Tree - rpms/ipmitool - src.fedoraproject.org

rpms / ipmitool

Overview Files Commits Branches Forks Releases
Monitoring status:

Bugzilla Assignee:

Fedora:: kevin
EPEL:: kevin
Files

Commit: 4cf8e54e387331e8f351568029792023064eb50b
Blob Blame History Raw
diff -up ./src/plugins/lan/lan.c.fips ./src/plugins/lan/lan.c
--- ./src/plugins/lan/lan.c.fips	2013-08-09 13:49:30.014768330 +0200
+++ ./src/plugins/lan/lan.c	2013-08-09 13:55:02.425532024 +0200
@@ -67,6 +67,10 @@
 #define IPMI_LAN_PORT		0x26f
 #define IPMI_LAN_CHANNEL_E	0x0e
 
+#if defined(HAVE_CRYPTO_MD2) || defined(HAVE_CRYPTO_MD5)
+#include <openssl/fips.h>
+#endif
+
 extern const struct valstr ipmi_privlvl_vals[];
 extern const struct valstr ipmi_authtype_session_vals[];
 extern int verbose;
@@ -861,10 +865,22 @@ ipmi_lan_build_cmd(struct ipmi_intf * in
 		 */
 		switch (s->authtype) {
 		case IPMI_SESSION_AUTHTYPE_MD5:
+		        if (FIPS_mode()) {
+				if (verbose > 1) {
+					printf("MD5 not supported in FIPS mode. Try -I lanplus\n");
+				}
+				return NULL;
+			}
 			temp = ipmi_auth_md5(s, msg+mp, msg[mp-1]);
 			memcpy(msg+ap, temp, 16);
 			break;
 		case IPMI_SESSION_AUTHTYPE_MD2:
+			if (FIPS_mode()) {
+				if (verbose > 1) {
+					printf("MD2 not supported in FIPS mode. Try -I lanplus\n");
+				}
+				return NULL;
+			}
 			temp = ipmi_auth_md2(s, msg+mp, msg[mp-1]);
 			memcpy(msg+ap, temp, 16);
 			break;
diff -up ./src/plugins/lanplus/lanplus.c.fips ./src/plugins/lanplus/lanplus.c
--- ./src/plugins/lanplus/lanplus.c.fips	2013-07-16 06:17:39.000000000 +0200
+++ ./src/plugins/lanplus/lanplus.c	2013-08-09 13:54:27.720451992 +0200
@@ -65,6 +65,10 @@
 #include "rmcp.h"
 #include "asf.h"
 
+#if defined(HAVE_CRYPTO_MD2) || defined(HAVE_CRYPTO_MD5)
+#include <openssl/fips.h>
+#endif
+
 extern const struct valstr ipmi_rakp_return_codes[];
 extern const struct valstr ipmi_priv_levels[];
 extern const struct valstr ipmi_auth_algorithms[];
@@ -183,56 +187,122 @@ int lanplus_get_requested_ciphers(int
 		*auth_alg      = IPMI_AUTH_RAKP_HMAC_SHA1;
 		*integrity_alg = IPMI_INTEGRITY_HMAC_SHA1_96;
 		*crypt_alg     = IPMI_CRYPT_XRC4_128;
+		if (FIPS_mode()) {
+			if (verbose > 1) {
+				printf("RC4 not supported in FIPS mode. Try -C 3\n");
+			}
+			return 1;
+		}
 		break;
 	case 5:
 		*auth_alg      = IPMI_AUTH_RAKP_HMAC_SHA1;
 		*integrity_alg = IPMI_INTEGRITY_HMAC_SHA1_96;
 		*crypt_alg     = IPMI_CRYPT_XRC4_40;
+		if (FIPS_mode()) {
+			if (verbose > 1) {
+				printf("RC4 not supported in FIPS mode. Try -C 3\n");
+			}
+			return 1;
+		}
 		break;
 	case 6:
 		*auth_alg      = IPMI_AUTH_RAKP_HMAC_MD5;
 		*integrity_alg = IPMI_INTEGRITY_NONE;
 		*crypt_alg     = IPMI_CRYPT_NONE;
+		if (FIPS_mode()) {
+			if (verbose > 1) {
+				printf("MD5 not supported in FIPS mode. Try -C 1\n");
+			}
+			return 1;
+		}
 		break;
 	case 7:
 		*auth_alg      = IPMI_AUTH_RAKP_HMAC_MD5;
 		*integrity_alg = IPMI_INTEGRITY_HMAC_MD5_128;
 		*crypt_alg     = IPMI_CRYPT_NONE;
+		if (FIPS_mode()) {
+			if (verbose > 1) {
+				printf("MD5 not supported in FIPS mode. Try -C 2\n");
+			}
+			return 1;
+		}
 		break;
 	case 8:
 		*auth_alg      = IPMI_AUTH_RAKP_HMAC_MD5;
 		*integrity_alg = IPMI_INTEGRITY_HMAC_MD5_128;
 		*crypt_alg     = IPMI_CRYPT_AES_CBC_128;
+		if (FIPS_mode()) {
+			if (verbose > 1) {
+				printf("MD5 not supported in FIPS mode. Try -C 3\n");
+			}
+			return 1;
+		}
 		break;
 	case 9:
 		*auth_alg      = IPMI_AUTH_RAKP_HMAC_MD5;
 		*integrity_alg = IPMI_INTEGRITY_HMAC_MD5_128;
 		*crypt_alg     = IPMI_CRYPT_XRC4_128;
+		if (FIPS_mode()) {
+			if (verbose > 1) {
+				printf("MD5 not supported in FIPS mode. Try -C 3\n");
+			}
+			return 1;
+		}
 		break;
 	case 10:
 		*auth_alg      = IPMI_AUTH_RAKP_HMAC_MD5;
 		*integrity_alg = IPMI_INTEGRITY_HMAC_MD5_128;
 		*crypt_alg     = IPMI_CRYPT_XRC4_40;
+		if (FIPS_mode()) {
+			if (verbose > 1) {
+				printf("MD5 not supported in FIPS mode. Try -C 3\n");
+			}
+			return 1;
+		}
 		break;
 	case 11:
 		*auth_alg      = IPMI_AUTH_RAKP_HMAC_MD5;
 		*integrity_alg = IPMI_INTEGRITY_MD5_128;
 		*crypt_alg     = IPMI_CRYPT_NONE;
+		if (FIPS_mode()) {
+			if (verbose > 1) {
+				printf("MD5 not supported in FIPS mode. Try -C 3\n");
+			}
+			return 1;
+		}
 		break;
 	case 12:
 		*auth_alg      = IPMI_AUTH_RAKP_HMAC_MD5;
 		*integrity_alg = IPMI_INTEGRITY_MD5_128;
 		*crypt_alg     = IPMI_CRYPT_AES_CBC_128;
+		if (FIPS_mode()) {
+			if (verbose > 1) {
+				printf("MD5 not supported in FIPS mode. Try -C 3\n");
+			}
+			return 1;
+		}
 		break;
 	case 13:
 		*auth_alg      = IPMI_AUTH_RAKP_HMAC_MD5;
 		*integrity_alg = IPMI_INTEGRITY_MD5_128;
 		*crypt_alg     = IPMI_CRYPT_XRC4_128;
+		if (FIPS_mode()) {
+			if (verbose > 1) {
+				printf("MD5 not supported in FIPS mode. Try -C 3\n");
+			}
+			return 1;
+		}
 		break;
 	case 14:
 		*auth_alg      = IPMI_AUTH_RAKP_HMAC_MD5;
 		*integrity_alg = IPMI_INTEGRITY_MD5_128;
 		*crypt_alg     = IPMI_CRYPT_XRC4_40;
+		if (FIPS_mode()) {
+			if (verbose > 1) {
+				printf("MD5 not supported in FIPS mode. Try -C 3\n");
+			}
+			return 1;
+		}
 		break;
 	}
rpms / ipmitool

Source Code

Files
