^S6[x[ 8]]^S7[x[ 9]]^S6[x[ 3]];
130 K[7] = S4[x[ 5]]^S5[x[ 4]]^S6[x[10]]^S7[x[11]]^S7[x[ 7]];
131
132 l = X[0]^S4[x[13]]^S5[x[15]]^S6[x[12]]^S7[x[14]]^S6[x[ 8]];
133 CAST_exp(l, Z, z, 0);
134 l = X[2]^S4[z[ 0]]^S5[z[ 2]]^S6[z[ 1]]^S7[z[ 3]]^S7[x[10]];
135 CAST_exp(l, Z, z, 4);
136 l = X[3]^S4[z[ 7]]^S5[z[ 6]]^S6[z[ 5]]^S7[z[ 4]]^S4[x[ 9]];
137 CAST_exp(l, Z, z, 8);
138 l = X[1]^S4[z[10]]^S5[z[ 9]]^S6[z[11]]^S7[z[ 8]]^S5[x[11]];
139 CAST_exp(l, Z,z, 12);
140
141 K[8] = S4[z[ 3]]^S5[z[ 2]]^S6[z[12]]^S7[z[13]]^S4[z[ 9]];
142 K[9] = S4[z[ 1]]^S5[z[ 0]]^S6[z[14]]^S7[z[15]]^S5[z[12]];
143 K[10] = S4[z[ 7]]^S5[z[ 6]]^S6[z[ 8]]^S7[z[ 9]]^S6[z[ 2]];
144 K[11] = S4[z[ 5]]^S5[z[ 4]]^S6[z[10]]^S7[z[11]]^S7[z[ 6]];
145
146 l = Z[2]^S4[z[ 5]]^S5[z[ 7]]^S6[z[ 4]]^S7[z[ 6]]^S6[z[ 0]];
147 CAST_exp(l, X, x, 0);
148 l = Z[0]^S4[x[ 0]]^S5[x[ 2]]^S6[x[ 1]]^S7[x[ 3]]^S7[z[ 2]];
149 CAST_exp(l, X, x, 4);
150 l = Z[1]^S4[x[ 7]]^S5[x[ 6]]^S6[x[ 5]]^S7[x[ 4]]^S4[z[ 1]];
151 CAST_exp(l, X, x, 8);
152 l = Z[3]^S4[x[10]]^S5[x[ 9]]^S6[x[11]]^S7[x[ 8]]^S5[z[ 3]];
153 CAST_exp(l, X,x, 12);
154
155 K[12] = S4[x[ 8]]^S5[x[ 9]]^S6[x[ 7]]^S7[x[ 6]]^S4[x[ 3]];
156 K[13] = S4[x[10]]^S5[x[11]]^S6[x[ 5]]^S7[x[ 4]]^S5[x[ 7]];
157 K[14] = S4[x[12]]^S5[x[13]]^S6[x[ 3]]^S7[x[ 2]]^S6[x[ 8]];
158 K[15] = S4[x[14]]^S5[x[15]]^S6[x[ 1]]^S7[x[ 0]]^S7[x[13]];
159 if (K != k)
160 break;
161 K += 16;
162 }
163
164 for (i = 0; i < 16; i++) {
165 key->data[i*2] = k[i];
166 key->data[i*2 + 1] = ((k[i + 16]) + 16)&0x1f;
167 }
168}
169LCRYPTO_ALIAS(CAST_set_key);
diff --git a/src/lib/libcrypto/cast/cast_s.h b/src/lib/libcrypto/cast/cast.c
index dc339504d4..b0aeb62670 100644
--- a/src/lib/libcrypto/cast/cast_s.h
+++ b/src/lib/libcrypto/cast/cast.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cast_s.h,v 1.7 2023/07/08 07:25:43 jsing Exp $ */ 1/* $OpenBSD: cast.c,v 1.1 2024/03/29 07:36:38 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -56,7 +56,9 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59__BEGIN_HIDDEN_DECLS 59#include <openssl/cast.h>
60
61#include "cast_local.h"
60 62
61const CAST_LONG CAST_S_table0[256] = { 63const CAST_LONG CAST_S_table0[256] = {
62 0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 64 0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a,
@@ -587,4 +589,395 @@ const CAST_LONG CAST_S_table7[256] = {
587 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e, 589 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e,
588}; 590};
589 591
590__END_HIDDEN_DECLS 592#ifndef OPENBSD_CAST_ASM
593void
594CAST_encrypt(CAST_LONG *data, const CAST_KEY *key)
595{
596 CAST_LONG l, r, t;
597 const CAST_LONG *k;
598
599 k = &(key->data[0]);
600 l = data[0];
601 r = data[1];
602
603 E_CAST( 0, k,l, r,+,^, -);
604 E_CAST( 1, k,r, l,^, -,+);
605 E_CAST( 2, k,l, r, -,+,^);
606 E_CAST( 3, k,r, l,+,^, -);
607 E_CAST( 4, k,l, r,^, -,+);
608 E_CAST( 5, k,r, l, -,+,^);
609 E_CAST( 6, k,l, r,+,^, -);
610 E_CAST( 7, k,r, l,^, -,+);
611 E_CAST( 8, k,l, r, -,+,^);
612 E_CAST( 9, k,r, l,+,^, -);
613 E_CAST(10, k,l, r,^, -,+);
614 E_CAST(11, k,r, l, -,+,^);
615 if (!key->short_key) {
616 E_CAST(12, k,l, r,+,^, -);
617 E_CAST(13, k,r, l,^, -,+);
618 E_CAST(14, k,l, r, -,+,^);
619 E_CAST(15, k,r, l,+,^, -);
620 }
621
622 data[1] = l&0xffffffffL;
623 data[0] = r&0xffffffffL;
624}
625LCRYPTO_ALIAS(CAST_encrypt);
626
627void
628CAST_decrypt(CAST_LONG *data, const CAST_KEY *key)
629{
630 CAST_LONG l, r, t;
631 const CAST_LONG *k;
632
633 k = &(key->data[0]);
634 l = data[0];
635 r = data[1];
636
637 if (!key->short_key) {
638 E_CAST(15, k,l, r,+,^, -);
639 E_CAST(14, k,r, l, -,+,^);
640 E_CAST(13, k,l, r,^, -,+);
641 E_CAST(12, k,r, l,+,^, -);
642 }
643 E_CAST(11, k,l, r, -,+,^);
644 E_CAST(10, k,r, l,^, -,+);
645 E_CAST( 9, k,l, r,+,^, -);
646 E_CAST( 8, k,r, l, -,+,^);
647 E_CAST( 7, k,l, r,^, -,+);
648 E_CAST( 6, k,r, l,+,^, -);
649 E_CAST( 5, k,l, r, -,+,^);
650 E_CAST( 4, k,r, l,^, -,+);
651 E_CAST( 3, k,l, r,+,^, -);
652 E_CAST( 2, k,r, l, -,+,^);
653 E_CAST( 1, k,l, r,^, -,+);
654 E_CAST( 0, k,r, l,+,^, -);
655
656 data[1] = l&0xffffffffL;
657 data[0] = r&0xffffffffL;
658}
659LCRYPTO_ALIAS(CAST_decrypt);
660#endif
661
662#define CAST_exp(l,A,a,n) \
663 A[n/4]=l; \
664 a[n+3]=(l )&0xff; \
665 a[n+2]=(l>> 8)&0xff; \
666 a[n+1]=(l>>16)&0xff; \
667 a[n+0]=(l>>24)&0xff;
668
669#define S4 CAST_S_table4
670#define S5 CAST_S_table5
671#define S6 CAST_S_table6
672#define S7 CAST_S_table7
673void
674CAST_set_key(CAST_KEY *key, int len, const unsigned char *data)
675{
676 CAST_LONG x[16];
677 CAST_LONG z[16];
678 CAST_LONG k[32];
679 CAST_LONG X[4], Z[4];
680 CAST_LONG l, *K;
681 int i;
682
683 for (i = 0;
684 i < 16;
685 i++) x[i] = 0;
686 if (len > 16)
687 len = 16;
688 for (i = 0; i < len; i++)
689 x[i] = data[i];
690 if (len <= 10)
691 key->short_key = 1;
692 else
693 key->short_key = 0;
694
695 K = &k[0];
696 X[0] = ((x[ 0]<<24)|(x[ 1]<<16)|(x[ 2]<<8)|x[ 3])&0xffffffffL;
697 X[1] = ((x[ 4]<<24)|(x[ 5]<<16)|(x[ 6]<<8)|x[ 7])&0xffffffffL;
698 X[2] = ((x[ 8]<<24)|(x[ 9]<<16)|(x[10]<<8)|x[11])&0xffffffffL;
699 X[3] = ((x[12]<<24)|(x[13]<<16)|(x[14]<<8)|x[15])&0xffffffffL;
700
701 for (;;) {
702 l = X[0]^S4[x[13]]^S5[x[15]]^S6[x[12]]^S7[x[14]]^S6[x[ 8]];
703 CAST_exp(l, Z, z, 0);
704 l = X[2]^S4[z[ 0]]^S5[z[ 2]]^S6[z[ 1]]^S7[z[ 3]]^S7[x[10]];
705 CAST_exp(l, Z, z, 4);
706 l = X[3]^S4[z[ 7]]^S5[z[ 6]]^S6[z[ 5]]^S7[z[ 4]]^S4[x[ 9]];
707 CAST_exp(l, Z, z, 8);
708 l = X[1]^S4[z[10]]^S5[z[ 9]]^S6[z[11]]^S7[z[ 8]]^S5[x[11]];
709 CAST_exp(l, Z,z, 12);
710
711 K[0] = S4[z[ 8]]^S5[z[ 9]]^S6[z[ 7]]^S7[z[ 6]]^S4[z[ 2]];
712 K[1] = S4[z[10]]^S5[z[11]]^S6[z[ 5]]^S7[z[ 4]]^S5[z[ 6]];
713 K[2] = S4[z[12]]^S5[z[13]]^S6[z[ 3]]^S7[z[ 2]]^S6[z[ 9]];
714 K[3] = S4[z[14]]^S5[z[15]]^S6[z[ 1]]^S7[z[ 0]]^S7[z[12]];
715
716 l = Z[2]^S4[z[ 5]]^S5[z[ 7]]^S6[z[ 4]]^S7[z[ 6]]^S6[z[ 0]];
717 CAST_exp(l, X, x, 0);
718 l = Z[0]^S4[x[ 0]]^S5[x[ 2]]^S6[x[ 1]]^S7[x[ 3]]^S7[z[ 2]];
719 CAST_exp(l, X, x, 4);
720 l = Z[1]^S4[x[ 7]]^S5[x[ 6]]^S6[x[ 5]]^S7[x[ 4]]^S4[z[ 1]];
721 CAST_exp(l, X, x, 8);
722 l = Z[3]^S4[x[10]]^S5[x[ 9]]^S6[x[11]]^S7[x[ 8]]^S5[z[ 3]];
723 CAST_exp(l, X,x, 12);
724
725 K[4] = S4[x[ 3]]^S5[x[ 2]]^S6[x[12]]^S7[x[13]]^S4[x[ 8]];
726 K[5] = S4[x[ 1]]^S5[x[ 0]]^S6[x[14]]^S7[x[15]]^S5[x[13]];
727 K[6] = S4[x[ 7]]^S5[x[ 6]]^S6[x[ 8]]^S7[x[ 9]]^S6[x[ 3]];
728 K[7] = S4[x[ 5]]^S5[x[ 4]]^S6[x[10]]^S7[x[11]]^S7[x[ 7]];
729
730 l = X[0]^S4[x[13]]^S5[x[15]]^S6[x[12]]^S7[x[14]]^S6[x[ 8]];
731 CAST_exp(l, Z, z, 0);
732 l = X[2]^S4[z[ 0]]^S5[z[ 2]]^S6[z[ 1]]^S7[z[ 3]]^S7[x[10]];
733 CAST_exp(l, Z, z, 4);
734 l = X[3]^S4[z[ 7]]^S5[z[ 6]]^S6[z[ 5]]^S7[z[ 4]]^S4[x[ 9]];
735 CAST_exp(l, Z, z, 8);
736 l = X[1]^S4[z[10]]^S5[z[ 9]]^S6[z[11]]^S7[z[ 8]]^S5[x[11]];
737 CAST_exp(l, Z,z, 12);
738
739 K[8] = S4[z[ 3]]^S5[z[ 2]]^S6[z[12]]^S7[z[13]]^S4[z[ 9]];
740 K[9] = S4[z[ 1]]^S5[z[ 0]]^S6[z[14]]^S7[z[15]]^S5[z[12]];
741 K[10] = S4[z[ 7]]^S5[z[ 6]]^S6[z[ 8]]^S7[z[ 9]]^S6[z[ 2]];
742 K[11] = S4[z[ 5]]^S5[z[ 4]]^S6[z[10]]^S7[z[11]]^S7[z[ 6]];
743
744 l = Z[2]^S4[z[ 5]]^S5[z[ 7]]^S6[z[ 4]]^S7[z[ 6]]^S6[z[ 0]];
745 CAST_exp(l, X, x, 0);
746 l = Z[0]^S4[x[ 0]]^S5[x[ 2]]^S6[x[ 1]]^S7[x[ 3]]^S7[z[ 2]];
747 CAST_exp(l, X, x, 4);
748 l = Z[1]^S4[x[ 7]]^S5[x[ 6]]^S6[x[ 5]]^S7[x[ 4]]^S4[z[ 1]];
749 CAST_exp(l, X, x, 8);
750 l = Z[3]^S4[x[10]]^S5[x[ 9]]^S6[x[11]]^S7[x[ 8]]^S5[z[ 3]];
751 CAST_exp(l, X,x, 12);
752
753 K[12] = S4[x[ 8]]^S5[x[ 9]]^S6[x[ 7]]^S7[x[ 6]]^S4[x[ 3]];
754 K[13] = S4[x[10]]^S5[x[11]]^S6[x[ 5]]^S7[x[ 4]]^S5[x[ 7]];
755 K[14] = S4[x[12]]^S5[x[13]]^S6[x[ 3]]^S7[x[ 2]]^S6[x[ 8]];
756 K[15] = S4[x[14]]^S5[x[15]]^S6[x[ 1]]^S7[x[ 0]]^S7[x[13]];
757 if (K != k)
758 break;
759 K += 16;
760 }
761
762 for (i = 0; i < 16; i++) {
763 key->data[i*2] = k[i];
764 key->data[i*2 + 1] = ((k[i + 16]) + 16)&0x1f;
765 }
766}
767LCRYPTO_ALIAS(CAST_set_key);
768
769void
770CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
771 const CAST_KEY *ks, unsigned char *iv, int enc)
772{
773 CAST_LONG tin0, tin1;
774 CAST_LONG tout0, tout1, xor0, xor1;
775 long l = length;
776 CAST_LONG tin[2];
777
778 if (enc) {
779 n2l(iv, tout0);
780 n2l(iv, tout1);
781 iv -= 8;
782 for (l -= 8; l >= 0; l -= 8) {
783 n2l(in, tin0);
784 n2l(in, tin1);
785 tin0 ^= tout0;
786 tin1 ^= tout1;
787 tin[0] = tin0;
788 tin[1] = tin1;
789 CAST_encrypt(tin, ks);
790 tout0 = tin[0];
791 tout1 = tin[1];
792 l2n(tout0, out);
793 l2n(tout1, out);
794 }
795 if (l != -8) {
796 n2ln(in, tin0, tin1, l + 8);
797 tin0 ^= tout0;
798 tin1 ^= tout1;
799 tin[0] = tin0;
800 tin[1] = tin1;
801 CAST_encrypt(tin, ks);
802 tout0 = tin[0];
803 tout1 = tin[1];
804 l2n(tout0, out);
805 l2n(tout1, out);
806 }
807 l2n(tout0, iv);
808 l2n(tout1, iv);
809 } else {
810 n2l(iv, xor0);
811 n2l(iv, xor1);
812 iv -= 8;
813 for (l -= 8; l >= 0; l -= 8) {
814 n2l(in, tin0);
815 n2l(in, tin1);
816 tin[0] = tin0;
817 tin[1] = tin1;
818 CAST_decrypt(tin, ks);
819 tout0 = tin[0]^xor0;
820 tout1 = tin[1]^xor1;
821 l2n(tout0, out);
822 l2n(tout1, out);
823 xor0 = tin0;
824 xor1 = tin1;
825 }
826 if (l != -8) {
827 n2l(in, tin0);
828 n2l(in, tin1);
829 tin[0] = tin0;
830 tin[1] = tin1;
831 CAST_decrypt(tin, ks);
832 tout0 = tin[0]^xor0;
833 tout1 = tin[1]^xor1;
834 l2nn(tout0, tout1, out, l + 8);
835 xor0 = tin0;
836 xor1 = tin1;
837 }
838 l2n(xor0, iv);
839 l2n(xor1, iv);
840 }
841 tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
842 tin[0] = tin[1] = 0;
843}
844LCRYPTO_ALIAS(CAST_cbc_encrypt);
845
846/*
847 * The input and output encrypted as though 64bit cfb mode is being
848 * used. The extra state information to record how much of the
849 * 64bit block we have used is contained in *num;
850 */
851
852void
853CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
854 long length, const CAST_KEY *schedule, unsigned char *ivec,
855 int *num, int enc)
856{
857 CAST_LONG v0, v1, t;
858 int n= *num;
859 long l = length;
860 CAST_LONG ti[2];
861 unsigned char *iv, c, cc;
862
863 iv = ivec;
864 if (enc) {
865 while (l--) {
866 if (n == 0) {
867 n2l(iv, v0);
868 ti[0] = v0;
869 n2l(iv, v1);
870 ti[1] = v1;
871 CAST_encrypt((CAST_LONG *)ti, schedule);
872 iv = ivec;
873 t = ti[0];
874 l2n(t, iv);
875 t = ti[1];
876 l2n(t, iv);
877 iv = ivec;
878 }
879 c= *(in++)^iv[n];
880 *(out++) = c;
881 iv[n] = c;
882 n = (n + 1)&0x07;
883 }
884 } else {
885 while (l--) {
886 if (n == 0) {
887 n2l(iv, v0);
888 ti[0] = v0;
889 n2l(iv, v1);
890 ti[1] = v1;
891 CAST_encrypt((CAST_LONG *)ti, schedule);
892 iv = ivec;
893 t = ti[0];
894 l2n(t, iv);
895 t = ti[1];
896 l2n(t, iv);
897 iv = ivec;
898 }
899 cc= *(in++);
900 c = iv[n];
901 iv[n] = cc;
902 *(out++) = c^cc;
903 n = (n + 1)&0x07;
904 }
905 }
906 v0 = v1 = ti[0] = ti[1] = t=c = cc = 0;
907 *num = n;
908}
909LCRYPTO_ALIAS(CAST_cfb64_encrypt);
910
911void
912CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
913 const CAST_KEY *ks, int enc)
914{
915 CAST_LONG l, d[2];
916
917 n2l(in, l);
918 d[0] = l;
919 n2l(in, l);
920 d[1] = l;
921 if (enc)
922 CAST_encrypt(d, ks);
923 else
924 CAST_decrypt(d, ks);
925 l = d[0];
926 l2n(l, out);
927 l = d[1];
928 l2n(l, out);
929 l = d[0] = d[1] = 0;
930}
931LCRYPTO_ALIAS(CAST_ecb_encrypt);
932
933/*
934 * The input and output encrypted as though 64bit ofb mode is being
935 * used. The extra state information to record how much of the
936 * 64bit block we have used is contained in *num;
937 */
938void
939CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
940 long length, const CAST_KEY *schedule, unsigned char *ivec,
941 int *num)
942{
943 CAST_LONG v0, v1, t;
944 int n= *num;
945 long l = length;
946 unsigned char d[8];
947 char *dp;
948 CAST_LONG ti[2];
949 unsigned char *iv;
950 int save = 0;
951
952 iv = ivec;
953 n2l(iv, v0);
954 n2l(iv, v1);
955 ti[0] = v0;
956 ti[1] = v1;
957 dp = (char *)d;
958 l2n(v0, dp);
959 l2n(v1, dp);
960 while (l--) {
961 if (n == 0) {
962 CAST_encrypt((CAST_LONG *)ti, schedule);
963 dp = (char *)d;
964 t = ti[0];
965 l2n(t, dp);
966 t = ti[1];
967 l2n(t, dp);
968 save++;
969 }
970 *(out++)= *(in++)^d[n];
971 n = (n + 1)&0x07;
972 }
973 if (save) {
974 v0 = ti[0];
975 v1 = ti[1];
976 iv = ivec;
977 l2n(v0, iv);
978 l2n(v1, iv);
979 }
980 t = v0 = v1 = ti[0] = ti[1] = 0;
981 *num = n;
982}
983LCRYPTO_ALIAS(CAST_ofb64_encrypt);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 20:22:40 +0000