From ecc3d2734d5ecd01597a35e4b16558f0e8267e83 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Mon, 31 Jan 2005 01:33:36 +0000
Subject: [PATCH] Only allow TLS is FIPS mode.

Remove old FIPS_allow_md5() calls.
---
 ssl/s23_clnt.c | 16 ++++++++++++++++
 ssl/s23_srvr.c |  9 +++++++++
 ssl/s3_clnt.c  |  8 --------
 ssl/s3_enc.c   |  1 +
 ssl/s3_srvr.c  |  8 --------
 ssl/ssl.h      |  1 +
 ssl/ssl_cert.c |  8 --------
 ssl/ssl_err.c  |  3 ++-
 ssl/ssl_lib.c  | 17 ++++++++---------
 ssl/t1_enc.c   | 18 ------------------
 10 files changed, 37 insertions(+), 52 deletions(-)

diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index b1db0fb7b2..779e94a35c 100644
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -249,6 +249,14 @@ static int ssl23_client_hello(SSL *s)
 			*(d++)=TLS1_VERSION_MINOR;
 			s->client_version=TLS1_VERSION;
 			}
+#ifdef OPENSSL_FIPS
+		else if(FIPS_mode())
+			{
+			SSLerr(SSL_F_SSL23_CLIENT_HELLO,
+					SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
+			return -1;
+			}
+#endif
 		else if (!(s->options & SSL_OP_NO_SSLv3))
 			{
 			*(d++)=SSL3_VERSION_MAJOR;
@@ -429,6 +437,14 @@ static int ssl23_get_server_hello(SSL *s)
 		if ((p[2] == SSL3_VERSION_MINOR) &&
 			!(s->options & SSL_OP_NO_SSLv3))
 			{
+#ifdef OPENSSL_FIPS
+			if(FIPS_mode())
+				{
+				SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
+					SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
+				goto err;
+				}
+#endif
 			s->version=SSL3_VERSION;
 			s->method=SSLv3_client_method();
 			}
diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
index c5404ca0bc..92f3391f60 100644
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -407,6 +407,15 @@ int ssl23_get_client_hello(SSL *s)
 			}
 		}
 
+#ifdef OPENSSL_FIPS
+	if (FIPS_mode() && (s->version < TLS1_VERSION))
+		{
+		SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
+					SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
+		goto err;
+		}
+#endif
+
 	if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
 		{
 		/* we have SSLv3/TLSv1 in an SSLv2 header
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index a18be3e2f1..a475033f01 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1169,16 +1169,8 @@ static int ssl3_get_key_exchange(SSL *s)
 				EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
 				EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
 				EVP_DigestUpdate(&md_ctx,param,param_len);
-#ifdef OPENSSL_FIPS
-				if(s->version == TLS1_VERSION && num == 2)
-					FIPS_allow_md5(1);
-#endif
 				
 				EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i);
-#ifdef OPENSSL_FIPS
-				if(s->version == TLS1_VERSION && num == 2)
-					FIPS_allow_md5(1);
-#endif
 				q+=i;
 				j+=i;
 				}
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index beb6c64b93..a012d3f2b5 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -644,6 +644,7 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
 	unsigned int n;
 
 	EVP_MD_CTX_init(&ctx);
+	EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
 	for (i=0; i<3; i++)
 		{
 		EVP_DigestInit_ex(&ctx,s->ctx->sha1, NULL);
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index a7184891cd..0a573c6a48 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1220,16 +1220,8 @@ static int ssl3_send_server_key_exchange(SSL *s)
 					EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
 					EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
 					EVP_DigestUpdate(&md_ctx,&(d[4]),n);
-#ifdef OPENSSL_FIPS
-					if(s->version == TLS1_VERSION && num == 2)
-						FIPS_allow_md5(1);
-#endif
 					EVP_DigestFinal_ex(&md_ctx,q,
 						(unsigned int *)&i);
-#ifdef OPENSSL_FIPS
-					if(s->version == TLS1_VERSION && num == 2)
-						FIPS_allow_md5(0);
-#endif
 					q+=i;
 					j+=i;
 					}
diff --git a/ssl/ssl.h b/ssl/ssl.h
index ad201f2574..3ed6b9f6ee 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1742,6 +1742,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_NULL_SSL_CTX				 195
 #define SSL_R_NULL_SSL_METHOD_PASSED			 196
 #define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED		 197
+#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE		 1115
 #define SSL_R_PACKET_LENGTH_TOO_LONG			 198
 #define SSL_R_PATH_TOO_LONG				 270
 #define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE		 199
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 0bef96080f..6e98de8903 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -493,15 +493,7 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
 	else
 		{
 #ifndef OPENSSL_NO_X509_VERIFY
-# ifdef OPENSSL_FIPS
-		if(s->version == TLS1_VERSION)
-			FIPS_allow_md5(1);
-# endif
 		i=X509_verify_cert(&ctx);
-# ifdef OPENSSL_FIPS
-		if(s->version == TLS1_VERSION)
-			FIPS_allow_md5(0);
-# endif
 #else
 		i=0;
 		ctx.error=X509_V_ERR_APPLICATION_VERIFICATION;
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index d2cb181503..65eefee199 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -1,6 +1,6 @@
 /* ssl/ssl_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -334,6 +334,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_NULL_SSL_CTX                      ,"null ssl ctx"},
 {SSL_R_NULL_SSL_METHOD_PASSED            ,"null ssl method passed"},
 {SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED   ,"old session cipher not returned"},
+{SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE     ,"only tls allowed in fips mode"},
 {SSL_R_PACKET_LENGTH_TOO_LONG            ,"packet length too long"},
 {SSL_R_PATH_TOO_LONG                     ,"path too long"},
 {SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE ,"peer did not return a certificate"},
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index f5705af0f6..1f625cb074 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1293,6 +1293,14 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
 		return(NULL);
 		}
 
+#ifdef OPENSSL_FIPS
+	if (FIPS_mode() && (meth->version < TLS1_VERSION))	
+		{
+		SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
+		return NULL;
+		}
+#endif
+
 	if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)
 		{
 		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
@@ -2158,16 +2166,7 @@ int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
 		const char *CApath)
 	{
 	int r;
-
-#ifdef OPENSSL_FIPS
-	if(ctx->method->version == TLS1_VERSION)
-	    FIPS_allow_md5(1);
-#endif
 	r=X509_STORE_load_locations(ctx->cert_store,CAfile,CApath);
-#ifdef OPENSSL_FIPS
-	if(ctx->method->version == TLS1_VERSION)
-	    FIPS_allow_md5(0);
-#endif
 	return r;
 	}
 #endif
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 3dec4099cb..2c6246abf5 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -180,13 +180,7 @@ static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
 	S2= &(sec[len]);
 	len+=(slen&1); /* add for odd, make longer */
 
-#ifdef OPENSSL_FIPS
-	FIPS_allow_md5(1);
-#endif
 	tls1_P_hash(md5 ,S1,len,label,label_len,out1,olen);
-#ifdef OPENSSL_FIPS
-	FIPS_allow_md5(0);
-#endif
 	tls1_P_hash(sha1,S2,len,label,label_len,out2,olen);
 
 	for (i=0; i<olen; i++)
@@ -664,13 +658,7 @@ int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *out)
 
 	EVP_MD_CTX_init(&ctx);
 	EVP_MD_CTX_copy_ex(&ctx,in_ctx);
-#ifdef OPENSSL_FIPS
-	FIPS_allow_md5(1);
-#endif
 	EVP_DigestFinal_ex(&ctx,out,&ret);
-#ifdef OPENSSL_FIPS
-	FIPS_allow_md5(0);
-#endif
 	EVP_MD_CTX_cleanup(&ctx);
 	return((int)ret);
 	}
@@ -689,13 +677,7 @@ int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
 
 	EVP_MD_CTX_init(&ctx);
 	EVP_MD_CTX_copy_ex(&ctx,in1_ctx);
-#ifdef OPENSSL_FIPS
-	FIPS_allow_md5(1);
-#endif
 	EVP_DigestFinal_ex(&ctx,q,&i);
-#ifdef OPENSSL_FIPS
-	FIPS_allow_md5(0);
-#endif
 	q+=i;
 	EVP_MD_CTX_copy_ex(&ctx,in2_ctx);
 	EVP_DigestFinal_ex(&ctx,q,&i);
-- 
2.25.1