From: Dr. Stephen Henson Date: Mon, 31 Jan 2005 01:33:36 +0000 (+0000) Subject: Only allow TLS is FIPS mode. X-Git-Tag: OpenSSL_0_9_7f~31 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ecc3d2734d5ecd01597a35e4b16558f0e8267e83;p=openssl Only allow TLS is FIPS mode. Remove old FIPS_allow_md5() calls. --- diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index b1db0fb7b2..779e94a35c 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -249,6 +249,14 @@ static int ssl23_client_hello(SSL *s) *(d++)=TLS1_VERSION_MINOR; s->client_version=TLS1_VERSION; } +#ifdef OPENSSL_FIPS + else if(FIPS_mode()) + { + SSLerr(SSL_F_SSL23_CLIENT_HELLO, + SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); + return -1; + } +#endif else if (!(s->options & SSL_OP_NO_SSLv3)) { *(d++)=SSL3_VERSION_MAJOR; @@ -429,6 +437,14 @@ static int ssl23_get_server_hello(SSL *s) if ((p[2] == SSL3_VERSION_MINOR) && !(s->options & SSL_OP_NO_SSLv3)) { +#ifdef OPENSSL_FIPS + if(FIPS_mode()) + { + SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, + SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); + goto err; + } +#endif s->version=SSL3_VERSION; s->method=SSLv3_client_method(); } diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index c5404ca0bc..92f3391f60 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -407,6 +407,15 @@ int ssl23_get_client_hello(SSL *s) } } +#ifdef OPENSSL_FIPS + if (FIPS_mode() && (s->version < TLS1_VERSION)) + { + SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, + SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); + goto err; + } +#endif + if (s->state == SSL23_ST_SR_CLNT_HELLO_B) { /* we have SSLv3/TLSv1 in an SSLv2 header diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index a18be3e2f1..a475033f01 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1169,16 +1169,8 @@ static int ssl3_get_key_exchange(SSL *s) EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx,param,param_len); -#ifdef OPENSSL_FIPS - if(s->version == TLS1_VERSION && num == 2) - FIPS_allow_md5(1); -#endif EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i); -#ifdef OPENSSL_FIPS - if(s->version == TLS1_VERSION && num == 2) - FIPS_allow_md5(1); -#endif q+=i; j+=i; } diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index beb6c64b93..a012d3f2b5 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -644,6 +644,7 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, unsigned int n; EVP_MD_CTX_init(&ctx); + EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); for (i=0; i<3; i++) { EVP_DigestInit_ex(&ctx,s->ctx->sha1, NULL); diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index a7184891cd..0a573c6a48 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1220,16 +1220,8 @@ static int ssl3_send_server_key_exchange(SSL *s) EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx,&(d[4]),n); -#ifdef OPENSSL_FIPS - if(s->version == TLS1_VERSION && num == 2) - FIPS_allow_md5(1); -#endif EVP_DigestFinal_ex(&md_ctx,q, (unsigned int *)&i); -#ifdef OPENSSL_FIPS - if(s->version == TLS1_VERSION && num == 2) - FIPS_allow_md5(0); -#endif q+=i; j+=i; } diff --git a/ssl/ssl.h b/ssl/ssl.h index ad201f2574..3ed6b9f6ee 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1742,6 +1742,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_NULL_SSL_CTX 195 #define SSL_R_NULL_SSL_METHOD_PASSED 196 #define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 +#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 1115 #define SSL_R_PACKET_LENGTH_TOO_LONG 198 #define SSL_R_PATH_TOO_LONG 270 #define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 0bef96080f..6e98de8903 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -493,15 +493,7 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) else { #ifndef OPENSSL_NO_X509_VERIFY -# ifdef OPENSSL_FIPS - if(s->version == TLS1_VERSION) - FIPS_allow_md5(1); -# endif i=X509_verify_cert(&ctx); -# ifdef OPENSSL_FIPS - if(s->version == TLS1_VERSION) - FIPS_allow_md5(0); -# endif #else i=0; ctx.error=X509_V_ERR_APPLICATION_VERIFICATION; diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index d2cb181503..65eefee199 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -1,6 +1,6 @@ /* ssl/ssl_err.c */ /* ==================================================================== - * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -334,6 +334,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {SSL_R_NULL_SSL_CTX ,"null ssl ctx"}, {SSL_R_NULL_SSL_METHOD_PASSED ,"null ssl method passed"}, {SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED ,"old session cipher not returned"}, +{SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE ,"only tls allowed in fips mode"}, {SSL_R_PACKET_LENGTH_TOO_LONG ,"packet length too long"}, {SSL_R_PATH_TOO_LONG ,"path too long"}, {SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE ,"peer did not return a certificate"}, diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index f5705af0f6..1f625cb074 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1293,6 +1293,14 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth) return(NULL); } +#ifdef OPENSSL_FIPS + if (FIPS_mode() && (meth->version < TLS1_VERSION)) + { + SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); + return NULL; + } +#endif + if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); @@ -2158,16 +2166,7 @@ int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath) { int r; - -#ifdef OPENSSL_FIPS - if(ctx->method->version == TLS1_VERSION) - FIPS_allow_md5(1); -#endif r=X509_STORE_load_locations(ctx->cert_store,CAfile,CApath); -#ifdef OPENSSL_FIPS - if(ctx->method->version == TLS1_VERSION) - FIPS_allow_md5(0); -#endif return r; } #endif diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 3dec4099cb..2c6246abf5 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -180,13 +180,7 @@ static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1, S2= &(sec[len]); len+=(slen&1); /* add for odd, make longer */ -#ifdef OPENSSL_FIPS - FIPS_allow_md5(1); -#endif tls1_P_hash(md5 ,S1,len,label,label_len,out1,olen); -#ifdef OPENSSL_FIPS - FIPS_allow_md5(0); -#endif tls1_P_hash(sha1,S2,len,label,label_len,out2,olen); for (i=0; i