From: Richard Levitte Date: Thu, 23 May 2019 01:39:15 +0000 (+0200) Subject: Adapt existing providers to posibly have name lists X-Git-Tag: openssl-3.0.0-alpha1~1213 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=df553b79419230d698d221919c7ceec68aa8c6c6;p=oweals%2Fopenssl.git Adapt existing providers to posibly have name lists Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/8985) --- diff --git a/providers/default/defltprov.c b/providers/default/defltprov.c index bcb897ba1c..6f37f7ef6b 100644 --- a/providers/default/defltprov.c +++ b/providers/default/defltprov.c @@ -50,16 +50,43 @@ static int deflt_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]) return 1; } +/* + * For the algorithm names, we use the following formula for our primary + * names: + * + * ALGNAME[VERSION?][-SUBNAME[VERSION?]?][-SIZE?][-MODE?] + * + * VERSION is only present if there are multiple versions of + * an alg (MD2, MD4, MD5). It may be omitted if there is only + * one version (if a subsequent version is released in the future, + * we can always change the canonical name, and add the old name + * as an alias). + * + * SUBNAME may be present where we are combining multiple + * algorithms together, e.g. MD5-SHA1. + * + * SIZE is only present if multiple versions of an algorithm exist + * with different sizes (e.g. AES-128-CBC, AES-256-CBC) + * + * MODE is only present where applicable. + * + * We add diverse other names where applicable, such as the names that + * NIST uses, or that are used for ASN.1 OBJECT IDENTIFIERs, or names + * we have used historically. + */ static const OSSL_ALGORITHM deflt_digests[] = { - { "SHA1", "default=yes", sha1_functions }, - - { "SHA224", "default=yes", sha224_functions }, - { "SHA256", "default=yes", sha256_functions }, - { "SHA384", "default=yes", sha384_functions }, - { "SHA512", "default=yes", sha512_functions }, - { "SHA512-224", "default=yes", sha512_224_functions }, - { "SHA512-256", "default=yes", sha512_256_functions }, + /* Our primary name:NIST name[:our older names] */ + { "SHA1:SHA-1", "default=yes", sha1_functions }, + { "SHA2-224:SHA-224:SHA224", "default=yes", sha224_functions }, + { "SHA2-256:SHA-256:SHA256", "default=yes", sha256_functions }, + { "SHA2-384:SHA-384:SHA384", "default=yes", sha384_functions }, + { "SHA2-512:SHA-512:SHA512", "default=yes", sha512_functions }, + { "SHA2-512/224:SHA-512/224:SHA512-224", "default=yes", + sha512_224_functions }, + { "SHA2-512/256:SHA-512/256:SHA512-256", "default=yes", + sha512_256_functions }, + /* We agree with NIST here, so one name only */ { "SHA3-224", "default=yes", sha3_224_functions }, { "SHA3-256", "default=yes", sha3_256_functions }, { "SHA3-384", "default=yes", sha3_384_functions }, @@ -72,12 +99,20 @@ static const OSSL_ALGORITHM deflt_digests[] = { { "KECCAK_KMAC128", "default=yes", keccak_kmac_128_functions }, { "KECCAK_KMAC256", "default=yes", keccak_kmac_256_functions }, - { "SHAKE128", "default=yes", shake_128_functions }, - { "SHAKE256", "default=yes", shake_256_functions }, + /* Our primary name:NIST name */ + { "SHAKE-128:SHAKE128", "default=yes", shake_128_functions }, + { "SHAKE-256:SHAKE256", "default=yes", shake_256_functions }, #ifndef OPENSSL_NO_BLAKE2 - { "BLAKE2s256", "default=yes", blake2s256_functions }, - { "BLAKE2b512", "default=yes", blake2b512_functions }, + /* + * https://blake2.net/ doesn't specify size variants, + * but mentions that Bouncy Castle uses the names + * BLAKE2b-160, BLAKE2b-256, BLAKE2b-384, and BLAKE2b-512 + * If we assume that "2b" and "2s" are versions, that pattern + * fits with ours. We also add our historical names. + */ + { "BLAKE2s-256:BLAKE2s256", "default=yes", blake2s256_functions }, + { "BLAKE2b-512:BLAKE2b512", "default=yes", blake2b512_functions }, #endif /* OPENSSL_NO_BLAKE2 */ #ifndef OPENSSL_NO_SM3 @@ -121,19 +156,24 @@ static const OSSL_ALGORITHM deflt_ciphers[] = { { "AES-192-OCB", "default=yes", aes192ocb_functions }, { "AES-128-OCB", "default=yes", aes128ocb_functions }, #endif /* OPENSSL_NO_OCB */ -/* TODO(3.0) Add aliases when they are supported */ - { "id-aes256-GCM", "default=yes", aes256gcm_functions }, - { "id-aes192-GCM", "default=yes", aes192gcm_functions }, - { "id-aes128-GCM", "default=yes", aes128gcm_functions }, - { "id-aes256-CCM", "default=yes", aes256ccm_functions }, - { "id-aes192-CCM", "default=yes", aes192ccm_functions }, - { "id-aes128-CCM", "default=yes", aes128ccm_functions }, - { "id-aes256-wrap", "default=yes", aes256wrap_functions }, - { "id-aes192-wrap", "default=yes", aes192wrap_functions }, - { "id-aes128-wrap", "default=yes", aes128wrap_functions }, - { "id-aes256-wrap-pad", "default=yes", aes256wrappad_functions }, - { "id-aes192-wrap-pad", "default=yes", aes192wrappad_functions }, - { "id-aes128-wrap-pad", "default=yes", aes128wrappad_functions }, + { "AES-256-GCM:id-aes256-GCM", "default=yes", aes256gcm_functions }, + { "AES-192-GCM:id-aes192-GCM", "default=yes", aes192gcm_functions }, + { "AES-128-GCM:id-aes128-GCM", "default=yes", aes128gcm_functions }, + { "AES-256-CCM:id-aes256-CCM", "default=yes", aes256ccm_functions }, + { "AES-192-CCM:id-aes192-CCM", "default=yes", aes192ccm_functions }, + { "AES-128-CCM:id-aes128-CCM", "default=yes", aes128ccm_functions }, + { "AES-256-WRAP:id-aes256-wrap:AES256-WRAP", "default=yes", + aes256wrap_functions }, + { "AES-192-WRAP:id-aes192-wrap:AES192-WRAP", "default=yes", + aes192wrap_functions }, + { "AES-128-WRAP:id-aes128-wrap:AES128-WRAP", "default=yes", + aes128wrap_functions }, + { "AES-256-WRAP-PAD:id-aes256-wrap-pad:AES256-WRAP-PAD", "default=yes", + aes256wrappad_functions }, + { "AES-192-WRAP-PAD:id-aes192-wrap-pad:AES192-WRAP-PAD", "default=yes", + aes192wrappad_functions }, + { "AES-128-WRAP-PAD:id-aes128-wrap-pad:AES128-WRAP-PAD", "default=yes", + aes128wrappad_functions }, #ifndef OPENSSL_NO_ARIA { "ARIA-256-GCM", "default=yes", aria256gcm_functions }, { "ARIA-192-GCM", "default=yes", aria192gcm_functions }, @@ -144,9 +184,9 @@ static const OSSL_ALGORITHM deflt_ciphers[] = { { "ARIA-256-ECB", "default=yes", aria256ecb_functions }, { "ARIA-192-ECB", "default=yes", aria192ecb_functions }, { "ARIA-128-ECB", "default=yes", aria128ecb_functions }, - { "ARIA-256-CBC", "default=yes", aria256cbc_functions }, - { "ARIA-192-CBC", "default=yes", aria192cbc_functions }, - { "ARIA-128-CBC", "default=yes", aria128cbc_functions }, + { "ARIA-256-CBC:ARIA256", "default=yes", aria256cbc_functions }, + { "ARIA-192-CBC:ARIA192", "default=yes", aria192cbc_functions }, + { "ARIA-128-CBC:ARIA128", "default=yes", aria128cbc_functions }, { "ARIA-256-OFB", "default=yes", aria256ofb_functions }, { "ARIA-192-OFB", "default=yes", aria192ofb_functions }, { "ARIA-128-OFB", "default=yes", aria128ofb_functions }, @@ -167,9 +207,9 @@ static const OSSL_ALGORITHM deflt_ciphers[] = { { "CAMELLIA-256-ECB", "default=yes", camellia256ecb_functions }, { "CAMELLIA-192-ECB", "default=yes", camellia192ecb_functions }, { "CAMELLIA-128-ECB", "default=yes", camellia128ecb_functions }, - { "CAMELLIA-256-CBC", "default=yes", camellia256cbc_functions }, - { "CAMELLIA-192-CBC", "default=yes", camellia192cbc_functions }, - { "CAMELLIA-128-CBC", "default=yes", camellia128cbc_functions }, + { "CAMELLIA-256-CBC:CAMELLIA256", "default=yes", camellia256cbc_functions }, + { "CAMELLIA-192-CBC:CAMELLIA192", "default=yes", camellia192cbc_functions }, + { "CAMELLIA-128-CBC:CAMELLIA128", "default=yes", camellia128cbc_functions }, { "CAMELLIA-256-OFB", "default=yes", camellia256ofb_functions }, { "CAMELLIA-192-OFB", "default=yes", camellia192ofb_functions }, { "CAMELLIA-128-OFB", "default=yes", camellia128ofb_functions }, @@ -187,20 +227,20 @@ static const OSSL_ALGORITHM deflt_ciphers[] = { { "CAMELLIA-128-CTR", "default=yes", camellia128ctr_functions }, #endif /* OPENSSL_NO_CAMELLIA */ #ifndef OPENSSL_NO_DES - { "DES-EDE3", "default=yes", tdes_ede3_ecb_functions }, - { "DES-EDE3-CBC", "default=yes", tdes_ede3_cbc_functions }, + { "DES-EDE3-ECB:DES-EDE3", "default=yes", tdes_ede3_ecb_functions }, + { "DES-EDE3-CBC:DES3", "default=yes", tdes_ede3_cbc_functions }, { "DES-EDE3-OFB", "default=yes", tdes_ede3_ofb_functions }, { "DES-EDE3-CFB", "default=yes", tdes_ede3_cfb_functions }, { "DES-EDE3-CFB8", "default=yes", tdes_ede3_cfb8_functions }, { "DES-EDE3-CFB1", "default=yes", tdes_ede3_cfb1_functions }, - { "DES-EDE", "default=yes", tdes_ede2_ecb_functions }, + { "DES-EDE-ECB:DES-EDE", "default=yes", tdes_ede2_ecb_functions }, { "DES-EDE-CBC", "default=yes", tdes_ede2_cbc_functions }, { "DES-EDE-OFB", "default=yes", tdes_ede2_ofb_functions }, { "DES-EDE-CFB", "default=yes", tdes_ede2_cfb_functions }, - { "DESX-CBC", "default=yes", tdes_desx_cbc_functions }, - { "id-smime-alg-CMS3DESwrap", "default=yes", tdes_wrap_cbc_functions }, + { "DESX-CBC:DESX", "default=yes", tdes_desx_cbc_functions }, + { "DES3-WRAP:id-smime-alg-CMS3DESwrap", "default=yes", tdes_wrap_cbc_functions }, { "DES-ECB", "default=yes", des_ecb_functions }, - { "DES-CBC", "default=yes", des_cbc_functions }, + { "DES-CBC:DES", "default=yes", des_cbc_functions }, { "DES-OFB", "default=yes", des_ofb64_functions }, { "DES-CFB", "default=yes", des_cfb64_functions }, { "DES-CFB1", "default=yes", des_cfb1_functions }, @@ -208,34 +248,34 @@ static const OSSL_ALGORITHM deflt_ciphers[] = { #endif /* OPENSSL_NO_DES */ #ifndef OPENSSL_NO_BF { "BF-ECB", "default=yes", blowfish128ecb_functions }, - { "BF-CBC", "default=yes", blowfish128cbc_functions }, + { "BF-CBC:BF:BLOWFISH", "default=yes", blowfish128cbc_functions }, { "BF-OFB", "default=yes", blowfish64ofb64_functions }, { "BF-CFB", "default=yes", blowfish64cfb64_functions }, #endif /* OPENSSL_NO_BF */ #ifndef OPENSSL_NO_IDEA { "IDEA-ECB", "default=yes", idea128ecb_functions }, - { "IDEA-CBC", "default=yes", idea128cbc_functions }, - { "IDEA-OFB", "default=yes", idea128ofb64_functions }, - { "IDEA-CFB", "default=yes", idea128cfb64_functions }, + { "IDEA-CBC:IDEA", "default=yes", idea128cbc_functions }, + { "IDEA-OFB:IDEA-OFB64", "default=yes", idea128ofb64_functions }, + { "IDEA-CFB:IDEA-CFB64", "default=yes", idea128cfb64_functions }, #endif /* OPENSSL_NO_IDEA */ #ifndef OPENSSL_NO_CAST { "CAST5-ECB", "default=yes", cast5128ecb_functions }, - { "CAST5-CBC", "default=yes", cast5128cbc_functions }, + { "CAST5-CBC:CAST-CBC:CAST", "default=yes", cast5128cbc_functions }, { "CAST5-OFB", "default=yes", cast564ofb64_functions }, { "CAST5-CFB", "default=yes", cast564cfb64_functions }, #endif /* OPENSSL_NO_CAST */ #ifndef OPENSSL_NO_SEED { "SEED-ECB", "default=yes", seed128ecb_functions }, - { "SEED-CBC", "default=yes", seed128cbc_functions }, - { "SEED-OFB", "default=yes", seed128ofb128_functions }, - { "SEED-CFB", "default=yes", seed128cfb128_functions }, + { "SEED-CBC:SEED", "default=yes", seed128cbc_functions }, + { "SEED-OFB:SEED-OFB128", "default=yes", seed128ofb128_functions }, + { "SEED-CFB:SEED-CFB128", "default=yes", seed128cfb128_functions }, #endif /* OPENSSL_NO_SEED */ #ifndef OPENSSL_NO_SM4 { "SM4-ECB", "default=yes", sm4128ecb_functions }, - { "SM4-CBC", "default=yes", sm4128cbc_functions }, + { "SM4-CBC:SM4", "default=yes", sm4128cbc_functions }, { "SM4-CTR", "default=yes", sm4128ctr_functions }, - { "SM4-OFB", "default=yes", sm4128ofb128_functions }, - { "SM4-CFB", "default=yes", sm4128cfb128_functions }, + { "SM4-OFB:SM4-OFB128", "default=yes", sm4128ofb128_functions }, + { "SM4-CFB:SM4-CFB128", "default=yes", sm4128cfb128_functions }, #endif /* OPENSSL_NO_SM4 */ #ifndef OPENSSL_NO_RC4 { "RC4", "default=yes", rc4128_functions }, @@ -252,8 +292,8 @@ static const OSSL_ALGORITHM deflt_ciphers[] = { static const OSSL_ALGORITHM deflt_macs[] = { #ifndef OPENSSL_NO_BLAKE2 - { "BLAKE2BMAC", "default=yes", blake2bmac_functions }, - { "BLAKE2SMAC", "default=yes", blake2smac_functions }, + { "BLAKE2bMAC", "default=yes", blake2bmac_functions }, + { "BLAKE2sMAC", "default=yes", blake2smac_functions }, #endif #ifndef OPENSSL_NO_CMAC { "CMAC", "default=yes", cmac_functions }, @@ -283,21 +323,21 @@ static const OSSL_ALGORITHM deflt_kdfs[] = { { OSSL_KDF_NAME_X942KDF, "default=yes", kdf_x942_kdf_functions }, #endif #ifndef OPENSSL_NO_SCRYPT - { OSSL_KDF_NAME_SCRYPT, "default=yes", kdf_scrypt_functions }, + { "SCRYPT:id-scrypt", "default=yes", kdf_scrypt_functions }, #endif { NULL, NULL, NULL } }; static const OSSL_ALGORITHM deflt_keyexch[] = { #ifndef OPENSSL_NO_DH - { "dhKeyAgreement", "default=yes", dh_keyexch_functions }, + { "DH:dhKeyAgreement", "default=yes", dh_keyexch_functions }, #endif { NULL, NULL, NULL } }; static const OSSL_ALGORITHM deflt_signature[] = { #ifndef OPENSSL_NO_DSA - { "DSA", "default=yes", dsa_signature_functions }, + { "DSA:dsaEncryption", "default=yes", dsa_signature_functions }, #endif { NULL, NULL, NULL } }; @@ -305,7 +345,7 @@ static const OSSL_ALGORITHM deflt_signature[] = { static const OSSL_ALGORITHM deflt_keymgmt[] = { #ifndef OPENSSL_NO_DH - { "dhKeyAgreement", "default=yes", dh_keymgmt_functions }, + { "DH", "default=yes", dh_keymgmt_functions }, #endif #ifndef OPENSSL_NO_DSA { "DSA", "default=yes", dsa_keymgmt_functions }, diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 166d02496e..8464fe135c 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -227,19 +227,19 @@ const char *ossl_prov_util_nid_to_name(int nid) switch (nid) { /* Digests */ case NID_sha1: - return "SHA224"; + return "SHA1"; case NID_sha224: - return "SHA224"; + return "SHA-224"; case NID_sha256: - return "SHA256"; + return "SHA-256"; case NID_sha384: - return "SHA384"; + return "SHA-384"; case NID_sha512: - return "SHA512"; + return "SHA-512"; case NID_sha512_224: - return "SHA512-224"; + return "SHA-512/224"; case NID_sha512_256: - return "SHA512-256"; + return "SHA-512/256"; case NID_sha3_224: return "SHA3-224"; case NID_sha3_256: @@ -272,31 +272,30 @@ const char *ossl_prov_util_nid_to_name(int nid) return "AES-256-XTS"; case NID_aes_128_xts: return "AES-128-XTS"; - /* TODO(3.0) Change these when we have aliases */ case NID_aes_256_gcm: - return "id-aes256-GCM"; + return "AES-256-GCM"; case NID_aes_192_gcm: - return "id-aes192-GCM"; + return "AES-192-GCM"; case NID_aes_128_gcm: - return "id-aes128-GCM"; + return "AES-128-GCM"; case NID_aes_256_ccm: - return "id-aes256-CCM"; + return "AES-256-CCM"; case NID_aes_192_ccm: - return "id-aes192-CCM"; + return "AES-192-CCM"; case NID_aes_128_ccm: - return "id-aes128-CCM"; + return "AES-128-CCM"; case NID_id_aes256_wrap: - return "id-aes256-wrap"; + return "AES-256-WRAP"; case NID_id_aes192_wrap: - return "id-aes192-wrap"; + return "AES-192-WRAP"; case NID_id_aes128_wrap: - return "id-aes128-wrap"; + return "AES-128-WRAP"; case NID_id_aes256_wrap_pad: - return "id-aes256-wrap-pad"; + return "AES-256-WRAP-PAD"; case NID_id_aes192_wrap_pad: - return "id-aes192-wrap-pad"; + return "AES-192-WRAP-PAD"; case NID_id_aes128_wrap_pad: - return "id-aes128-wrap-pad"; + return "AES-128-WRAP-PAD"; case NID_des_ede3_ecb: return "DES-EDE3"; case NID_des_ede3_cbc: @@ -308,14 +307,43 @@ const char *ossl_prov_util_nid_to_name(int nid) return NULL; } +/* + * For the algorithm names, we use the following formula for our primary + * names: + * + * ALGNAME[VERSION?][-SUBNAME[VERSION?]?][-SIZE?][-MODE?] + * + * VERSION is only present if there are multiple versions of + * an alg (MD2, MD4, MD5). It may be omitted if there is only + * one version (if a subsequent version is released in the future, + * we can always change the canonical name, and add the old name + * as an alias). + * + * SUBNAME may be present where we are combining multiple + * algorithms together, e.g. MD5-SHA1. + * + * SIZE is only present if multiple versions of an algorithm exist + * with different sizes (e.g. AES-128-CBC, AES-256-CBC) + * + * MODE is only present where applicable. + * + * We add diverse other names where applicable, such as the names that + * NIST uses, or that are used for ASN.1 OBJECT IDENTIFIERs, or names + * we have used historically. + */ static const OSSL_ALGORITHM fips_digests[] = { - { "SHA1", "fips=yes", sha1_functions }, - { "SHA224", "fips=yes", sha224_functions }, - { "SHA256", "fips=yes", sha256_functions }, - { "SHA384", "fips=yes", sha384_functions }, - { "SHA512", "fips=yes", sha512_functions }, - { "SHA512-224", "fips=yes", sha512_224_functions }, - { "SHA512-256", "fips=yes", sha512_256_functions }, + /* Our primary name:NiST name[:our older names] */ + { "SHA1:SHA-1", "fips=yes", sha1_functions }, + { "SHA2-224:SHA-224:SHA224", "fips=yes", sha224_functions }, + { "SHA2-256:SHA-256:SHA256", "fips=yes", sha256_functions }, + { "SHA2-384:SHA-384:SHA384", "fips=yes", sha384_functions }, + { "SHA2-512:SHA-512:SHA512", "fips=yes", sha512_functions }, + { "SHA2-512/224:SHA-512/224:SHA512-224", "fips=yes", + sha512_224_functions }, + { "SHA2-512/256:SHA-512/256:SHA512-256", "fips=yes", + sha512_256_functions }, + + /* We agree with NIST here, so one name only */ { "SHA3-224", "fips=yes", sha3_224_functions }, { "SHA3-256", "fips=yes", sha3_256_functions }, { "SHA3-384", "fips=yes", sha3_384_functions }, @@ -331,6 +359,7 @@ static const OSSL_ALGORITHM fips_digests[] = { }; static const OSSL_ALGORITHM fips_ciphers[] = { + /* Our primary name[:ASN.1 OID name][:our older names] */ { "AES-256-ECB", "fips=yes", aes256ecb_functions }, { "AES-192-ECB", "fips=yes", aes192ecb_functions }, { "AES-128-ECB", "fips=yes", aes128ecb_functions }, @@ -342,22 +371,27 @@ static const OSSL_ALGORITHM fips_ciphers[] = { { "AES-128-CTR", "fips=yes", aes128ctr_functions }, { "AES-256-XTS", "fips=yes", aes256xts_functions }, { "AES-128-XTS", "fips=yes", aes128xts_functions }, - /* TODO(3.0) Add aliases for these ciphers */ - { "id-aes256-GCM", "fips=yes", aes256gcm_functions }, - { "id-aes192-GCM", "fips=yes", aes192gcm_functions }, - { "id-aes128-GCM", "fips=yes", aes128gcm_functions }, - { "id-aes256-CCM", "fips=yes", aes256ccm_functions }, - { "id-aes192-CCM", "fips=yes", aes192ccm_functions }, - { "id-aes128-CCM", "fips=yes", aes128ccm_functions }, - { "id-aes256-wrap", "fips=yes", aes256wrap_functions }, - { "id-aes192-wrap", "fips=yes", aes192wrap_functions }, - { "id-aes128-wrap", "fips=yes", aes128wrap_functions }, - { "id-aes256-wrap-pad", "fips=yes", aes256wrappad_functions }, - { "id-aes192-wrap-pad", "fips=yes", aes192wrappad_functions }, - { "id-aes128-wrap-pad", "fips=yes", aes128wrappad_functions }, + { "AES-256-GCM:id-aes256-GCM", "fips=yes", aes256gcm_functions }, + { "AES-192-GCM:id-aes192-GCM", "fips=yes", aes192gcm_functions }, + { "AES-128-GCM:id-aes128-GCM", "fips=yes", aes128gcm_functions }, + { "AES-256-CCM:id-aes256-CCM", "fips=yes", aes256ccm_functions }, + { "AES-192-CCM:id-aes192-CCM", "fips=yes", aes192ccm_functions }, + { "AES-128-CCM:id-aes128-CCM", "fips=yes", aes128ccm_functions }, + { "AES-256-WRAP:id-aes256-wrap:AES256-WRAP", "fips=yes", + aes256wrap_functions }, + { "AES-192-WRAP:id-aes192-wrap:AES192-WRAP", "fips=yes", + aes192wrap_functions }, + { "AES-128-WRAP:id-aes128-wrap:AES128-WRAP", "fips=yes", + aes128wrap_functions }, + { "AES-256-WRAP-PAD:id-aes256-wrap-pad:AES256-WRAP-PAD", "fips=yes", + aes256wrappad_functions }, + { "AES-192-WRAP-PAD:id-aes192-wrap-pad:AES192-WRAP-PAD", "fips=yes", + aes192wrappad_functions }, + { "AES-128-WRAP-PAD:id-aes128-wrap-pad:AES128-WRAP-PAD", "fips=yes", + aes128wrappad_functions }, #ifndef OPENSSL_NO_DES - { "DES-EDE3", "fips=yes", tdes_ede3_ecb_functions }, - { "DES-EDE3-CBC", "fips=yes", tdes_ede3_cbc_functions }, + { "DES-EDE3-ECB:DES-EDE3", "fips=yes", tdes_ede3_ecb_functions }, + { "DES-EDE3-CBC:DES3", "fips=yes", tdes_ede3_cbc_functions }, #endif /* OPENSSL_NO_DES */ { NULL, NULL, NULL } }; @@ -379,7 +413,7 @@ static const OSSL_ALGORITHM fips_kdfs[] = { { OSSL_KDF_NAME_PBKDF2, "fips=yes", kdf_pbkdf2_functions }, { OSSL_KDF_NAME_TLS1_PRF, "fips=yes", kdf_tls1_prf_functions }, { OSSL_KDF_NAME_KBKDF, "fips=yes", kdf_kbkdf_functions }, - { NULL, NULL, NULL } + { NULL, NULL, NULL } }; static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov, diff --git a/providers/legacy/legacyprov.c b/providers/legacy/legacyprov.c index 89587d632c..1e0c315629 100644 --- a/providers/legacy/legacyprov.c +++ b/providers/legacy/legacyprov.c @@ -72,7 +72,7 @@ static const OSSL_ALGORITHM legacy_digests[] = { #endif /* OPENSSL_NO_WHIRLPOOL */ #ifndef OPENSSL_NO_RMD160 - { "RIPEMD160", "legacy=yes", ripemd160_functions }, + { "RIPEMD160:RIPEMD:RMD160", "legacy=yes", ripemd160_functions }, #endif /* OPENSSL_NO_RMD160 */ { NULL, NULL, NULL }