From: Pauli Date: Tue, 8 Nov 2022 22:51:55 +0000 (+1100) Subject: Put 3DES back into the FIPS provider as a non-approved algorithm X-Git-Tag: openssl-3.2.0-alpha1~1772 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a0ea8ac134e8f503876f19bdc04da69e8862f3a7;p=thirdparty%2Fopenssl.git Put 3DES back into the FIPS provider as a non-approved algorithm This reverts commit fc0bb3411bd0c6ca264f610303933d0bf4f4682c and changes how 3DES is advertised. Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19631) --- diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 19292fa9923..533d9d15980 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -37,8 +37,12 @@ static OSSL_FUNC_provider_gettable_params_fn fips_gettable_params; static OSSL_FUNC_provider_get_params_fn fips_get_params; static OSSL_FUNC_provider_query_operation_fn fips_query; -#define ALGC(NAMES, FUNC, CHECK) { { NAMES, FIPS_DEFAULT_PROPERTIES, FUNC }, CHECK } +#define ALGC(NAMES, FUNC, CHECK) \ + { { NAMES, FIPS_DEFAULT_PROPERTIES, FUNC }, CHECK } +#define UNAPPROVED_ALGC(NAMES, FUNC, CHECK) \ + { { NAMES, FIPS_UNAPPROVED_PROPERTIES, FUNC }, CHECK } #define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL) +#define UNAPPROVED_ALG(NAMES, FUNC) UNAPPROVED_ALGC(NAMES, FUNC, NULL) extern OSSL_FUNC_core_thread_start_fn *c_thread_start; int FIPS_security_check_enabled(OSSL_LIB_CTX *libctx); @@ -318,6 +322,10 @@ static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = { ossl_cipher_capable_aes_cbc_hmac_sha256), ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA256, ossl_aes256cbc_hmac_sha256_functions, ossl_cipher_capable_aes_cbc_hmac_sha256), +#ifndef OPENSSL_NO_DES + UNAPPROVED_ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions), + UNAPPROVED_ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions), +#endif /* OPENSSL_NO_DES */ { { NULL, NULL, NULL }, NULL } }; static OSSL_ALGORITHM exported_fips_ciphers[OSSL_NELEM(fips_ciphers)];