From c518ade1fd9a791625646bc9e77f5b9b2d378b78 Mon Sep 17 00:00:00 2001 From: Ben Laurie Date: Sat, 21 Jul 2001 10:24:07 +0000 Subject: [PATCH] Clean up EVP macros, rename DES EDE3 modes correctly, temporary support for OpenBSD /dev/crypto (this will be revamped later when the appropriate machinery is available). --- CHANGES | 7 ++ Configure | 1 + crypto/evp/Makefile.ssl | 4 +- crypto/evp/c_allc.c | 4 + crypto/evp/e_des3.c | 3 - crypto/evp/evp.h | 6 ++ crypto/evp/evp_locl.h | 57 ++++++++++- crypto/evp/openbsd_hw.c | 190 +++++++++++++++++++++++++++++++++++++ crypto/objects/obj_dat.h | 8 +- crypto/objects/obj_mac.h | 16 ++-- crypto/objects/obj_mac.num | 4 +- crypto/objects/objects.txt | 2 + 12 files changed, 282 insertions(+), 20 deletions(-) create mode 100644 crypto/evp/openbsd_hw.c diff --git a/CHANGES b/CHANGES index b1929cace8..e4c17789d4 100644 --- a/CHANGES +++ b/CHANGES @@ -12,6 +12,13 @@ *) applies to 0.9.6a/0.9.6b and 0.9.7 +) applies to 0.9.7 only + +) Cleanup of EVP macros. + [Ben Laurie] + + +) Change historical references to {NID,SN,LN}_des_ede and ede3 to add the + correct _ecb suffix. + [Ben Laurie] + +) Add initial OCSP responder support to ocsp application. The revocation information is handled using the text based index use by the ca application. The responder can either handle diff --git a/Configure b/Configure index 610336c4b1..0954401ce7 100755 --- a/Configure +++ b/Configure @@ -133,6 +133,7 @@ my %table=( "purify", "purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::", "debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::", "debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::asm/bn86-elf.o asm/co86-elf.o", +"debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", "debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::::", "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", diff --git a/crypto/evp/Makefile.ssl b/crypto/evp/Makefile.ssl index 0e7f2e1921..7ad3e0e12a 100644 --- a/crypto/evp/Makefile.ssl +++ b/crypto/evp/Makefile.ssl @@ -32,7 +32,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c \ p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \ bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \ c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \ - evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c + evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c openbsd_hw.c LIBOBJ= encode.o digest.o evp_enc.o evp_key.o \ e_des.o e_bf.o e_idea.o e_des3.o \ @@ -43,7 +43,7 @@ LIBOBJ= encode.o digest.o evp_enc.o evp_key.o \ p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \ bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \ c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \ - evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o + evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o openbsd_hw.o SRC= $(LIBSRC) diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c index 0fe5457425..def53b6785 100644 --- a/crypto/evp/c_allc.c +++ b/crypto/evp/c_allc.c @@ -82,7 +82,11 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher_alias(SN_des_cbc,"DES"); EVP_add_cipher_alias(SN_des_cbc,"des"); EVP_add_cipher(EVP_des_ede_cbc()); +# ifdef OPENSSL_OPENBSD_DEV_CRYPTO + EVP_add_cipher(EVP_dev_crypto_des_ede3_cbc()); +# else EVP_add_cipher(EVP_des_ede3_cbc()); +# endif EVP_add_cipher_alias(SN_des_ede3_cbc,"DES3"); EVP_add_cipher_alias(SN_des_ede3_cbc,"des3"); diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c index f9e20c8194..b1b36ce130 100644 --- a/crypto/evp/e_des3.c +++ b/crypto/evp/e_des3.c @@ -119,15 +119,12 @@ static int des_ede_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return 1; } -#define NID_des_ede_ecb NID_des_ede - BLOCK_CIPHER_defs(des_ede, des_ede, NID_des_ede, 8, 16, 8, 0, des_ede_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) -#define NID_des_ede3_ecb NID_des_ede3 #define des_ede3_cfb_cipher des_ede_cfb_cipher #define des_ede3_ofb_cipher des_ede_ofb_cipher #define des_ede3_cbc_cipher des_ede_cbc_cipher diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 04cb709c8f..93f9315563 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -453,6 +453,9 @@ struct evp_cipher_ctx_st #endif #ifndef OPENSSL_NO_AES RIJNDAEL_KEY rijndael; +#endif +#ifdef OPENSSL_OPENBSD_DEV_CRYPTO + struct session_op *dev_crypto; #endif } c; int final_used; @@ -674,6 +677,9 @@ const EVP_CIPHER *EVP_des_cbc(void); const EVP_CIPHER *EVP_des_ede_cbc(void); const EVP_CIPHER *EVP_des_ede3_cbc(void); const EVP_CIPHER *EVP_desx_cbc(void); +# ifdef OPENSSL_OPENBSD_DEV_CRYPTO +const EVP_CIPHER *EVP_dev_crypto_des_ede3_cbc(void); +# endif #endif #ifndef OPENSSL_NO_RC4 const EVP_CIPHER *EVP_rc4(void); diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h index 91670b414c..264e9ced24 100644 --- a/crypto/evp/evp_locl.h +++ b/crypto/evp/evp_locl.h @@ -101,6 +101,61 @@ static int cname##_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns BLOCK_CIPHER_func_ecb(cname, cprefix, kname) \ BLOCK_CIPHER_func_ofb(cname, cprefix, kname) +#define BLOCK_CIPHER_def1(cname, nmode, mode, MODE, kstruct, nid, block_size, \ + key_len, iv_len, flags, init_key, cleanup, \ + set_asn1, get_asn1, ctrl) \ +static const EVP_CIPHER cname##_##mode = { \ + nid##_##nmode, block_size, key_len, iv_len, \ + flags | EVP_CIPH_##MODE##_MODE, \ + init_key, \ + cname##_##mode##_cipher, \ + cleanup, \ + sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ + sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ + set_asn1, get_asn1,\ + ctrl, \ + NULL \ +}; \ +const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; } + +#define BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, \ + iv_len, flags, init_key, cleanup, set_asn1, \ + get_asn1, ctrl) \ +BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \ + iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) + +#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, block_size, key_len, \ + iv_len, flags, init_key, cleanup, set_asn1, \ + get_asn1, ctrl) \ +BLOCK_CIPHER_def1(cname, cfb64, cfb, CFB, kstruct, nid, block_size, key_len, \ + iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) + +#define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, block_size, key_len, \ + iv_len, flags, init_key, cleanup, set_asn1, \ + get_asn1, ctrl) \ +BLOCK_CIPHER_def1(cname, ofb64, ofb, OFB, kstruct, nid, block_size, key_len, \ + iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) + +#define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \ + iv_len, flags, init_key, cleanup, set_asn1, \ + get_asn1, ctrl) \ +BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \ + iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) + +#define BLOCK_CIPHER_defs(cname, kstruct, \ + nid, block_size, key_len, iv_len, flags, \ + init_key, cleanup, set_asn1, get_asn1, ctrl) \ +BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \ + init_key, cleanup, set_asn1, get_asn1, ctrl) \ +BLOCK_CIPHER_def_cfb(cname, kstruct, nid, block_size, key_len, iv_len, flags, \ + init_key, cleanup, set_asn1, get_asn1, ctrl) \ +BLOCK_CIPHER_def_ofb(cname, kstruct, nid, block_size, key_len, iv_len, flags, \ + init_key, cleanup, set_asn1, get_asn1, ctrl) \ +BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, iv_len, flags, \ + init_key, cleanup, set_asn1, get_asn1, ctrl) + + +/* #define BLOCK_CIPHER_defs(cname, kstruct, \ nid, block_size, key_len, iv_len, flags,\ init_key, cleanup, set_asn1, get_asn1, ctrl)\ @@ -156,7 +211,7 @@ static const EVP_CIPHER cname##_ecb = {\ NULL \ };\ const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; } - +*/ #define IMPLEMENT_BLOCK_CIPHER(cname, kname, cprefix, kstruct, \ diff --git a/crypto/evp/openbsd_hw.c b/crypto/evp/openbsd_hw.c new file mode 100644 index 0000000000..012856adda --- /dev/null +++ b/crypto/evp/openbsd_hw.c @@ -0,0 +1,190 @@ +/* + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include "evp_locl.h" +#include + +// longest key supported in hardware +#define MAX_HW_KEY 24 + +static int fd; +static int dev_failed; + +static void err(const char *str) + { + fprintf(stderr,"%s: errno %d\n",str,errno); + } + +static int dev_crypto_init(EVP_CIPHER_CTX *ctx) + { + if(dev_failed) + return 0; + if(!fd) + { + int cryptodev_fd; + + if ((cryptodev_fd=open("/dev/crypto",O_RDWR,0)) < 0) + { + err("/dev/crypto"); + dev_failed=1; + return 0; + } + if (ioctl(cryptodev_fd,CRIOGET,&fd) == -1) + { + err("CRIOGET failed"); + close(cryptodev_fd); + dev_failed=1; + return 0; + } + close(cryptodev_fd); + } + if(!ctx->c.dev_crypto) + { + ctx->c.dev_crypto=OPENSSL_malloc(sizeof *ctx->c.dev_crypto); + memset(ctx->c.dev_crypto,'\0',sizeof *ctx->c.dev_crypto); + ctx->c.dev_crypto->key=OPENSSL_malloc(MAX_HW_KEY); + } + + return 1; + } + +static int dev_crypto_cleanup(EVP_CIPHER_CTX *ctx) + { + if(ioctl(fd,CIOCFSESSION,ctx->c.dev_crypto->ses) == -1) + err("CIOCFSESSION failed"); + + OPENSSL_free(ctx->c.dev_crypto->key); + OPENSSL_free(ctx->c.dev_crypto); + ctx->c.dev_crypto=NULL; + + return 1; + } + +// FIXME: there should be some non-fatal way to report we fell back to s/w? +static int dev_crypto_des_ede3_init_key(EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *iv, int enc) + { + if(!dev_crypto_init(ctx)) + { + // fall back to using software... + ctx->cipher=EVP_des_ede3_cbc(); + return ctx->cipher->init(ctx,key,iv,enc); + } + memcpy(ctx->c.dev_crypto->key,key,24); + + ctx->c.dev_crypto->cipher=CRYPTO_3DES_CBC; + ctx->c.dev_crypto->mac=0; + ctx->c.dev_crypto->keylen=24; + + if (ioctl(fd,CIOCGSESSION,ctx->c.dev_crypto) == -1) + { + err("CIOCGSESSION failed"); + // fall back to using software... + dev_crypto_cleanup(ctx); + ctx->cipher=EVP_des_ede3_cbc(); + return ctx->cipher->init(ctx,key,iv,enc); + } + return 1; + } + +static int dev_crypto_des_ede3_cbc_cipher(EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + unsigned int inl) + { + struct crypt_op cryp; + unsigned char lb[8]; + + assert(ctx->c.dev_crypto); + assert(!dev_failed); + + memset(&cryp,'\0',sizeof cryp); + cryp.ses=ctx->c.dev_crypto->ses; + cryp.op=ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; + cryp.flags=0; + // cryp.len=((inl+7)/8)*8; + cryp.len=inl; + assert((inl&7) == 0); + cryp.src=(caddr_t)in; + cryp.dst=(caddr_t)out; + cryp.mac=0; + cryp.iv=(caddr_t)ctx->iv; + + if(!ctx->encrypt) + memcpy(lb,&in[cryp.len-8],8); + + if (ioctl(fd, CIOCCRYPT, &cryp) == -1) + { + err("CIOCCRYPT failed"); + abort(); + return 0; + } + + if(ctx->encrypt) + memcpy(ctx->iv,&out[cryp.len-8],8); + else + memcpy(ctx->iv,lb,8); + + return 1; + } + +BLOCK_CIPHER_def_cbc(dev_crypto_des_ede3, des_ede,NID_des_ede3, 8, 24, 8, + 0, dev_crypto_des_ede3_init_key, + dev_crypto_cleanup, + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL) diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 17c806cf08..8e731bdb59 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -99,7 +99,7 @@ static unsigned char lvalues[3792]={ 0x2B,0x0E,0x03,0x02,0x06, /* [187] OBJ_des_ecb */ 0x2B,0x0E,0x03,0x02,0x09, /* [192] OBJ_des_cfb64 */ 0x2B,0x0E,0x03,0x02,0x07, /* [197] OBJ_des_cbc */ -0x2B,0x0E,0x03,0x02,0x11, /* [202] OBJ_des_ede */ +0x2B,0x0E,0x03,0x02,0x11, /* [202] OBJ_des_ede_ecb */ 0x2B,0x06,0x01,0x04,0x01,0x81,0x3C,0x07,0x01,0x01,0x02,/* [207] OBJ_idea_cbc */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x02, /* [218] OBJ_rc2_cbc */ 0x2B,0x0E,0x03,0x02,0x12, /* [226] OBJ_sha */ @@ -578,8 +578,8 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"DES-ECB","des-ecb",NID_des_ecb,5,&(lvalues[187]),0}, {"DES-CFB","des-cfb",NID_des_cfb64,5,&(lvalues[192]),0}, {"DES-CBC","des-cbc",NID_des_cbc,5,&(lvalues[197]),0}, -{"DES-EDE","des-ede",NID_des_ede,5,&(lvalues[202]),0}, -{"DES-EDE3","des-ede3",NID_des_ede3,0,NULL}, +{"DES-EDE","des-ede",NID_des_ede_ecb,5,&(lvalues[202]),0}, +{"DES-EDE3","des-ede3",NID_des_ede3_ecb,0,NULL}, {"IDEA-CBC","idea-cbc",NID_idea_cbc,11,&(lvalues[207]),0}, {"IDEA-CFB","idea-cfb",NID_idea_cfb64,0,NULL}, {"IDEA-ECB","idea-ecb",NID_idea_ecb,0,NULL}, @@ -2345,7 +2345,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[67]),/* OBJ_dsa_2 1 3 14 3 2 12 */ &(nid_objs[66]),/* OBJ_dsaWithSHA 1 3 14 3 2 13 */ &(nid_objs[42]),/* OBJ_shaWithRSAEncryption 1 3 14 3 2 15 */ -&(nid_objs[32]),/* OBJ_des_ede 1 3 14 3 2 17 */ +&(nid_objs[32]),/* OBJ_des_ede_ecb 1 3 14 3 2 17 */ &(nid_objs[41]),/* OBJ_sha 1 3 14 3 2 18 */ &(nid_objs[64]),/* OBJ_sha1 1 3 14 3 2 26 */ &(nid_objs[70]),/* OBJ_dsaWithSHA1_2 1 3 14 3 2 27 */ diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h index cd114a2600..725efdb62a 100644 --- a/crypto/objects/obj_mac.h +++ b/crypto/objects/obj_mac.h @@ -1475,14 +1475,14 @@ #define NID_shaWithRSAEncryption 42 #define OBJ_shaWithRSAEncryption OBJ_algorithm,15L -#define SN_des_ede "DES-EDE" -#define LN_des_ede "des-ede" -#define NID_des_ede 32 -#define OBJ_des_ede OBJ_algorithm,17L - -#define SN_des_ede3 "DES-EDE3" -#define LN_des_ede3 "des-ede3" -#define NID_des_ede3 33 +#define SN_des_ede_ecb "DES-EDE" +#define LN_des_ede_ecb "des-ede" +#define NID_des_ede_ecb 32 +#define OBJ_des_ede_ecb OBJ_algorithm,17L + +#define SN_des_ede3_ecb "DES-EDE3" +#define LN_des_ede3_ecb "des-ede3" +#define NID_des_ede3_ecb 33 #define SN_des_ede_cbc "DES-EDE-CBC" #define LN_des_ede_cbc "des-ede-cbc" diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index 362bdb713d..b2865434cd 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -30,8 +30,8 @@ dhKeyAgreement 28 des_ecb 29 des_cfb64 30 des_cbc 31 -des_ede 32 -des_ede3 33 +des_ede_ecb 32 +des_ede3_ecb 33 idea_cbc 34 idea_cfb64 35 idea_ecb 36 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index 86d337d01e..59e283b33f 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -486,7 +486,9 @@ algorithm 11 : rsaSignature algorithm 12 : DSA-old : dsaEncryption-old algorithm 13 : DSA-SHA : dsaWithSHA algorithm 15 : RSA-SHA : shaWithRSAEncryption +!Cname des-ede-ecb algorithm 17 : DES-EDE : des-ede +!Cname des-ede3-ecb : DES-EDE3 : des-ede3 : DES-EDE-CBC : des-ede-cbc !Cname des-ede-cfb64 -- 2.25.1