From 27f50994ffd90439829d3ad39c7a982f06ee65cf Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 21 May 2007 12:45:10 +0000 Subject: [PATCH] Disable DES in FIPS mode. --- crypto/evp/e_des.c | 6 +++--- ssl/s3_lib.c | 32 ++++++++++++++++---------------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/crypto/evp/e_des.c b/crypto/evp/e_des.c index c1d745cd41..04376df232 100644 --- a/crypto/evp/e_des.c +++ b/crypto/evp/e_des.c @@ -129,20 +129,20 @@ static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64, - EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS, + EVP_CIPH_RAND_KEY, des_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl) BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1, - EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS, + EVP_CIPH_RAND_KEY, des_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv,des_ctrl) BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8, - EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS, + EVP_CIPH_RAND_KEY, des_init_key,NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv,des_ctrl) diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index cedd170da8..10087b50ae 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -238,7 +238,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_RSA_DES_40_CBC_SHA, SSL3_CK_RSA_DES_40_CBC_SHA, SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3, - SSL_EXPORT|SSL_EXP40|SSL_FIPS, + SSL_EXPORT|SSL_EXP40, 0, 40, 56, @@ -251,7 +251,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_RSA_DES_64_CBC_SHA, SSL3_CK_RSA_DES_64_CBC_SHA, SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW|SSL_FIPS, + SSL_NOT_EXP|SSL_LOW, 0, 56, 56, @@ -278,7 +278,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_DH_DSS_DES_40_CBC_SHA, SSL3_CK_DH_DSS_DES_40_CBC_SHA, SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3, - SSL_EXPORT|SSL_EXP40|SSL_FIPS, + SSL_EXPORT|SSL_EXP40, 0, 40, 56, @@ -291,7 +291,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_DH_DSS_DES_64_CBC_SHA, SSL3_CK_DH_DSS_DES_64_CBC_SHA, SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW|SSL_FIPS, + SSL_NOT_EXP|SSL_LOW, 0, 56, 56, @@ -317,7 +317,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_DH_RSA_DES_40_CBC_SHA, SSL3_CK_DH_RSA_DES_40_CBC_SHA, SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3, - SSL_EXPORT|SSL_EXP40|SSL_FIPS, + SSL_EXPORT|SSL_EXP40, 0, 40, 56, @@ -330,7 +330,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_DH_RSA_DES_64_CBC_SHA, SSL3_CK_DH_RSA_DES_64_CBC_SHA, SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW|SSL_FIPS, + SSL_NOT_EXP|SSL_LOW, 0, 56, 56, @@ -358,7 +358,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, SSL3_CK_EDH_DSS_DES_40_CBC_SHA, SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3, - SSL_EXPORT|SSL_EXP40|SSL_FIPS, + SSL_EXPORT|SSL_EXP40, 0, 40, 56, @@ -371,7 +371,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, SSL3_CK_EDH_DSS_DES_64_CBC_SHA, SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW|SSL_FIPS, + SSL_NOT_EXP|SSL_LOW, 0, 56, 56, @@ -397,7 +397,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, SSL3_CK_EDH_RSA_DES_40_CBC_SHA, SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3, - SSL_EXPORT|SSL_EXP40|SSL_FIPS, + SSL_EXPORT|SSL_EXP40, 0, 40, 56, @@ -410,7 +410,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, SSL3_CK_EDH_RSA_DES_64_CBC_SHA, SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW|SSL_FIPS, + SSL_NOT_EXP|SSL_LOW, 0, 56, 56, @@ -462,7 +462,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_ADH_DES_40_CBC_SHA, SSL3_CK_ADH_DES_40_CBC_SHA, SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3, - SSL_EXPORT|SSL_EXP40|SSL_FIPS, + SSL_EXPORT|SSL_EXP40, 0, 40, 128, @@ -475,7 +475,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_ADH_DES_64_CBC_SHA, SSL3_CK_ADH_DES_64_CBC_SHA, SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW|SSL_FIPS, + SSL_NOT_EXP|SSL_LOW, 0, 56, 56, @@ -549,7 +549,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_KRB5_DES_64_CBC_SHA, SSL3_CK_KRB5_DES_64_CBC_SHA, SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW|SSL_FIPS, + SSL_NOT_EXP|SSL_LOW, 0, 56, 56, @@ -661,7 +661,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_KRB5_DES_40_CBC_SHA, SSL3_CK_KRB5_DES_40_CBC_SHA, SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, - SSL_EXPORT|SSL_EXP40|SSL_FIPS, + SSL_EXPORT|SSL_EXP40, 0, 40, 56, @@ -1018,7 +1018,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1, - SSL_EXPORT|SSL_EXP56|SSL_FIPS, + SSL_EXPORT|SSL_EXP56, 0, 56, 56, @@ -1031,7 +1031,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1, - SSL_EXPORT|SSL_EXP56|SSL_FIPS, + SSL_EXPORT|SSL_EXP56, 0, 56, 56, -- 2.25.1