The branch master has been updated
via df553b79419230d698d221919c7ceec68aa8c6c6 (commit)
via 695d195bbb81f8ed4027468fe1c480f958e846c8 (commit)
from e7c27a6c3716843f8412fd96311b70ac84b785f9 (commit)
- Log -----------------------------------------------------------------
commit df553b79419230d698d221919c7ceec68aa8c6c6
Author: Richard Levitte <levi...@openssl.org>
Date: Thu May 23 03:39:15 2019 +0200
Adapt existing providers to posibly have name lists
Reviewed-by: Tomas Mraz <tm...@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/8985)
commit 695d195bbb81f8ed4027468fe1c480f958e846c8
Author: Richard Levitte <levi...@openssl.org>
Date: Thu May 23 03:36:21 2019 +0200
Replumbing: make it possible for providers to specify multiple names
This modifies the treatment of algorithm name strings to allow
multiple names separated with colons.
Reviewed-by: Tomas Mraz <tm...@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/8985)
-----------------------------------------------------------------------
Summary of changes:
crypto/core_algorithm.c | 2 +-
crypto/core_fetch.c | 6 +-
crypto/core_namemap.c | 32 +++++--
crypto/err/openssl.txt | 2 +
crypto/evp/evp_err.c | 3 +
crypto/evp/evp_fetch.c | 102 +++++++++++++++++++----
doc/internal/man3/ossl_namemap_new.pod | 23 +++--
include/internal/namemap.h | 4 +
include/openssl/core.h | 6 +-
include/openssl/evperr.h | 2 +
providers/default/defltprov.c | 148 +++++++++++++++++++++------------
providers/fips/fipsprov.c | 120 ++++++++++++++++----------
providers/legacy/legacyprov.c | 2 +-
13 files changed, 322 insertions(+), 130 deletions(-)
diff --git a/crypto/core_algorithm.c b/crypto/core_algorithm.c
index f88a0458ec..2973b37604 100644
--- a/crypto/core_algorithm.c
+++ b/crypto/core_algorithm.c
@@ -44,7 +44,7 @@ static int algorithm_do_this(OSSL_PROVIDER *provider, void
*cbdata)
break;
ok = 1; /* As long as we've found *something* */
- while (map->algorithm_name != NULL) {
+ while (map->algorithm_names != NULL) {
const OSSL_ALGORITHM *thismap = map++;
data->fn(provider, thismap, no_store, data->data);
diff --git a/crypto/core_fetch.c b/crypto/core_fetch.c
index 1e0d82fb61..ed50bb87d5 100644
--- a/crypto/core_fetch.c
+++ b/crypto/core_fetch.c
@@ -31,7 +31,7 @@ static void ossl_method_construct_this(OSSL_PROVIDER
*provider,
struct construct_data_st *data = cbdata;
void *method = NULL;
- if ((method = data->mcm->construct(algo->algorithm_name,
+ if ((method = data->mcm->construct(algo->algorithm_names,
algo->implementation, provider,
data->mcm_data)) == NULL)
return;
@@ -53,12 +53,12 @@ static void ossl_method_construct_this(OSSL_PROVIDER
*provider,
* add to the global store
*/
data->mcm->put(data->libctx, NULL, method, provider,
- data->operation_id, algo->algorithm_name,
+ data->operation_id, algo->algorithm_names,
algo->property_definition, data->mcm_data);
}
data->mcm->put(data->libctx, data->store, method, provider,
- data->operation_id, algo->algorithm_name,
+ data->operation_id, algo->algorithm_names,
algo->property_definition, data->mcm_data);
/* refcnt-- because we're dropping the reference */
diff --git a/crypto/core_namemap.c b/crypto/core_namemap.c
index cb26b429b7..71b70ff5aa 100644
--- a/crypto/core_namemap.c
+++ b/crypto/core_namemap.c
@@ -148,7 +148,8 @@ void ossl_namemap_doall_names(const OSSL_NAMEMAP *namemap,
int number,
CRYPTO_THREAD_unlock(namemap->lock);
}
-int ossl_namemap_name2num(const OSSL_NAMEMAP *namemap, const char *name)
+int ossl_namemap_name2num_n(const OSSL_NAMEMAP *namemap,
+ const char *name, size_t name_len)
{
NAMENUM_ENTRY *namenum_entry, namenum_tmpl;
int number = 0;
@@ -161,7 +162,8 @@ int ossl_namemap_name2num(const OSSL_NAMEMAP *namemap,
const char *name)
if (namemap == NULL)
return 0;
- namenum_tmpl.name = (char *)name;
+ if ((namenum_tmpl.name = OPENSSL_strndup(name, name_len)) == NULL)
+ return 0;
namenum_tmpl.number = 0;
CRYPTO_THREAD_read_lock(namemap->lock);
namenum_entry =
@@ -169,10 +171,19 @@ int ossl_namemap_name2num(const OSSL_NAMEMAP *namemap,
const char *name)
if (namenum_entry != NULL)
number = namenum_entry->number;
CRYPTO_THREAD_unlock(namemap->lock);
+ OPENSSL_free(namenum_tmpl.name);
return number;
}
+int ossl_namemap_name2num(const OSSL_NAMEMAP *namemap, const char *name)
+{
+ if (name == NULL)
+ return 0;
+
+ return ossl_namemap_name2num_n(namemap, name, strlen(name));
+}
+
struct num2name_data_st {
size_t idx; /* Countdown */
const char *name; /* Result */
@@ -199,7 +210,8 @@ const char *ossl_namemap_num2name(const OSSL_NAMEMAP
*namemap, int number,
return data.name;
}
-int ossl_namemap_add(OSSL_NAMEMAP *namemap, int number, const char *name)
+int ossl_namemap_add_n(OSSL_NAMEMAP *namemap, int number,
+ const char *name, size_t name_len)
{
NAMENUM_ENTRY *namenum = NULL;
int tmp_number;
@@ -209,16 +221,16 @@ int ossl_namemap_add(OSSL_NAMEMAP *namemap, int number,
const char *name)
namemap = ossl_namemap_stored(NULL);
#endif
- if (name == NULL || namemap == NULL)
+ if (name == NULL || name_len == 0 || namemap == NULL)
return 0;
- if ((tmp_number = ossl_namemap_name2num(namemap, name)) != 0)
+ if ((tmp_number = ossl_namemap_name2num_n(namemap, name, name_len)) != 0)
return tmp_number; /* Pretend success */
CRYPTO_THREAD_write_lock(namemap->lock);
if ((namenum = OPENSSL_zalloc(sizeof(*namenum))) == NULL
- || (namenum->name = OPENSSL_strdup(name)) == NULL)
+ || (namenum->name = OPENSSL_strndup(name, name_len)) == NULL)
goto err;
namenum->number = tmp_number =
@@ -238,3 +250,11 @@ int ossl_namemap_add(OSSL_NAMEMAP *namemap, int number,
const char *name)
CRYPTO_THREAD_unlock(namemap->lock);
return 0;
}
+
+int ossl_namemap_add(OSSL_NAMEMAP *namemap, int number, const char *name)
+{
+ if (name == NULL)
+ return 0;
+
+ return ossl_namemap_add_n(namemap, number, name, strlen(name));
+}
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 520ac1f9a4..973b85c969 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -2394,6 +2394,7 @@ ESS_R_ESS_SIGNING_CERT_ADD_ERROR:100:ess signing cert add
error
ESS_R_ESS_SIGNING_CERT_V2_ADD_ERROR:101:ess signing cert v2 add error
EVP_R_AES_KEY_SETUP_FAILED:143:aes key setup failed
EVP_R_ARIA_KEY_SETUP_FAILED:176:aria key setup failed
+EVP_R_BAD_ALGORITHM_NAME:200:bad algorithm name
EVP_R_BAD_DECRYPT:100:bad decrypt
EVP_R_BAD_KEY_LENGTH:195:bad key length
EVP_R_BUFFER_TOO_SMALL:155:buffer too small
@@ -2403,6 +2404,7 @@ EVP_R_CANNOT_SET_PARAMETERS:198:cannot set parameters
EVP_R_CIPHER_NOT_GCM_MODE:184:cipher not gcm mode
EVP_R_CIPHER_PARAMETER_ERROR:122:cipher parameter error
EVP_R_COMMAND_NOT_SUPPORTED:147:command not supported
+EVP_R_CONFLICTING_ALGORITHM_NAME:201:conflicting algorithm name
EVP_R_COPY_ERROR:173:copy error
EVP_R_CTRL_NOT_IMPLEMENTED:132:ctrl not implemented
EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED:133:ctrl operation not implemented
diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index b74b87e4f5..62ca87c683 100644
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -18,6 +18,7 @@ static const ERR_STRING_DATA EVP_str_reasons[] = {
"aes key setup failed"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ARIA_KEY_SETUP_FAILED),
"aria key setup failed"},
+ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BAD_ALGORITHM_NAME), "bad algorithm name"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BAD_DECRYPT), "bad decrypt"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BAD_KEY_LENGTH), "bad key length"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BUFFER_TOO_SMALL), "buffer too small"},
@@ -33,6 +34,8 @@ static const ERR_STRING_DATA EVP_str_reasons[] = {
"cipher parameter error"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_COMMAND_NOT_SUPPORTED),
"command not supported"},
+ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CONFLICTING_ALGORITHM_NAME),
+ "conflicting algorithm name"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_COPY_ERROR), "copy error"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CTRL_NOT_IMPLEMENTED),
"ctrl not implemented"},
diff --git a/crypto/evp/evp_fetch.c b/crypto/evp/evp_fetch.c
index e15b8e26be..2404dfca30 100644
--- a/crypto/evp/evp_fetch.c
+++ b/crypto/evp/evp_fetch.c
@@ -20,6 +20,8 @@
#include "crypto/evp.h" /* evp_local.h needs it */
#include "evp_local.h"
+#define NAME_SEPARATOR ':'
+
static void default_method_store_free(void *vstore)
{
ossl_method_store_free(vstore);
@@ -42,7 +44,7 @@ struct method_data_st {
OSSL_METHOD_CONSTRUCT_METHOD *mcm;
int operation_id; /* For get_method_from_store() */
int name_id; /* For get_method_from_store() */
- const char *name; /* For get_method_from_store() */
+ const char *names; /* For get_method_from_store() */
const char *propquery; /* For get_method_from_store() */
void *(*method_from_dispatch)(int name_id, const OSSL_DISPATCH *,
OSSL_PROVIDER *, void *);
@@ -51,6 +53,69 @@ struct method_data_st {
void (*destruct_method)(void *method);
};
+static int add_names_to_namemap(OSSL_NAMEMAP *namemap,
+ const char *names)
+{
+ const char *p, *q;
+ size_t l;
+ int id = 0;
+
+ /* Check that we have a namemap and that there is at least one name */
+ if (namemap == NULL) {
+ ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
+ /*
+ * Check that no name is an empty string, and that all names have at
+ * most one numeric identity together.
+ */
+ for (p = names; *p != '\0'; p = (q == NULL ? p + l : q + 1)) {
+ int this_id;
+
+ if ((q = strchr(p, NAME_SEPARATOR)) == NULL)
+ l = strlen(p); /* offset to \0 */
+ else
+ l = q - p; /* offset to the next separator */
+
+ this_id = ossl_namemap_name2num_n(namemap, p, l);
+
+ if (*p == '\0' || *p == NAME_SEPARATOR) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_BAD_ALGORITHM_NAME);
+ return 0;
+ }
+ if (id == 0)
+ id = this_id;
+ else if (this_id != 0 && this_id != id) {
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_CONFLICTING_ALGORITHM_NAME,
+ "\"%.*s\" has an existing different identity %d
(from \"%s\")",
+ l, p, this_id, names);
+ return 0;
+ }
+ }
+
+ /* Now that we have checked, register all names */
+ for (p = names; *p != '\0'; p = (q == NULL ? p + l : q + 1)) {
+ int this_id;
+
+ if ((q = strchr(p, NAME_SEPARATOR)) == NULL)
+ l = strlen(p); /* offset to \0 */
+ else
+ l = q - p; /* offset to the next separator */
+
+ this_id = ossl_namemap_add_n(namemap, id, p, l);
+ if (id == 0)
+ id = this_id;
+ else if (this_id != id) {
+ ERR_raise_data(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR,
+ "Got id %d when expecting %d", this_id, id);
+ return 0;
+ }
+ }
+
+ return id;
+}
+
/*
* Generic routines to fetch / create EVP methods with ossl_method_construct()
*/
@@ -105,10 +170,13 @@ static void *get_method_from_store(OPENSSL_CTX *libctx,
void *store,
*/
if ((name_id = methdata->name_id) == 0) {
OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx);
+ const char *names = methdata->names;
+ const char *q = strchr(names, NAME_SEPARATOR);
+ size_t l = (q == NULL ? strlen(names) : (size_t)(q - names));
if (namemap == 0)
return NULL;
- name_id = ossl_namemap_name2num(namemap, methdata->name);
+ name_id = ossl_namemap_name2num_n(namemap, names, l);
}
if (name_id == 0
@@ -131,21 +199,30 @@ static void *get_method_from_store(OPENSSL_CTX *libctx,
void *store,
static int put_method_in_store(OPENSSL_CTX *libctx, void *store,
void *method, const OSSL_PROVIDER *prov,
- int operation_id, const char *name,
+ int operation_id, const char *names,
const char *propdef, void *data)
{
struct method_data_st *methdata = data;
OSSL_NAMEMAP *namemap;
int name_id;
uint32_t meth_id;
+ size_t l = 0;
/*
* put_method_in_store() is only called with a method that was
* successfully created by construct_method() below, which means
- * the name should already be stored in the namemap, so just use it.
+ * that all the names should already be stored in the namemap with
+ * the same numeric identity, so just use the first to get that
+ * identity.
*/
+ if (names != NULL) {
+ const char *q = strchr(names, NAME_SEPARATOR);
+
+ l = (q == NULL ? strlen(names) : (size_t)(q - names));
+ }
+
if ((namemap = ossl_namemap_stored(libctx)) == NULL
- || (name_id = ossl_namemap_name2num(namemap, name)) == 0
+ || (name_id = ossl_namemap_name2num_n(namemap, names, l)) == 0
|| (meth_id = method_id(operation_id, name_id)) == 0)
return 0;
@@ -162,7 +239,7 @@ static int put_method_in_store(OPENSSL_CTX *libctx, void
*store,
* The core fetching functionality passes the name of the implementation.
* This function is responsible to getting an identity number for it.
*/
-static void *construct_method(const char *name, const OSSL_DISPATCH *fns,
+static void *construct_method(const char *names, const OSSL_DISPATCH *fns,
OSSL_PROVIDER *prov, void *data)
{
/*
@@ -170,17 +247,14 @@ static void *construct_method(const char *name, const
OSSL_DISPATCH *fns,
* NULL, so it's safe to say that of all the spots to create a new
* namemap entry, this is it. Should the name already exist there, we
* know that ossl_namemap_add() will return its corresponding number.
- *
- * TODO(3.0): If this function gets an array of names instead of just
- * one, we need to check through all the names to see if at least one
- * of them has an associated number, and use that. If several names
- * have associated numbers that differ from each other, it's an error.
*/
struct method_data_st *methdata = data;
OPENSSL_CTX *libctx = ossl_provider_library_context(prov);
OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx);
- int name_id = ossl_namemap_add(namemap, 0, name);
+ int name_id = add_names_to_namemap(namemap, names);
+ if (name_id == 0)
+ return NULL;
return methdata->method_from_dispatch(name_id, fns, prov,
methdata->method_data);
}
@@ -255,7 +329,7 @@ static void *inner_generic_fetch(OPENSSL_CTX *libctx, int
operation_id,
mcmdata.libctx = libctx;
mcmdata.operation_id = operation_id;
mcmdata.name_id = name_id;
- mcmdata.name = name;
+ mcmdata.names = name;
mcmdata.propquery = properties;
mcmdata.method_from_dispatch = new_method;
mcmdata.destruct_method = free_method;
@@ -346,7 +420,7 @@ static void do_one(OSSL_PROVIDER *provider, const
OSSL_ALGORITHM *algo,
struct do_all_data_st *data = vdata;
OPENSSL_CTX *libctx = ossl_provider_library_context(provider);
OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx);
- int name_id = ossl_namemap_add(namemap, 0, algo->algorithm_name);
+ int name_id = add_names_to_namemap(namemap, algo->algorithm_names);
void *method = NULL;
if (name_id != 0)
diff --git a/doc/internal/man3/ossl_namemap_new.pod
b/doc/internal/man3/ossl_namemap_new.pod
index b82d47a5bf..2bcf21386d 100644
--- a/doc/internal/man3/ossl_namemap_new.pod
+++ b/doc/internal/man3/ossl_namemap_new.pod
@@ -3,7 +3,9 @@
=head1 NAME
ossl_namemap_new, ossl_namemap_free, ossl_namemap_stored,
-ossl_namemap_add, ossl_namemap_name2num, ossl_namemap_doall_names
+ossl_namemap_add, ossl_namemap_add_n,
+ossl_namemap_name2num, ossl_namemap_name2num_n,
+ossl_namemap_doall_names
- internal number E<lt>-E<gt> name map
=head1 SYNOPSIS
@@ -16,8 +18,12 @@ ossl_namemap_add, ossl_namemap_name2num,
ossl_namemap_doall_names
void ossl_namemap_free(OSSL_NAMEMAP *namemap);
int ossl_namemap_add(OSSL_NAMEMAP *namemap, int number, const char *name);
+ int ossl_namemap_add_n(OSSL_NAMEMAP *namemap, int number,
+ const char *name, size_t name_len);
int ossl_namemap_name2num(const OSSL_NAMEMAP *namemap, const char *name);
+ int ossl_namemap_name2num_n(const OSSL_NAMEMAP *namemap,
+ const char *name, size_t name_len);
void ossl_namemap_doall_names(const OSSL_NAMEMAP *namemap, int number,
void (*fn)(const char *name, void *data),
void *data);
@@ -49,6 +55,12 @@ names already associated with that number.
ossl_namemap_name2num() finds the number corresponding to the given
I<name>.
+ossl_namemap_add_n() and ossl_namemap_name2num_n() do the same thing
+as ossl_namemap_add() and ossl_namemap_name2num(), but take a string
+length I<name_len> as well, allowing the caller to use a fragment of
+a string as a name.
+
+
ossl_namemap_doall_names() walks through all names associated with
I<number> in the given I<namemap> and calls the function I<fn> for
each of them.
@@ -60,15 +72,16 @@ pass extra data for that function to use.
ossl_namemap_new() and ossl_namemap_stored() return the pointer to a
B<OSSL_NAMEMAP>, or NULL on error.
-ossl_namemap_add() returns the number associated with the added
-string, or zero on error.
+ossl_namemap_add() and ossl_namemap_add_n() return the number associated
+with the added string, or zero on error.
ossl_namemap_num2names() returns a pointer to a NULL-terminated list of
pointers to the names corresponding to the given number, or NULL if
it's undefined in the given B<OSSL_NAMEMAP>.
-ossl_namemap_name2num() returns the number corresponding to the given
-name, or 0 if it's undefined in the given B<OSSL_NAMEMAP>.
+ossl_namemap_name2num() and ossl_namemap_name2num_n() return the number
+corresponding to the given name, or 0 if it's undefined in the given
+B<OSSL_NAMEMAP>.
=head1 NOTES
diff --git a/include/internal/namemap.h b/include/internal/namemap.h
index ee69388f11..73163a42cb 100644
--- a/include/internal/namemap.h
+++ b/include/internal/namemap.h
@@ -17,6 +17,8 @@ OSSL_NAMEMAP *ossl_namemap_new(void);
void ossl_namemap_free(OSSL_NAMEMAP *namemap);
int ossl_namemap_add(OSSL_NAMEMAP *namemap, int number, const char *name);
+int ossl_namemap_add_n(OSSL_NAMEMAP *namemap, int number,
+ const char *name, size_t name_len);
/*
* The number<->name relationship is 1<->many
@@ -24,6 +26,8 @@ int ossl_namemap_add(OSSL_NAMEMAP *namemap, int number, const
char *name);
* number->name mapping is an iterator.
*/
int ossl_namemap_name2num(const OSSL_NAMEMAP *namemap, const char *name);
+int ossl_namemap_name2num_n(const OSSL_NAMEMAP *namemap,
+ const char *name, size_t name_len);
const char *ossl_namemap_num2name(const OSSL_NAMEMAP *namemap, int number,
size_t idx);
void ossl_namemap_doall_names(const OSSL_NAMEMAP *namemap, int number,
diff --git a/include/openssl/core.h b/include/openssl/core.h
index 2377169a33..74a3bfb91e 100644
--- a/include/openssl/core.h
+++ b/include/openssl/core.h
@@ -55,13 +55,13 @@ struct ossl_item_st {
};
/*
- * Type to tie together algorithm name, property definition string and
+ * Type to tie together algorithm names, property definition string and
* the algorithm implementation in the form of a dispatch table.
*
- * An array of these is always terminated by algorithm_name == NULL
+ * An array of these is always terminated by algorithm_names == NULL
*/
struct ossl_algorithm_st {
- const char *algorithm_name; /* key */
+ const char *algorithm_names; /* key */
const char *property_definition; /* key */
const OSSL_DISPATCH *implementation;
};
diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h
index fefbfb593e..7da9083ae1 100644
--- a/include/openssl/evperr.h
+++ b/include/openssl/evperr.h
@@ -167,6 +167,7 @@ int ERR_load_EVP_strings(void);
*/
# define EVP_R_AES_KEY_SETUP_FAILED 143
# define EVP_R_ARIA_KEY_SETUP_FAILED 176
+# define EVP_R_BAD_ALGORITHM_NAME 200
# define EVP_R_BAD_DECRYPT 100
# define EVP_R_BAD_KEY_LENGTH 195
# define EVP_R_BUFFER_TOO_SMALL 155
@@ -176,6 +177,7 @@ int ERR_load_EVP_strings(void);
# define EVP_R_CIPHER_NOT_GCM_MODE 184
# define EVP_R_CIPHER_PARAMETER_ERROR 122
# define EVP_R_COMMAND_NOT_SUPPORTED 147
+# define EVP_R_CONFLICTING_ALGORITHM_NAME 201
# define EVP_R_COPY_ERROR 173
# define EVP_R_CTRL_NOT_IMPLEMENTED 132
# define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133
diff --git a/providers/default/defltprov.c b/providers/default/defltprov.c
index bcb897ba1c..6f37f7ef6b 100644
--- a/providers/default/defltprov.c
+++ b/providers/default/defltprov.c
@@ -50,16 +50,43 @@ static int deflt_get_params(const OSSL_PROVIDER *prov,
OSSL_PARAM params[])
return 1;
}
+/*
+ * For the algorithm names, we use the following formula for our primary
+ * names:
+ *
+ * ALGNAME[VERSION?][-SUBNAME[VERSION?]?][-SIZE?][-MODE?]
+ *
+ * VERSION is only present if there are multiple versions of
+ * an alg (MD2, MD4, MD5). It may be omitted if there is only
+ * one version (if a subsequent version is released in the future,
+ * we can always change the canonical name, and add the old name
+ * as an alias).
+ *
+ * SUBNAME may be present where we are combining multiple
+ * algorithms together, e.g. MD5-SHA1.
+ *
+ * SIZE is only present if multiple versions of an algorithm exist
+ * with different sizes (e.g. AES-128-CBC, AES-256-CBC)
+ *
+ * MODE is only present where applicable.
+ *
+ * We add diverse other names where applicable, such as the names that
+ * NIST uses, or that are used for ASN.1 OBJECT IDENTIFIERs, or names
+ * we have used historically.
+ */
static const OSSL_ALGORITHM deflt_digests[] = {
- { "SHA1", "default=yes", sha1_functions },
-
- { "SHA224", "default=yes", sha224_functions },
- { "SHA256", "default=yes", sha256_functions },
- { "SHA384", "default=yes", sha384_functions },
- { "SHA512", "default=yes", sha512_functions },
- { "SHA512-224", "default=yes", sha512_224_functions },
- { "SHA512-256", "default=yes", sha512_256_functions },
+ /* Our primary name:NIST name[:our older names] */
+ { "SHA1:SHA-1", "default=yes", sha1_functions },
+ { "SHA2-224:SHA-224:SHA224", "default=yes", sha224_functions },
+ { "SHA2-256:SHA-256:SHA256", "default=yes", sha256_functions },
+ { "SHA2-384:SHA-384:SHA384", "default=yes", sha384_functions },
+ { "SHA2-512:SHA-512:SHA512", "default=yes", sha512_functions },
+ { "SHA2-512/224:SHA-512/224:SHA512-224", "default=yes",
+ sha512_224_functions },
+ { "SHA2-512/256:SHA-512/256:SHA512-256", "default=yes",
+ sha512_256_functions },
+ /* We agree with NIST here, so one name only */
{ "SHA3-224", "default=yes", sha3_224_functions },
{ "SHA3-256", "default=yes", sha3_256_functions },
{ "SHA3-384", "default=yes", sha3_384_functions },
@@ -72,12 +99,20 @@ static const OSSL_ALGORITHM deflt_digests[] = {
{ "KECCAK_KMAC128", "default=yes", keccak_kmac_128_functions },
{ "KECCAK_KMAC256", "default=yes", keccak_kmac_256_functions },
- { "SHAKE128", "default=yes", shake_128_functions },
- { "SHAKE256", "default=yes", shake_256_functions },
+ /* Our primary name:NIST name */
+ { "SHAKE-128:SHAKE128", "default=yes", shake_128_functions },
+ { "SHAKE-256:SHAKE256", "default=yes", shake_256_functions },
#ifndef OPENSSL_NO_BLAKE2
- { "BLAKE2s256", "default=yes", blake2s256_functions },
- { "BLAKE2b512", "default=yes", blake2b512_functions },
+ /*
+ * https://blake2.net/ doesn't specify size variants,
+ * but mentions that Bouncy Castle uses the names
+ * BLAKE2b-160, BLAKE2b-256, BLAKE2b-384, and BLAKE2b-512
+ * If we assume that "2b" and "2s" are versions, that pattern
+ * fits with ours. We also add our historical names.
+ */
+ { "BLAKE2s-256:BLAKE2s256", "default=yes", blake2s256_functions },
+ { "BLAKE2b-512:BLAKE2b512", "default=yes", blake2b512_functions },
#endif /* OPENSSL_NO_BLAKE2 */
#ifndef OPENSSL_NO_SM3
@@ -121,19 +156,24 @@ static const OSSL_ALGORITHM deflt_ciphers[] = {
{ "AES-192-OCB", "default=yes", aes192ocb_functions },
{ "AES-128-OCB", "default=yes", aes128ocb_functions },
#endif /* OPENSSL_NO_OCB */
-/* TODO(3.0) Add aliases when they are supported */
- { "id-aes256-GCM", "default=yes", aes256gcm_functions },
- { "id-aes192-GCM", "default=yes", aes192gcm_functions },
- { "id-aes128-GCM", "default=yes", aes128gcm_functions },
- { "id-aes256-CCM", "default=yes", aes256ccm_functions },
- { "id-aes192-CCM", "default=yes", aes192ccm_functions },
- { "id-aes128-CCM", "default=yes", aes128ccm_functions },
- { "id-aes256-wrap", "default=yes", aes256wrap_functions },
- { "id-aes192-wrap", "default=yes", aes192wrap_functions },
- { "id-aes128-wrap", "default=yes", aes128wrap_functions },
- { "id-aes256-wrap-pad", "default=yes", aes256wrappad_functions },
- { "id-aes192-wrap-pad", "default=yes", aes192wrappad_functions },
- { "id-aes128-wrap-pad", "default=yes", aes128wrappad_functions },
+ { "AES-256-GCM:id-aes256-GCM", "default=yes", aes256gcm_functions },
+ { "AES-192-GCM:id-aes192-GCM", "default=yes", aes192gcm_functions },
+ { "AES-128-GCM:id-aes128-GCM", "default=yes", aes128gcm_functions },
+ { "AES-256-CCM:id-aes256-CCM", "default=yes", aes256ccm_functions },
+ { "AES-192-CCM:id-aes192-CCM", "default=yes", aes192ccm_functions },
+ { "AES-128-CCM:id-aes128-CCM", "default=yes", aes128ccm_functions },
+ { "AES-256-WRAP:id-aes256-wrap:AES256-WRAP", "default=yes",
+ aes256wrap_functions },
+ { "AES-192-WRAP:id-aes192-wrap:AES192-WRAP", "default=yes",
+ aes192wrap_functions },
+ { "AES-128-WRAP:id-aes128-wrap:AES128-WRAP", "default=yes",
+ aes128wrap_functions },
+ { "AES-256-WRAP-PAD:id-aes256-wrap-pad:AES256-WRAP-PAD", "default=yes",
+ aes256wrappad_functions },
+ { "AES-192-WRAP-PAD:id-aes192-wrap-pad:AES192-WRAP-PAD", "default=yes",
+ aes192wrappad_functions },
+ { "AES-128-WRAP-PAD:id-aes128-wrap-pad:AES128-WRAP-PAD", "default=yes",
+ aes128wrappad_functions },
#ifndef OPENSSL_NO_ARIA
{ "ARIA-256-GCM", "default=yes", aria256gcm_functions },
{ "ARIA-192-GCM", "default=yes", aria192gcm_functions },
@@ -144,9 +184,9 @@ static const OSSL_ALGORITHM deflt_ciphers[] = {
{ "ARIA-256-ECB", "default=yes", aria256ecb_functions },
{ "ARIA-192-ECB", "default=yes", aria192ecb_functions },
{ "ARIA-128-ECB", "default=yes", aria128ecb_functions },
- { "ARIA-256-CBC", "default=yes", aria256cbc_functions },
- { "ARIA-192-CBC", "default=yes", aria192cbc_functions },
- { "ARIA-128-CBC", "default=yes", aria128cbc_functions },
+ { "ARIA-256-CBC:ARIA256", "default=yes", aria256cbc_functions },
+ { "ARIA-192-CBC:ARIA192", "default=yes", aria192cbc_functions },
+ { "ARIA-128-CBC:ARIA128", "default=yes", aria128cbc_functions },
{ "ARIA-256-OFB", "default=yes", aria256ofb_functions },
{ "ARIA-192-OFB", "default=yes", aria192ofb_functions },
{ "ARIA-128-OFB", "default=yes", aria128ofb_functions },
@@ -167,9 +207,9 @@ static const OSSL_ALGORITHM deflt_ciphers[] = {
{ "CAMELLIA-256-ECB", "default=yes", camellia256ecb_functions },
{ "CAMELLIA-192-ECB", "default=yes", camellia192ecb_functions },
{ "CAMELLIA-128-ECB", "default=yes", camellia128ecb_functions },
- { "CAMELLIA-256-CBC", "default=yes", camellia256cbc_functions },
- { "CAMELLIA-192-CBC", "default=yes", camellia192cbc_functions },
- { "CAMELLIA-128-CBC", "default=yes", camellia128cbc_functions },
+ { "CAMELLIA-256-CBC:CAMELLIA256", "default=yes", camellia256cbc_functions
},
+ { "CAMELLIA-192-CBC:CAMELLIA192", "default=yes", camellia192cbc_functions
},
+ { "CAMELLIA-128-CBC:CAMELLIA128", "default=yes", camellia128cbc_functions
},
{ "CAMELLIA-256-OFB", "default=yes", camellia256ofb_functions },
{ "CAMELLIA-192-OFB", "default=yes", camellia192ofb_functions },
{ "CAMELLIA-128-OFB", "default=yes", camellia128ofb_functions },
@@ -187,20 +227,20 @@ static const OSSL_ALGORITHM deflt_ciphers[] = {
{ "CAMELLIA-128-CTR", "default=yes", camellia128ctr_functions },
#endif /* OPENSSL_NO_CAMELLIA */
#ifndef OPENSSL_NO_DES
- { "DES-EDE3", "default=yes", tdes_ede3_ecb_functions },
- { "DES-EDE3-CBC", "default=yes", tdes_ede3_cbc_functions },
+ { "DES-EDE3-ECB:DES-EDE3", "default=yes", tdes_ede3_ecb_functions },
+ { "DES-EDE3-CBC:DES3", "default=yes", tdes_ede3_cbc_functions },
{ "DES-EDE3-OFB", "default=yes", tdes_ede3_ofb_functions },
{ "DES-EDE3-CFB", "default=yes", tdes_ede3_cfb_functions },
{ "DES-EDE3-CFB8", "default=yes", tdes_ede3_cfb8_functions },
{ "DES-EDE3-CFB1", "default=yes", tdes_ede3_cfb1_functions },
- { "DES-EDE", "default=yes", tdes_ede2_ecb_functions },
+ { "DES-EDE-ECB:DES-EDE", "default=yes", tdes_ede2_ecb_functions },
{ "DES-EDE-CBC", "default=yes", tdes_ede2_cbc_functions },
{ "DES-EDE-OFB", "default=yes", tdes_ede2_ofb_functions },
{ "DES-EDE-CFB", "default=yes", tdes_ede2_cfb_functions },
- { "DESX-CBC", "default=yes", tdes_desx_cbc_functions },
- { "id-smime-alg-CMS3DESwrap", "default=yes", tdes_wrap_cbc_functions },
+ { "DESX-CBC:DESX", "default=yes", tdes_desx_cbc_functions },
+ { "DES3-WRAP:id-smime-alg-CMS3DESwrap", "default=yes",
tdes_wrap_cbc_functions },
{ "DES-ECB", "default=yes", des_ecb_functions },
- { "DES-CBC", "default=yes", des_cbc_functions },
+ { "DES-CBC:DES", "default=yes", des_cbc_functions },
{ "DES-OFB", "default=yes", des_ofb64_functions },
{ "DES-CFB", "default=yes", des_cfb64_functions },
{ "DES-CFB1", "default=yes", des_cfb1_functions },
@@ -208,34 +248,34 @@ static const OSSL_ALGORITHM deflt_ciphers[] = {
#endif /* OPENSSL_NO_DES */
#ifndef OPENSSL_NO_BF
{ "BF-ECB", "default=yes", blowfish128ecb_functions },
- { "BF-CBC", "default=yes", blowfish128cbc_functions },
+ { "BF-CBC:BF:BLOWFISH", "default=yes", blowfish128cbc_functions },
{ "BF-OFB", "default=yes", blowfish64ofb64_functions },
{ "BF-CFB", "default=yes", blowfish64cfb64_functions },
#endif /* OPENSSL_NO_BF */
#ifndef OPENSSL_NO_IDEA
{ "IDEA-ECB", "default=yes", idea128ecb_functions },
- { "IDEA-CBC", "default=yes", idea128cbc_functions },
- { "IDEA-OFB", "default=yes", idea128ofb64_functions },
- { "IDEA-CFB", "default=yes", idea128cfb64_functions },
+ { "IDEA-CBC:IDEA", "default=yes", idea128cbc_functions },
+ { "IDEA-OFB:IDEA-OFB64", "default=yes", idea128ofb64_functions },
+ { "IDEA-CFB:IDEA-CFB64", "default=yes", idea128cfb64_functions },
#endif /* OPENSSL_NO_IDEA */
#ifndef OPENSSL_NO_CAST
{ "CAST5-ECB", "default=yes", cast5128ecb_functions },
- { "CAST5-CBC", "default=yes", cast5128cbc_functions },
+ { "CAST5-CBC:CAST-CBC:CAST", "default=yes", cast5128cbc_functions },
{ "CAST5-OFB", "default=yes", cast564ofb64_functions },
{ "CAST5-CFB", "default=yes", cast564cfb64_functions },
#endif /* OPENSSL_NO_CAST */
#ifndef OPENSSL_NO_SEED
{ "SEED-ECB", "default=yes", seed128ecb_functions },
- { "SEED-CBC", "default=yes", seed128cbc_functions },
- { "SEED-OFB", "default=yes", seed128ofb128_functions },
- { "SEED-CFB", "default=yes", seed128cfb128_functions },
+ { "SEED-CBC:SEED", "default=yes", seed128cbc_functions },
+ { "SEED-OFB:SEED-OFB128", "default=yes", seed128ofb128_functions },
+ { "SEED-CFB:SEED-CFB128", "default=yes", seed128cfb128_functions },
#endif /* OPENSSL_NO_SEED */
#ifndef OPENSSL_NO_SM4
{ "SM4-ECB", "default=yes", sm4128ecb_functions },
- { "SM4-CBC", "default=yes", sm4128cbc_functions },
+ { "SM4-CBC:SM4", "default=yes", sm4128cbc_functions },
{ "SM4-CTR", "default=yes", sm4128ctr_functions },
- { "SM4-OFB", "default=yes", sm4128ofb128_functions },
- { "SM4-CFB", "default=yes", sm4128cfb128_functions },
+ { "SM4-OFB:SM4-OFB128", "default=yes", sm4128ofb128_functions },
+ { "SM4-CFB:SM4-CFB128", "default=yes", sm4128cfb128_functions },
#endif /* OPENSSL_NO_SM4 */
#ifndef OPENSSL_NO_RC4
{ "RC4", "default=yes", rc4128_functions },
@@ -252,8 +292,8 @@ static const OSSL_ALGORITHM deflt_ciphers[] = {
static const OSSL_ALGORITHM deflt_macs[] = {
#ifndef OPENSSL_NO_BLAKE2
- { "BLAKE2BMAC", "default=yes", blake2bmac_functions },
- { "BLAKE2SMAC", "default=yes", blake2smac_functions },
+ { "BLAKE2bMAC", "default=yes", blake2bmac_functions },
+ { "BLAKE2sMAC", "default=yes", blake2smac_functions },
#endif
#ifndef OPENSSL_NO_CMAC
{ "CMAC", "default=yes", cmac_functions },
@@ -283,21 +323,21 @@ static const OSSL_ALGORITHM deflt_kdfs[] = {
{ OSSL_KDF_NAME_X942KDF, "default=yes", kdf_x942_kdf_functions },
#endif
#ifndef OPENSSL_NO_SCRYPT
- { OSSL_KDF_NAME_SCRYPT, "default=yes", kdf_scrypt_functions },
+ { "SCRYPT:id-scrypt", "default=yes", kdf_scrypt_functions },
#endif
{ NULL, NULL, NULL }
};
static const OSSL_ALGORITHM deflt_keyexch[] = {
#ifndef OPENSSL_NO_DH
- { "dhKeyAgreement", "default=yes", dh_keyexch_functions },
+ { "DH:dhKeyAgreement", "default=yes", dh_keyexch_functions },
#endif
{ NULL, NULL, NULL }
};
static const OSSL_ALGORITHM deflt_signature[] = {
#ifndef OPENSSL_NO_DSA
- { "DSA", "default=yes", dsa_signature_functions },
+ { "DSA:dsaEncryption", "default=yes", dsa_signature_functions },
#endif
{ NULL, NULL, NULL }
};
@@ -305,7 +345,7 @@ static const OSSL_ALGORITHM deflt_signature[] = {
static const OSSL_ALGORITHM deflt_keymgmt[] = {
#ifndef OPENSSL_NO_DH
- { "dhKeyAgreement", "default=yes", dh_keymgmt_functions },
+ { "DH", "default=yes", dh_keymgmt_functions },
#endif
#ifndef OPENSSL_NO_DSA
{ "DSA", "default=yes", dsa_keymgmt_functions },
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index 166d02496e..8464fe135c 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -227,19 +227,19 @@ const char *ossl_prov_util_nid_to_name(int nid)
switch (nid) {
/* Digests */
case NID_sha1:
- return "SHA224";
+ return "SHA1";
case NID_sha224:
- return "SHA224";
+ return "SHA-224";
case NID_sha256:
- return "SHA256";
+ return "SHA-256";
case NID_sha384:
- return "SHA384";
+ return "SHA-384";
case NID_sha512:
- return "SHA512";
+ return "SHA-512";
case NID_sha512_224:
- return "SHA512-224";
+ return "SHA-512/224";
case NID_sha512_256:
- return "SHA512-256";
+ return "SHA-512/256";
case NID_sha3_224:
return "SHA3-224";
case NID_sha3_256:
@@ -272,31 +272,30 @@ const char *ossl_prov_util_nid_to_name(int nid)
return "AES-256-XTS";
case NID_aes_128_xts:
return "AES-128-XTS";
- /* TODO(3.0) Change these when we have aliases */
case NID_aes_256_gcm:
- return "id-aes256-GCM";
+ return "AES-256-GCM";
case NID_aes_192_gcm:
- return "id-aes192-GCM";
+ return "AES-192-GCM";
case NID_aes_128_gcm:
- return "id-aes128-GCM";
+ return "AES-128-GCM";
case NID_aes_256_ccm:
- return "id-aes256-CCM";
+ return "AES-256-CCM";
case NID_aes_192_ccm:
- return "id-aes192-CCM";
+ return "AES-192-CCM";
case NID_aes_128_ccm:
- return "id-aes128-CCM";
+ return "AES-128-CCM";
case NID_id_aes256_wrap:
- return "id-aes256-wrap";
+ return "AES-256-WRAP";
case NID_id_aes192_wrap:
- return "id-aes192-wrap";
+ return "AES-192-WRAP";
case NID_id_aes128_wrap:
- return "id-aes128-wrap";
+ return "AES-128-WRAP";
case NID_id_aes256_wrap_pad:
- return "id-aes256-wrap-pad";
+ return "AES-256-WRAP-PAD";
case NID_id_aes192_wrap_pad:
- return "id-aes192-wrap-pad";
+ return "AES-192-WRAP-PAD";
case NID_id_aes128_wrap_pad:
- return "id-aes128-wrap-pad";
+ return "AES-128-WRAP-PAD";
case NID_des_ede3_ecb:
return "DES-EDE3";
case NID_des_ede3_cbc:
@@ -308,14 +307,43 @@ const char *ossl_prov_util_nid_to_name(int nid)
return NULL;
}
+/*
+ * For the algorithm names, we use the following formula for our primary
+ * names:
+ *
+ * ALGNAME[VERSION?][-SUBNAME[VERSION?]?][-SIZE?][-MODE?]
+ *
+ * VERSION is only present if there are multiple versions of
+ * an alg (MD2, MD4, MD5). It may be omitted if there is only
+ * one version (if a subsequent version is released in the future,
+ * we can always change the canonical name, and add the old name
+ * as an alias).
+ *
+ * SUBNAME may be present where we are combining multiple
+ * algorithms together, e.g. MD5-SHA1.
+ *
+ * SIZE is only present if multiple versions of an algorithm exist
+ * with different sizes (e.g. AES-128-CBC, AES-256-CBC)
+ *
+ * MODE is only present where applicable.
+ *
+ * We add diverse other names where applicable, such as the names that
+ * NIST uses, or that are used for ASN.1 OBJECT IDENTIFIERs, or names
+ * we have used historically.
+ */
static const OSSL_ALGORITHM fips_digests[] = {
- { "SHA1", "fips=yes", sha1_functions },
- { "SHA224", "fips=yes", sha224_functions },
- { "SHA256", "fips=yes", sha256_functions },
- { "SHA384", "fips=yes", sha384_functions },
- { "SHA512", "fips=yes", sha512_functions },
- { "SHA512-224", "fips=yes", sha512_224_functions },
- { "SHA512-256", "fips=yes", sha512_256_functions },
+ /* Our primary name:NiST name[:our older names] */
+ { "SHA1:SHA-1", "fips=yes", sha1_functions },
+ { "SHA2-224:SHA-224:SHA224", "fips=yes", sha224_functions },
+ { "SHA2-256:SHA-256:SHA256", "fips=yes", sha256_functions },
+ { "SHA2-384:SHA-384:SHA384", "fips=yes", sha384_functions },
+ { "SHA2-512:SHA-512:SHA512", "fips=yes", sha512_functions },
+ { "SHA2-512/224:SHA-512/224:SHA512-224", "fips=yes",
+ sha512_224_functions },
+ { "SHA2-512/256:SHA-512/256:SHA512-256", "fips=yes",
+ sha512_256_functions },
+
+ /* We agree with NIST here, so one name only */
{ "SHA3-224", "fips=yes", sha3_224_functions },
{ "SHA3-256", "fips=yes", sha3_256_functions },
{ "SHA3-384", "fips=yes", sha3_384_functions },
@@ -331,6 +359,7 @@ static const OSSL_ALGORITHM fips_digests[] = {
};
static const OSSL_ALGORITHM fips_ciphers[] = {
+ /* Our primary name[:ASN.1 OID name][:our older names] */
{ "AES-256-ECB", "fips=yes", aes256ecb_functions },
{ "AES-192-ECB", "fips=yes", aes192ecb_functions },
{ "AES-128-ECB", "fips=yes", aes128ecb_functions },
@@ -342,22 +371,27 @@ static const OSSL_ALGORITHM fips_ciphers[] = {
{ "AES-128-CTR", "fips=yes", aes128ctr_functions },
{ "AES-256-XTS", "fips=yes", aes256xts_functions },
{ "AES-128-XTS", "fips=yes", aes128xts_functions },
- /* TODO(3.0) Add aliases for these ciphers */
- { "id-aes256-GCM", "fips=yes", aes256gcm_functions },
- { "id-aes192-GCM", "fips=yes", aes192gcm_functions },
- { "id-aes128-GCM", "fips=yes", aes128gcm_functions },
- { "id-aes256-CCM", "fips=yes", aes256ccm_functions },
- { "id-aes192-CCM", "fips=yes", aes192ccm_functions },
- { "id-aes128-CCM", "fips=yes", aes128ccm_functions },
- { "id-aes256-wrap", "fips=yes", aes256wrap_functions },
- { "id-aes192-wrap", "fips=yes", aes192wrap_functions },
- { "id-aes128-wrap", "fips=yes", aes128wrap_functions },
- { "id-aes256-wrap-pad", "fips=yes", aes256wrappad_functions },
- { "id-aes192-wrap-pad", "fips=yes", aes192wrappad_functions },
- { "id-aes128-wrap-pad", "fips=yes", aes128wrappad_functions },
+ { "AES-256-GCM:id-aes256-GCM", "fips=yes", aes256gcm_functions },
+ { "AES-192-GCM:id-aes192-GCM", "fips=yes", aes192gcm_functions },
+ { "AES-128-GCM:id-aes128-GCM", "fips=yes", aes128gcm_functions },
+ { "AES-256-CCM:id-aes256-CCM", "fips=yes", aes256ccm_functions },
+ { "AES-192-CCM:id-aes192-CCM", "fips=yes", aes192ccm_functions },
+ { "AES-128-CCM:id-aes128-CCM", "fips=yes", aes128ccm_functions },
+ { "AES-256-WRAP:id-aes256-wrap:AES256-WRAP", "fips=yes",
+ aes256wrap_functions },
+ { "AES-192-WRAP:id-aes192-wrap:AES192-WRAP", "fips=yes",
+ aes192wrap_functions },
+ { "AES-128-WRAP:id-aes128-wrap:AES128-WRAP", "fips=yes",
+ aes128wrap_functions },
+ { "AES-256-WRAP-PAD:id-aes256-wrap-pad:AES256-WRAP-PAD", "fips=yes",
+ aes256wrappad_functions },
+ { "AES-192-WRAP-PAD:id-aes192-wrap-pad:AES192-WRAP-PAD", "fips=yes",
+ aes192wrappad_functions },
+ { "AES-128-WRAP-PAD:id-aes128-wrap-pad:AES128-WRAP-PAD", "fips=yes",
+ aes128wrappad_functions },
#ifndef OPENSSL_NO_DES
- { "DES-EDE3", "fips=yes", tdes_ede3_ecb_functions },
- { "DES-EDE3-CBC", "fips=yes", tdes_ede3_cbc_functions },
+ { "DES-EDE3-ECB:DES-EDE3", "fips=yes", tdes_ede3_ecb_functions },
+ { "DES-EDE3-CBC:DES3", "fips=yes", tdes_ede3_cbc_functions },
#endif /* OPENSSL_NO_DES */
{ NULL, NULL, NULL }
};
@@ -379,7 +413,7 @@ static const OSSL_ALGORITHM fips_kdfs[] = {
{ OSSL_KDF_NAME_PBKDF2, "fips=yes", kdf_pbkdf2_functions },
{ OSSL_KDF_NAME_TLS1_PRF, "fips=yes", kdf_tls1_prf_functions },
{ OSSL_KDF_NAME_KBKDF, "fips=yes", kdf_kbkdf_functions },
- { NULL, NULL, NULL }
+ { NULL, NULL, NULL }
};
static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov,
diff --git a/providers/legacy/legacyprov.c b/providers/legacy/legacyprov.c
index 89587d632c..1e0c315629 100644
--- a/providers/legacy/legacyprov.c
+++ b/providers/legacy/legacyprov.c
@@ -72,7 +72,7 @@ static const OSSL_ALGORITHM legacy_digests[] = {
#endif /* OPENSSL_NO_WHIRLPOOL */
#ifndef OPENSSL_NO_RMD160
- { "RIPEMD160", "legacy=yes", ripemd160_functions },
+ { "RIPEMD160:RIPEMD:RMD160", "legacy=yes", ripemd160_functions },
#endif /* OPENSSL_NO_RMD160 */
{ NULL, NULL, NULL }
