frr-8.1.0
This commit is contained in:
@@ -1,8 +1,38 @@
|
||||
diff --git a/isisd/isis_circuit.c b/isisd/isis_circuit.c
|
||||
index 6f4a91be6..59b4826c8 100644
|
||||
--- a/isisd/isis_circuit.c
|
||||
+++ b/isisd/isis_circuit.c
|
||||
@@ -1409,6 +1409,10 @@ ferr_r isis_circuit_passwd_set(struct isis_circuit *circuit,
|
||||
return ferr_code_bug(
|
||||
"circuit password too long (max 254 chars)");
|
||||
|
||||
+ //When in FIPS mode, the password never gets set in MD5
|
||||
+ if((passwd_type == ISIS_PASSWD_TYPE_HMAC_MD5) && FIPS_mode())
|
||||
+ return ferr_cfg_invalid("FIPS mode is enabled, md5 authentication is disabled");
|
||||
+
|
||||
circuit->passwd.len = len;
|
||||
strlcpy((char *)circuit->passwd.passwd, passwd,
|
||||
sizeof(circuit->passwd.passwd));
|
||||
diff --git a/isisd/isisd.c b/isisd/isisd.c
|
||||
index 65764654e..65ed945b8 100644
|
||||
--- a/isisd/isisd.c
|
||||
+++ b/isisd/isisd.c
|
||||
@@ -2493,6 +2493,10 @@ static int isis_area_passwd_set(struct isis_area *area, int level,
|
||||
if (len > 254)
|
||||
return -1;
|
||||
|
||||
+ //When in FIPS mode, the password never get set in MD5
|
||||
+ if ((passwd_type == ISIS_PASSWD_TYPE_HMAC_MD5) && (FIPS_mode()))
|
||||
+ return ferr_cfg_invalid("FIPS mode is enabled, md5 authentication is disabled");
|
||||
+
|
||||
modified.len = len;
|
||||
strlcpy((char *)modified.passwd, passwd,
|
||||
sizeof(modified.passwd));
|
||||
diff --git a/ospfd/ospf_vty.c b/ospfd/ospf_vty.c
|
||||
index 631465f..e084ff3 100644
|
||||
index f998f2e5f..58f831ea1 100644
|
||||
--- a/ospfd/ospf_vty.c
|
||||
+++ b/ospfd/ospf_vty.c
|
||||
@@ -1136,6 +1136,11 @@ DEFUN (ospf_area_vlink,
|
||||
@@ -1106,6 +1106,11 @@ DEFUN (ospf_area_vlink,
|
||||
|
||||
if (argv_find(argv, argc, "message-digest", &idx)) {
|
||||
/* authentication message-digest */
|
||||
@@ -14,7 +44,7 @@ index 631465f..e084ff3 100644
|
||||
vl_config.auth_type = OSPF_AUTH_CRYPTOGRAPHIC;
|
||||
} else if (argv_find(argv, argc, "null", &idx)) {
|
||||
/* "authentication null" */
|
||||
@@ -1993,6 +1998,15 @@ DEFUN (ospf_area_authentication_message_digest,
|
||||
@@ -2019,6 +2024,15 @@ DEFUN (ospf_area_authentication_message_digest,
|
||||
? OSPF_AUTH_NULL
|
||||
: OSPF_AUTH_CRYPTOGRAPHIC;
|
||||
|
||||
@@ -30,7 +60,7 @@ index 631465f..e084ff3 100644
|
||||
return CMD_SUCCESS;
|
||||
}
|
||||
|
||||
@@ -6665,6 +6679,11 @@ DEFUN (ip_ospf_authentication_args,
|
||||
@@ -7553,6 +7567,11 @@ DEFUN (ip_ospf_authentication_args,
|
||||
|
||||
/* Handle message-digest authentication */
|
||||
if (argv[idx_encryption]->arg[0] == 'm') {
|
||||
@@ -42,7 +72,7 @@ index 631465f..e084ff3 100644
|
||||
SET_IF_PARAM(params, auth_type);
|
||||
params->auth_type = OSPF_AUTH_CRYPTOGRAPHIC;
|
||||
return CMD_SUCCESS;
|
||||
@@ -6971,6 +6990,11 @@ DEFUN (ip_ospf_message_digest_key,
|
||||
@@ -7859,6 +7878,11 @@ DEFUN (ip_ospf_message_digest_key,
|
||||
"The OSPF password (key)\n"
|
||||
"Address of interface\n")
|
||||
{
|
||||
@@ -54,41 +84,11 @@ index 631465f..e084ff3 100644
|
||||
VTY_DECLVAR_CONTEXT(interface, ifp);
|
||||
struct crypt_key *ck;
|
||||
uint8_t key_id;
|
||||
diff --git a/isisd/isis_circuit.c b/isisd/isis_circuit.c
|
||||
index 81b4b39..cce33d9 100644
|
||||
--- a/isisd/isis_circuit.c
|
||||
+++ b/isisd/isis_circuit.c
|
||||
@@ -1318,6 +1318,10 @@ static int isis_circuit_passwd_set(struct isis_circuit *circuit,
|
||||
return ferr_code_bug(
|
||||
"circuit password too long (max 254 chars)");
|
||||
|
||||
+ //When in FIPS mode, the password never gets set in MD5
|
||||
+ if((passwd_type == ISIS_PASSWD_TYPE_HMAC_MD5) && FIPS_mode())
|
||||
+ return ferr_cfg_invalid("FIPS mode is enabled, md5 authentication is disabled");
|
||||
+
|
||||
circuit->passwd.len = len;
|
||||
strlcpy((char *)circuit->passwd.passwd, passwd,
|
||||
sizeof(circuit->passwd.passwd));
|
||||
diff --git a/isisd/isisd.c b/isisd/isisd.c
|
||||
index 419127c..a6c36af 100644
|
||||
--- a/isisd/isisd.c
|
||||
+++ b/isisd/isisd.c
|
||||
@@ -1638,6 +1638,10 @@ static int isis_area_passwd_set(struct isis_area *area, int level,
|
||||
if (len > 254)
|
||||
return -1;
|
||||
|
||||
+ //When in FIPS mode, the password never get set in MD5
|
||||
+ if ((passwd_type == ISIS_PASSWD_TYPE_HMAC_MD5) && (FIPS_mode()))
|
||||
+ return ferr_cfg_invalid("FIPS mode is enabled, md5 authentication is disabled");
|
||||
+
|
||||
modified.len = len;
|
||||
strlcpy((char *)modified.passwd, passwd,
|
||||
sizeof(modified.passwd));
|
||||
diff --git a/ripd/rip_cli.c b/ripd/rip_cli.c
|
||||
index 5bb81ef..02a09ef 100644
|
||||
index 8a3ce24f5..04cc0968a 100644
|
||||
--- a/ripd/rip_cli.c
|
||||
+++ b/ripd/rip_cli.c
|
||||
@@ -796,6 +796,12 @@ DEFPY (ip_rip_authentication_mode,
|
||||
@@ -827,6 +827,12 @@ DEFPY_YANG (ip_rip_authentication_mode,
|
||||
value = "20";
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user