From 18767e31711656e9e2648fbe051b74ebbefd3f2e Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Tue, 4 Mar 2014 22:21:35 +0200
Subject: CI_Encryption: Remove MCrypt 'work-arounds' for CAST-128
 compatibility

Turns out it's OpenSSL's fault for performing 16 rounds instead of 12 for key sizes of 5-11 bytes.
Reference: http://tools.ietf.org/rfc/rfc2144.txt
---
 user_guide_src/source/libraries/encryption.rst | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'user_guide_src')

diff --git a/user_guide_src/source/libraries/encryption.rst b/user_guide_src/source/libraries/encryption.rst
index cedc8d381..25bf7c12a 100644
--- a/user_guide_src/source/libraries/encryption.rst
+++ b/user_guide_src/source/libraries/encryption.rst
@@ -133,7 +133,7 @@ AES-256                  aes-256            256 / 32                     CBC, CT
 DES                      des                56 / 7                       CBC, CFB, CFB8, OFB, ECB
 TripleDES                tripledes          56 / 7, 112 / 14, 168 / 21   CBC, CFB, CFB8, OFB
 Blowfish                 blowfish           128-448 / 16-56              CBC, CFB, OFB, ECB
-CAST5 / CAST-128         cast5              40-128 / 5-16                CBC, CFB, OFB, ECB
+CAST5 / CAST-128         cast5              88-128 / 11-16               CBC, CFB, OFB, ECB
 RC4 / ARCFour            rc4                40-2048 / 5-256              Stream
 ======================== ================== ============================ ===============================
 
@@ -176,6 +176,7 @@ Rijndael-192   MCrypt    128 / 16, 192 / 24, 256 / 32   CBC, CTR, CFB, CFB8, OFB
 Rijndael-256   MCrypt    128 / 16, 192 / 24, 256 / 32   CBC, CTR, CFB, CFB8, OFB, OFB8, ECB
 GOST           MCrypt    256 / 32                       CBC, CTR, CFB, CFB8, OFB, OFB8, ECB
 Twofish        MCrypt    128 / 16, 192 / 24, 256 / 32   CBC, CTR, CFB, CFB8, OFB, OFB8, ECB
+CAST-128       MCrypt    40-128 / 5-16                  CBC, CTR, CFB, CFB8, OFB, OFB8, ECB
 CAST-256       MCrypt    128 / 16, 192 / 24, 256 / 32   CBC, CTR, CFB, CFB8, OFB, OFB8, ECB
 Loki97         MCrypt    128 / 16, 192 / 24, 256 / 32   CBC, CTR, CFB, CFB8, OFB, OFB8, ECB
 SaferPlus      MCrypt    128 / 16, 192 / 24, 256 / 32   CBC, CTR, CFB, CFB8, OFB, OFB8, ECB
@@ -198,6 +199,11 @@ Seed           OpenSSL   128 / 16                       CBC, CFB, OFB, ECB
 	important to note that AES-128 and Rijndael-128 are actually
 	the same cipher, but **only** when used with a 128-bit key.
 
+.. note:: CAST-128 / CAST-5 is also listed in both the portable and
+	driver-specific ciphers list. This is because OpenSSL's
+	implementation doesn't appear to be working correctly with
+	key sizes of 80 bits and lower.
+
 .. note:: RC2 is listed as supported by both MCrypt and OpenSSL.
 	However, both drivers implement them differently and they
 	are not portable. It is probably worth noting that we only
-- 
cgit v1.2.3-24-g4f1b