From d250d169e87168903a543248d0bfd6c37f2f6841 Mon Sep 17 00:00:00 2001
From: Christian Heimes <christian@python.org>
Date: Tue, 22 Feb 2022 00:37:32 +0200
Subject: [PATCH 1/5] Block TripleDES in FIPS mode (#6879)

* Block TripleDES in FIPS mode

NIST SP-800-131A rev 2 lists TripleDES Encryption as disallowed in FIPS 140-3
decryption as legacy use. Three-key TDEA is listed as deprecated
throughout 2023 and disallowed after 2023.

For simplicity we block all use of TripleDES in FIPS mode.

Fixes: #6875
Signed-off-by: Christian Heimes <christian@python.org>

* Fix flake
---
 src/cryptography/hazmat/backends/openssl/backend.py | 13 ++++++-------
 tests/hazmat/primitives/utils.py                    |  4 ++++
 2 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 736452392..f38269e26 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -134,7 +134,9 @@ class Backend(BackendInterface):
         b"aes-192-gcm",
         b"aes-256-gcm",
     }
-    _fips_ciphers = (AES, TripleDES)
+    # TripleDES encryption is disallowed/deprecated throughout 2023 in
+    # FIPS 140-3. To keep it simple we denylist any use of TripleDES (TDEA).
+    _fips_ciphers = (AES,)
     # Sometimes SHA1 is still permissible. That logic is contained
     # within the various *_supported methods.
     _fips_hashes = (
@@ -323,12 +325,9 @@ class Backend(BackendInterface):
 
     def cipher_supported(self, cipher, mode):
         if self._fips_enabled:
-            # FIPS mode requires AES or TripleDES, but only CBC/ECB allowed
-            # in TripleDES mode.
-            if not isinstance(cipher, self._fips_ciphers) or (
-                isinstance(cipher, TripleDES)
-                and not isinstance(mode, (CBC, ECB))
-            ):
+            # FIPS mode requires AES. TripleDES is disallowed/deprecated in
+            # FIPS 140-3.
+            if not isinstance(cipher, self._fips_ciphers):
                 return False
 
         try:
diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py
index 93f117828..a367343ca 100644
--- a/tests/hazmat/primitives/utils.py
+++ b/tests/hazmat/primitives/utils.py
@@ -469,6 +469,10 @@ def _kbkdf_cmac_counter_mode_test(backend, prf, ctr_loc, params):
     algorithm = supported_cipher_algorithms.get(prf)
     assert algorithm is not None
 
+    # TripleDES is disallowed in FIPS mode.
+    if backend._fips_enabled and algorithm is algorithms.TripleDES:
+        pytest.skip("TripleDES is not supported in FIPS mode.")
+
     ctrkdf = KBKDFCMAC(
         algorithm,
         Mode.CounterMode,
-- 
2.35.1