Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:PerryWerneck
est
fips_not_available.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File fips_not_available.patch of Package est
diff -Naur a/example/client/estclient.c b/example/client/estclient.c --- a/example/client/estclient.c 2024-09-19 16:04:24.682309317 -0300 +++ b/example/client/estclient.c 2024-09-19 16:05:58.169867676 -0300 @@ -1105,7 +1105,6 @@ #else THREAD_CTX *tctx; #endif - int set_fips_return = 0; char file_name[MAX_FILENAME_LEN]; BIO *certin; static struct option long_options[] = { @@ -1280,17 +1279,11 @@ est_port = atoi(optarg); break; case 'f': - /* Turn FIPS on if requested and exit if failure */ - set_fips_return = EVP_default_properties_enable_fips(NULL, 1); - if (!set_fips_return) { - printf("\nERROR setting FIPS MODE ON ...\n"); - ERR_load_crypto_strings(); - ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); - exit(1); - } else { - printf("\nRunning EST Sample Client with FIPS MODE = ON\n"); - }; - break; + /* FIPS is not available, exit with failure */ + printf("\nERROR setting FIPS MODE ON: FIPS is not available ...\n"); + ERR_load_crypto_strings(); + ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); + exit(1); case 't': num_threads = atoi(optarg); if (num_threads > MAX_THREADS) { diff -Naur a/example/proxy/estproxy.c b/example/proxy/estproxy.c --- a/example/proxy/estproxy.c 2024-09-19 16:04:24.682309317 -0300 +++ b/example/proxy/estproxy.c 2024-09-19 16:20:56.737416880 -0300 @@ -87,8 +87,6 @@ static int set_enhcd_cert_truststore = 0; static int set_cert_auth_mfg_nid = 0; static int set_path_seg = 0; -static int set_fips_return = 0; -static unsigned long set_fips_error = 0; static int server_set = 0; static int read_timeout = EST_SSL_READ_TIMEOUT_DEF; static int perf_timers_on = 0; @@ -591,18 +589,8 @@ listen_port = atoi(optarg); break; case 'f': - /* - * Turn FIPS on if user requested it and exit if failure - */ - set_fips_return = EVP_default_properties_enable_fips(NULL, 1); - if (set_fips_return != 1) { - set_fips_error = ERR_get_error(); - printf("\nERROR WHILE SETTING FIPS MODE ON exiting ....\n"); - exit(1); - } else { - printf("\nRunning EST Sample Proxy with FIPS MODE = ON !\n"); - } - break; + printf("\nERROR WHILE SETTING UNAVAILABLE FIPS MODE ON exiting ....\n"); + exit(1); default: show_usage_and_exit(); break; diff -Naur a/example/server/estserver.c b/example/server/estserver.c --- a/example/server/estserver.c 2024-09-19 16:04:24.682309317 -0300 +++ b/example/server/estserver.c 2024-09-19 16:19:07.483141432 -0300 @@ -102,8 +102,6 @@ static int set_cert_auth_mfg_name = 0; static int set_enhcd_cert_truststore = 0; static int set_cert_auth_mfg_nid = 0; -static int set_fips_return = 0; -static unsigned long set_fips_error = 0; static int test_app_data = 0xDEADBEEF; static char priv_key_pwd[MAX_PWD_LEN]; #if ENABLE_BRSKI @@ -2283,19 +2281,8 @@ strncpy(realm, optarg, MAX_REALM_LEN); break; case 'f': - /* turn FIPS on if user requested it - * and exit if failure. - */ - set_fips_return = EVP_default_properties_enable_fips(NULL, 1); - if (set_fips_return != 1) { - set_fips_error = ERR_get_error(); - printf("\nERROR WHILE SETTING FIPS MODE ON exiting ....\n"); - exit(1); - } else { - printf("\nRunning EST Sample Server with FIPS MODE = ON !\n"); - } - ; - break; + printf("\nERROR WHILE SETTING UNAVAILABLE FIPS MODE ON exiting ....\n"); + exit(1); default: show_usage_and_exit(); break; diff -Naur a/src/est/est_client.c b/src/est/est_client.c --- a/src/est/est_client.c 2024-09-19 16:04:24.668975856 -0300 +++ b/src/est/est_client.c 2024-09-19 16:15:43.978053246 -0300 @@ -3179,16 +3179,6 @@ ctx->auth_mode == AUTH_BASIC || ctx->auth_mode == AUTH_TOKEN)) { - /* - * HTTPS digest mode requires the use of MD5. Make sure we're not - * in FIPS mode and can use MD5 - */ - if (ctx->auth_mode == AUTH_DIGEST && (EVP_default_properties_is_fips_enabled(NULL))){ - EST_LOG_ERR("HTTP digest auth not allowed while in FIPS mode"); - rv = EST_ERR_BAD_MODE; - goto err; - } - /* Try one more time if we're doing HTTP auth */ EST_LOG_INFO("HTTP Auth failed, trying again with HTTP Auth credentials"); rv = est_client_connect(ctx, &ssl); @@ -3590,16 +3580,6 @@ ctx->auth_mode == AUTH_BASIC || ctx->auth_mode == AUTH_TOKEN)) { - /* - * HTTPS digest mode requires the use of MD5. Make sure we're not - * in FIPS mode and can use MD5 - */ - if (ctx->auth_mode == AUTH_DIGEST && (EVP_default_properties_is_fips_enabled(NULL))){ - EST_LOG_ERR("HTTP digest auth not allowed while in FIPS mode"); - rv = EST_ERR_BAD_MODE; - goto err; - } - /* Try one more time if we're doing Digest auth */ EST_LOG_INFO("HTTP Auth failed, trying again with HTTP Auth credentials"); rv = est_client_connect(ctx, &ssl); @@ -3676,16 +3656,6 @@ ctx->auth_mode == AUTH_BASIC || ctx->auth_mode == AUTH_TOKEN)) { - /* - * HTTPS digest mode requires the use of MD5. Make sure we're not - * in FIPS mode and can use MD5 - */ - if (ctx->auth_mode == AUTH_DIGEST && (EVP_default_properties_is_fips_enabled(NULL))){ - EST_LOG_ERR("HTTP digest auth not allowed while in FIPS mode"); - rv = EST_ERR_BAD_MODE; - goto err; - } - /* Try one more time if we're doing Digest auth */ EST_LOG_INFO("HTTP Auth failed, trying again with HTTP Auth credentials"); rv = est_client_connect(ctx, &ssl); @@ -5868,16 +5838,6 @@ ctx->auth_mode == AUTH_BASIC || ctx->auth_mode == AUTH_TOKEN)) { - /* - * HTTPS digest mode requires the use of MD5. Make sure we're not - * in FIPS mode and can use MD5 - */ - if (ctx->auth_mode == AUTH_DIGEST && (EVP_default_properties_is_fips_enabled(NULL))){ - EST_LOG_ERR("HTTP digest auth not allowed while in FIPS mode"); - rv = EST_ERR_BAD_MODE; - goto err; - } - /* Try one more time if we're doing Digest auth */ EST_LOG_INFO("HTTP Auth failed, trying again with HTTP Auth credentials"); rv = est_client_connect(ctx, &ssl); @@ -6362,16 +6322,6 @@ ctx->auth_mode == AUTH_BASIC || ctx->auth_mode == AUTH_TOKEN)) { - /* - * HTTPS digest mode requires the use of MD5. Make sure we're not - * in FIPS mode and can use MD5 - */ - if (ctx->auth_mode == AUTH_DIGEST && (EVP_default_properties_is_fips_enabled(NULL))){ - EST_LOG_ERR("HTTP digest auth not allowed while in FIPS mode"); - rv = EST_ERR_BAD_MODE; - goto err; - } - /* Try one more time if we're doing Digest auth */ EST_LOG_INFO("HTTP Auth failed, trying again with HTTP Auth credentials"); rv = est_client_connect(ctx, &ssl); @@ -6531,16 +6481,6 @@ ctx->auth_mode == AUTH_BASIC || ctx->auth_mode == AUTH_TOKEN)) { - /* - * HTTPS digest mode requires the use of MD5. Make sure we're not - * in FIPS mode and can use MD5 - */ - if (ctx->auth_mode == AUTH_DIGEST && (EVP_default_properties_is_fips_enabled(NULL))){ - EST_LOG_ERR("HTTP digest auth not allowed while in FIPS mode"); - rv = EST_ERR_BAD_MODE; - goto err; - } - /* Try one more time if we're doing Digest auth */ EST_LOG_INFO("HTTP Auth failed, trying again with HTTP Auth credentials"); rv = est_client_connect(ctx, &ssl); diff -Naur a/src/est/est_server.c b/src/est/est_server.c --- a/src/est/est_server.c 2024-09-19 16:04:24.668975856 -0300 +++ b/src/est/est_server.c 2024-09-19 16:16:25.315076368 -0300 @@ -3353,14 +3353,6 @@ switch (amode) { case AUTH_DIGEST: - /* - * Since HTTP digest auth uses MD5, make sure we're not in FIPS mode. - */ - if (EVP_default_properties_is_fips_enabled(NULL)) { - EST_LOG_ERR("HTTP digest auth not allowed while in FIPS mode"); - return (EST_ERR_BAD_MODE); - } - /* fallthrough */ case AUTH_BASIC: case AUTH_TOKEN: ctx->auth_mode = amode;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
