From a0ea8ac134e8f503876f19bdc04da69e8862f3a7 Mon Sep 17 00:00:00 2001 From: Pauli Date: Wed, 9 Nov 2022 09:51:55 +1100 Subject: [PATCH] Put 3DES back into the FIPS provider as a non-approved algorithm This reverts commit fc0bb3411bd0c6ca264f610303933d0bf4f4682c and changes how 3DES is advertised. Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19631) --- providers/fips/fipsprov.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 19292fa9923..533d9d15980 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -37,8 +37,12 @@ static OSSL_FUNC_provider_gettable_params_fn fips_gettable_params; static OSSL_FUNC_provider_get_params_fn fips_get_params; static OSSL_FUNC_provider_query_operation_fn fips_query; -#define ALGC(NAMES, FUNC, CHECK) { { NAMES, FIPS_DEFAULT_PROPERTIES, FUNC }, CHECK } +#define ALGC(NAMES, FUNC, CHECK) \ + { { NAMES, FIPS_DEFAULT_PROPERTIES, FUNC }, CHECK } +#define UNAPPROVED_ALGC(NAMES, FUNC, CHECK) \ + { { NAMES, FIPS_UNAPPROVED_PROPERTIES, FUNC }, CHECK } #define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL) +#define UNAPPROVED_ALG(NAMES, FUNC) UNAPPROVED_ALGC(NAMES, FUNC, NULL) extern OSSL_FUNC_core_thread_start_fn *c_thread_start; int FIPS_security_check_enabled(OSSL_LIB_CTX *libctx); @@ -318,6 +322,10 @@ static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = { ossl_cipher_capable_aes_cbc_hmac_sha256), ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA256, ossl_aes256cbc_hmac_sha256_functions, ossl_cipher_capable_aes_cbc_hmac_sha256), +#ifndef OPENSSL_NO_DES + UNAPPROVED_ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions), + UNAPPROVED_ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions), +#endif /* OPENSSL_NO_DES */ { { NULL, NULL, NULL }, NULL } }; static OSSL_ALGORITHM exported_fips_ciphers[OSSL_NELEM(fips_ciphers)]; -- 2.47.3