X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=crypto%2Fevp%2Fe_des3.c;h=f910af19b110dfcd38ef78d3299d0c7029ce2eab;hb=2c5f3606d1dd86d5ca79bf169d25b366406d196f;hp=b462d7c6af9d7a3116a37493f0a9f1409d085f3a;hpb=8c6336b0aac8c34584116d2c05b6d828dc9d8ae6;p=oweals%2Fopenssl.git

diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
index b462d7c6af..f910af19b1 100644
--- a/crypto/evp/e_des3.c
+++ b/crypto/evp/e_des3.c
@@ -63,6 +63,7 @@
 #include <openssl/objects.h>
 #include "evp_locl.h"
 #include <openssl/des.h>
+#include <openssl/rand.h>
 
 static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 			    const unsigned char *iv,int enc);
@@ -70,6 +71,8 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 			     const unsigned char *iv,int enc);
 
+static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
+
 typedef struct
     {
     DES_key_schedule ks1;/* key schedule */
@@ -85,7 +88,8 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 			      const unsigned char *in, unsigned int inl)
 {
 	BLOCK_CIPHER_ecb_loop()
-		DES_ecb3_encrypt(in + i,out + i, 
+		DES_ecb3_encrypt((const_DES_cblock *)(in + i),
+				 (DES_cblock *)(out + i),
 				 &data(ctx)->ks1, &data(ctx)->ks2,
 				 &data(ctx)->ks3,
 				 ctx->encrypt);
@@ -107,8 +111,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 #ifdef KSSL_DEBUG
 	{
         int i;
-        char *cp;
-	printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", ctx, ctx->buf_len);
+	printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", (unsigned long)ctx, ctx->buf_len);
 	printf("\t iv= ");
         for(i=0;i<8;i++)
                 printf("%02X",ctx->iv[i]);
@@ -160,10 +163,10 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     }
 
 BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
-			0, des_ede_init_key, NULL, 
-			EVP_CIPHER_set_asn1_iv,
-			EVP_CIPHER_get_asn1_iv,
-			NULL)
+		EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
+			des_ede_init_key,
+			NULL, NULL, NULL,
+			des3_ctrl)
 
 #define des_ede3_cfb64_cipher des_ede_cfb64_cipher
 #define des_ede3_ofb_cipher des_ede_ofb_cipher
@@ -171,28 +174,35 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
 #define des_ede3_ecb_cipher des_ede_ecb_cipher
 
 BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
-			0, des_ede3_init_key, NULL, 
-			EVP_CIPHER_set_asn1_iv,
-			EVP_CIPHER_get_asn1_iv,
-			NULL)
+		EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
+			des_ede3_init_key,
+			NULL, NULL, NULL,
+			des3_ctrl)
 
-BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1,0,
-		     des_ede3_init_key,NULL,
-		     EVP_CIPHER_set_asn1_iv,
-		     EVP_CIPHER_get_asn1_iv,NULL)
+BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1,
+		EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
+		     des_ede3_init_key,
+		     NULL, NULL, NULL,
+		     des3_ctrl)
 
-BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8,0,
-		     des_ede3_init_key,NULL,
-		     EVP_CIPHER_set_asn1_iv,
-		     EVP_CIPHER_get_asn1_iv,NULL)
+BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8,
+		EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
+		     des_ede3_init_key,
+		     NULL, NULL, NULL,
+		     des3_ctrl)
 
 static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 			    const unsigned char *iv, int enc)
 	{
 	DES_cblock *deskey = (DES_cblock *)key;
-
+#ifdef EVP_CHECK_DES_KEY
+	if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1)
+		!! DES_set_key_checked(&deskey[1],&data(ctx)->ks2))
+		return 0;
+#else
 	DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1);
 	DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2);
+#endif
 	memcpy(&data(ctx)->ks3,&data(ctx)->ks1,
 	       sizeof(data(ctx)->ks1));
 	return 1;
@@ -205,7 +215,7 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 #ifdef KSSL_DEBUG
 	{
         int i;
-        printf("des_ede3_init_key(ctx=%lx)\n", ctx);
+        printf("des_ede3_init_key(ctx=%lx)\n", (unsigned long)ctx);
 	printf("\tKEY= ");
         for(i=0;i<24;i++) printf("%02X",key[i]); printf("\n");
 	printf("\t IV= ");
@@ -213,13 +223,41 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 	}
 #endif	/* KSSL_DEBUG */
 
+#ifdef EVP_CHECK_DES_KEY
+	if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1)
+		|| DES_set_key_checked(&deskey[1],&data(ctx)->ks2)
+		|| DES_set_key_checked(&deskey[2],&data(ctx)->ks3))
+		return 0;
+#else
 	DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1);
 	DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2);
 	DES_set_key_unchecked(&deskey[2],&data(ctx)->ks3);
-
+#endif
 	return 1;
 	}
 
+static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+	{
+
+	DES_cblock *deskey = ptr;
+
+	switch(type)
+		{
+	case EVP_CTRL_RAND_KEY:
+		if (RAND_bytes(ptr, c->key_len) <= 0)
+			return 0;
+		DES_set_odd_parity(deskey);
+		if (c->key_len >= 16)
+			DES_set_odd_parity(deskey + 1);
+		if (c->key_len >= 24)
+			DES_set_odd_parity(deskey + 2);
+		return 1;
+
+	default:
+		return -1;
+		}
+	}
+
 const EVP_CIPHER *EVP_des_ede(void)
 {
 	return &des_ede_ecb;