1 files changed, 50 insertions, 11 deletions
diff --git a/src/lib/libcrypto/evp/e_des3.c b/src/lib/libcrypto/evp/e_des3.c
index 677322bf02..ac148efab2 100644
--- a/src/lib/libcrypto/evp/e_des3.c
+++ b/src/lib/libcrypto/evp/e_des3.c
@@ -63,6 +63,7 @@
 #include <openssl/objects.h>
 #include "evp_locl.h"
 #include <openssl/des.h>
+#include <openssl/rand.h>
 static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                            const unsigned char *iv,int enc);
@@ -70,6 +71,8 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                             const unsigned char *iv,int enc);
+static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
 typedef struct
    {
    DES_key_schedule ks1;/* key schedule */
@@ -85,7 +88,8 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                              const unsigned char *in, unsigned int inl)
 {
        BLOCK_CIPHER_ecb_loop()
-                DES_ecb3_encrypt(in + i,out + i, 
+                DES_ecb3_encrypt((const_DES_cblock *)(in + i),
+                                 (DES_cblock *)(out + i),
                                 &data(ctx)->ks1, &data(ctx)->ks2,
                                 &data(ctx)->ks3,
                                 ctx->encrypt);
@@ -160,10 +164,10 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
    }
 BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
-                        EVP_CIPH_FLAG_FIPS, des_ede_init_key, NULL, 
+                        EVP_CIPH_RAND_KEY, des_ede_init_key, NULL, 
                        EVP_CIPHER_set_asn1_iv,
                        EVP_CIPHER_get_asn1_iv,
-                        NULL)
+                        des3_ctrl)
 #define des_ede3_cfb64_cipher des_ede_cfb64_cipher
 #define des_ede3_ofb_cipher des_ede_ofb_cipher
@@ -171,28 +175,35 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
 #define des_ede3_ecb_cipher des_ede_ecb_cipher
 BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
-                        EVP_CIPH_FLAG_FIPS, des_ede3_init_key, NULL, 
+                        EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL, 
                        EVP_CIPHER_set_asn1_iv,
                        EVP_CIPHER_get_asn1_iv,
-                        NULL)
+                        des3_ctrl)
 BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1,
-                     EVP_CIPH_FLAG_FIPS, des_ede3_init_key,NULL,
+                     EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL,
                     EVP_CIPHER_set_asn1_iv,
-                     EVP_CIPHER_get_asn1_iv,NULL)
+                     EVP_CIPHER_get_asn1_iv,
+                     des3_ctrl)
 BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8,
-                     EVP_CIPH_FLAG_FIPS, des_ede3_init_key,NULL,
+                     EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL,
                     EVP_CIPHER_set_asn1_iv,
-                     EVP_CIPHER_get_asn1_iv,NULL)
+                     EVP_CIPHER_get_asn1_iv,
+                     des3_ctrl)
 static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                            const unsigned char *iv, int enc)
        {
        DES_cblock *deskey = (DES_cblock *)key;
+#ifdef EVP_CHECK_DES_KEY
+        if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1)
+                !! DES_set_key_checked(&deskey[1],&data(ctx)->ks2))
+                return 0;
+#else
        DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1);
        DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2);
+#endif
        memcpy(&data(ctx)->ks3,&data(ctx)->ks1,
               sizeof(data(ctx)->ks1));
        return 1;
@@ -213,13 +224,41 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
        }
 #endif  /* KSSL_DEBUG */
+#ifdef EVP_CHECK_DES_KEY
+        if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1)
+                || DES_set_key_checked(&deskey[1],&data(ctx)->ks2)
+                || DES_set_key_checked(&deskey[2],&data(ctx)->ks3))
+                return 0;
+#else
        DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1);
        DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2);
        DES_set_key_unchecked(&deskey[2],&data(ctx)->ks3);
+#endif
        return 1;
        }
+static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+        {
+        DES_cblock *deskey = ptr;
+        switch(type)
+                {
+        case EVP_CTRL_RAND_KEY:
+                if (RAND_bytes(ptr, c->key_len) <= 0)
+                        return 0;
+                DES_set_odd_parity(deskey);
+                if (c->key_len >= 16)
+                        DES_set_odd_parity(deskey + 1);
+                if (c->key_len >= 24)
+                        DES_set_odd_parity(deskey + 2);
+                return 1;
+        default:
+                return -1;
+                }
+        }
 const EVP_CIPHER *EVP_des_ede(void)
 {
        return &des_ede_ecb;

diff --git a/src/lib/libcrypto/evp/e_des3.c b/src/lib/libcrypto/evp/e_des3.c index 677322bf02..ac148efab2 100644 --- a/src/lib/libcrypto/evp/e_des3.c +++ b/src/lib/libcrypto/evp/e_des3.c
@@ -63,6 +63,7 @@
63	#include <openssl/objects.h>	63	#include <openssl/objects.h>
64	#include "evp_locl.h"	64	#include "evp_locl.h"
65	#include <openssl/des.h>	65	#include <openssl/des.h>
		66	#include <openssl/rand.h>
66		67
67	static int des_ede_init_key(EVP_CIPHER_CTX ctx, const unsigned char key,	68	static int des_ede_init_key(EVP_CIPHER_CTX ctx, const unsigned char key,
68	const unsigned char *iv,int enc);	69	const unsigned char *iv,int enc);
@@ -70,6 +71,8 @@ static int des_ede_init_key(EVP_CIPHER_CTX ctx, const unsigned char key,
70	static int des_ede3_init_key(EVP_CIPHER_CTX ctx, const unsigned char key,	71	static int des_ede3_init_key(EVP_CIPHER_CTX ctx, const unsigned char key,
71	const unsigned char *iv,int enc);	72	const unsigned char *iv,int enc);
72		73
		74	static int des3_ctrl(EVP_CIPHER_CTX c, int type, int arg, void ptr);
		75
73	typedef struct	76	typedef struct
74	{	77	{
75	DES_key_schedule ks1;/* key schedule */	78	DES_key_schedule ks1;/* key schedule */
@@ -85,7 +88,8 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX ctx, unsigned char out,
85	const unsigned char *in, unsigned int inl)	88	const unsigned char *in, unsigned int inl)
86	{	89	{
87	BLOCK_CIPHER_ecb_loop()	90	BLOCK_CIPHER_ecb_loop()
88	DES_ecb3_encrypt(in + i,out + i,	91	DES_ecb3_encrypt((const_DES_cblock *)(in + i),
		92	(DES_cblock *)(out + i),
89	&data(ctx)->ks1, &data(ctx)->ks2,	93	&data(ctx)->ks1, &data(ctx)->ks2,
90	&data(ctx)->ks3,	94	&data(ctx)->ks3,
91	ctx->encrypt);	95	ctx->encrypt);
@@ -160,10 +164,10 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX ctx, unsigned char out,
160	}	164	}
161		165
162	BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,	166	BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
163	EVP_CIPH_FLAG_FIPS, des_ede_init_key, NULL,	167	EVP_CIPH_RAND_KEY, des_ede_init_key, NULL,
164	EVP_CIPHER_set_asn1_iv,	168	EVP_CIPHER_set_asn1_iv,
165	EVP_CIPHER_get_asn1_iv,	169	EVP_CIPHER_get_asn1_iv,
166	NULL)	170	des3_ctrl)
167		171
168	#define des_ede3_cfb64_cipher des_ede_cfb64_cipher	172	#define des_ede3_cfb64_cipher des_ede_cfb64_cipher
169	#define des_ede3_ofb_cipher des_ede_ofb_cipher	173	#define des_ede3_ofb_cipher des_ede_ofb_cipher
@@ -171,28 +175,35 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
171	#define des_ede3_ecb_cipher des_ede_ecb_cipher	175	#define des_ede3_ecb_cipher des_ede_ecb_cipher
172		176
173	BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,	177	BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
174	EVP_CIPH_FLAG_FIPS, des_ede3_init_key, NULL,	178	EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL,
175	EVP_CIPHER_set_asn1_iv,	179	EVP_CIPHER_set_asn1_iv,
176	EVP_CIPHER_get_asn1_iv,	180	EVP_CIPHER_get_asn1_iv,
177	NULL)	181	des3_ctrl)
178		182
179	BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1,	183	BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1,
180	EVP_CIPH_FLAG_FIPS, des_ede3_init_key,NULL,	184	EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL,
181	EVP_CIPHER_set_asn1_iv,	185	EVP_CIPHER_set_asn1_iv,
182	EVP_CIPHER_get_asn1_iv,NULL)	186	EVP_CIPHER_get_asn1_iv,
		187	des3_ctrl)
183		188
184	BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8,	189	BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8,
185	EVP_CIPH_FLAG_FIPS, des_ede3_init_key,NULL,	190	EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL,
186	EVP_CIPHER_set_asn1_iv,	191	EVP_CIPHER_set_asn1_iv,
187	EVP_CIPHER_get_asn1_iv,NULL)	192	EVP_CIPHER_get_asn1_iv,
		193	des3_ctrl)
188		194
189	static int des_ede_init_key(EVP_CIPHER_CTX ctx, const unsigned char key,	195	static int des_ede_init_key(EVP_CIPHER_CTX ctx, const unsigned char key,
190	const unsigned char *iv, int enc)	196	const unsigned char *iv, int enc)
191	{	197	{
192	DES_cblock deskey = (DES_cblock )key;	198	DES_cblock deskey = (DES_cblock )key;
193		199	#ifdef EVP_CHECK_DES_KEY
		200	if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1)
		201	!! DES_set_key_checked(&deskey[1],&data(ctx)->ks2))
		202	return 0;
		203	#else
194	DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1);	204	DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1);
195	DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2);	205	DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2);
		206	#endif
196	memcpy(&data(ctx)->ks3,&data(ctx)->ks1,	207	memcpy(&data(ctx)->ks3,&data(ctx)->ks1,
197	sizeof(data(ctx)->ks1));	208	sizeof(data(ctx)->ks1));
198	return 1;	209	return 1;
@@ -213,13 +224,41 @@ static int des_ede3_init_key(EVP_CIPHER_CTX ctx, const unsigned char key,
213	}	224	}
214	#endif /* KSSL_DEBUG */	225	#endif /* KSSL_DEBUG */
215		226
		227	#ifdef EVP_CHECK_DES_KEY
		228	if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1)
		229	\|\| DES_set_key_checked(&deskey[1],&data(ctx)->ks2)
		230	\|\| DES_set_key_checked(&deskey[2],&data(ctx)->ks3))
		231	return 0;
		232	#else
216	DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1);	233	DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1);
217	DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2);	234	DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2);
218	DES_set_key_unchecked(&deskey[2],&data(ctx)->ks3);	235	DES_set_key_unchecked(&deskey[2],&data(ctx)->ks3);
219		236	#endif
220	return 1;	237	return 1;
221	}	238	}
222		239
		240	static int des3_ctrl(EVP_CIPHER_CTX c, int type, int arg, void ptr)
		241	{
		242
		243	DES_cblock *deskey = ptr;
		244
		245	switch(type)
		246	{
		247	case EVP_CTRL_RAND_KEY:
		248	if (RAND_bytes(ptr, c->key_len) <= 0)
		249	return 0;
		250	DES_set_odd_parity(deskey);
		251	if (c->key_len >= 16)
		252	DES_set_odd_parity(deskey + 1);
		253	if (c->key_len >= 24)
		254	DES_set_odd_parity(deskey + 2);
		255	return 1;
		256
		257	default:
		258	return -1;
		259	}
		260	}
		261
223	const EVP_CIPHER *EVP_des_ede(void)	262	const EVP_CIPHER *EVP_des_ede(void)
224	{	263	{
225	return &des_ede_ecb;	264	return &des_ede_ecb;