diff options
author | Pauli <pauli@openssl.org> | 2022-11-09 09:51:55 +1100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2022-11-10 12:25:04 +0100 |
commit | a0ea8ac134e8f503876f19bdc04da69e8862f3a7 (patch) | |
tree | 9e4fc302c024e426d41cad71b86dc1ab809cd3c2 | |
parent | 2a5c0d93cfe65b5fbb9bd91ec62371256eb26e12 (diff) |
Put 3DES back into the FIPS provider as a non-approved algorithm
This reverts commit fc0bb3411bd0c6ca264f610303933d0bf4f4682c and changes
how 3DES is advertised.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19631)
-rw-r--r-- | providers/fips/fipsprov.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 19292fa992..533d9d1598 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -37,8 +37,12 @@ static OSSL_FUNC_provider_gettable_params_fn fips_gettable_params; static OSSL_FUNC_provider_get_params_fn fips_get_params; static OSSL_FUNC_provider_query_operation_fn fips_query; -#define ALGC(NAMES, FUNC, CHECK) { { NAMES, FIPS_DEFAULT_PROPERTIES, FUNC }, CHECK } +#define ALGC(NAMES, FUNC, CHECK) \ + { { NAMES, FIPS_DEFAULT_PROPERTIES, FUNC }, CHECK } +#define UNAPPROVED_ALGC(NAMES, FUNC, CHECK) \ + { { NAMES, FIPS_UNAPPROVED_PROPERTIES, FUNC }, CHECK } #define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL) +#define UNAPPROVED_ALG(NAMES, FUNC) UNAPPROVED_ALGC(NAMES, FUNC, NULL) extern OSSL_FUNC_core_thread_start_fn *c_thread_start; int FIPS_security_check_enabled(OSSL_LIB_CTX *libctx); @@ -318,6 +322,10 @@ static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = { ossl_cipher_capable_aes_cbc_hmac_sha256), ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA256, ossl_aes256cbc_hmac_sha256_functions, ossl_cipher_capable_aes_cbc_hmac_sha256), +#ifndef OPENSSL_NO_DES + UNAPPROVED_ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions), + UNAPPROVED_ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions), +#endif /* OPENSSL_NO_DES */ { { NULL, NULL, NULL }, NULL } }; static OSSL_ALGORITHM exported_fips_ciphers[OSSL_NELEM(fips_ciphers)]; |