]>
Commit | Line | Data |
---|---|---|
62867571 RS |
1 | /* |
2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. | |
d02b48c6 | 3 | * |
62867571 RS |
4 | * Licensed under the OpenSSL license (the "License"). You may not use |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
d02b48c6 RE |
8 | */ |
9 | ||
10 | #include <stdio.h> | |
b39fc560 | 11 | #include "internal/cryptlib.h" |
9e9e8cb6 | 12 | #ifndef OPENSSL_NO_DES |
0f113f3e MC |
13 | # include <openssl/evp.h> |
14 | # include <openssl/objects.h> | |
6435f0f6 | 15 | # include "internal/evp_int.h" |
0f113f3e MC |
16 | # include <openssl/des.h> |
17 | # include <openssl/rand.h> | |
6decf943 | 18 | # include <openssl/rand_drbg.h> |
7141ba31 | 19 | # include "evp_locl.h" |
0f113f3e MC |
20 | |
21 | typedef struct { | |
22 | union { | |
23 | double align; | |
24 | DES_key_schedule ks[3]; | |
25 | } ks; | |
26 | union { | |
7687f525 AP |
27 | void (*cbc) (const void *, void *, size_t, |
28 | const DES_key_schedule *, unsigned char *); | |
0f113f3e MC |
29 | } stream; |
30 | } DES_EDE_KEY; | |
31 | # define ks1 ks.ks[0] | |
32 | # define ks2 ks.ks[1] | |
33 | # define ks3 ks.ks[2] | |
34 | ||
35 | # if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__)) | |
c5d975a7 AP |
36 | /* ---------^^^ this is not a typo, just a way to detect that |
37 | * assembler support was in general requested... */ | |
0f113f3e | 38 | # include "sparc_arch.h" |
c5d975a7 AP |
39 | |
40 | extern unsigned int OPENSSL_sparcv9cap_P[]; | |
41 | ||
0f113f3e | 42 | # define SPARC_DES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_DES) |
c5d975a7 | 43 | |
0f113f3e MC |
44 | void des_t4_key_expand(const void *key, DES_key_schedule *ks); |
45 | void des_t4_ede3_cbc_encrypt(const void *inp, void *out, size_t len, | |
7687f525 | 46 | const DES_key_schedule ks[3], unsigned char iv[8]); |
0f113f3e | 47 | void des_t4_ede3_cbc_decrypt(const void *inp, void *out, size_t len, |
7687f525 | 48 | const DES_key_schedule ks[3], unsigned char iv[8]); |
0f113f3e | 49 | # endif |
c5d975a7 | 50 | |
1921eaad | 51 | static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
0f113f3e | 52 | const unsigned char *iv, int enc); |
57ae2e24 | 53 | |
1921eaad | 54 | static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
0f113f3e | 55 | const unsigned char *iv, int enc); |
d02b48c6 | 56 | |
216659eb DSH |
57 | static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); |
58 | ||
6435f0f6 | 59 | # define data(ctx) EVP_C_DATA(DES_EDE_KEY,ctx) |
dbad1690 | 60 | |
0f113f3e MC |
61 | /* |
62 | * Because of various casts and different args can't use | |
63 | * IMPLEMENT_BLOCK_CIPHER | |
64 | */ | |
d02b48c6 | 65 | |
1921eaad | 66 | static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, |
0f113f3e | 67 | const unsigned char *in, size_t inl) |
57ae2e24 | 68 | { |
0f113f3e MC |
69 | BLOCK_CIPHER_ecb_loop() |
70 | DES_ecb3_encrypt((const_DES_cblock *)(in + i), | |
71 | (DES_cblock *)(out + i), | |
72 | &data(ctx)->ks1, &data(ctx)->ks2, | |
6435f0f6 | 73 | &data(ctx)->ks3, EVP_CIPHER_CTX_encrypting(ctx)); |
0f113f3e | 74 | return 1; |
57ae2e24 DSH |
75 | } |
76 | ||
1921eaad | 77 | static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, |
0f113f3e | 78 | const unsigned char *in, size_t inl) |
57ae2e24 | 79 | { |
0f113f3e | 80 | while (inl >= EVP_MAXCHUNK) { |
6435f0f6 | 81 | int num = EVP_CIPHER_CTX_num(ctx); |
0f113f3e MC |
82 | DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, |
83 | &data(ctx)->ks1, &data(ctx)->ks2, | |
6435f0f6 RL |
84 | &data(ctx)->ks3, |
85 | (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), | |
86 | &num); | |
87 | EVP_CIPHER_CTX_set_num(ctx, num); | |
0f113f3e MC |
88 | inl -= EVP_MAXCHUNK; |
89 | in += EVP_MAXCHUNK; | |
90 | out += EVP_MAXCHUNK; | |
91 | } | |
6435f0f6 RL |
92 | if (inl) { |
93 | int num = EVP_CIPHER_CTX_num(ctx); | |
0f113f3e MC |
94 | DES_ede3_ofb64_encrypt(in, out, (long)inl, |
95 | &data(ctx)->ks1, &data(ctx)->ks2, | |
6435f0f6 RL |
96 | &data(ctx)->ks3, |
97 | (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), | |
98 | &num); | |
99 | EVP_CIPHER_CTX_set_num(ctx, num); | |
100 | } | |
0f113f3e | 101 | return 1; |
57ae2e24 DSH |
102 | } |
103 | ||
1921eaad | 104 | static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, |
0f113f3e | 105 | const unsigned char *in, size_t inl) |
57ae2e24 | 106 | { |
0f113f3e | 107 | DES_EDE_KEY *dat = data(ctx); |
c5d975a7 | 108 | |
7687f525 AP |
109 | if (dat->stream.cbc != NULL) { |
110 | (*dat->stream.cbc) (in, out, inl, dat->ks.ks, | |
111 | EVP_CIPHER_CTX_iv_noconst(ctx)); | |
0f113f3e MC |
112 | return 1; |
113 | } | |
114 | ||
115 | while (inl >= EVP_MAXCHUNK) { | |
116 | DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, | |
117 | &dat->ks1, &dat->ks2, &dat->ks3, | |
7687f525 AP |
118 | (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), |
119 | EVP_CIPHER_CTX_encrypting(ctx)); | |
0f113f3e MC |
120 | inl -= EVP_MAXCHUNK; |
121 | in += EVP_MAXCHUNK; | |
122 | out += EVP_MAXCHUNK; | |
123 | } | |
124 | if (inl) | |
125 | DES_ede3_cbc_encrypt(in, out, (long)inl, | |
126 | &dat->ks1, &dat->ks2, &dat->ks3, | |
7687f525 AP |
127 | (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), |
128 | EVP_CIPHER_CTX_encrypting(ctx)); | |
0f113f3e | 129 | return 1; |
57ae2e24 DSH |
130 | } |
131 | ||
8c6336b0 | 132 | static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, |
0f113f3e | 133 | const unsigned char *in, size_t inl) |
57ae2e24 | 134 | { |
0f113f3e | 135 | while (inl >= EVP_MAXCHUNK) { |
6435f0f6 | 136 | int num = EVP_CIPHER_CTX_num(ctx); |
0f113f3e MC |
137 | DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, |
138 | &data(ctx)->ks1, &data(ctx)->ks2, | |
6435f0f6 RL |
139 | &data(ctx)->ks3, |
140 | (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), | |
141 | &num, EVP_CIPHER_CTX_encrypting(ctx)); | |
142 | EVP_CIPHER_CTX_set_num(ctx, num); | |
0f113f3e MC |
143 | inl -= EVP_MAXCHUNK; |
144 | in += EVP_MAXCHUNK; | |
145 | out += EVP_MAXCHUNK; | |
146 | } | |
6435f0f6 RL |
147 | if (inl) { |
148 | int num = EVP_CIPHER_CTX_num(ctx); | |
0f113f3e MC |
149 | DES_ede3_cfb64_encrypt(in, out, (long)inl, |
150 | &data(ctx)->ks1, &data(ctx)->ks2, | |
6435f0f6 RL |
151 | &data(ctx)->ks3, |
152 | (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), | |
153 | &num, EVP_CIPHER_CTX_encrypting(ctx)); | |
154 | EVP_CIPHER_CTX_set_num(ctx, num); | |
155 | } | |
0f113f3e | 156 | return 1; |
57ae2e24 DSH |
157 | } |
158 | ||
0f113f3e MC |
159 | /* |
160 | * Although we have a CFB-r implementation for 3-DES, it doesn't pack the | |
161 | * right way, so wrap it here | |
162 | */ | |
8c6336b0 | 163 | static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, |
0f113f3e MC |
164 | const unsigned char *in, size_t inl) |
165 | { | |
b444ac3e | 166 | size_t n; |
0f113f3e MC |
167 | unsigned char c[1], d[1]; |
168 | ||
fe2d1491 RS |
169 | if (!EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) |
170 | inl *= 8; | |
0f113f3e MC |
171 | for (n = 0; n < inl; ++n) { |
172 | c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; | |
173 | DES_ede3_cfb_encrypt(c, d, 1, 1, | |
174 | &data(ctx)->ks1, &data(ctx)->ks2, | |
7687f525 AP |
175 | &data(ctx)->ks3, |
176 | (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), | |
6435f0f6 | 177 | EVP_CIPHER_CTX_encrypting(ctx)); |
0f113f3e MC |
178 | out[n / 8] = (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8))) |
179 | | ((d[0] & 0x80) >> (unsigned int)(n % 8)); | |
180 | } | |
8c6336b0 AP |
181 | |
182 | return 1; | |
0f113f3e | 183 | } |
8c6336b0 AP |
184 | |
185 | static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |
0f113f3e MC |
186 | const unsigned char *in, size_t inl) |
187 | { | |
188 | while (inl >= EVP_MAXCHUNK) { | |
189 | DES_ede3_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK, | |
190 | &data(ctx)->ks1, &data(ctx)->ks2, | |
7687f525 AP |
191 | &data(ctx)->ks3, |
192 | (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), | |
6435f0f6 | 193 | EVP_CIPHER_CTX_encrypting(ctx)); |
0f113f3e MC |
194 | inl -= EVP_MAXCHUNK; |
195 | in += EVP_MAXCHUNK; | |
196 | out += EVP_MAXCHUNK; | |
197 | } | |
b444ac3e | 198 | if (inl) |
0f113f3e MC |
199 | DES_ede3_cfb_encrypt(in, out, 8, (long)inl, |
200 | &data(ctx)->ks1, &data(ctx)->ks2, | |
7687f525 AP |
201 | &data(ctx)->ks3, |
202 | (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), | |
6435f0f6 | 203 | EVP_CIPHER_CTX_encrypting(ctx)); |
8c6336b0 | 204 | return 1; |
0f113f3e | 205 | } |
8c6336b0 | 206 | |
a6cd8707 | 207 | BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, |
0f113f3e MC |
208 | EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, |
209 | des_ede_init_key, NULL, NULL, NULL, des3_ctrl) | |
210 | # define des_ede3_cfb64_cipher des_ede_cfb64_cipher | |
211 | # define des_ede3_ofb_cipher des_ede_ofb_cipher | |
212 | # define des_ede3_cbc_cipher des_ede_cbc_cipher | |
213 | # define des_ede3_ecb_cipher des_ede_ecb_cipher | |
214 | BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, | |
215 | EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, | |
216 | des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) | |
217 | ||
218 | BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1, | |
219 | EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, | |
220 | des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) | |
221 | ||
222 | BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8, | |
223 | EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, | |
224 | des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) | |
8c6336b0 | 225 | |
1921eaad | 226 | static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
0f113f3e MC |
227 | const unsigned char *iv, int enc) |
228 | { | |
229 | DES_cblock *deskey = (DES_cblock *)key; | |
230 | DES_EDE_KEY *dat = data(ctx); | |
231 | ||
232 | dat->stream.cbc = NULL; | |
233 | # if defined(SPARC_DES_CAPABLE) | |
234 | if (SPARC_DES_CAPABLE) { | |
ecdd0ff7 | 235 | int mode = EVP_CIPHER_CTX_mode(ctx); |
0f113f3e MC |
236 | |
237 | if (mode == EVP_CIPH_CBC_MODE) { | |
238 | des_t4_key_expand(&deskey[0], &dat->ks1); | |
239 | des_t4_key_expand(&deskey[1], &dat->ks2); | |
240 | memcpy(&dat->ks3, &dat->ks1, sizeof(dat->ks1)); | |
241 | dat->stream.cbc = enc ? des_t4_ede3_cbc_encrypt : | |
242 | des_t4_ede3_cbc_decrypt; | |
243 | return 1; | |
244 | } | |
245 | } | |
246 | # endif | |
0f113f3e MC |
247 | DES_set_key_unchecked(&deskey[0], &dat->ks1); |
248 | DES_set_key_unchecked(&deskey[1], &dat->ks2); | |
0f113f3e MC |
249 | memcpy(&dat->ks3, &dat->ks1, sizeof(dat->ks1)); |
250 | return 1; | |
251 | } | |
d02b48c6 | 252 | |
1921eaad | 253 | static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
0f113f3e MC |
254 | const unsigned char *iv, int enc) |
255 | { | |
256 | DES_cblock *deskey = (DES_cblock *)key; | |
257 | DES_EDE_KEY *dat = data(ctx); | |
c5d975a7 | 258 | |
0f113f3e MC |
259 | dat->stream.cbc = NULL; |
260 | # if defined(SPARC_DES_CAPABLE) | |
261 | if (SPARC_DES_CAPABLE) { | |
ecdd0ff7 | 262 | int mode = EVP_CIPHER_CTX_mode(ctx); |
0f113f3e MC |
263 | |
264 | if (mode == EVP_CIPH_CBC_MODE) { | |
265 | des_t4_key_expand(&deskey[0], &dat->ks1); | |
266 | des_t4_key_expand(&deskey[1], &dat->ks2); | |
267 | des_t4_key_expand(&deskey[2], &dat->ks3); | |
268 | dat->stream.cbc = enc ? des_t4_ede3_cbc_encrypt : | |
269 | des_t4_ede3_cbc_decrypt; | |
270 | return 1; | |
271 | } | |
272 | } | |
273 | # endif | |
0f113f3e MC |
274 | DES_set_key_unchecked(&deskey[0], &dat->ks1); |
275 | DES_set_key_unchecked(&deskey[1], &dat->ks2); | |
276 | DES_set_key_unchecked(&deskey[2], &dat->ks3); | |
0f113f3e MC |
277 | return 1; |
278 | } | |
57ae2e24 | 279 | |
6435f0f6 | 280 | static int des3_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) |
0f113f3e MC |
281 | { |
282 | ||
283 | DES_cblock *deskey = ptr; | |
284 | ||
285 | switch (type) { | |
286 | case EVP_CTRL_RAND_KEY: | |
d91f4568 KR |
287 | if (ctx->drbg != NULL) { |
288 | if (RAND_DRBG_bytes(ctx->drbg, ptr, EVP_CIPHER_CTX_key_length(ctx)) == 0) | |
289 | return 0; | |
290 | } else if (RAND_bytes(ptr, EVP_CIPHER_CTX_key_length(ctx)) <= 0) { | |
0f113f3e | 291 | return 0; |
d91f4568 | 292 | } |
0f113f3e | 293 | DES_set_odd_parity(deskey); |
6435f0f6 | 294 | if (EVP_CIPHER_CTX_key_length(ctx) >= 16) |
0f113f3e | 295 | DES_set_odd_parity(deskey + 1); |
6435f0f6 | 296 | if (EVP_CIPHER_CTX_key_length(ctx) >= 24) |
0f113f3e MC |
297 | DES_set_odd_parity(deskey + 2); |
298 | return 1; | |
299 | ||
300 | default: | |
301 | return -1; | |
302 | } | |
303 | } | |
216659eb | 304 | |
13588350 | 305 | const EVP_CIPHER *EVP_des_ede(void) |
57ae2e24 | 306 | { |
0f113f3e | 307 | return &des_ede_ecb; |
57ae2e24 DSH |
308 | } |
309 | ||
13588350 | 310 | const EVP_CIPHER *EVP_des_ede3(void) |
57ae2e24 | 311 | { |
0f113f3e | 312 | return &des_ede3_ecb; |
57ae2e24 | 313 | } |
97cf1f6c | 314 | |
97cf1f6c | 315 | |
474e469b | 316 | # include <openssl/sha.h> |
97cf1f6c | 317 | |
0f113f3e MC |
318 | static const unsigned char wrap_iv[8] = |
319 | { 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 }; | |
97cf1f6c DSH |
320 | |
321 | static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out, | |
0f113f3e MC |
322 | const unsigned char *in, size_t inl) |
323 | { | |
324 | unsigned char icv[8], iv[8], sha1tmp[SHA_DIGEST_LENGTH]; | |
325 | int rv = -1; | |
326 | if (inl < 24) | |
327 | return -1; | |
7687f525 | 328 | if (out == NULL) |
0f113f3e | 329 | return inl - 16; |
6435f0f6 | 330 | memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), wrap_iv, 8); |
0f113f3e MC |
331 | /* Decrypt first block which will end up as icv */ |
332 | des_ede_cbc_cipher(ctx, icv, in, 8); | |
333 | /* Decrypt central blocks */ | |
334 | /* | |
335 | * If decrypting in place move whole output along a block so the next | |
336 | * des_ede_cbc_cipher is in place. | |
337 | */ | |
338 | if (out == in) { | |
339 | memmove(out, out + 8, inl - 8); | |
340 | in -= 8; | |
341 | } | |
342 | des_ede_cbc_cipher(ctx, out, in + 8, inl - 16); | |
343 | /* Decrypt final block which will be IV */ | |
344 | des_ede_cbc_cipher(ctx, iv, in + inl - 8, 8); | |
345 | /* Reverse order of everything */ | |
346 | BUF_reverse(icv, NULL, 8); | |
347 | BUF_reverse(out, NULL, inl - 16); | |
6435f0f6 | 348 | BUF_reverse(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 8); |
0f113f3e MC |
349 | /* Decrypt again using new IV */ |
350 | des_ede_cbc_cipher(ctx, out, out, inl - 16); | |
351 | des_ede_cbc_cipher(ctx, icv, icv, 8); | |
352 | /* Work out SHA1 hash of first portion */ | |
353 | SHA1(out, inl - 16, sha1tmp); | |
354 | ||
355 | if (!CRYPTO_memcmp(sha1tmp, icv, 8)) | |
356 | rv = inl - 16; | |
357 | OPENSSL_cleanse(icv, 8); | |
358 | OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH); | |
359 | OPENSSL_cleanse(iv, 8); | |
6435f0f6 | 360 | OPENSSL_cleanse(EVP_CIPHER_CTX_iv_noconst(ctx), 8); |
0f113f3e MC |
361 | if (rv == -1) |
362 | OPENSSL_cleanse(out, inl - 16); | |
363 | ||
364 | return rv; | |
365 | } | |
97cf1f6c DSH |
366 | |
367 | static int des_ede3_wrap(EVP_CIPHER_CTX *ctx, unsigned char *out, | |
0f113f3e MC |
368 | const unsigned char *in, size_t inl) |
369 | { | |
370 | unsigned char sha1tmp[SHA_DIGEST_LENGTH]; | |
7687f525 | 371 | if (out == NULL) |
0f113f3e MC |
372 | return inl + 16; |
373 | /* Copy input to output buffer + 8 so we have space for IV */ | |
374 | memmove(out + 8, in, inl); | |
375 | /* Work out ICV */ | |
376 | SHA1(in, inl, sha1tmp); | |
377 | memcpy(out + inl + 8, sha1tmp, 8); | |
378 | OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH); | |
379 | /* Generate random IV */ | |
d91f4568 KR |
380 | if (ctx->drbg != NULL) { |
381 | if (RAND_DRBG_bytes(ctx->drbg, EVP_CIPHER_CTX_iv_noconst(ctx), 8) == 0) | |
382 | return -1; | |
383 | } else if (RAND_bytes(EVP_CIPHER_CTX_iv_noconst(ctx), 8) <= 0) { | |
266483d2 | 384 | return -1; |
d91f4568 | 385 | } |
6435f0f6 | 386 | memcpy(out, EVP_CIPHER_CTX_iv_noconst(ctx), 8); |
0f113f3e MC |
387 | /* Encrypt everything after IV in place */ |
388 | des_ede_cbc_cipher(ctx, out + 8, out + 8, inl + 8); | |
389 | BUF_reverse(out, NULL, inl + 16); | |
6435f0f6 | 390 | memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), wrap_iv, 8); |
0f113f3e MC |
391 | des_ede_cbc_cipher(ctx, out, out, inl + 16); |
392 | return inl + 16; | |
393 | } | |
97cf1f6c DSH |
394 | |
395 | static int des_ede3_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |
0f113f3e MC |
396 | const unsigned char *in, size_t inl) |
397 | { | |
398 | /* | |
399 | * Sanity check input length: we typically only wrap keys so EVP_MAXCHUNK | |
400 | * is more than will ever be needed. Also input length must be a multiple | |
401 | * of 8 bits. | |
402 | */ | |
403 | if (inl >= EVP_MAXCHUNK || inl % 8) | |
404 | return -1; | |
7141ba31 MC |
405 | |
406 | if (is_partially_overlapping(out, in, inl)) { | |
407 | EVPerr(EVP_F_DES_EDE3_WRAP_CIPHER, EVP_R_PARTIALLY_OVERLAPPING); | |
408 | return 0; | |
409 | } | |
410 | ||
6435f0f6 | 411 | if (EVP_CIPHER_CTX_encrypting(ctx)) |
0f113f3e MC |
412 | return des_ede3_wrap(ctx, out, in, inl); |
413 | else | |
414 | return des_ede3_unwrap(ctx, out, in, inl); | |
415 | } | |
97cf1f6c DSH |
416 | |
417 | static const EVP_CIPHER des3_wrap = { | |
0f113f3e MC |
418 | NID_id_smime_alg_CMS3DESwrap, |
419 | 8, 24, 0, | |
420 | EVP_CIPH_WRAP_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER | |
421 | | EVP_CIPH_FLAG_DEFAULT_ASN1, | |
422 | des_ede3_init_key, des_ede3_wrap_cipher, | |
423 | NULL, | |
424 | sizeof(DES_EDE_KEY), | |
425 | NULL, NULL, NULL, NULL | |
426 | }; | |
97cf1f6c DSH |
427 | |
428 | const EVP_CIPHER *EVP_des_ede3_wrap(void) | |
0f113f3e MC |
429 | { |
430 | return &des3_wrap; | |
431 | } | |
97cf1f6c | 432 | |
d02f751c | 433 | #endif |