summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKevin Smith <git@kismith.co.uk>2012-02-22 11:00:19 (GMT)
committerKevin Smith <git@kismith.co.uk>2012-02-28 16:02:29 (GMT)
commit0e4f068273ecaa2be24a046812893698a06481bc (patch)
tree9c3b7dbd3609a866c2123ea0c5a539b5c49d67dd /Swiften/Client
parenteca0f020873f7620c5125101113e2c1eb25b273e (diff)
downloadswift-contrib-0e4f068273ecaa2be24a046812893698a06481bc.zip
swift-contrib-0e4f068273ecaa2be24a046812893698a06481bc.tar.bz2
Make Swift more usable in a FIPS-140 environment
Don't allow DIGEST-MD5 when Windows is set to FIPS mode. Use platform-provided hashing for SHA1.
Diffstat (limited to 'Swiften/Client')
-rw-r--r--Swiften/Client/ClientSession.cpp13
1 files changed, 12 insertions, 1 deletions
diff --git a/Swiften/Client/ClientSession.cpp b/Swiften/Client/ClientSession.cpp
index bfc9313..81fcf57 100644
--- a/Swiften/Client/ClientSession.cpp
+++ b/Swiften/Client/ClientSession.cpp
@@ -12,6 +12,8 @@
#include <boost/uuid/uuid_generators.hpp>
#include <boost/smart_ptr/make_shared.hpp>
+#include <Swiften/Base/Platform.h>
+#include <Swiften/Base/Log.h>
#include <Swiften/Elements/ProtocolHeader.h>
#include <Swiften/Elements/StreamFeatures.h>
#include <Swiften/Elements/StreamError.h>
@@ -41,6 +43,10 @@
#include <Swiften/TLS/CertificateTrustChecker.h>
#include <Swiften/TLS/ServerIdentityVerifier.h>
+#ifdef SWIFTEN_PLATFORM_WIN32
+#include <Swiften/Base/WindowsRegistry.h>
+#endif
+
namespace Swift {
ClientSession::ClientSession(
@@ -59,6 +65,11 @@ ClientSession::ClientSession(
rosterVersioningSupported(false),
authenticator(NULL),
certificateTrustChecker(NULL) {
+#ifdef SWIFTEN_PLATFORM_WIN32
+if (WindowsRegistry::isFIPSEnabled()) {
+ SWIFT_LOG("info") << "Windows is running in FIPS-140 mode. Some authentication methods will be unavailable." << std::endl;
+}
+#endif
}
ClientSession::~ClientSession() {
@@ -221,7 +232,7 @@ void ClientSession::handleElement(boost::shared_ptr<Element> element) {
state = WaitingForCredentials;
onNeedCredentials();
}
- else if (streamFeatures->hasAuthenticationMechanism("DIGEST-MD5")) {
+ else if (streamFeatures->hasAuthenticationMechanism("DIGEST-MD5") && DIGESTMD5ClientAuthenticator::canBeUsed()) {
std::ostringstream s;
s << boost::uuids::random_generator()();
// FIXME: Host should probably be the actual host