Disable DES in FIPS mode.
This commit is contained in:
Dr. Stephen Henson
parent
53c381105a
commit
27f50994ff
@ -129,20 +129,20 @@ static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
}
|
||||
|
||||
BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64,
|
||||
EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS,
|
||||
EVP_CIPH_RAND_KEY,
|
||||
des_init_key, NULL,
|
||||
EVP_CIPHER_set_asn1_iv,
|
||||
EVP_CIPHER_get_asn1_iv,
|
||||
des_ctrl)
|
||||
|
||||
BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1,
|
||||
EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS,
|
||||
EVP_CIPH_RAND_KEY,
|
||||
des_init_key, NULL,
|
||||
EVP_CIPHER_set_asn1_iv,
|
||||
EVP_CIPHER_get_asn1_iv,des_ctrl)
|
||||
|
||||
BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8,
|
||||
EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS,
|
||||
EVP_CIPH_RAND_KEY,
|
||||
des_init_key,NULL,
|
||||
EVP_CIPHER_set_asn1_iv,
|
||||
EVP_CIPHER_get_asn1_iv,des_ctrl)
|
||||
|
||||
32
ssl/s3_lib.c
32
ssl/s3_lib.c
@ -238,7 +238,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL3_TXT_RSA_DES_40_CBC_SHA,
|
||||
SSL3_CK_RSA_DES_40_CBC_SHA,
|
||||
SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
|
||||
SSL_EXPORT|SSL_EXP40|SSL_FIPS,
|
||||
SSL_EXPORT|SSL_EXP40,
|
||||
0,
|
||||
40,
|
||||
56,
|
||||
@ -251,7 +251,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL3_TXT_RSA_DES_64_CBC_SHA,
|
||||
SSL3_CK_RSA_DES_64_CBC_SHA,
|
||||
SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3,
|
||||
SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
|
||||
SSL_NOT_EXP|SSL_LOW,
|
||||
0,
|
||||
56,
|
||||
56,
|
||||
@ -278,7 +278,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
|
||||
SSL3_CK_DH_DSS_DES_40_CBC_SHA,
|
||||
SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
|
||||
SSL_EXPORT|SSL_EXP40|SSL_FIPS,
|
||||
SSL_EXPORT|SSL_EXP40,
|
||||
0,
|
||||
40,
|
||||
56,
|
||||
@ -291,7 +291,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
|
||||
SSL3_CK_DH_DSS_DES_64_CBC_SHA,
|
||||
SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3,
|
||||
SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
|
||||
SSL_NOT_EXP|SSL_LOW,
|
||||
0,
|
||||
56,
|
||||
56,
|
||||
@ -317,7 +317,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
|
||||
SSL3_CK_DH_RSA_DES_40_CBC_SHA,
|
||||
SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
|
||||
SSL_EXPORT|SSL_EXP40|SSL_FIPS,
|
||||
SSL_EXPORT|SSL_EXP40,
|
||||
0,
|
||||
40,
|
||||
56,
|
||||
@ -330,7 +330,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
|
||||
SSL3_CK_DH_RSA_DES_64_CBC_SHA,
|
||||
SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3,
|
||||
SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
|
||||
SSL_NOT_EXP|SSL_LOW,
|
||||
0,
|
||||
56,
|
||||
56,
|
||||
@ -358,7 +358,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
|
||||
SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
|
||||
SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3,
|
||||
SSL_EXPORT|SSL_EXP40|SSL_FIPS,
|
||||
SSL_EXPORT|SSL_EXP40,
|
||||
0,
|
||||
40,
|
||||
56,
|
||||
@ -371,7 +371,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
|
||||
SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
|
||||
SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_SSLV3,
|
||||
SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
|
||||
SSL_NOT_EXP|SSL_LOW,
|
||||
0,
|
||||
56,
|
||||
56,
|
||||
@ -397,7 +397,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
|
||||
SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
|
||||
SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
|
||||
SSL_EXPORT|SSL_EXP40|SSL_FIPS,
|
||||
SSL_EXPORT|SSL_EXP40,
|
||||
0,
|
||||
40,
|
||||
56,
|
||||
@ -410,7 +410,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
|
||||
SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
|
||||
SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3,
|
||||
SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
|
||||
SSL_NOT_EXP|SSL_LOW,
|
||||
0,
|
||||
56,
|
||||
56,
|
||||
@ -462,7 +462,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL3_TXT_ADH_DES_40_CBC_SHA,
|
||||
SSL3_CK_ADH_DES_40_CBC_SHA,
|
||||
SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3,
|
||||
SSL_EXPORT|SSL_EXP40|SSL_FIPS,
|
||||
SSL_EXPORT|SSL_EXP40,
|
||||
0,
|
||||
40,
|
||||
128,
|
||||
@ -475,7 +475,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL3_TXT_ADH_DES_64_CBC_SHA,
|
||||
SSL3_CK_ADH_DES_64_CBC_SHA,
|
||||
SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3,
|
||||
SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
|
||||
SSL_NOT_EXP|SSL_LOW,
|
||||
0,
|
||||
56,
|
||||
56,
|
||||
@ -549,7 +549,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL3_TXT_KRB5_DES_64_CBC_SHA,
|
||||
SSL3_CK_KRB5_DES_64_CBC_SHA,
|
||||
SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3,
|
||||
SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
|
||||
SSL_NOT_EXP|SSL_LOW,
|
||||
0,
|
||||
56,
|
||||
56,
|
||||
@ -661,7 +661,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL3_TXT_KRB5_DES_40_CBC_SHA,
|
||||
SSL3_CK_KRB5_DES_40_CBC_SHA,
|
||||
SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3,
|
||||
SSL_EXPORT|SSL_EXP40|SSL_FIPS,
|
||||
SSL_EXPORT|SSL_EXP40,
|
||||
0,
|
||||
40,
|
||||
56,
|
||||
@ -1018,7 +1018,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
|
||||
TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
|
||||
SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,
|
||||
SSL_EXPORT|SSL_EXP56|SSL_FIPS,
|
||||
SSL_EXPORT|SSL_EXP56,
|
||||
0,
|
||||
56,
|
||||
56,
|
||||
@ -1031,7 +1031,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
|
||||
TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
|
||||
SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1,
|
||||
SSL_EXPORT|SSL_EXP56|SSL_FIPS,
|
||||
SSL_EXPORT|SSL_EXP56,
|
||||
0,
|
||||
56,
|
||||
56,
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user