fixed libstrongswan integrity test
authorAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 19 Aug 2008 18:51:30 +0000 (18:51 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 19 Aug 2008 18:51:30 +0000 (18:51 -0000)
configure.in
src/charon/daemon.c
src/libstrongswan/Makefile.am
src/libstrongswan/fips/Makefile.am [new file with mode: 0644]
src/libstrongswan/fips/fips_signer.c

index 8c790eb..81d4470 100644 (file)
@@ -16,7 +16,7 @@ dnl ===========================
 dnl  initialize & set some vars
 dnl ===========================
 
-AC_INIT(strongSwan,4.2.6)
+AC_INIT(strongSwan,4.2.6rc7)
 AM_INIT_AUTOMAKE(tar-ustar)
 AC_C_BIGENDIAN
 AC_SUBST(confdir, '${sysconfdir}')
@@ -878,6 +878,7 @@ AC_OUTPUT(
        src/libstrongswan/plugins/sqlite/Makefile
        src/libstrongswan/plugins/padlock/Makefile
        src/libstrongswan/plugins/openssl/Makefile
+       src/libstrongswan/fips/Makefile
        src/libcrypto/Makefile
        src/libfreeswan/Makefile
        src/pluto/Makefile
index 1776dae..95edd35 100644 (file)
@@ -52,7 +52,7 @@ extern int capset(cap_user_header_t hdrp, const cap_user_data_t datap);
 
 #ifdef INTEGRITY_TEST
 #include <fips/fips.h>
-#include <fips_signature.h>
+#include <fips/fips_signature.h>
 #endif /* INTEGRITY_TEST */
 
 typedef struct private_daemon_t private_daemon_t;
@@ -362,19 +362,6 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[])
        
        DBG1(DBG_DMN, "starting charon (strongSwan Version %s)", VERSION);
 
-#ifdef INTEGRITY_TEST
-       DBG1(DBG_DMN, "integrity test of libstrongswan code");
-       if (fips_verify_hmac_signature(hmac_key, hmac_signature))
-       {
-               DBG1(DBG_DMN, "  integrity test passed");
-       }
-       else
-       {
-               DBG1(DBG_DMN, "  integrity test failed");
-               return FALSE;
-       }
-#endif /* INTEGRITY_TEST */
-
        /* load secrets, ca certificates and crls */
        this->public.processor = processor_create();
        this->public.scheduler = scheduler_create();
@@ -390,6 +377,19 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[])
        lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, 
                lib->settings->get_str(lib->settings, "charon.load", PLUGINS));
        
+#ifdef INTEGRITY_TEST
+       DBG1(DBG_DMN, "integrity test of libstrongswan code");
+       if (fips_verify_hmac_signature(hmac_key, hmac_signature))
+       {
+               DBG1(DBG_DMN, "  integrity test passed");
+       }
+       else
+       {
+               DBG1(DBG_DMN, "  integrity test failed");
+               return FALSE;
+       }
+#endif /* INTEGRITY_TEST */
+
        this->public.ike_sa_manager = ike_sa_manager_create();
        if (this->public.ike_sa_manager == NULL)
        {
index 869f967..8976a79 100644 (file)
@@ -157,14 +157,5 @@ if USE_OPENSSL
 endif
 
 if USE_INTEGRITY_TEST
-  noinst_PROGRAMS = fips_signer
-  fips_signer_SOURCES = fips/fips_signer.c
-  fips_signer_LDADD = libstrongswan.la
-
-  BUILT_SOURCES += fips_signature.h
-  CLEANFILES = fips_signature.h fips_signer
-  AM_CFLAGS += -DSTRONGSWAN_CONF=\"${strongswan_conf}\"
-
-fips_signature.h : fips_signer
-                  ./fips_signer
+  SUBDIRS += fips
 endif
diff --git a/src/libstrongswan/fips/Makefile.am b/src/libstrongswan/fips/Makefile.am
new file mode 100644 (file)
index 0000000..22a3570
--- /dev/null
@@ -0,0 +1,19 @@
+noinst_PROGRAMS = fips_signer
+fips_signer_SOURCES = fips_signer.c
+fips_signer_LDADD = ../libstrongswan.la
+
+BUILT_SOURCES = fips_signature.h
+CLEANFILES = fips_signature.h fips_signer
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+AM_CFLAGS = -DSTRONGSWAN_CONF=\"${strongswan_conf}\" \
+            -DPLUGINDIR=\"${top_srcdir}/src/libstrongswan/plugins\"
+if USE_SHA1
+  AM_CFLAGS += -DUSE_SHA1
+endif
+
+if USE_OPENSSL
+  AM_CFLAGS += -DUSE_OPENSSL
+endif
+
+fips_signature.h : fips_signer
+                  ./fips_signer
index 9ba2ba6..68c37e7 100644 (file)
@@ -28,7 +28,13 @@ int main(int argc, char* argv[])
 
        /* initialize library */
        library_init(STRONGSWAN_CONF);
-       lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, "sha1 hmac");
+#ifdef USE_SHA1
+       lib->plugins->load(lib->plugins, PLUGINDIR "/sha1/.libs", "sha1");
+#endif
+#ifdef USE_OPENSSL
+       lib->plugins->load(lib->plugins, PLUGINDIR "/openssl/.libs", "openssl");
+#endif
+       lib->plugins->load(lib->plugins, PLUGINDIR "/hmac/.libs", "hmac");
 
        if (!fips_compute_hmac_signature(hmac_key, hmac_signature))
        {