From patchwork Tue Oct 19 18:31:09 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: [Openvpn-devel,v3,03/21,OSSL,3.0] Implement DES ECB encrypt via EVP_CIPHER api X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2033 Message-Id: <20211019183127.614175-4-arne@rfc2549.org> To: openvpn-devel@lists.sourceforge.net Date: Tue, 19 Oct 2021 20:31:09 +0200 From: Arne Schwabe List-Id: Even though DES is super outdated and also NTLM is super outdated, eliminating the warnings for OpenSSL 3.0 is still a step in the right direction and using the correct APIs. Signed-off-by: Arne Schwabe Signed-off-by: Arne Schwabe <arne@rfc2549.org>
--- src/openvpn/crypto_openssl.c | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index 1c800df7f..021698f12 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -879,10 +879,26 @@ cipher_des_encrypt_ecb(const unsigned char key[DES_KEY_LENGTH], unsigned char src[DES_KEY_LENGTH], unsigned char dst[DES_KEY_LENGTH]) { - DES_key_schedule sched; + EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); + if (!ctx) + { + crypto_msg(M_FATAL, "%s: EVP_CIPHER_CTX_new() failed", __func__); + } + if (!EVP_EncryptInit_ex(ctx, EVP_bf_ecb(), NULL, key, 0)) + { + crypto_msg(M_FATAL, "%s: EVP_EncryptInit_ex() failed", __func__); + } - DES_set_key_unchecked((DES_cblock *)key, &sched); - DES_ecb_encrypt((DES_cblock *)src, (DES_cblock *)dst, &sched, DES_ENCRYPT); + int len; + if(!EVP_EncryptUpdate(ctx, dst, &len, src, DES_KEY_LENGTH)) + { + crypto_msg(M_FATAL, "%s: EVP_EncryptUpdate() failed", __func__); + } + + if (!EVP_EncryptFinal(ctx, dst + len, &len)) + { + crypto_msg(M_FATAL, "%s: EVP_EncryptFinal() failed", __func__); + } } /*