Clean up EVP macros, rename DES EDE3 modes correctly, temporary support for
authorBen Laurie <ben@openssl.org>
Sat, 21 Jul 2001 10:24:07 +0000 (10:24 +0000)
committerBen Laurie <ben@openssl.org>
Sat, 21 Jul 2001 10:24:07 +0000 (10:24 +0000)
OpenBSD /dev/crypto (this will be revamped later when the appropriate machinery
is available).

12 files changed:
CHANGES
Configure
crypto/evp/Makefile.ssl
crypto/evp/c_allc.c
crypto/evp/e_des3.c
crypto/evp/evp.h
crypto/evp/evp_locl.h
crypto/evp/openbsd_hw.c [new file with mode: 0644]
crypto/objects/obj_dat.h
crypto/objects/obj_mac.h
crypto/objects/obj_mac.num
crypto/objects/objects.txt

diff --git a/CHANGES b/CHANGES
index b1929cace8fb341b664a70f03d9d6bd4115ed168..e4c17789d4756b6805c09b5affedf0ed7dcc35ad 100644 (file)
--- a/CHANGES
+++ b/CHANGES
          *) applies to 0.9.6a/0.9.6b and 0.9.7
          +) applies to 0.9.7 only
 
+  +) Cleanup of EVP macros.
+     [Ben Laurie]
+
+  +) Change historical references to {NID,SN,LN}_des_ede and ede3 to add the
+     correct _ecb suffix.
+     [Ben Laurie]
+
   +) Add initial OCSP responder support to ocsp application. The
      revocation information is handled using the text based index
      use by the ca application. The responder can either handle
index 610336c4b14a8f6fd9e4e3377e824963a40780b4..0954401ce7ab47eda6d1f33ca7b186b5e70b2b46 100755 (executable)
--- a/Configure
+++ b/Configure
@@ -133,6 +133,7 @@ my %table=(
 "purify",      "purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::",
 "debug",       "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::",
 "debug-ben",   "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::asm/bn86-elf.o asm/co86-elf.o",
+"debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
 "debug-ben-debug",     "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::::",
 "debug-ben-strict",    "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
 "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
index 0e7f2e19214914d404a7efff97c5f245292078a8..7ad3e0e12a4de0c88727bf48099fce8d86f6be72 100644 (file)
@@ -32,7 +32,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c \
        p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
        bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
        c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
-       evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c
+       evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c openbsd_hw.c
 
 LIBOBJ=        encode.o digest.o evp_enc.o evp_key.o \
        e_des.o e_bf.o e_idea.o e_des3.o \
@@ -43,7 +43,7 @@ LIBOBJ=       encode.o digest.o evp_enc.o evp_key.o \
        p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \
        bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \
        c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \
-       evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o
+       evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o openbsd_hw.o
 
 SRC= $(LIBSRC)
 
index 0fe545742551204bf7d90b83a5e7a3148b90b2ce..def53b67858ef1ca0e681acade4801001a2e2379 100644 (file)
@@ -82,7 +82,11 @@ void OpenSSL_add_all_ciphers(void)
        EVP_add_cipher_alias(SN_des_cbc,"DES");
        EVP_add_cipher_alias(SN_des_cbc,"des");
        EVP_add_cipher(EVP_des_ede_cbc());
+# ifdef OPENSSL_OPENBSD_DEV_CRYPTO
+       EVP_add_cipher(EVP_dev_crypto_des_ede3_cbc());
+# else
        EVP_add_cipher(EVP_des_ede3_cbc());
+# endif
        EVP_add_cipher_alias(SN_des_ede3_cbc,"DES3");
        EVP_add_cipher_alias(SN_des_ede3_cbc,"des3");
 
index f9e20c8194fd35ff5f9a5e3db5fa9d7f0ff6e205..b1b36ce1300e63cb555f69e57b57891e94311b73 100644 (file)
@@ -119,15 +119,12 @@ static int des_ede_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
        return 1;
 }
 
-#define NID_des_ede_ecb NID_des_ede
-
 BLOCK_CIPHER_defs(des_ede, des_ede, NID_des_ede, 8, 16, 8,
                        0, des_ede_init_key, NULL, 
                        EVP_CIPHER_set_asn1_iv,
                        EVP_CIPHER_get_asn1_iv,
                        NULL)
 
-#define NID_des_ede3_ecb NID_des_ede3
 #define des_ede3_cfb_cipher des_ede_cfb_cipher
 #define des_ede3_ofb_cipher des_ede_ofb_cipher
 #define des_ede3_cbc_cipher des_ede_cbc_cipher
index 04cb709c8fe312242354734f6fdbb8ad7bee53a4..93f93155633fafbbe2f56bf8197714141c5228ce 100644 (file)
@@ -453,6 +453,9 @@ struct evp_cipher_ctx_st
 #endif
 #ifndef OPENSSL_NO_AES
                RIJNDAEL_KEY rijndael;
+#endif
+#ifdef OPENSSL_OPENBSD_DEV_CRYPTO
+               struct session_op *dev_crypto;
 #endif
                } c;
        int final_used;
@@ -674,6 +677,9 @@ const EVP_CIPHER *EVP_des_cbc(void);
 const EVP_CIPHER *EVP_des_ede_cbc(void);
 const EVP_CIPHER *EVP_des_ede3_cbc(void);
 const EVP_CIPHER *EVP_desx_cbc(void);
+# ifdef OPENSSL_OPENBSD_DEV_CRYPTO
+const EVP_CIPHER *EVP_dev_crypto_des_ede3_cbc(void);
+# endif
 #endif
 #ifndef OPENSSL_NO_RC4
 const EVP_CIPHER *EVP_rc4(void);
index 91670b414c2154469c6950ba1c7c652c7a2f4f02..264e9ced24e1592f7de17ab3edf09c4f493a8dda 100644 (file)
@@ -101,6 +101,61 @@ static int cname##_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns
        BLOCK_CIPHER_func_ecb(cname, cprefix, kname) \
        BLOCK_CIPHER_func_ofb(cname, cprefix, kname)
 
+#define BLOCK_CIPHER_def1(cname, nmode, mode, MODE, kstruct, nid, block_size, \
+                         key_len, iv_len, flags, init_key, cleanup, \
+                         set_asn1, get_asn1, ctrl) \
+static const EVP_CIPHER cname##_##mode = { \
+       nid##_##nmode, block_size, key_len, iv_len, \
+       flags | EVP_CIPH_##MODE##_MODE, \
+       init_key, \
+       cname##_##mode##_cipher, \
+       cleanup, \
+       sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+               sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+       set_asn1, get_asn1,\
+       ctrl, \
+       NULL \
+}; \
+const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; }
+
+#define BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, \
+                            iv_len, flags, init_key, cleanup, set_asn1, \
+                            get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \
+                 iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
+
+#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, block_size, key_len, \
+                            iv_len, flags, init_key, cleanup, set_asn1, \
+                            get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, cfb64, cfb, CFB, kstruct, nid, block_size, key_len, \
+                 iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
+
+#define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, block_size, key_len, \
+                            iv_len, flags, init_key, cleanup, set_asn1, \
+                            get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, ofb64, ofb, OFB, kstruct, nid, block_size, key_len, \
+                 iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
+
+#define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \
+                            iv_len, flags, init_key, cleanup, set_asn1, \
+                            get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \
+                 iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
+
+#define BLOCK_CIPHER_defs(cname, kstruct, \
+                         nid, block_size, key_len, iv_len, flags, \
+                         init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
+                    init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_cfb(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
+                    init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_ofb(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
+                    init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
+                    init_key, cleanup, set_asn1, get_asn1, ctrl)
+
+
+/*
 #define BLOCK_CIPHER_defs(cname, kstruct, \
                                nid, block_size, key_len, iv_len, flags,\
                                 init_key, cleanup, set_asn1, get_asn1, ctrl)\
@@ -156,7 +211,7 @@ static const EVP_CIPHER cname##_ecb = {\
        NULL \
 };\
 const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }
-
+*/
 
 
 #define IMPLEMENT_BLOCK_CIPHER(cname, kname, cprefix, kstruct, \
diff --git a/crypto/evp/openbsd_hw.c b/crypto/evp/openbsd_hw.c
new file mode 100644 (file)
index 0000000..012856a
--- /dev/null
@@ -0,0 +1,190 @@
+/*
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <fcntl.h>
+#include <stdio.h>
+#include <errno.h>
+#include <sys/ioctl.h>
+#include <crypto/cryptodev.h>
+#include <unistd.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include "evp_locl.h"
+#include <assert.h>
+
+// longest key supported in hardware
+#define MAX_HW_KEY     24
+
+static int fd;
+static int dev_failed;
+
+static void err(const char *str)
+    {
+    fprintf(stderr,"%s: errno %d\n",str,errno);
+    }
+
+static int dev_crypto_init(EVP_CIPHER_CTX *ctx)
+    {
+    if(dev_failed)
+       return 0;
+    if(!fd)
+       {
+       int cryptodev_fd;
+
+        if ((cryptodev_fd=open("/dev/crypto",O_RDWR,0)) < 0)
+           {
+           err("/dev/crypto");
+           dev_failed=1;
+           return 0;
+           }
+        if (ioctl(cryptodev_fd,CRIOGET,&fd) == -1)
+           {
+           err("CRIOGET failed");
+           close(cryptodev_fd);
+           dev_failed=1;
+           return 0;
+           }
+       close(cryptodev_fd);
+       }
+    if(!ctx->c.dev_crypto)
+       {
+       ctx->c.dev_crypto=OPENSSL_malloc(sizeof *ctx->c.dev_crypto);
+       memset(ctx->c.dev_crypto,'\0',sizeof *ctx->c.dev_crypto);
+       ctx->c.dev_crypto->key=OPENSSL_malloc(MAX_HW_KEY);
+       }
+    
+    return 1;
+    }
+
+static int dev_crypto_cleanup(EVP_CIPHER_CTX *ctx)
+    {
+    if(ioctl(fd,CIOCFSESSION,ctx->c.dev_crypto->ses) == -1)
+       err("CIOCFSESSION failed");
+
+    OPENSSL_free(ctx->c.dev_crypto->key);
+    OPENSSL_free(ctx->c.dev_crypto);
+    ctx->c.dev_crypto=NULL;
+
+    return 1;
+    }
+
+// FIXME: there should be some non-fatal way to report we fell back to s/w?
+static int dev_crypto_des_ede3_init_key(EVP_CIPHER_CTX *ctx,
+                                       const unsigned char *key,
+                                       const unsigned char *iv, int enc)
+    {
+    if(!dev_crypto_init(ctx))
+       {
+       // fall back to using software...
+       ctx->cipher=EVP_des_ede3_cbc();
+       return ctx->cipher->init(ctx,key,iv,enc);
+       }
+    memcpy(ctx->c.dev_crypto->key,key,24);
+    
+    ctx->c.dev_crypto->cipher=CRYPTO_3DES_CBC;
+    ctx->c.dev_crypto->mac=0;
+    ctx->c.dev_crypto->keylen=24;
+
+    if (ioctl(fd,CIOCGSESSION,ctx->c.dev_crypto) == -1)
+       {
+       err("CIOCGSESSION failed");
+       // fall back to using software...
+       dev_crypto_cleanup(ctx);
+       ctx->cipher=EVP_des_ede3_cbc();
+       return ctx->cipher->init(ctx,key,iv,enc);
+       }
+    return 1;
+    }
+
+static int dev_crypto_des_ede3_cbc_cipher(EVP_CIPHER_CTX *ctx, 
+                                         unsigned char *out,
+                                         const unsigned char *in,
+                                         unsigned int inl)
+    {
+    struct crypt_op cryp;
+    unsigned char lb[8];
+
+    assert(ctx->c.dev_crypto);
+    assert(!dev_failed);
+
+    memset(&cryp,'\0',sizeof cryp);
+    cryp.ses=ctx->c.dev_crypto->ses;
+    cryp.op=ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
+    cryp.flags=0;
+    //    cryp.len=((inl+7)/8)*8;
+    cryp.len=inl;
+    assert((inl&7) == 0);
+    cryp.src=(caddr_t)in;
+    cryp.dst=(caddr_t)out;
+    cryp.mac=0;
+    cryp.iv=(caddr_t)ctx->iv;
+
+    if(!ctx->encrypt)
+       memcpy(lb,&in[cryp.len-8],8);
+
+    if (ioctl(fd, CIOCCRYPT, &cryp) == -1)
+       {
+       err("CIOCCRYPT failed");
+       abort();
+       return 0;
+       }
+
+    if(ctx->encrypt)
+       memcpy(ctx->iv,&out[cryp.len-8],8);
+    else
+       memcpy(ctx->iv,lb,8);
+
+    return 1;
+    }
+
+BLOCK_CIPHER_def_cbc(dev_crypto_des_ede3, des_ede,NID_des_ede3, 8, 24, 8,
+                    0, dev_crypto_des_ede3_init_key,
+                    dev_crypto_cleanup, 
+                    EVP_CIPHER_set_asn1_iv,
+                    EVP_CIPHER_get_asn1_iv,
+                    NULL)
index 17c806cf086ad83a9eabb47576754b3692cbafdf..8e731bdb59c1e6e2a6729f66daf5984b9cbc6298 100644 (file)
@@ -99,7 +99,7 @@ static unsigned char lvalues[3792]={
 0x2B,0x0E,0x03,0x02,0x06,                    /* [187] OBJ_des_ecb */
 0x2B,0x0E,0x03,0x02,0x09,                    /* [192] OBJ_des_cfb64 */
 0x2B,0x0E,0x03,0x02,0x07,                    /* [197] OBJ_des_cbc */
-0x2B,0x0E,0x03,0x02,0x11,                    /* [202] OBJ_des_ede */
+0x2B,0x0E,0x03,0x02,0x11,                    /* [202] OBJ_des_ede_ecb */
 0x2B,0x06,0x01,0x04,0x01,0x81,0x3C,0x07,0x01,0x01,0x02,/* [207] OBJ_idea_cbc */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x02,     /* [218] OBJ_rc2_cbc */
 0x2B,0x0E,0x03,0x02,0x12,                    /* [226] OBJ_sha */
@@ -578,8 +578,8 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 {"DES-ECB","des-ecb",NID_des_ecb,5,&(lvalues[187]),0},
 {"DES-CFB","des-cfb",NID_des_cfb64,5,&(lvalues[192]),0},
 {"DES-CBC","des-cbc",NID_des_cbc,5,&(lvalues[197]),0},
-{"DES-EDE","des-ede",NID_des_ede,5,&(lvalues[202]),0},
-{"DES-EDE3","des-ede3",NID_des_ede3,0,NULL},
+{"DES-EDE","des-ede",NID_des_ede_ecb,5,&(lvalues[202]),0},
+{"DES-EDE3","des-ede3",NID_des_ede3_ecb,0,NULL},
 {"IDEA-CBC","idea-cbc",NID_idea_cbc,11,&(lvalues[207]),0},
 {"IDEA-CFB","idea-cfb",NID_idea_cfb64,0,NULL},
 {"IDEA-ECB","idea-ecb",NID_idea_ecb,0,NULL},
@@ -2345,7 +2345,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[67]),/* OBJ_dsa_2                        1 3 14 3 2 12 */
 &(nid_objs[66]),/* OBJ_dsaWithSHA                   1 3 14 3 2 13 */
 &(nid_objs[42]),/* OBJ_shaWithRSAEncryption         1 3 14 3 2 15 */
-&(nid_objs[32]),/* OBJ_des_ede                      1 3 14 3 2 17 */
+&(nid_objs[32]),/* OBJ_des_ede_ecb                  1 3 14 3 2 17 */
 &(nid_objs[41]),/* OBJ_sha                          1 3 14 3 2 18 */
 &(nid_objs[64]),/* OBJ_sha1                         1 3 14 3 2 26 */
 &(nid_objs[70]),/* OBJ_dsaWithSHA1_2                1 3 14 3 2 27 */
index cd114a260018cca9a4660aa03337beb744b5748b..725efdb62a783d3dd11cf29a76f3e9fd250bfcac 100644 (file)
 #define NID_shaWithRSAEncryption               42
 #define OBJ_shaWithRSAEncryption               OBJ_algorithm,15L
 
-#define SN_des_ede             "DES-EDE"
-#define LN_des_ede             "des-ede"
-#define NID_des_ede            32
-#define OBJ_des_ede            OBJ_algorithm,17L
-
-#define SN_des_ede3            "DES-EDE3"
-#define LN_des_ede3            "des-ede3"
-#define NID_des_ede3           33
+#define SN_des_ede_ecb         "DES-EDE"
+#define LN_des_ede_ecb         "des-ede"
+#define NID_des_ede_ecb                32
+#define OBJ_des_ede_ecb                OBJ_algorithm,17L
+
+#define SN_des_ede3_ecb                "DES-EDE3"
+#define LN_des_ede3_ecb                "des-ede3"
+#define NID_des_ede3_ecb               33
 
 #define SN_des_ede_cbc         "DES-EDE-CBC"
 #define LN_des_ede_cbc         "des-ede-cbc"
index 362bdb713dac639107e919c80558651c129a1e6d..b2865434cd2b4c81c4f857e5e49662783c1891f3 100644 (file)
@@ -30,8 +30,8 @@ dhKeyAgreement                28
 des_ecb                29
 des_cfb64              30
 des_cbc                31
-des_ede                32
-des_ede3               33
+des_ede_ecb            32
+des_ede3_ecb           33
 idea_cbc               34
 idea_cfb64             35
 idea_ecb               36
index 86d337d01e52c0868b3e1045ce45d0a47f5e1fda..59e283b33f216cdd16d5750e9eeda8614f8822b1 100644 (file)
@@ -486,7 +486,9 @@ algorithm 11                : rsaSignature
 algorithm 12           : DSA-old               : dsaEncryption-old
 algorithm 13           : DSA-SHA               : dsaWithSHA
 algorithm 15           : RSA-SHA               : shaWithRSAEncryption
+!Cname des-ede-ecb
 algorithm 17           : DES-EDE               : des-ede
+!Cname des-ede3-ecb
                        : DES-EDE3              : des-ede3
                        : DES-EDE-CBC           : des-ede-cbc
 !Cname des-ede-cfb64