diff options
Diffstat (limited to 'cipher')
| -rw-r--r-- | cipher/ChangeLog | 8 | ||||
| -rw-r--r-- | cipher/Makefile.am | 2 | ||||
| -rw-r--r-- | cipher/blowfish.c | 21 | ||||
| -rw-r--r-- | cipher/blowfish.h | 2 | ||||
| -rw-r--r-- | cipher/cast5.c | 9 | ||||
| -rw-r--r-- | cipher/cast5.h | 2 | ||||
| -rw-r--r-- | cipher/cipher.c | 12 | ||||
| -rw-r--r-- | cipher/dynload.c | 9 | ||||
| -rw-r--r-- | cipher/dynload.h | 2 | ||||
| -rw-r--r-- | cipher/twofish.c | 8 |
10 files changed, 52 insertions, 23 deletions
diff --git a/cipher/ChangeLog b/cipher/ChangeLog index 7b16f1215..da0c03ef7 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3 +1,11 @@ +Mon Sep 14 11:10:55 1998 Werner Koch (wk@(none)) + + * blowfish.c (bf_setkey): Niklas Hernaeus patch to detect weak keys. + +Mon Sep 14 09:19:25 1998 Werner Koch (wk@(none)) + + * dynload.c (RTLD_NOW): Now defined to 1 if it is undefined. + Mon Sep 7 17:04:33 1998 Werner Koch (wk@(none)) * Makefile.am: Fixes to allow a different build directory diff --git a/cipher/Makefile.am b/cipher/Makefile.am index a9d5a5cad..a96694ce1 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -46,7 +46,7 @@ EXTRA_twofish_SOURCES = twofish.c tiger: $(srcdir)/tiger.c - $(COMPILE) -shared -fPIC -o tiger $(srcdir)/tiger.c + $(COMPILE) -shared -fPIC -O1 -o tiger $(srcdir)/tiger.c twofish: $(srcdir)/twofish.c $(COMPILE) -shared -fPIC -o twofish $(srcdir)/twofish.c diff --git a/cipher/blowfish.c b/cipher/blowfish.c index 3ed2ed858..f5c29c6aa 100644 --- a/cipher/blowfish.c +++ b/cipher/blowfish.c @@ -41,7 +41,7 @@ #define CIPHER_ALGO_BLOWFISH 4 /* blowfish 128 bit key */ #define CIPHER_ALGO_BLOWFISH160 42 /* blowfish 160 bit key (not in OpenPGP)*/ -#define FNCCAST_SETKEY(f) (void(*)(void*, byte*, unsigned))(f) +#define FNCCAST_SETKEY(f) (int(*)(void*, byte*, unsigned))(f) #define FNCCAST_CRYPT(f) (void(*)(void*, byte*, byte*))(f) #define BLOWFISH_BLOCKSIZE 8 @@ -55,7 +55,7 @@ typedef struct { u32 p[BLOWFISH_ROUNDS+2]; } BLOWFISH_context; -static void bf_setkey( BLOWFISH_context *c, byte *key, unsigned keylen ); +static int bf_setkey( BLOWFISH_context *c, byte *key, unsigned keylen ); static void encrypt_block( BLOWFISH_context *bc, byte *outbuf, byte *inbuf ); static void decrypt_block( BLOWFISH_context *bc, byte *outbuf, byte *inbuf ); @@ -480,7 +480,7 @@ selftest() -static void +static int bf_setkey( BLOWFISH_context *c, byte *key, unsigned keylen ) { int i, j; @@ -543,6 +543,19 @@ bf_setkey( BLOWFISH_context *c, byte *key, unsigned keylen ) c->s3[i] = datal; c->s3[i+1] = datar; } + + + /* Check for weak key. A weak key is a key in which a value in */ + /* the P-array (here c) occurs more than once per table. */ + for(i=0; i < 255; i++ ) { + for( j=i+1; j < 256; j++) { + if( (c->s0[i] == c->s0[j]) || (c->s1[i] == c->s1[j]) || + (c->s2[i] == c->s2[j]) || (c->s3[i] == c->s3[j]) ) + return G10ERR_WEAK_KEY; + } + } + + return 0; } @@ -555,7 +568,7 @@ bf_setkey( BLOWFISH_context *c, byte *key, unsigned keylen ) const char * blowfish_get_info( int algo, size_t *keylen, size_t *blocksize, size_t *contextsize, - void (**r_setkey)( void *c, byte *key, unsigned keylen ), + int (**r_setkey)( void *c, byte *key, unsigned keylen ), void (**r_encrypt)( void *c, byte *outbuf, byte *inbuf ), void (**r_decrypt)( void *c, byte *outbuf, byte *inbuf ) ) diff --git a/cipher/blowfish.h b/cipher/blowfish.h index e328415f5..d3848aae8 100644 --- a/cipher/blowfish.h +++ b/cipher/blowfish.h @@ -26,7 +26,7 @@ const char * blowfish_get_info( int algo, size_t *keylen, size_t *blocksize, size_t *contextsize, - void (**setkey)( void *c, byte *key, unsigned keylen ), + int (**setkey)( void *c, byte *key, unsigned keylen ), void (**encrypt)( void *c, byte *outbuf, byte *inbuf ), void (**decrypt)( void *c, byte *outbuf, byte *inbuf ) ); diff --git a/cipher/cast5.c b/cipher/cast5.c index 6b2e5a969..64866ba7f 100644 --- a/cipher/cast5.c +++ b/cipher/cast5.c @@ -47,7 +47,7 @@ #define CIPHER_ALGO_CAST5 3 -#define FNCCAST_SETKEY(f) (void(*)(void*, byte*, unsigned))(f) +#define FNCCAST_SETKEY(f) (int(*)(void*, byte*, unsigned))(f) #define FNCCAST_CRYPT(f) (void(*)(void*, byte*, byte*))(f) #define CAST5_BLOCKSIZE 8 @@ -57,7 +57,7 @@ typedef struct { byte Kr[16]; } CAST5_context; -static void cast_setkey( CAST5_context *c, byte *key, unsigned keylen ); +static int cast_setkey( CAST5_context *c, byte *key, unsigned keylen ); static void encrypt_block( CAST5_context *bc, byte *outbuf, byte *inbuf ); static void decrypt_block( CAST5_context *bc, byte *outbuf, byte *inbuf ); @@ -549,7 +549,7 @@ key_schedule( u32 *x, u32 *z, u32 *k ) } -static void +static int cast_setkey( CAST5_context *c, byte *key, unsigned keylen ) { static int initialized; @@ -582,6 +582,7 @@ cast_setkey( CAST5_context *c, byte *key, unsigned keylen ) #undef xi #undef zi + return 0; } @@ -594,7 +595,7 @@ cast_setkey( CAST5_context *c, byte *key, unsigned keylen ) const char * cast5_get_info( int algo, size_t *keylen, size_t *blocksize, size_t *contextsize, - void (**r_setkey)( void *c, byte *key, unsigned keylen ), + int (**r_setkey)( void *c, byte *key, unsigned keylen ), void (**r_encrypt)( void *c, byte *outbuf, byte *inbuf ), void (**r_decrypt)( void *c, byte *outbuf, byte *inbuf ) ) diff --git a/cipher/cast5.h b/cipher/cast5.h index 070255c6d..ea6fa9e43 100644 --- a/cipher/cast5.h +++ b/cipher/cast5.h @@ -25,7 +25,7 @@ const char * cast5_get_info( int algo, size_t *keylen, size_t *blocksize, size_t *contextsize, - void (**setkey)( void *c, byte *key, unsigned keylen ), + int (**setkey)( void *c, byte *key, unsigned keylen ), void (**encrypt)( void *c, byte *outbuf, byte *inbuf ), void (**decrypt)( void *c, byte *outbuf, byte *inbuf ) ); diff --git a/cipher/cipher.c b/cipher/cipher.c index 049207bf1..2326d1dd2 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -43,7 +43,7 @@ struct cipher_table_s { size_t blocksize; size_t keylen; size_t contextsize; /* allocate this amount of context */ - void (*setkey)( void *c, byte *key, unsigned keylen ); + int (*setkey)( void *c, byte *key, unsigned keylen ); void (*encrypt)( void *c, byte *outbuf, byte *inbuf ); void (*decrypt)( void *c, byte *outbuf, byte *inbuf ); }; @@ -58,15 +58,15 @@ struct cipher_handle_s { byte iv[MAX_BLOCKSIZE]; /* (this should be ulong aligned) */ byte lastiv[MAX_BLOCKSIZE]; int unused; /* in IV */ - void (*setkey)( void *c, byte *key, unsigned keylen ); + int (*setkey)( void *c, byte *key, unsigned keylen ); void (*encrypt)( void *c, byte *outbuf, byte *inbuf ); void (*decrypt)( void *c, byte *outbuf, byte *inbuf ); byte context[1]; }; -static void -dummy_setkey( void *c, byte *key, unsigned keylen ) { } +static int +dummy_setkey( void *c, byte *key, unsigned keylen ) { return 0; } static void dummy_encrypt_block( void *c, byte *outbuf, byte *inbuf ) { BUG(); } static void @@ -346,10 +346,10 @@ cipher_close( CIPHER_HANDLE c ) } -void +int cipher_setkey( CIPHER_HANDLE c, byte *key, unsigned keylen ) { - (*c->setkey)( &c->context, key, keylen ); + return (*c->setkey)( &c->context, key, keylen ); } diff --git a/cipher/dynload.c b/cipher/dynload.c index a8c01f259..0cbbda2c1 100644 --- a/cipher/dynload.c +++ b/cipher/dynload.c @@ -30,6 +30,11 @@ #include "cipher.h" #include "dynload.h" + +#ifndef RTLD_NOW + #define RTLD_NOW 1 +#endif + typedef struct ext_list { struct ext_list *next; void *handle; /* handle from dlopen() */ @@ -234,7 +239,7 @@ enum_gnupgext_digests( void **enum_context, const char * enum_gnupgext_ciphers( void **enum_context, int *algo, size_t *keylen, size_t *blocksize, size_t *contextsize, - void (**setkey)( void *c, byte *key, unsigned keylen ), + int (**setkey)( void *c, byte *key, unsigned keylen ), void (**encrypt)( void *c, byte *outbuf, byte *inbuf ), void (**decrypt)( void *c, byte *outbuf, byte *inbuf ) ) @@ -242,7 +247,7 @@ enum_gnupgext_ciphers( void **enum_context, int *algo, EXTLIST r; ENUMCONTEXT *ctx; const char * (*finfo)(int, size_t*, size_t*, size_t*, - void (**)( void *, byte *, unsigned), + int (**)( void *, byte *, unsigned), void (**)( void *, byte *, byte *), void (**)( void *, byte *, byte *)); diff --git a/cipher/dynload.h b/cipher/dynload.h index fd87bbeef..ad22a824f 100644 --- a/cipher/dynload.h +++ b/cipher/dynload.h @@ -31,7 +31,7 @@ enum_gnupgext_digests( void **enum_context, const char * enum_gnupgext_ciphers( void **enum_context, int *algo, size_t *keylen, size_t *blocksize, size_t *contextsize, - void (**setkey)( void *c, byte *key, unsigned keylen ), + int (**setkey)( void *c, byte *key, unsigned keylen ), void (**encrypt)( void *c, byte *outbuf, byte *inbuf ), void (**decrypt)( void *c, byte *outbuf, byte *inbuf ) ); diff --git a/cipher/twofish.c b/cipher/twofish.c index b244e9526..d93c145ea 100644 --- a/cipher/twofish.c +++ b/cipher/twofish.c @@ -29,7 +29,7 @@ static void selftest(void); /* Macros used by the info function. */ -#define FNCCAST_SETKEY(f) ((void(*)(void*, byte*, unsigned))(f)) +#define FNCCAST_SETKEY(f) ((int(*)(void*, byte*, unsigned))(f)) #define FNCCAST_CRYPT(f) ((void(*)(void*, byte*, byte*))(f)) /* Structure for an expanded Twofish key. s contains the key-dependent @@ -443,7 +443,7 @@ static const byte exp_to_poly[492] = { /* Perform the key setup. Note that this works *only* with 128-bit keys, * despite the API that makes it look like it might support other sizes. */ -static void +static int twofish_setkey (TWOFISH_context *ctx, const byte *key, const unsigned keylen) { /* Temporaries for CALC_K. */ @@ -577,6 +577,8 @@ twofish_setkey (TWOFISH_context *ctx, const byte *key, const unsigned keylen) CALC_K (k, 26, 0x8B, 0xAE, 0x30, 0x5B); CALC_K (k, 28, 0x84, 0x8A, 0x54, 0x00); CALC_K (k, 30, 0xDF, 0xBC, 0x23, 0x9D); + + return 0; } /* Macros to compute the g() function in the encryption and decryption @@ -825,7 +827,7 @@ main() static const char * twofish_get_info (int algo, size_t *keylen, size_t *blocksize, size_t *contextsize, - void (**r_setkey) (void *c, byte *key, unsigned keylen), + int (**r_setkey) (void *c, byte *key, unsigned keylen), void (**r_encrypt) (void *c, byte *outbuf, byte *inbuf), void (**r_decrypt) (void *c, byte *outbuf, byte *inbuf) ) |