From 7043fa702fa102a45b102e11990b650360c35503 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 19 May 2011 18:22:16 +0000 Subject: [PATCH] add FIPS support to ssl: doesn't do anything on this branch yet as there is no FIPS compilation support --- CHANGES | 4 ++++ ssl/s23_clnt.c | 16 ++++++++++++++++ ssl/s23_srvr.c | 12 ++++++++++++ ssl/s3_clnt.c | 5 +++++ ssl/s3_enc.c | 9 +++++++++ ssl/s3_srvr.c | 2 ++ ssl/ssl_ciph.c | 7 +++++++ ssl/ssl_lib.c | 8 ++++++++ ssl/ssltest.c | 31 ++++++++++++++++++++++++++++++- ssl/t1_enc.c | 2 ++ 10 files changed, 95 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index e9b946c35..9f37b80aa 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,10 @@ Changes between 1.0.0d and 1.0.1 [xx XXX xxxx] + *) Add support for FIPS mode in ssl library: disable SSLv3, non-FIPS ciphers + and enable MD5. + [Steve Henson] + *) Functions FIPS_mode_set() and FIPS_mode() which call the underlying FIPS modules versions. [Steve Henson] diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index f49a95ba9..b3c48232d 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -356,6 +356,14 @@ static int ssl23_client_hello(SSL *s) version_major = TLS1_VERSION_MAJOR; version_minor = TLS1_VERSION_MINOR; } +#ifdef OPENSSL_FIPS + else if(FIPS_mode()) + { + SSLerr(SSL_F_SSL23_CLIENT_HELLO, + SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); + return -1; + } +#endif else if (version == SSL3_VERSION) { version_major = SSL3_VERSION_MAJOR; @@ -639,6 +647,14 @@ static int ssl23_get_server_hello(SSL *s) if ((p[2] == SSL3_VERSION_MINOR) && !(s->options & SSL_OP_NO_SSLv3)) { +#ifdef OPENSSL_FIPS + if(FIPS_mode()) + { + SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, + SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); + goto err; + } +#endif s->version=SSL3_VERSION; s->method=SSLv3_client_method(); } diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index b21c57a11..487784901 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -115,6 +115,9 @@ #include #include #include +#ifdef OPENSSL_FIPS +#include +#endif static const SSL_METHOD *ssl23_get_server_method(int ver); int ssl23_get_client_hello(SSL *s); @@ -422,6 +425,15 @@ int ssl23_get_client_hello(SSL *s) } } +#ifdef OPENSSL_FIPS + if (FIPS_mode() && (s->version < TLS1_VERSION)) + { + SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, + SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); + goto err; + } +#endif + if (s->state == SSL23_ST_SR_CLNT_HELLO_B) { /* we have SSLv3/TLSv1 in an SSLv2 header diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index e7dea7d72..fd131a6df 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -156,6 +156,9 @@ #include #include #include +#ifdef OPENSSL_FIPS +#include +#endif #ifndef OPENSSL_NO_DH #include #endif @@ -1691,6 +1694,8 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md)); q=md_buf; for (num=2; num > 0; num--) { + EVP_MD_CTX_set_flags(&md_ctx, + EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); EVP_DigestInit_ex(&md_ctx,(num == 2) ?s->ctx->md5:s->ctx->sha1, NULL); EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index ac5ae40a7..9f5574a01 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -170,6 +170,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) #endif k=0; EVP_MD_CTX_init(&m5); + EVP_MD_CTX_set_flags(&m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); EVP_MD_CTX_init(&s1); for (i=0; (int)is3->handshake_dgst[i]=EVP_MD_CTX_create(); EVP_DigestInit_ex(s->s3->handshake_dgst[i],md,NULL); +#ifdef OPENSSL_FIPS + if (EVP_MD_nid(md) == NID_md5) + { + EVP_MD_CTX_set_flags(s->s3->handshake_dgst[i], + EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + } +#endif EVP_DigestUpdate(s->s3->handshake_dgst[i],hdata,hdatalen); } else @@ -669,6 +677,7 @@ static int ssl3_handshake_mac(SSL *s, int md_nid, return 0; } EVP_MD_CTX_init(&ctx); + EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); EVP_MD_CTX_copy_ex(&ctx,d); n=EVP_MD_CTX_size(&ctx); if (n < 0) diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 6300d5027..9dc2a3875 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1855,6 +1855,8 @@ int ssl3_send_server_key_exchange(SSL *s) { EVP_DigestInit_ex(&md_ctx,(num == 2) ?s->ctx->md5:s->ctx->sha1, NULL); + EVP_MD_CTX_set_flags(&md_ctx, + EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx,&(d[4]),n); diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 38d59774e..87a9f68ce 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -740,6 +740,9 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, c = ssl_method->get_cipher(i); /* drop those that use any of that is not available */ if ((c != NULL) && c->valid && +#ifdef OPENSSL_FIPS + (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) && +#endif !(c->algorithm_mkey & disabled_mkey) && !(c->algorithm_auth & disabled_auth) && !(c->algorithm_enc & disabled_enc) && @@ -1439,7 +1442,11 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, */ for (curr = head; curr != NULL; curr = curr->next) { +#ifdef OPENSSL_FIPS + if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) +#else if (curr->active) +#endif { sk_SSL_CIPHER_push(cipherstack, curr->cipher); #ifdef CIPHER_DEBUG diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 1c3e9454d..b21b42927 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1532,6 +1532,14 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) return(NULL); } +#ifdef OPENSSL_FIPS + if (FIPS_mode() && (meth->version < TLS1_VERSION)) + { + SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); + return NULL; + } +#endif + if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 994522eff..582b9ca16 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -320,6 +320,9 @@ static void sv_usage(void) { fprintf(stderr,"usage: ssltest [args ...]\n"); fprintf(stderr,"\n"); +#ifdef OPENSSL_FIPS + fprintf(stderr,"-F - run test in FIPS mode\n"); +#endif fprintf(stderr," -server_auth - check server certificate\n"); fprintf(stderr," -client_auth - do client authentication\n"); fprintf(stderr," -proxy - allow proxy certificates\n"); @@ -550,6 +553,9 @@ int main(int argc, char *argv[]) #endif STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; int test_cipherlist = 0; +#ifdef OPENSSL_FIPS + int fips_mode=0; +#endif verbose = 0; debug = 0; @@ -581,7 +587,16 @@ int main(int argc, char *argv[]) while (argc >= 1) { - if (strcmp(*argv,"-server_auth") == 0) + if(!strcmp(*argv,"-F")) + { +#ifdef OPENSSL_FIPS + fips_mode=1; +#else + fprintf(stderr,"not compiled with FIPS support, so exitting without running.\n"); + EXIT(0); +#endif + } + else if (strcmp(*argv,"-server_auth") == 0) server_auth=1; else if (strcmp(*argv,"-client_auth") == 0) client_auth=1; @@ -791,6 +806,20 @@ bad: EXIT(1); } +#ifdef OPENSSL_FIPS + if(fips_mode) + { + if(!FIPS_mode_set(1)) + { + ERR_load_crypto_strings(); + ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); + EXIT(1); + } + else + fprintf(stderr,"*** IN FIPS MODE ***\n"); + } +#endif + if (print_time) { if (!bio_pair) diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index c60bccd2c..36128dcf6 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -171,6 +171,8 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec, EVP_MD_CTX_init(&ctx); EVP_MD_CTX_init(&ctx_tmp); + EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + EVP_MD_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len); if (!mac_key) goto err;