Clean up EVP macros, rename DES EDE3 modes correctly, temporary support for
authorBen Laurie <ben@openssl.org>
Sat, 21 Jul 2001 10:24:07 +0000 (10:24 +0000)
committerBen Laurie <ben@openssl.org>
Sat, 21 Jul 2001 10:24:07 +0000 (10:24 +0000)
OpenBSD /dev/crypto (this will be revamped later when the appropriate machinery
is available).

12 files changed:
CHANGES
Configure
crypto/evp/Makefile.ssl
crypto/evp/c_allc.c
crypto/evp/e_des3.c
crypto/evp/evp.h
crypto/evp/evp_locl.h
crypto/evp/openbsd_hw.c [new file with mode: 0644]
crypto/objects/obj_dat.h
crypto/objects/obj_mac.h
crypto/objects/obj_mac.num
crypto/objects/objects.txt

diff --git a/CHANGES b/CHANGES
index b1929ca..e4c1778 100644 (file)
--- a/CHANGES
+++ b/CHANGES
          *) applies to 0.9.6a/0.9.6b and 0.9.7
          +) applies to 0.9.7 only
 
+  +) Cleanup of EVP macros.
+     [Ben Laurie]
+
+  +) Change historical references to {NID,SN,LN}_des_ede and ede3 to add the
+     correct _ecb suffix.
+     [Ben Laurie]
+
   +) Add initial OCSP responder support to ocsp application. The
      revocation information is handled using the text based index
      use by the ca application. The responder can either handle
index 610336c..0954401 100755 (executable)
--- a/Configure
+++ b/Configure
@@ -133,6 +133,7 @@ my %table=(
 "purify",      "purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::",
 "debug",       "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::",
 "debug-ben",   "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::asm/bn86-elf.o asm/co86-elf.o",
+"debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
 "debug-ben-debug",     "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::::",
 "debug-ben-strict",    "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
 "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
index 0e7f2e1..7ad3e0e 100644 (file)
@@ -32,7 +32,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c \
        p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
        bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
        c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
-       evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c
+       evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c openbsd_hw.c
 
 LIBOBJ=        encode.o digest.o evp_enc.o evp_key.o \
        e_des.o e_bf.o e_idea.o e_des3.o \
@@ -43,7 +43,7 @@ LIBOBJ=       encode.o digest.o evp_enc.o evp_key.o \
        p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \
        bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \
        c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \
-       evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o
+       evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o openbsd_hw.o
 
 SRC= $(LIBSRC)
 
index 0fe5457..def53b6 100644 (file)
@@ -82,7 +82,11 @@ void OpenSSL_add_all_ciphers(void)
        EVP_add_cipher_alias(SN_des_cbc,"DES");
        EVP_add_cipher_alias(SN_des_cbc,"des");
        EVP_add_cipher(EVP_des_ede_cbc());
+# ifdef OPENSSL_OPENBSD_DEV_CRYPTO
+       EVP_add_cipher(EVP_dev_crypto_des_ede3_cbc());
+# else
        EVP_add_cipher(EVP_des_ede3_cbc());
+# endif
        EVP_add_cipher_alias(SN_des_ede3_cbc,"DES3");
        EVP_add_cipher_alias(SN_des_ede3_cbc,"des3");
 
index f9e20c8..b1b36ce 100644 (file)
@@ -119,15 +119,12 @@ static int des_ede_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
        return 1;
 }
 
-#define NID_des_ede_ecb NID_des_ede
-
 BLOCK_CIPHER_defs(des_ede, des_ede, NID_des_ede, 8, 16, 8,
                        0, des_ede_init_key, NULL, 
                        EVP_CIPHER_set_asn1_iv,
                        EVP_CIPHER_get_asn1_iv,
                        NULL)
 
-#define NID_des_ede3_ecb NID_des_ede3
 #define des_ede3_cfb_cipher des_ede_cfb_cipher
 #define des_ede3_ofb_cipher des_ede_ofb_cipher
 #define des_ede3_cbc_cipher des_ede_cbc_cipher
index 04cb709..93f9315 100644 (file)
@@ -453,6 +453,9 @@ struct evp_cipher_ctx_st
 #endif
 #ifndef OPENSSL_NO_AES
                RIJNDAEL_KEY rijndael;
+#endif
+#ifdef OPENSSL_OPENBSD_DEV_CRYPTO
+               struct session_op *dev_crypto;
 #endif
                } c;
        int final_used;
@@ -674,6 +677,9 @@ const EVP_CIPHER *EVP_des_cbc(void);
 const EVP_CIPHER *EVP_des_ede_cbc(void);
 const EVP_CIPHER *EVP_des_ede3_cbc(void);
 const EVP_CIPHER *EVP_desx_cbc(void);
+# ifdef OPENSSL_OPENBSD_DEV_CRYPTO
+const EVP_CIPHER *EVP_dev_crypto_des_ede3_cbc(void);
+# endif
 #endif
 #ifndef OPENSSL_NO_RC4
 const EVP_CIPHER *EVP_rc4(void);
index 91670b4..264e9ce 100644 (file)
@@ -101,6 +101,61 @@ static int cname##_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns
        BLOCK_CIPHER_func_ecb(cname, cprefix, kname) \
        BLOCK_CIPHER_func_ofb(cname, cprefix, kname)
 
+#define BLOCK_CIPHER_def1(cname, nmode, mode, MODE, kstruct, nid, block_size, \
+                         key_len, iv_len, flags, init_key, cleanup, \
+                         set_asn1, get_asn1, ctrl) \
+static const EVP_CIPHER cname##_##mode = { \
+       nid##_##nmode, block_size, key_len, iv_len, \
+       flags | EVP_CIPH_##MODE##_MODE, \
+       init_key, \
+       cname##_##mode##_cipher, \
+       cleanup, \
+       sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+               sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+       set_asn1, get_asn1,\
+       ctrl, \
+       NULL \
+}; \
+const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; }
+
+#define BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, \
+                            iv_len, flags, init_key, cleanup, set_asn1, \
+                            get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \
+                 iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
+
+#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, block_size, key_len, \
+                            iv_len, flags, init_key, cleanup, set_asn1, \
+                            get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, cfb64, cfb, CFB, kstruct, nid, block_size, key_len, \
+                 iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
+
+#define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, block_size, key_len, \
+                            iv_len, flags, init_key, cleanup, set_asn1, \
+                            get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, ofb64, ofb, OFB, kstruct, nid, block_size, key_len, \
+                 iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
+
+#define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \
+                            iv_len, flags, init_key, cleanup, set_asn1, \
+                            get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \
+                 iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
+
+#define BLOCK_CIPHER_defs(cname, kstruct, \
+                         nid, block_size, key_len, iv_len, flags, \
+                         init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
+                    init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_cfb(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
+                    init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_ofb(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
+                    init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
+                    init_key, cleanup, set_asn1, get_asn1, ctrl)
+
+
+/*
 #define BLOCK_CIPHER_defs(cname, kstruct, \
                                nid, block_size, key_len, iv_len, flags,\
                                 init_key, cleanup, set_asn1, get_asn1, ctrl)\
@@ -156,7 +211,7 @@ static const EVP_CIPHER cname##_ecb = {\
        NULL \
 };\
 const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }
-
+*/
 
 
 #define IMPLEMENT_BLOCK_CIPHER(cname, kname, cprefix, kstruct, \
diff --git a/crypto/evp/openbsd_hw.c b/crypto/evp/openbsd_hw.c
new file mode 100644 (file)
index 0000000..012856a
--- /dev/null
@@ -0,0 +1,190 @@
+/*
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <fcntl.h>
+#include <stdio.h>
+#include <errno.h>
+#include <sys/ioctl.h>
+#include <crypto/cryptodev.h>
+#include <unistd.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include "evp_locl.h"
+#include <assert.h>
+
+// longest key supported in hardware
+#define MAX_HW_KEY     24
+
+static int fd;
+static int dev_failed;
+
+static void err(const char *str)
+    {
+    fprintf(stderr,"%s: errno %d\n",str,errno);
+    }
+
+static int dev_crypto_init(EVP_CIPHER_CTX *ctx)
+    {
+    if(dev_failed)
+       return 0;
+    if(!fd)
+       {
+       int cryptodev_fd;
+
+        if ((cryptodev_fd=open("/dev/crypto",O_RDWR,0)) < 0)
+           {
+           err("/dev/crypto");
+           dev_failed=1;
+           return 0;
+           }
+        if (ioctl(cryptodev_fd,CRIOGET,&fd) == -1)
+           {
+           err("CRIOGET failed");
+           close(cryptodev_fd);
+           dev_failed=1;
+           return 0;
+           }
+       close(cryptodev_fd);
+       }
+    if(!ctx->c.dev_crypto)
+       {
+       ctx->c.dev_crypto=OPENSSL_malloc(sizeof *ctx->c.dev_crypto);
+       memset(ctx->c.dev_crypto,'\0',sizeof *ctx->c.dev_crypto);
+       ctx->c.dev_crypto->key=OPENSSL_malloc(MAX_HW_KEY);
+       }
+    
+    return 1;
+    }
+
+static int dev_crypto_cleanup(EVP_CIPHER_CTX *ctx)
+    {
+    if(ioctl(fd,CIOCFSESSION,ctx->c.dev_crypto->ses) == -1)
+       err("CIOCFSESSION failed");
+
+    OPENSSL_free(ctx->c.dev_crypto->key);
+    OPENSSL_free(ctx->c.dev_crypto);
+    ctx->c.dev_crypto=NULL;
+
+    return 1;
+    }
+
+// FIXME: there should be some non-fatal way to report we fell back to s/w?
+static int dev_crypto_des_ede3_init_key(EVP_CIPHER_CTX *ctx,
+                                       const unsigned char *key,
+                                       const unsigned char *iv, int enc)
+    {
+    if(!dev_crypto_init(ctx))
+       {
+       // fall back to using software...
+       ctx->cipher=EVP_des_ede3_cbc();
+       return ctx->cipher->init(ctx,key,iv,enc);
+       }
+    memcpy(ctx->c.dev_crypto->key,key,24);
+    
+    ctx->c.dev_crypto->cipher=CRYPTO_3DES_CBC;
+    ctx->c.dev_crypto->mac=0;
+    ctx->c.dev_crypto->keylen=24;
+
+    if (ioctl(fd,CIOCGSESSION,ctx->c.dev_crypto) == -1)
+       {
+       err("CIOCGSESSION failed");
+       // fall back to using software...
+       dev_crypto_cleanup(ctx);
+       ctx->cipher=EVP_des_ede3_cbc();
+       return ctx->cipher->init(ctx,key,iv,enc);
+       }
+    return 1;
+    }
+
+static int dev_crypto_des_ede3_cbc_cipher(EVP_CIPHER_CTX *ctx, 
+                                         unsigned char *out,
+                                         const unsigned char *in,
+                                         unsigned int inl)
+    {
+    struct crypt_op cryp;
+    unsigned char lb[8];
+
+    assert(ctx->c.dev_crypto);
+    assert(!dev_failed);
+
+    memset(&cryp,'\0',sizeof cryp);
+    cryp.ses=ctx->c.dev_crypto->ses;
+    cryp.op=ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
+    cryp.flags=0;
+    //    cryp.len=((inl+7)/8)*8;
+    cryp.len=inl;
+    assert((inl&7) == 0);
+    cryp.src=(caddr_t)in;
+    cryp.dst=(caddr_t)out;
+    cryp.mac=0;
+    cryp.iv=(caddr_t)ctx->iv;
+
+    if(!ctx->encrypt)
+       memcpy(lb,&in[cryp.len-8],8);
+
+    if (ioctl(fd, CIOCCRYPT, &cryp) == -1)
+       {
+       err("CIOCCRYPT failed");
+       abort();
+       return 0;
+       }
+
+    if(ctx->encrypt)
+       memcpy(ctx->iv,&out[cryp.len-8],8);
+    else
+       memcpy(ctx->iv,lb,8);
+
+    return 1;
+    }
+
+BLOCK_CIPHER_def_cbc(dev_crypto_des_ede3, des_ede,NID_des_ede3, 8, 24, 8,
+                    0, dev_crypto_des_ede3_init_key,
+                    dev_crypto_cleanup, 
+                    EVP_CIPHER_set_asn1_iv,
+                    EVP_CIPHER_get_asn1_iv,
+                    NULL)
index 17c806c..8e731bd 100644 (file)
@@ -99,7 +99,7 @@ static unsigned char lvalues[3792]={
 0x2B,0x0E,0x03,0x02,0x06,                    /* [187] OBJ_des_ecb */
 0x2B,0x0E,0x03,0x02,0x09,                    /* [192] OBJ_des_cfb64 */
 0x2B,0x0E,0x03,0x02,0x07,                    /* [197] OBJ_des_cbc */
-0x2B,0x0E,0x03,0x02,0x11,                    /* [202] OBJ_des_ede */
+0x2B,0x0E,0x03,0x02,0x11,                    /* [202] OBJ_des_ede_ecb */
 0x2B,0x06,0x01,0x04,0x01,0x81,0x3C,0x07,0x01,0x01,0x02,/* [207] OBJ_idea_cbc */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x02,     /* [218] OBJ_rc2_cbc */
 0x2B,0x0E,0x03,0x02,0x12,                    /* [226] OBJ_sha */
@@ -578,8 +578,8 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 {"DES-ECB","des-ecb",NID_des_ecb,5,&(lvalues[187]),0},
 {"DES-CFB","des-cfb",NID_des_cfb64,5,&(lvalues[192]),0},
 {"DES-CBC","des-cbc",NID_des_cbc,5,&(lvalues[197]),0},
-{"DES-EDE","des-ede",NID_des_ede,5,&(lvalues[202]),0},
-{"DES-EDE3","des-ede3",NID_des_ede3,0,NULL},
+{"DES-EDE","des-ede",NID_des_ede_ecb,5,&(lvalues[202]),0},
+{"DES-EDE3","des-ede3",NID_des_ede3_ecb,0,NULL},
 {"IDEA-CBC","idea-cbc",NID_idea_cbc,11,&(lvalues[207]),0},
 {"IDEA-CFB","idea-cfb",NID_idea_cfb64,0,NULL},
 {"IDEA-ECB","idea-ecb",NID_idea_ecb,0,NULL},
@@ -2345,7 +2345,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[67]),/* OBJ_dsa_2                        1 3 14 3 2 12 */
 &(nid_objs[66]),/* OBJ_dsaWithSHA                   1 3 14 3 2 13 */
 &(nid_objs[42]),/* OBJ_shaWithRSAEncryption         1 3 14 3 2 15 */
-&(nid_objs[32]),/* OBJ_des_ede                      1 3 14 3 2 17 */
+&(nid_objs[32]),/* OBJ_des_ede_ecb                  1 3 14 3 2 17 */
 &(nid_objs[41]),/* OBJ_sha                          1 3 14 3 2 18 */
 &(nid_objs[64]),/* OBJ_sha1                         1 3 14 3 2 26 */
 &(nid_objs[70]),/* OBJ_dsaWithSHA1_2                1 3 14 3 2 27 */
index cd114a2..725efdb 100644 (file)
 #define NID_shaWithRSAEncryption               42
 #define OBJ_shaWithRSAEncryption               OBJ_algorithm,15L
 
-#define SN_des_ede             "DES-EDE"
-#define LN_des_ede             "des-ede"
-#define NID_des_ede            32
-#define OBJ_des_ede            OBJ_algorithm,17L
-
-#define SN_des_ede3            "DES-EDE3"
-#define LN_des_ede3            "des-ede3"
-#define NID_des_ede3           33
+#define SN_des_ede_ecb         "DES-EDE"
+#define LN_des_ede_ecb         "des-ede"
+#define NID_des_ede_ecb                32
+#define OBJ_des_ede_ecb                OBJ_algorithm,17L
+
+#define SN_des_ede3_ecb                "DES-EDE3"
+#define LN_des_ede3_ecb                "des-ede3"
+#define NID_des_ede3_ecb               33
 
 #define SN_des_ede_cbc         "DES-EDE-CBC"
 #define LN_des_ede_cbc         "des-ede-cbc"
index 362bdb7..b286543 100644 (file)
@@ -30,8 +30,8 @@ dhKeyAgreement                28
 des_ecb                29
 des_cfb64              30
 des_cbc                31
-des_ede                32
-des_ede3               33
+des_ede_ecb            32
+des_ede3_ecb           33
 idea_cbc               34
 idea_cfb64             35
 idea_ecb               36
index 86d337d..59e283b 100644 (file)
@@ -486,7 +486,9 @@ algorithm 11                : rsaSignature
 algorithm 12           : DSA-old               : dsaEncryption-old
 algorithm 13           : DSA-SHA               : dsaWithSHA
 algorithm 15           : RSA-SHA               : shaWithRSAEncryption
+!Cname des-ede-ecb
 algorithm 17           : DES-EDE               : des-ede
+!Cname des-ede3-ecb
                        : DES-EDE3              : des-ede3
                        : DES-EDE-CBC           : des-ede-cbc
 !Cname des-ede-cfb64