FIPS FIPS FIPS FIPS FIPS
This commit is contained in:
parent
e5166d7704
commit
0a0447cf58
@ -1,6 +1,6 @@
|
|||||||
diff -up ./src/plugins/lan/lan.c.fips ./src/plugins/lan/lan.c
|
diff -up ./src/plugins/lan/lan.c.fips ./src/plugins/lan/lan.c
|
||||||
--- ./src/plugins/lan/lan.c.fips 2013-08-09 12:17:31.336127511 +0200
|
--- ./src/plugins/lan/lan.c.fips 2013-08-09 13:49:30.014768330 +0200
|
||||||
+++ ./src/plugins/lan/lan.c 2013-08-09 12:48:35.624639106 +0200
|
+++ ./src/plugins/lan/lan.c 2013-08-09 13:55:02.425532024 +0200
|
||||||
@@ -67,6 +67,10 @@
|
@@ -67,6 +67,10 @@
|
||||||
#define IPMI_LAN_PORT 0x26f
|
#define IPMI_LAN_PORT 0x26f
|
||||||
#define IPMI_LAN_CHANNEL_E 0x0e
|
#define IPMI_LAN_CHANNEL_E 0x0e
|
||||||
@ -12,20 +12,24 @@ diff -up ./src/plugins/lan/lan.c.fips ./src/plugins/lan/lan.c
|
|||||||
extern const struct valstr ipmi_privlvl_vals[];
|
extern const struct valstr ipmi_privlvl_vals[];
|
||||||
extern const struct valstr ipmi_authtype_session_vals[];
|
extern const struct valstr ipmi_authtype_session_vals[];
|
||||||
extern int verbose;
|
extern int verbose;
|
||||||
@@ -861,10 +865,18 @@ ipmi_lan_build_cmd(struct ipmi_intf * in
|
@@ -861,10 +865,22 @@ ipmi_lan_build_cmd(struct ipmi_intf * in
|
||||||
*/
|
*/
|
||||||
switch (s->authtype) {
|
switch (s->authtype) {
|
||||||
case IPMI_SESSION_AUTHTYPE_MD5:
|
case IPMI_SESSION_AUTHTYPE_MD5:
|
||||||
+ if (FIPS_mode() && verbose > 1) {
|
+ if (FIPS_mode()) {
|
||||||
+ printf("MD5 not supported in FIPS mode. Try -I lanplus\n");
|
+ if (verbose > 1) {
|
||||||
|
+ printf("MD5 not supported in FIPS mode. Try -I lanplus\n");
|
||||||
|
+ }
|
||||||
+ return NULL;
|
+ return NULL;
|
||||||
+ }
|
+ }
|
||||||
temp = ipmi_auth_md5(s, msg+mp, msg[mp-1]);
|
temp = ipmi_auth_md5(s, msg+mp, msg[mp-1]);
|
||||||
memcpy(msg+ap, temp, 16);
|
memcpy(msg+ap, temp, 16);
|
||||||
break;
|
break;
|
||||||
case IPMI_SESSION_AUTHTYPE_MD2:
|
case IPMI_SESSION_AUTHTYPE_MD2:
|
||||||
+ if (FIPS_mode() && verbose > 1) {
|
+ if (FIPS_mode()) {
|
||||||
+ printf("MD2 not supported in FIPS mode. Try -I lanplus\n");
|
+ if (verbose > 1) {
|
||||||
|
+ printf("MD2 not supported in FIPS mode. Try -I lanplus\n");
|
||||||
|
+ }
|
||||||
+ return NULL;
|
+ return NULL;
|
||||||
+ }
|
+ }
|
||||||
temp = ipmi_auth_md2(s, msg+mp, msg[mp-1]);
|
temp = ipmi_auth_md2(s, msg+mp, msg[mp-1]);
|
||||||
@ -33,7 +37,7 @@ diff -up ./src/plugins/lan/lan.c.fips ./src/plugins/lan/lan.c
|
|||||||
break;
|
break;
|
||||||
diff -up ./src/plugins/lanplus/lanplus.c.fips ./src/plugins/lanplus/lanplus.c
|
diff -up ./src/plugins/lanplus/lanplus.c.fips ./src/plugins/lanplus/lanplus.c
|
||||||
--- ./src/plugins/lanplus/lanplus.c.fips 2013-07-16 06:17:39.000000000 +0200
|
--- ./src/plugins/lanplus/lanplus.c.fips 2013-07-16 06:17:39.000000000 +0200
|
||||||
+++ ./src/plugins/lanplus/lanplus.c 2013-08-09 12:17:31.338127516 +0200
|
+++ ./src/plugins/lanplus/lanplus.c 2013-08-09 13:54:27.720451992 +0200
|
||||||
@@ -65,6 +65,10 @@
|
@@ -65,6 +65,10 @@
|
||||||
#include "rmcp.h"
|
#include "rmcp.h"
|
||||||
#include "asf.h"
|
#include "asf.h"
|
||||||
@ -45,30 +49,36 @@ diff -up ./src/plugins/lanplus/lanplus.c.fips ./src/plugins/lanplus/lanplus.c
|
|||||||
extern const struct valstr ipmi_rakp_return_codes[];
|
extern const struct valstr ipmi_rakp_return_codes[];
|
||||||
extern const struct valstr ipmi_priv_levels[];
|
extern const struct valstr ipmi_priv_levels[];
|
||||||
extern const struct valstr ipmi_auth_algorithms[];
|
extern const struct valstr ipmi_auth_algorithms[];
|
||||||
@@ -183,56 +187,100 @@ int lanplus_get_requested_ciphers(int
|
@@ -183,56 +187,122 @@ int lanplus_get_requested_ciphers(int
|
||||||
*auth_alg = IPMI_AUTH_RAKP_HMAC_SHA1;
|
*auth_alg = IPMI_AUTH_RAKP_HMAC_SHA1;
|
||||||
*integrity_alg = IPMI_INTEGRITY_HMAC_SHA1_96;
|
*integrity_alg = IPMI_INTEGRITY_HMAC_SHA1_96;
|
||||||
*crypt_alg = IPMI_CRYPT_XRC4_128;
|
*crypt_alg = IPMI_CRYPT_XRC4_128;
|
||||||
+ if (FIPS_mode() && verbose > 1) {
|
+ if (FIPS_mode()) {
|
||||||
+ printf("RC4 not supported in FIPS mode. Try -C 3\n");
|
+ if (verbose > 1) {
|
||||||
+ return 1;
|
+ printf("RC4 not supported in FIPS mode. Try -C 3\n");
|
||||||
+ }
|
+ }
|
||||||
|
+ return 1;
|
||||||
|
+ }
|
||||||
break;
|
break;
|
||||||
case 5:
|
case 5:
|
||||||
*auth_alg = IPMI_AUTH_RAKP_HMAC_SHA1;
|
*auth_alg = IPMI_AUTH_RAKP_HMAC_SHA1;
|
||||||
*integrity_alg = IPMI_INTEGRITY_HMAC_SHA1_96;
|
*integrity_alg = IPMI_INTEGRITY_HMAC_SHA1_96;
|
||||||
*crypt_alg = IPMI_CRYPT_XRC4_40;
|
*crypt_alg = IPMI_CRYPT_XRC4_40;
|
||||||
+ if (FIPS_mode() && verbose > 1) {
|
+ if (FIPS_mode()) {
|
||||||
+ printf("RC4 not supported in FIPS mode. Try -C 3\n");
|
+ if (verbose > 1) {
|
||||||
+ return 1;
|
+ printf("RC4 not supported in FIPS mode. Try -C 3\n");
|
||||||
+ }
|
+ }
|
||||||
|
+ return 1;
|
||||||
|
+ }
|
||||||
break;
|
break;
|
||||||
case 6:
|
case 6:
|
||||||
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
|
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
|
||||||
*integrity_alg = IPMI_INTEGRITY_NONE;
|
*integrity_alg = IPMI_INTEGRITY_NONE;
|
||||||
*crypt_alg = IPMI_CRYPT_NONE;
|
*crypt_alg = IPMI_CRYPT_NONE;
|
||||||
+ if (FIPS_mode() && verbose > 1) {
|
+ if (FIPS_mode()) {
|
||||||
+ printf("MD5 not supported in FIPS mode. Try -C 1\n");
|
+ if (verbose > 1) {
|
||||||
|
+ printf("MD5 not supported in FIPS mode. Try -C 1\n");
|
||||||
|
+ }
|
||||||
+ return 1;
|
+ return 1;
|
||||||
+ }
|
+ }
|
||||||
break;
|
break;
|
||||||
@ -76,17 +86,21 @@ diff -up ./src/plugins/lanplus/lanplus.c.fips ./src/plugins/lanplus/lanplus.c
|
|||||||
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
|
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
|
||||||
*integrity_alg = IPMI_INTEGRITY_HMAC_MD5_128;
|
*integrity_alg = IPMI_INTEGRITY_HMAC_MD5_128;
|
||||||
*crypt_alg = IPMI_CRYPT_NONE;
|
*crypt_alg = IPMI_CRYPT_NONE;
|
||||||
+ if (FIPS_mode() && verbose > 1) {
|
+ if (FIPS_mode()) {
|
||||||
+ printf("MD5 not supported in FIPS mode. Try -C 2\n");
|
+ if (verbose > 1) {
|
||||||
+ return 1;
|
+ printf("MD5 not supported in FIPS mode. Try -C 2\n");
|
||||||
+ }
|
+ }
|
||||||
|
+ return 1;
|
||||||
|
+ }
|
||||||
break;
|
break;
|
||||||
case 8:
|
case 8:
|
||||||
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
|
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
|
||||||
*integrity_alg = IPMI_INTEGRITY_HMAC_MD5_128;
|
*integrity_alg = IPMI_INTEGRITY_HMAC_MD5_128;
|
||||||
*crypt_alg = IPMI_CRYPT_AES_CBC_128;
|
*crypt_alg = IPMI_CRYPT_AES_CBC_128;
|
||||||
+ if (FIPS_mode() && verbose > 1) {
|
+ if (FIPS_mode()) {
|
||||||
+ printf("MD5 not supported in FIPS mode. Try -C 3\n");
|
+ if (verbose > 1) {
|
||||||
|
+ printf("MD5 not supported in FIPS mode. Try -C 3\n");
|
||||||
|
+ }
|
||||||
+ return 1;
|
+ return 1;
|
||||||
+ }
|
+ }
|
||||||
break;
|
break;
|
||||||
@ -94,8 +108,10 @@ diff -up ./src/plugins/lanplus/lanplus.c.fips ./src/plugins/lanplus/lanplus.c
|
|||||||
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
|
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
|
||||||
*integrity_alg = IPMI_INTEGRITY_HMAC_MD5_128;
|
*integrity_alg = IPMI_INTEGRITY_HMAC_MD5_128;
|
||||||
*crypt_alg = IPMI_CRYPT_XRC4_128;
|
*crypt_alg = IPMI_CRYPT_XRC4_128;
|
||||||
+ if (FIPS_mode() && verbose > 1) {
|
+ if (FIPS_mode()) {
|
||||||
+ printf("MD5 not supported in FIPS mode. Try -C 3\n");
|
+ if (verbose > 1) {
|
||||||
|
+ printf("MD5 not supported in FIPS mode. Try -C 3\n");
|
||||||
|
+ }
|
||||||
+ return 1;
|
+ return 1;
|
||||||
+ }
|
+ }
|
||||||
break;
|
break;
|
||||||
@ -103,8 +119,10 @@ diff -up ./src/plugins/lanplus/lanplus.c.fips ./src/plugins/lanplus/lanplus.c
|
|||||||
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
|
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
|
||||||
*integrity_alg = IPMI_INTEGRITY_HMAC_MD5_128;
|
*integrity_alg = IPMI_INTEGRITY_HMAC_MD5_128;
|
||||||
*crypt_alg = IPMI_CRYPT_XRC4_40;
|
*crypt_alg = IPMI_CRYPT_XRC4_40;
|
||||||
+ if (FIPS_mode() && verbose > 1) {
|
+ if (FIPS_mode()) {
|
||||||
+ printf("MD5 not supported in FIPS mode. Try -C 3\n");
|
+ if (verbose > 1) {
|
||||||
|
+ printf("MD5 not supported in FIPS mode. Try -C 3\n");
|
||||||
|
+ }
|
||||||
+ return 1;
|
+ return 1;
|
||||||
+ }
|
+ }
|
||||||
break;
|
break;
|
||||||
@ -112,8 +130,10 @@ diff -up ./src/plugins/lanplus/lanplus.c.fips ./src/plugins/lanplus/lanplus.c
|
|||||||
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
|
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
|
||||||
*integrity_alg = IPMI_INTEGRITY_MD5_128;
|
*integrity_alg = IPMI_INTEGRITY_MD5_128;
|
||||||
*crypt_alg = IPMI_CRYPT_NONE;
|
*crypt_alg = IPMI_CRYPT_NONE;
|
||||||
+ if (FIPS_mode() && verbose > 1) {
|
+ if (FIPS_mode()) {
|
||||||
+ printf("MD5 not supported in FIPS mode. Try -C 3\n");
|
+ if (verbose > 1) {
|
||||||
|
+ printf("MD5 not supported in FIPS mode. Try -C 3\n");
|
||||||
|
+ }
|
||||||
+ return 1;
|
+ return 1;
|
||||||
+ }
|
+ }
|
||||||
break;
|
break;
|
||||||
@ -121,8 +141,10 @@ diff -up ./src/plugins/lanplus/lanplus.c.fips ./src/plugins/lanplus/lanplus.c
|
|||||||
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
|
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
|
||||||
*integrity_alg = IPMI_INTEGRITY_MD5_128;
|
*integrity_alg = IPMI_INTEGRITY_MD5_128;
|
||||||
*crypt_alg = IPMI_CRYPT_AES_CBC_128;
|
*crypt_alg = IPMI_CRYPT_AES_CBC_128;
|
||||||
+ if (FIPS_mode() && verbose > 1) {
|
+ if (FIPS_mode()) {
|
||||||
+ printf("MD5 not supported in FIPS mode. Try -C 3\n");
|
+ if (verbose > 1) {
|
||||||
|
+ printf("MD5 not supported in FIPS mode. Try -C 3\n");
|
||||||
|
+ }
|
||||||
+ return 1;
|
+ return 1;
|
||||||
+ }
|
+ }
|
||||||
break;
|
break;
|
||||||
@ -130,8 +152,10 @@ diff -up ./src/plugins/lanplus/lanplus.c.fips ./src/plugins/lanplus/lanplus.c
|
|||||||
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
|
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
|
||||||
*integrity_alg = IPMI_INTEGRITY_MD5_128;
|
*integrity_alg = IPMI_INTEGRITY_MD5_128;
|
||||||
*crypt_alg = IPMI_CRYPT_XRC4_128;
|
*crypt_alg = IPMI_CRYPT_XRC4_128;
|
||||||
+ if (FIPS_mode() && verbose > 1) {
|
+ if (FIPS_mode()) {
|
||||||
+ printf("MD5 not supported in FIPS mode. Try -C 3\n");
|
+ if (verbose > 1) {
|
||||||
|
+ printf("MD5 not supported in FIPS mode. Try -C 3\n");
|
||||||
|
+ }
|
||||||
+ return 1;
|
+ return 1;
|
||||||
+ }
|
+ }
|
||||||
break;
|
break;
|
||||||
@ -139,8 +163,10 @@ diff -up ./src/plugins/lanplus/lanplus.c.fips ./src/plugins/lanplus/lanplus.c
|
|||||||
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
|
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
|
||||||
*integrity_alg = IPMI_INTEGRITY_MD5_128;
|
*integrity_alg = IPMI_INTEGRITY_MD5_128;
|
||||||
*crypt_alg = IPMI_CRYPT_XRC4_40;
|
*crypt_alg = IPMI_CRYPT_XRC4_40;
|
||||||
+ if (FIPS_mode() && verbose > 1) {
|
+ if (FIPS_mode()) {
|
||||||
+ printf("MD5 not supported in FIPS mode. Try -C 3\n");
|
+ if (verbose > 1) {
|
||||||
|
+ printf("MD5 not supported in FIPS mode. Try -C 3\n");
|
||||||
|
+ }
|
||||||
+ return 1;
|
+ return 1;
|
||||||
+ }
|
+ }
|
||||||
break;
|
break;
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
Name: ipmitool
|
Name: ipmitool
|
||||||
Summary: Utility for IPMI control
|
Summary: Utility for IPMI control
|
||||||
Version: 1.8.12
|
Version: 1.8.12
|
||||||
Release: 13073102%{?dist}
|
Release: 13073103%{?dist}
|
||||||
License: BSD
|
License: BSD
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
URL: http://ipmitool.sourceforge.net/
|
URL: http://ipmitool.sourceforge.net/
|
||||||
@ -31,6 +31,8 @@ Patch3: ipmitool-1.8.11-remove-umask0.patch
|
|||||||
Patch4: cxoem-jb-cx6.patch
|
Patch4: cxoem-jb-cx6.patch
|
||||||
# pending
|
# pending
|
||||||
Patch5: ipmitool-1.8.12-fips.patch
|
Patch5: ipmitool-1.8.12-fips.patch
|
||||||
|
# pending
|
||||||
|
Patch6: ipmitool-1.8.12-fipsman.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
This package contains a utility for interfacing with devices that support
|
This package contains a utility for interfacing with devices that support
|
||||||
@ -72,6 +74,7 @@ for the host OS to use.
|
|||||||
%patch3 -p1 -b .umask
|
%patch3 -p1 -b .umask
|
||||||
%patch4 -p1 -b .cxoem
|
%patch4 -p1 -b .cxoem
|
||||||
%patch5 -p0 -b .fips
|
%patch5 -p0 -b .fips
|
||||||
|
%patch6 -p0 -b .fipsman
|
||||||
|
|
||||||
for f in AUTHORS ChangeLog; do
|
for f in AUTHORS ChangeLog; do
|
||||||
iconv -f iso-8859-1 -t utf8 < ${f} > ${f}.utf8
|
iconv -f iso-8859-1 -t utf8 < ${f} > ${f}.utf8
|
||||||
@ -146,8 +149,9 @@ install -Dm 755 %{SOURCE6} %{buildroot}%{_libexecdir}/exchange-bmc-os-info
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Fri Aug 09 2013 Ales Ledvinka <aledvink@redhat.com> 1.8.12-13073102
|
* Fri Aug 09 2013 Ales Ledvinka <aledvink@redhat.com> 1.8.12-13073103
|
||||||
- Avoid FIPS mode crashes if possible.
|
- Avoid FIPS mode crashes if possible.
|
||||||
|
- Document FIPS limitations.
|
||||||
|
|
||||||
* Wed Jul 31 2013 Ales Ledvinka <aledvink@redhat.com> 1.8.12-13073101
|
* Wed Jul 31 2013 Ales Ledvinka <aledvink@redhat.com> 1.8.12-13073101
|
||||||
- Include current upstream bugfixes.
|
- Include current upstream bugfixes.
|
||||||
|
Loading…
Reference in New Issue
Block a user