WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Allow DES3 with FIPS v5-dev.

pull/4734/head
Hayden Roche 2022-01-24 12:44:57 -08:00
parent 30e9d2813e
commit 58789991f9
3 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
configure.ac
View File

@ -3503,10 +3503,6 @@ AS_CASE([$FIPS_VERSION],
DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=8192 DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=8192
# DES3 is incompatible with FIPS 140-3
AS_IF([test "$ENABLED_DES3" != "no"],
[ENABLED_DES3="no"])
# force various features to FIPS 140-3 defaults, unless overridden with v5-dev: # force various features to FIPS 140-3 defaults, unless overridden with v5-dev:
AS_IF([test "$ENABLED_KEYGEN" != "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_keygen" != "no")], AS_IF([test "$ENABLED_KEYGEN" != "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_keygen" != "no")],
@ -3558,6 +3554,9 @@ AS_CASE([$FIPS_VERSION],
AS_IF([test "$ENABLED_MD5" != "no" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_md5" != "yes")], AS_IF([test "$ENABLED_MD5" != "no" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_md5" != "yes")],
[ENABLED_MD5="no"; ENABLED_OLD_TLS="no"; AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS"]) [ENABLED_MD5="no"; ENABLED_OLD_TLS="no"; AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS"])
AS_IF([test "$ENABLED_DES3" != "no" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_des3" != "yes")],
[ENABLED_DES3="no"])
AS_IF([test $HAVE_FIPS_VERSION_MINOR -ge 2], AS_IF([test $HAVE_FIPS_VERSION_MINOR -ge 2],
[AS_IF([test "x$ENABLED_AESOFB" = "xno" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesofb" != "no")], [AS_IF([test "x$ENABLED_AESOFB" = "xno" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesofb" != "no")],
[ENABLED_AESOFB="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_OFB"])]) [ENABLED_AESOFB="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_OFB"])])

8
src/include.am
View File

@ -452,11 +452,13 @@ src_libwolfssl_la_SOURCES += wolfcrypt/src/cmac.c
endif endif
endif !BUILD_FIPS_CURRENT endif !BUILD_FIPS_CURRENT
if !BUILD_FIPS_CURRENT if !BUILD_FIPS_V2
if !BUILD_FIPS_V3
if BUILD_DES3 if BUILD_DES3
src_libwolfssl_la_SOURCES += wolfcrypt/src/des3.c src_libwolfssl_la_SOURCES += wolfcrypt/src/des3.c
endif endif BUILD_DES3
endif !BUILD_FIPS_CURRENT endif !BUILD_FIPS_V3
endif !BUILD_FIPS_V2
if !BUILD_FIPS_CURRENT if !BUILD_FIPS_CURRENT
if BUILD_SHA if BUILD_SHA

2
wolfssl/wolfcrypt/des3.h
View File

@ -55,7 +55,7 @@ enum {
/* avoid redefinition of structs */ /* avoid redefinition of structs */
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
(HAVE_FIPS_VERSION == 2 || HAVE_FIPS_VERSION == 3)) HAVE_FIPS_VERSION >= 2)
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
#include <wolfssl/wolfcrypt/async.h> #include <wolfssl/wolfcrypt/async.h>