Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Please login to access the resource
SUSE:SLE-12:Update
strongswan
strongswan_fipscheck.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File strongswan_fipscheck.patch of Package strongswan
--- src/ipsec/_ipsec.in +++ src/ipsec/_ipsec.in 2014/11/07 11:28:25 @@ -44,6 +44,26 @@ export IPSEC_DIR IPSEC_BINDIR IPSEC_SBIN IPSEC_DISTRO="Institute for Internet Technologies and Applications\nUniversity of Applied Sciences Rapperswil, Switzerland" +fipscheck() +{ + # when fips operation mode is not enabled, just report OK + read 2>/dev/null fips_enabled < /proc/sys/crypto/fips_enabled + test "X$fips_enabled" = "X1" || return 0 + + # complain when _fipscheck is missed + test -x "$IPSEC_DIR/_fipscheck" || { + echo "ipsec: please install strongswan-hmac package required in fips mode" >&2 + return 4 + } + + # now execute it + $IPSEC_DIR/_fipscheck || { + rc=$? + echo "ipsec: strongSwan fips file integrity check failed" >&2 + return $rc + } +} + case "$1" in '') echo "Usage: $IPSEC_SCRIPT command argument ..." @@ -166,6 +186,7 @@ rereadall|purgeocsp|listcounters|resetco shift if [ -e $IPSEC_CHARON_PID ] then + fipscheck || exit $? $IPSEC_STROKE "$op" "$@" rc="$?" fi @@ -175,6 +196,7 @@ purgeike|purgecrls|purgecerts) rc=7 if [ -e $IPSEC_CHARON_PID ] then + fipscheck || exit $? $IPSEC_STROKE "$1" rc="$?" fi @@ -208,6 +230,7 @@ route|unroute) fi if [ -e $IPSEC_CHARON_PID ] then + fipscheck || exit $? $IPSEC_STROKE "$op" "$1" rc="$?" fi @@ -217,6 +240,7 @@ secrets) rc=7 if [ -e $IPSEC_CHARON_PID ] then + fipscheck || exit $? $IPSEC_STROKE rereadsecrets rc="$?" fi @@ -224,6 +248,7 @@ secrets) ;; start) shift + fipscheck || exit $? if [ -d /var/lock/subsys ]; then touch /var/lock/subsys/ipsec fi @@ -297,6 +322,7 @@ up) rc=7 if [ -e $IPSEC_CHARON_PID ] then + fipscheck || exit $? $IPSEC_STROKE up "$1" rc="$?" fi @@ -332,6 +358,11 @@ esac cmd="$1" shift +case $cmd in +_fipscheck|_copyright|pki) ;; +*) fipscheck || exit $? ;; +esac + path="$IPSEC_DIR/$cmd" if [ ! -x "$path" ]
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor