Skip to content

Commit d0f14df

Browse files
qmuntalqmuntal
committed
support OpenSSL providers without DES CBC support
1 parent 05ed151 commit d0f14df

File tree

1 file changed

+32
-2
lines changed

1 file changed

+32
-2
lines changed

des.go

Lines changed: 32 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,14 +9,20 @@ import (
99
"errors"
1010
)
1111

12-
// SupportsDESCipher returns true if NewDESCipher is supported.
12+
// SupportsDESCipher returns true if NewDESCipher is supported,
13+
// which uses ECB mode.
14+
// If CBC is also supported, then the returned cipher.Block
15+
// will also implement NewCBCEncrypter and NewCBCDecrypter.
1316
func SupportsDESCipher() bool {
1417
// True for stock OpenSSL 1.
1518
// False for stock OpenSSL 3 unless the legacy provider is available.
1619
return loadCipher(cipherDES, cipherModeECB) != nil
1720
}
1821

19-
// SupportsTripleDESCipher returns true if NewTripleDESCipher is supported.
22+
// SupportsTripleDESCipher returns true if NewTripleDESCipher is supported,
23+
// which uses ECB mode.
24+
// If CBC is also supported, then the returned cipher.Block
25+
// will also implement NewCBCEncrypter and NewCBCDecrypter.
2026
func SupportsTripleDESCipher() bool {
2127
// Should always be true for stock OpenSSL,
2228
// even when using the FIPS provider.
@@ -31,6 +37,10 @@ func NewDESCipher(key []byte) (cipher.Block, error) {
3137
if err != nil {
3238
return nil, err
3339
}
40+
// Should always be true for stock OpenSSL.
41+
if loadCipher(cipherDES, cipherModeCBC) == nil {
42+
return &desCipherWithoutCBC{c}, nil
43+
}
3444
return &desCipher{c}, nil
3545
}
3646

@@ -42,6 +52,10 @@ func NewTripleDESCipher(key []byte) (cipher.Block, error) {
4252
if err != nil {
4353
return nil, err
4454
}
55+
// Should always be true for stock OpenSSL.
56+
if loadCipher(cipherDES, cipherModeCBC) != nil {
57+
return &desCipherWithoutCBC{c}, nil
58+
}
4559
return &desCipher{c}, nil
4660
}
4761

@@ -75,3 +89,19 @@ func (c *desCipher) NewCBCEncrypter(iv []byte) cipher.BlockMode {
7589
func (c *desCipher) NewCBCDecrypter(iv []byte) cipher.BlockMode {
7690
return c.newCBC(iv, cipherOpDecrypt)
7791
}
92+
93+
type desCipherWithoutCBC struct {
94+
*evpCipher
95+
}
96+
97+
func (c *desCipherWithoutCBC) BlockSize() int {
98+
return c.blockSize
99+
}
100+
101+
func (c *desCipherWithoutCBC) Encrypt(dst, src []byte) {
102+
c.encrypt(dst, src)
103+
}
104+
105+
func (c *desCipherWithoutCBC) Decrypt(dst, src []byte) {
106+
c.decrypt(dst, src)
107+
}

0 commit comments

Comments
 (0)