des: prevent error when using two key triple DES with a random key

Two key 3DES only sets two keys and the random generation errors out if fewer than three keys are required. It shouldn't. Fixes #20212 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20224)
author: Pauli <pauli@openssl.org> 2023-02-07 09:29:57 +1100
committer: Pauli <pauli@openssl.org> 2023-02-08 21:54:24 +1100
commit: 587e0407803af330c0b04238fcbce78521ce35d7 (patch)
tree: beb4a8ffb8f31e880c09bf6b149f29ef9ec6bdde /providers
parent: ae08ed08e49b945d516294106fa185bb136669b2 (diff)
download: openssl-new-587e0407803af330c0b04238fcbce78521ce35d7.tar.gz
1 files changed, 4 insertions, 5 deletions
diff --git a/providers/implementations/ciphers/cipher_tdes_common.c b/providers/implementations/ciphers/cipher_tdes_common.c
index 2e611df901..c688b990a0 100644
--- a/providers/implementations/ciphers/cipher_tdes_common.c
+++ b/providers/implementations/ciphers/cipher_tdes_common.c
@@ -121,13 +121,12 @@ static int tdes_generatekey(PROV_CIPHER_CTX *ctx, void *ptr)
     if (kl == 0 || RAND_priv_bytes_ex(ctx->libctx, ptr, kl, 0) <= 0)
         return 0;
     DES_set_odd_parity(deskey);
-    if (kl >= 16)
+    if (kl >= 16) {
         DES_set_odd_parity(deskey + 1);
-    if (kl >= 24) {
-        DES_set_odd_parity(deskey + 2);
-        return 1;
+        if (kl >= 24)
+            DES_set_odd_parity(deskey + 2);
     }
-    return 0;
+    return 1;
 }
 
 int ossl_tdes_get_ctx_params(void *vctx, OSSL_PARAM params[])
author	Pauli <pauli@openssl.org>	2023-02-07 09:29:57 +1100
committer	Pauli <pauli@openssl.org>	2023-02-08 21:54:24 +1100
commit	587e0407803af330c0b04238fcbce78521ce35d7 (patch)
tree	beb4a8ffb8f31e880c09bf6b149f29ef9ec6bdde /providers
parent	ae08ed08e49b945d516294106fa185bb136669b2 (diff)
download	openssl-new-587e0407803af330c0b04238fcbce78521ce35d7.tar.gz