generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Make TLSv1 work in FIPS mode.

Browse Source
This commit is contained in:
Ben Laurie 2003-09-13 17:03:54 +00:00
parent b09c9a91cb
commit c45c8f3f1c
12 changed files with 221 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
crypto/md32_common.h
View File

@ -130,6 +130,7 @@
#include <openssl/fips.h> #include <openssl/fips.h>
#include <openssl/err.h> #include <openssl/err.h>
#include "../fips/fips_locl.h"
#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN) #if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
#error "DATA_ORDER must be defined!" #error "DATA_ORDER must be defined!"
@ -559,7 +560,7 @@ int HASH_FINAL (unsigned char *md, HASH_CTX *c)
const unsigned char *cp=end; const unsigned char *cp=end;
#ifdef FIPS #ifdef FIPS
if(FIPS_mode) if(FIPS_mode && !FIPS_md5_allowed)
{ {
FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD); FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD);
return 0; return 0;

2
fips/fingerprint.sha1
View File

@ -1,4 +1,4 @@
SHA1(fips.c)= e41f98ed7cd7dbd3c45b91db526dafb7ebc3550c SHA1(fips.c)= e7af483a2ca3c0a845b4528b936e143bfdae945e
SHA1(fips_err_wrapper.c)= 527047304bfaa75f6ace20b4f7ac3afb6d89d480 SHA1(fips_err_wrapper.c)= 527047304bfaa75f6ace20b4f7ac3afb6d89d480
SHA1(fips.h)= 58386539af75f8f622b041a43bf1880fee8642f7 SHA1(fips.h)= 58386539af75f8f622b041a43bf1880fee8642f7
SHA1(fips_err.h)= 8d9fd3ab3e6ca5297c5714e7f6cd9834e22b4cba SHA1(fips_err.h)= 8d9fd3ab3e6ca5297c5714e7f6cd9834e22b4cba

7
fips/fips.c
View File

@ -55,9 +55,12 @@
#include <openssl/evp.h> #include <openssl/evp.h>
#include <string.h> #include <string.h>
#include <limits.h> #include <limits.h>
#include "fips_locl.h"
#ifdef FIPS #ifdef FIPS
int FIPS_md5_allowed;
int FIPS_selftest() int FIPS_selftest()
{ {
return FIPS_selftest_sha1() return FIPS_selftest_sha1()
@ -143,6 +146,10 @@ int FIPS_mode_set(int onoff,const char *path)
return 1; return 1;
} }
void FIPS_allow_md5(int onoff)
{
FIPS_md5_allowed=onoff;
}
#if 0 #if 0
/* here just to cause error codes to exist */ /* here just to cause error codes to exist */

10
ssl/s3_clnt.c
View File

@ -118,6 +118,7 @@
#include <openssl/evp.h> #include <openssl/evp.h>
#include <openssl/md5.h> #include <openssl/md5.h>
#include "cryptlib.h" #include "cryptlib.h"
#include "../fips/fips_locl.h"
static SSL_METHOD *ssl3_get_client_method(int ver); static SSL_METHOD *ssl3_get_client_method(int ver);
static int ssl3_client_hello(SSL *s); static int ssl3_client_hello(SSL *s);
@ -1166,7 +1167,16 @@ static int ssl3_get_key_exchange(SSL *s)
EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
EVP_DigestUpdate(&md_ctx,param,param_len); EVP_DigestUpdate(&md_ctx,param,param_len);
#ifdef OPENSSL_FIPS
if(s->version == TLS1_VERSION && num == 2)
FIPS_allow_md5(1);
#endif
EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i); EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i);
#ifdef OPENSSL_FIPS
if(s->version == TLS1_VERSION && num == 2)
FIPS_allow_md5(1);
#endif
q+=i; q+=i;
j+=i; j+=i;
} }

9
ssl/s3_srvr.c
View File

@ -124,6 +124,7 @@
#include <openssl/krb5_asn.h> #include <openssl/krb5_asn.h>
#include <openssl/md5.h> #include <openssl/md5.h>
#include "cryptlib.h" #include "cryptlib.h"
#include "../fips/fips_locl.h"
static SSL_METHOD *ssl3_get_server_method(int ver); static SSL_METHOD *ssl3_get_server_method(int ver);
static int ssl3_get_client_hello(SSL *s); static int ssl3_get_client_hello(SSL *s);
@ -1215,8 +1216,16 @@ static int ssl3_send_server_key_exchange(SSL *s)
EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
EVP_DigestUpdate(&md_ctx,&(d[4]),n); EVP_DigestUpdate(&md_ctx,&(d[4]),n);
#ifdef OPENSSL_FIPS
if(s->version == TLS1_VERSION && num == 2)
FIPS_allow_md5(1);
#endif
EVP_DigestFinal_ex(&md_ctx,q, EVP_DigestFinal_ex(&md_ctx,q,
(unsigned int *)&i); (unsigned int *)&i);
#ifdef OPENSSL_FIPS
if(s->version == TLS1_VERSION && num == 2)
FIPS_allow_md5(0);
#endif
q+=i; q+=i;
j+=i; j+=i;
} }

9
ssl/ssl_cert.c
View File

@ -129,6 +129,7 @@
#include <openssl/pem.h> #include <openssl/pem.h>
#include <openssl/x509v3.h> #include <openssl/x509v3.h>
#include "ssl_locl.h" #include "ssl_locl.h"
#include "../fips/fips_locl.h"
int SSL_get_ex_data_X509_STORE_CTX_idx(void) int SSL_get_ex_data_X509_STORE_CTX_idx(void)
{ {
@ -491,7 +492,15 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
else else
{ {
#ifndef OPENSSL_NO_X509_VERIFY #ifndef OPENSSL_NO_X509_VERIFY
# ifdef OPENSSL_FIPS
if(s->version == TLS1_VERSION)
FIPS_allow_md5(1);
# endif
i=X509_verify_cert(&ctx); i=X509_verify_cert(&ctx);
# ifdef OPENSSL_FIPS
if(s->version == TLS1_VERSION)
FIPS_allow_md5(0);
# endif
#else #else
i=0; i=0;
ctx.error=X509_V_ERR_APPLICATION_VERIFICATION; ctx.error=X509_V_ERR_APPLICATION_VERIFICATION;

14
ssl/ssl_lib.c
View File

@ -122,6 +122,7 @@
#include <openssl/lhash.h> #include <openssl/lhash.h>
#include <openssl/x509v3.h> #include <openssl/x509v3.h>
#include "cryptlib.h" #include "cryptlib.h"
#include "../fips/fips_locl.h"
const char *SSL_version_str=OPENSSL_VERSION_TEXT; const char *SSL_version_str=OPENSSL_VERSION_TEXT;
@ -2152,7 +2153,18 @@ int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
const char *CApath) const char *CApath)
{ {
return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath)); int r;
#ifdef OPENSSL_FIPS
if(ctx->method->version == TLS1_VERSION)
FIPS_allow_md5(1);
#endif
r=X509_STORE_load_locations(ctx->cert_store,CAfile,CApath);
#ifdef OPENSSL_FIPS
if(ctx->method->version == TLS1_VERSION)
FIPS_allow_md5(0);
#endif
return r;
} }
#endif #endif

34
ssl/ssltest.c
View File

@ -133,6 +133,7 @@
#endif #endif
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/rand.h> #include <openssl/rand.h>
#include <openssl/fips.h>
#define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly #define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly
on Compaq platforms (at least with DEC C). on Compaq platforms (at least with DEC C).
@ -198,6 +199,9 @@ static void sv_usage(void)
{ {
fprintf(stderr,"usage: ssltest [args ...]\n"); fprintf(stderr,"usage: ssltest [args ...]\n");
fprintf(stderr,"\n"); fprintf(stderr,"\n");
#ifdef OPENSSL_FIPS
fprintf(stderr,"-F - run test in FIPS mode\n");
#endif
fprintf(stderr," -server_auth - check server certificate\n"); fprintf(stderr," -server_auth - check server certificate\n");
fprintf(stderr," -client_auth - do client authentication\n"); fprintf(stderr," -client_auth - do client authentication\n");
fprintf(stderr," -v - more output\n"); fprintf(stderr," -v - more output\n");
@ -369,6 +373,10 @@ int main(int argc, char *argv[])
clock_t s_time = 0, c_time = 0; clock_t s_time = 0, c_time = 0;
int comp = 0; int comp = 0;
COMP_METHOD *cm = NULL; COMP_METHOD *cm = NULL;
#ifdef OPENSSL_FIPS
int fips_mode=0;
const char *path=argv[0];
#endif
verbose = 0; verbose = 0;
debug = 0; debug = 0;
@ -400,7 +408,16 @@ int main(int argc, char *argv[])
while (argc >= 1) while (argc >= 1)
{ {
if (strcmp(*argv,"-server_auth") == 0) if(!strcmp(*argv,"-F"))
{
#ifdef OPENSSL_FIPS
fips_mode=1;
#else
fprintf(stderr,"not compiled with FIPS support, so exitting without running.\n");
exit(0);
#endif
}
else if (strcmp(*argv,"-server_auth") == 0)
server_auth=1; server_auth=1;
else if (strcmp(*argv,"-client_auth") == 0) else if (strcmp(*argv,"-client_auth") == 0)
client_auth=1; client_auth=1;
@ -534,6 +551,7 @@ bad:
goto end; goto end;
} }
if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force) if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force)
{ {
fprintf(stderr, "This case cannot work. Use -f to perform " fprintf(stderr, "This case cannot work. Use -f to perform "
@ -543,6 +561,20 @@ bad:
EXIT(1); EXIT(1);
} }
#ifdef OPENSSL_FIPS
if(fips_mode)
{
if(!FIPS_mode_set(1,path))
{
ERR_load_crypto_strings();
ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
exit(1);
}
else
fprintf(stderr,"*** IN FIPS MODE ***\n");
}
#endif
if (print_time) if (print_time)
{ {
if (!bio_pair) if (!bio_pair)

20
ssl/t1_enc.c
View File

@ -115,6 +115,7 @@
#include <openssl/evp.h> #include <openssl/evp.h>
#include <openssl/hmac.h> #include <openssl/hmac.h>
#include <openssl/md5.h> #include <openssl/md5.h>
#include "../fips/fips_locl.h"
static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
int sec_len, unsigned char *seed, int seed_len, int sec_len, unsigned char *seed, int seed_len,
@ -177,8 +178,13 @@ static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
S2= &(sec[len]); S2= &(sec[len]);
len+=(slen&1); /* add for odd, make longer */ len+=(slen&1); /* add for odd, make longer */
#ifdef OPENSSL_FIPS
FIPS_allow_md5(1);
#endif
tls1_P_hash(md5 ,S1,len,label,label_len,out1,olen); tls1_P_hash(md5 ,S1,len,label,label_len,out1,olen);
#ifdef OPENSSL_FIPS
FIPS_allow_md5(0);
#endif
tls1_P_hash(sha1,S2,len,label,label_len,out2,olen); tls1_P_hash(sha1,S2,len,label,label_len,out2,olen);
for (i=0; i<olen; i++) for (i=0; i<olen; i++)
@ -656,7 +662,13 @@ int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *out)
EVP_MD_CTX_init(&ctx); EVP_MD_CTX_init(&ctx);
EVP_MD_CTX_copy_ex(&ctx,in_ctx); EVP_MD_CTX_copy_ex(&ctx,in_ctx);
#ifdef OPENSSL_FIPS
FIPS_allow_md5(1);
#endif
EVP_DigestFinal_ex(&ctx,out,&ret); EVP_DigestFinal_ex(&ctx,out,&ret);
#ifdef OPENSSL_FIPS
FIPS_allow_md5(0);
#endif
EVP_MD_CTX_cleanup(&ctx); EVP_MD_CTX_cleanup(&ctx);
return((int)ret); return((int)ret);
} }
@ -675,7 +687,13 @@ int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
EVP_MD_CTX_init(&ctx); EVP_MD_CTX_init(&ctx);
EVP_MD_CTX_copy_ex(&ctx,in1_ctx); EVP_MD_CTX_copy_ex(&ctx,in1_ctx);
#ifdef OPENSSL_FIPS
FIPS_allow_md5(1);
#endif
EVP_DigestFinal_ex(&ctx,q,&i); EVP_DigestFinal_ex(&ctx,q,&i);
#ifdef OPENSSL_FIPS
FIPS_allow_md5(0);
#endif
q+=i; q+=i;
EVP_MD_CTX_copy_ex(&ctx,in2_ctx); EVP_MD_CTX_copy_ex(&ctx,in2_ctx);
EVP_DigestFinal_ex(&ctx,q,&i); EVP_DigestFinal_ex(&ctx,q,&i);

4
test/Makefile.ssl
View File

@ -279,6 +279,7 @@ test_engine:
test_ssl: keyU.ss certU.ss certCA.ss test_ssl: keyU.ss certU.ss certCA.ss
@echo "test SSL protocol" @echo "test SSL protocol"
@$(SET_SO_PATHS); sh ./testfipsssl keyU.ss certU.ss certCA.ss
@$(SET_SO_PATHS); sh ./testssl keyU.ss certU.ss certCA.ss @$(SET_SO_PATHS); sh ./testssl keyU.ss certU.ss certCA.ss
test_ca: test_ca:
@ -554,6 +555,9 @@ $(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \ LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
$(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \ $(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
fi fi
if echo "$(CFLAG)" | grep " -DFIPS" > /dev/null 2> /dev/null; then \
$(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(SSLTEST); \
fi
$(ENGINETEST): $(ENGINETEST).o $(DLIBCRYPTO) $(ENGINETEST): $(ENGINETEST).o $(DLIBCRYPTO)
if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \

113
test/testfipsssl Normal file
View File

@ -0,0 +1,113 @@
#!/bin/sh
if [ "$1" = "" ]; then
key=../apps/server.pem
else
key="$1"
fi
if [ "$2" = "" ]; then
cert=../apps/server.pem
else
cert="$2"
fi
ciphers="DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA"
ssltest="./ssltest -F -key $key -cert $cert -c_key $key -c_cert $cert -cipher $ciphers"
if ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
dsa_cert=YES
else
dsa_cert=NO
fi
if [ "$3" = "" ]; then
CA="-CApath ../certs"
else
CA="-CAfile $3"
fi
if [ "$4" = "" ]; then
extra=""
else
extra="$4"
fi
#############################################################################
echo test ssl3 DOESN\'T work
$ssltest -ssl3 $extra && exit 1
echo test ssl2 DOESN\'T work
$ssltest -ssl2 $extra && exit 1
echo test tls1
$ssltest -tls1 $extra || exit 1
echo test tls1 with server authentication
$ssltest -tls1 -server_auth $CA $extra || exit 1
echo test tls1 with client authentication
$ssltest -tls1 -client_auth $CA $extra || exit 1
echo test tls1 with both client and server authentication
$ssltest -tls1 -server_auth -client_auth $CA $extra || exit 1
echo test tls1 via BIO pair
$ssltest -bio_pair -tls1 $extra || exit 1
echo test tls1 with server authentication via BIO pair
$ssltest -bio_pair -tls1 -server_auth $CA $extra || exit 1
echo test tls1 with client authentication via BIO pair
$ssltest -bio_pair -tls1 -client_auth $CA $extra || exit 1
echo test tls1 with both client and server authentication via BIO pair
$ssltest -bio_pair -tls1 -server_auth -client_auth $CA $extra || exit 1
# note that all the below actually choose TLS...
if [ $dsa_cert = NO ]; then
echo test sslv2/sslv3 w/o DHE via BIO pair
$ssltest -bio_pair -no_dhe $extra || exit 1
fi
echo test sslv2/sslv3 with 1024bit DHE via BIO pair
$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1
echo test sslv2/sslv3 with server authentication
$ssltest -bio_pair -server_auth $CA $extra || exit 1
echo test sslv2/sslv3 with client authentication via BIO pair
$ssltest -bio_pair -client_auth $CA $extra || exit 1
echo test sslv2/sslv3 with both client and server authentication via BIO pair
$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
#############################################################################
if ../apps/openssl no-dh; then
echo skipping anonymous DH tests
else
echo test tls1 with 1024bit anonymous DH, multiple handshakes
$ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
fi
if ../apps/openssl no-rsa; then
echo skipping RSA tests
else
echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1
if ../apps/openssl no-dh; then
echo skipping RSA+DHE tests
else
echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
fi
fi
exit 0

2
test/testssl
View File

@ -31,7 +31,7 @@ else
fi fi
############################################################################# #############################################################################
set -x
echo test sslv2 echo test sslv2
$ssltest -ssl2 $extra || exit 1 $ssltest -ssl2 $extra || exit 1