Added ability to compile for FIPS mode

2025-12-26 21:23:21 +00:00 · 2021-01-21 20:13:15 -08:00
parent 22e5693253
commit 4daedfd081
8 changed files with 54 additions and 20 deletions
--- a/microstack/ILibAsyncSocket.c
+++ b/microstack/ILibAsyncSocket.c
@@ -1189,7 +1189,6 @@ void ILibProcessAsyncSocket(struct ILibAsyncSocketModule *Reader, int pendingRea
 		if (Reader->ssl != NULL)
 		{
 			BIO_clear_retry_flags(Reader->readBio);
-#if defined(WINSOCK2)
 			if (Reader->RemoteAddress.sin6_family == AF_UNIX)
 			{
 				bytesReceived = recv(Reader->internalSocket, Reader->readBioBuffer_mem + Reader->readBioBuffer->length, (int)(Reader->readBioBuffer->max - Reader->readBioBuffer->length), 0);
@@ -1198,16 +1197,6 @@ void ILibProcessAsyncSocket(struct ILibAsyncSocketModule *Reader, int pendingRea
 			{
 				bytesReceived = recvfrom(Reader->internalSocket, Reader->readBioBuffer_mem + Reader->readBioBuffer->length, (int)(Reader->readBioBuffer->max - Reader->readBioBuffer->length), 0, (struct sockaddr*)&(Reader->SourceAddress), (int*)&len);
 			}
-#else
-			if (Reader->RemoteAddress.sin6_family == AF_UNIX)
-			{
-				bytesReceived = (int)recv(Reader->internalSocket, Reader->readBioBuffer->data + Reader->readBioBuffer->length, (int)(Reader->readBioBuffer->max - Reader->readBioBuffer->length), 0);
-			}
-			else
-			{
-				bytesReceived = (int)recvfrom(Reader->internalSocket, Reader->readBioBuffer->data + Reader->readBioBuffer->length, (int)(Reader->readBioBuffer->max - Reader->readBioBuffer->length), 0, (struct sockaddr*)&(Reader->SourceAddress), (socklen_t*)&len);
-			}
-#endif
 			if (bytesReceived > 0)
 			{
 				Reader->readBioBuffer->length += bytesReceived;
@@ -1225,6 +1214,7 @@ void ILibProcessAsyncSocket(struct ILibAsyncSocketModule *Reader, int pendingRea
 						// TODO: We should probably do something
 						break;
 					case 1:
+						printf("SSL_handshake() SUCCESS\n");
 						Reader->SSLConnect = Reader->TLSHandshakeCompleted = 1;
 						if (Reader->OnConnect != NULL)
 						{
--- a/microstack/ILibCrypto.c
+++ b/microstack/ILibCrypto.c
@@ -458,9 +458,19 @@ void __fastcall util_openssl_init()
 	SSL_load_error_strings();
 	ERR_load_crypto_strings(); // ONE LEAK IN LINUX

-	OpenSSL_add_all_algorithms(); // OpenSSL 1.1
-	OpenSSL_add_all_ciphers(); // OpenSSL 1.1
-	OpenSSL_add_all_digests(); // OpenSSL 1.1
+	OpenSSL_add_all_algorithms();	// OpenSSL 1.1
+	OpenSSL_add_all_ciphers();		// OpenSSL 1.1
+	OpenSSL_add_all_digests();		// OpenSSL 1.1
+#ifdef FIPSMODE
+	if (FIPS_mode() || FIPS_mode_set(1)) 
+	{
+		printf("ENTERED FIPS mode\n"); 
+	}
+	else
+	{
+		ILIBCRITICALEXITMSG(200, "FAILED to enter FIPS mode");
+	}
+#endif

 	// Add more random seeding in Windows (This is probably useful since OpenSSL in Windows has weaker seeding)
 #if defined(WIN32) && !defined(_MINCORE)
@@ -503,7 +513,9 @@ void __fastcall util_openssl_uninit()
 	ERR_free_strings();
 	//ERR_remove_state(0);										// Deprecated in OpenSSL/1.1.x

+#ifndef OLDSSL
 	OPENSSL_cleanup();
+#endif
 }

 // Add extension using V3 code: we can set the config file as NULL because we wont reference any other sections.
--- a/microstack/ILibWebRTC.c
+++ b/microstack/ILibWebRTC.c
@@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */

+#if !defined(NO_WEBRTC)
 #if !defined(MICROSTACK_NOTLS)

 // This is a version of the WebRTC stack with Initiator, TURN and proper retry logic.
@@ -7494,13 +7495,14 @@ int ILibSCTP_Debug_SetDebugCallback(void* dtlsSession, char* debugFieldName, ILi
 }
 #endif
 #endif
+#endif

+#include "ILibParsers.h"
 #ifdef MICROSTACK_NOTLS
 #if defined(WINSOCK2)
 	#include <winsock2.h>
 	#include <ws2tcpip.h>
 #endif
-	#include "ILibParsers.h"
 #endif

 /* zlib.h -- interface of the 'zlib' general purpose compression library