def check_fips_mode_ssl(): """Function to check for the SSL fips mode Uses custom cpython ssl module API, if available. Otheriwse probes using ctypes.cdll APIs. :returns: returns True if FIPS mode is active, False otherwise """ import ssl if hasattr(ssl, 'FIPS_mode'): return ssl.FIPS_mode() from ctypes import cdll libcrypto = cdll.LoadLibrary(ssl._ssl.__file__) return libcrypto.FIPS_mode()
def is_fips_mode(): """ Verify that ssl.FIPS_mode() returns 1 and that using md5 raises an exception """ import hashlib import ssl if not hasattr(ssl, 'FIPS_mode'): return False elif ssl.FIPS_mode() != 1: return False try: digest = hashlib.md5(b"Hello World\n").hexdigest() # noqa: F841 return False except ValueError: # Expect to get this exception so do nothing pass return True
sys.stdout = os.fdopen(sys.stdout.fileno(), 'w', 0) sys.stderr = os.fdopen(sys.stderr.fileno(), 'w', 0) try: CLI = cliutils.CLI() except cliutils.ResourceAllocationError as excp: sys.stdout.write("Unable to allocate more resources.\n") sys.stdout.write("ILOREST return code: %s\n" % \ ReturnCodes.RESOURCE_ALLOCATION_ISSUES_ERROR) sys.exit(ReturnCodes.RESOURCE_ALLOCATION_ISSUES_ERROR) try: # enable fips mode if our special functions are available in _ssl and OS is # in FIPS mode FIPSSTR = "" if Encryption.check_fips_mode_os() and not ssl.FIPS_mode(): ssl.FIPS_mode_set(long(1)) if ssl.FIPS_mode(): FIPSSTR = "FIPS mode enabled using openssl version %s.\n" % \ ssl.OPENSSL_VERSION else: sys.stderr.write("WARNING: Unable to enable FIPS mode!\n") except AttributeError: pass class RdmcCommand(RdmcCommandBase): """ Constructor """ def __init__(self, Args=None): RdmcCommandBase.__init__(self, \ name=versioning.__shortname__, \
def test_override_libcrypto(self): import ctypes import ssl ctypes.CDLL = CDLL fips.override_libcrypto("fips_libcrypto_file") ssl.FIPS_mode()
try: CLI = cliutils.CLI() except cliutils.ResourceAllocationError as excp: RdmcError("Unable to allocate more resources.") RdmcError("ILOREST return code: %s\n" % ReturnCodes.RESOURCE_ALLOCATION_ISSUES_ERROR) sys.exit(ReturnCodes.RESOURCE_ALLOCATION_ISSUES_ERROR) try: # enable fips mode if our special functions are available in _ssl and OS is # in FIPS mode FIPSSTR = "" if Encryption.check_fips_mode_os( ) and not Encryption.check_fips_mode_ssl(): ssl.FIPS_mode_set(int(1)) if ssl.FIPS_mode(): FIPSSTR = "FIPS mode enabled using openssl version %s.\n" % ssl.OPENSSL_VERSION else: sys.stderr.write("WARNING: Unable to enable FIPS mode!\n") except AttributeError: pass class RdmcCommand(RdmcCommandBase): """ Constructor """ def __init__(self, name, usage, summary, aliases, argparser, Args=None): super().__init__(name, usage, summary, aliases, argparser) self._commands = collections.OrderedDict() self.ui = UI(1) self.commands_dict = dict() self.interactive = False