rpms / libreswan

Clone
Source Code
GIT

Files

  1.   181bb5433db5c0923e8ba3fb620bcf9ef4761160
  2.   SOURCES
  3.   libreswan-3.12-1203794-fipstest.patch
Blob Blame History Raw 
diff -Naur libreswan-3.12-orig/programs/pluto/ike_alg_aes.c libreswan-3.12/programs/pluto/ike_alg_aes.c
--- libreswan-3.12-orig/programs/pluto/ike_alg_aes.c	2015-04-12 16:52:11.748913102 -0400
+++ libreswan-3.12/programs/pluto/ike_alg_aes.c	2015-04-12 20:19:08.330821771 -0400
@@ -410,20 +410,24 @@
 
 void ike_alg_aes_init(void)
 {
-	if (!test_aes_cbc(&algo_aes_cbc)) {
+	bool fips = libreswan_fipsmode();
+	if (!fips && !test_aes_cbc(&algo_aes_cbc)) {
 		loglog(RC_LOG_SERIOUS, "CKM_AES_CBC: test failure");
+		exit_pluto(6);
 	}
 	if (ike_alg_register_enc(&algo_aes_cbc) != 1)
 		loglog(RC_LOG_SERIOUS, "Warning: failed to register algo_aes_cbc for IKE");
 
-	if (!test_aes_ctr(&algo_aes_ctr)) {
+	if (!fips && !test_aes_ctr(&algo_aes_ctr)) {
 		loglog(RC_LOG_SERIOUS, "CKM_AES_CTR: test failure");
+		exit_pluto(6);
 	}
 	if (ike_alg_register_enc(&algo_aes_ctr) != 1)
 		loglog(RC_LOG_SERIOUS, "Warning: failed to register algo_aes_ctr for IKE");
 
-	if (!test_aes_gcm()) {
+	if (!fips && !test_aes_gcm()) {
 		loglog(RC_LOG_SERIOUS, "CKM_AES_GCM: test failure");
+		exit_pluto(6);
 	}
 	if (ike_alg_register_enc(&algo_aes_gcm_8) != 1)
 		loglog(RC_LOG_SERIOUS, "Warning: failed to register algo_aes_gcm_8 for IKE");
diff -Naur libreswan-3.12-orig/programs/pluto/ike_alg_camellia.c libreswan-3.12/programs/pluto/ike_alg_camellia.c
--- libreswan-3.12-orig/programs/pluto/ike_alg_camellia.c	2015-04-12 16:52:11.705911919 -0400
+++ libreswan-3.12/programs/pluto/ike_alg_camellia.c	2015-04-12 17:41:22.863365586 -0400
@@ -94,11 +94,20 @@
 
 void ike_alg_camellia_init(void)
 {
-	test_camellia_cbc(&algo_camellia_cbc);
+#ifdef FIPS_CHECK
+	bool fips = libreswan_fipsmode();
+#else
+	bool fips = FALSE;
+#endif
+
+	if (!fips && !test_camellia_cbc(&algo_camellia_cbc)) {
+		loglog(RC_LOG_SERIOUS, "CKM_CAMELLIA_CBC: test failure");
+		exit_pluto(6);
+	}
+
 	if (ike_alg_register_enc(&algo_camellia_cbc) != 1)
 		loglog(RC_LOG_SERIOUS, "Warning: failed to register algo_camellia_cbc for IKE");
 
-	// test_camellia_ctr(&algo_camellia_ctr);
 	if (ike_alg_register_enc(&algo_camellia_ctr) != 1)
 		loglog(RC_LOG_SERIOUS, "Warning: failed to register algo_camellia_ctr for IKE");
 }

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation