Did SSLeay/OpenSSL change its DES implementation?
VaX#n8
vax at carolina.rr.com
Mon May 17 04:17:29 EDT 2004
I've been working on integrating TCFS into NetBSD's kernel.
Currently I have a stand-alone package that builds an LKM that works.
The NetBSD people asked me to use the extant crypto code in the kernel,
and both TCFS's and NetBSD's came from SSLeay. I had to make only one
minor change to it (changing a param to des_ecb_encrypt from a pointer
to a struct to the struct itself). So I just added a "*" to deref it.
So I was somewhat surprised when I ran the in-kernel version and found
it couldn't read the files on disk created by the LKM. I wrote a little
test routine that I compiled with/against the LKM's [older] SSL DES
implementation, then I compiled it with/against the in-kernel [newer] stuff,
and found that their data differed. So I wanted to see if it was in the
key scheduling or the ciphering, so I removed the calls to encryption.
The key schedules it generates are different. As a matter of fact, I
found that merely linking with the ciphering code seemed to change the
key schedule ever-so-slightly. I think I must be doing something wrong
in C, have a pointer pointing somewhere it shouldn't be, etc. But -Wall
doesn't show any problems. Neither does lint.
So:
1) Did SSLeay/OpenSSL change the behavior of DES?
2) Can you see a problem in my little test code below?
Sorry if I'm missing something obvious.
#include <stdio.h>
#include <stdlib.h>
#include <err.h>
#include "des.h"
int main() {
#define KEY "012345678012345678012345678012345678"
const char key[] = KEY;
const char *kptr = key;
des_key_schedule ks;
int i, j;
#ifdef NETBSD_SETKEY
des_set_key_unchecked ((des_cblock *)kptr, ks); /* or w/o unchecked */
#else
des_set_key ((des_cblock *)kptr, ks);
#endif
for (j = 0; j<(sizeof(des_key_schedule)/sizeof(struct des_ks_struct)); j++) {
#ifdef NETBSD_SETKEY
for (i = 0; i < sizeof(des_cblock); i++) printf("%02x", ks[j].ks.cblock[
i]);
#else
for (i = 0; i < sizeof(des_cblock); i++) printf("%02x", ks[j].ks._[i]);
#endif
printf("\n");
exit(0);
}
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list