fixed libstrongswan integrity test

author: Andreas Steffen <andreas.steffen@strongswan.org> 2008-08-19 18:51:30 +0000
committer: Andreas Steffen <andreas.steffen@strongswan.org> 2008-08-19 18:51:30 +0000
commit: af165431d26c65527664c637843e36e1d5130911 (patch)
tree: e97b43329a35d1792a75d00167a4bf4b1a8330a4
parent: ec24987164336a56f28bf40699c03bf1a7f1713c (diff)
download: strongswan-af165431d26c65527664c637843e36e1d5130911.tar.bz2
strongswan-af165431d26c65527664c637843e36e1d5130911.tar.xz
5 files changed, 43 insertions, 26 deletions
diff --git a/configure.in b/configure.in
index 8c790eb1b..81d447069 100644
--- a/configure.in
+++ b/configure.in
@@ -16,7 +16,7 @@ dnl ===========================
 dnl  initialize & set some vars
 dnl ===========================
 
-AC_INIT(strongSwan,4.2.6)
+AC_INIT(strongSwan,4.2.6rc7)
 AM_INIT_AUTOMAKE(tar-ustar)
 AC_C_BIGENDIAN
 AC_SUBST(confdir, '${sysconfdir}')
@@ -878,6 +878,7 @@ AC_OUTPUT(
 	src/libstrongswan/plugins/sqlite/Makefile
 	src/libstrongswan/plugins/padlock/Makefile
 	src/libstrongswan/plugins/openssl/Makefile
+	src/libstrongswan/fips/Makefile
 	src/libcrypto/Makefile
 	src/libfreeswan/Makefile
 	src/pluto/Makefile
diff --git a/src/charon/daemon.c b/src/charon/daemon.c
index 1776daedb..95edd35cc 100644
--- a/src/charon/daemon.c
+++ b/src/charon/daemon.c
@@ -52,7 +52,7 @@ extern int capset(cap_user_header_t hdrp, const cap_user_data_t datap);
 
 #ifdef INTEGRITY_TEST
 #include <fips/fips.h>
-#include <fips_signature.h>
+#include <fips/fips_signature.h>
 #endif /* INTEGRITY_TEST */
 
 typedef struct private_daemon_t private_daemon_t;
@@ -362,19 +362,6 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[])
 	
 	DBG1(DBG_DMN, "starting charon (strongSwan Version %s)", VERSION);
 
-#ifdef INTEGRITY_TEST
-	DBG1(DBG_DMN, "integrity test of libstrongswan code");
-	if (fips_verify_hmac_signature(hmac_key, hmac_signature))
-	{
-		DBG1(DBG_DMN, "  integrity test passed");
-	}
-	else
-	{
-		DBG1(DBG_DMN, "  integrity test failed");
-		return FALSE;
-	}
-#endif /* INTEGRITY_TEST */
-
 	/* load secrets, ca certificates and crls */
 	this->public.processor = processor_create();
 	this->public.scheduler = scheduler_create();
@@ -390,6 +377,19 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[])
 	lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, 
 		lib->settings->get_str(lib->settings, "charon.load", PLUGINS));
 	
+#ifdef INTEGRITY_TEST
+	DBG1(DBG_DMN, "integrity test of libstrongswan code");
+	if (fips_verify_hmac_signature(hmac_key, hmac_signature))
+	{
+		DBG1(DBG_DMN, "  integrity test passed");
+	}
+	else
+	{
+		DBG1(DBG_DMN, "  integrity test failed");
+		return FALSE;
+	}
+#endif /* INTEGRITY_TEST */
+
 	this->public.ike_sa_manager = ike_sa_manager_create();
 	if (this->public.ike_sa_manager == NULL)
 	{
diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am
index 869f9677b..8976a79a0 100644
--- a/src/libstrongswan/Makefile.am
+++ b/src/libstrongswan/Makefile.am
@@ -157,14 +157,5 @@ if USE_OPENSSL
 endif
 
 if USE_INTEGRITY_TEST
-  noinst_PROGRAMS = fips_signer
-  fips_signer_SOURCES = fips/fips_signer.c
-  fips_signer_LDADD = libstrongswan.la
-
-  BUILT_SOURCES += fips_signature.h
-  CLEANFILES = fips_signature.h fips_signer
-  AM_CFLAGS += -DSTRONGSWAN_CONF=\"${strongswan_conf}\"
-
-fips_signature.h : fips_signer
-		   ./fips_signer
+  SUBDIRS += fips
 endif
diff --git a/src/libstrongswan/fips/Makefile.am b/src/libstrongswan/fips/Makefile.am
new file mode 100644
index 000000000..22a35701b
--- /dev/null
+++ b/src/libstrongswan/fips/Makefile.am
@@ -0,0 +1,19 @@
+noinst_PROGRAMS = fips_signer
+fips_signer_SOURCES = fips_signer.c
+fips_signer_LDADD = ../libstrongswan.la
+
+BUILT_SOURCES = fips_signature.h
+CLEANFILES = fips_signature.h fips_signer
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+AM_CFLAGS = -DSTRONGSWAN_CONF=\"${strongswan_conf}\" \
+            -DPLUGINDIR=\"${top_srcdir}/src/libstrongswan/plugins\"
+if USE_SHA1
+  AM_CFLAGS += -DUSE_SHA1
+endif
+
+if USE_OPENSSL
+  AM_CFLAGS += -DUSE_OPENSSL
+endif
+
+fips_signature.h : fips_signer
+		   ./fips_signer
diff --git a/src/libstrongswan/fips/fips_signer.c b/src/libstrongswan/fips/fips_signer.c
index 9ba2ba61f..68c37e707 100644
--- a/src/libstrongswan/fips/fips_signer.c
+++ b/src/libstrongswan/fips/fips_signer.c
@@ -28,7 +28,13 @@ int main(int argc, char* argv[])
 
 	/* initialize library */
 	library_init(STRONGSWAN_CONF);
-	lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, "sha1 hmac");
+#ifdef USE_SHA1
+	lib->plugins->load(lib->plugins, PLUGINDIR "/sha1/.libs", "sha1");
+#endif
+#ifdef USE_OPENSSL
+	lib->plugins->load(lib->plugins, PLUGINDIR "/openssl/.libs", "openssl");
+#endif
+	lib->plugins->load(lib->plugins, PLUGINDIR "/hmac/.libs", "hmac");
 
 	if (!fips_compute_hmac_signature(hmac_key, hmac_signature))
 	{
author	Andreas Steffen <andreas.steffen@strongswan.org>	2008-08-19 18:51:30 +0000
committer	Andreas Steffen <andreas.steffen@strongswan.org>	2008-08-19 18:51:30 +0000
commit	af165431d26c65527664c637843e36e1d5130911 (patch)
tree	e97b43329a35d1792a75d00167a4bf4b1a8330a4
parent	ec24987164336a56f28bf40699c03bf1a7f1713c (diff)
download	strongswan-af165431d26c65527664c637843e36e1d5130911.tar.bz2 strongswan-af165431d26c65527664c637843e36e1d5130911.tar.xz