From 27c29e341656252c9e52bdb581d9c36c16035fc4 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Mon, 18 May 2020 12:25:42 +0200 Subject: fips: make FIPS140-2 mode enablement logic simpler Previously, to enable the FIPS140-2 mode, both /etc/system-fips and the fips=1 kernel command line need to be set. While this was designed to be consistent, the convention is not well followed by the other crypto libraries and the former tends to be ignored. This aligns the behavior to the latter, i.e. if fips=1 is set, the library enables the FIPS140-2 mode regardless of the existence of /etc/system-fips. Suggested by Alexander Sosedkin. Signed-off-by: Daiki Ueno --- doc/cha-internals.texi | 22 ++++++++++++++++++---- lib/fips.c | 5 ++--- lib/random.c | 4 ++-- 3 files changed, 22 insertions(+), 9 deletions(-) diff --git a/doc/cha-internals.texi b/doc/cha-internals.texi index 2a9bc1a45b..f188caecc9 100644 --- a/doc/cha-internals.texi +++ b/doc/cha-internals.texi @@ -667,15 +667,29 @@ is for the conformance to NIST's FIPS140-2 publication, which consists of polici for cryptographic modules (such as software libraries). Its implementation in GnuTLS is designed for Red Hat Enterprise Linux, and can only be enabled when the library is explicitly compiled with the '--enable-fips140-mode' -configure option. The operation of the library is then modified, as follows. +configure option. + +There are two distinct library states with regard to FIPS140-2: the FIPS140-2 +mode is @emph{installed} if @code{/etc/system-fips} is present, and the +FIPS140-2 mode is @emph{enabled} if @code{/proc/sys/crypto/fips_enabled} +contains '1', which is typically set with the ``fips=1'' kernel command line +option. + +When the FIPS140-2 mode is installed, the operation of the library is modified +as follows. @itemize -@item FIPS140-2 mode is enabled when @code{/proc/sys/crypto/fips_enabled} contains '1' and @code{/etc/system-fips} is present. -@item Only approved by FIPS140-2 algorithms are enabled -@item Only approved by FIPS140-2 key lengths are allowed for key generation @item The random generator used switches to DRBG-AES @item The integrity of the GnuTLS and dependent libraries is checked on startup @item Algorithm self-tests are run on library load +@end itemize + +When the FIPS140-2 mode is enabled, The operation of the library is in addition +modified as follows. + +@itemize +@item Only approved by FIPS140-2 algorithms are enabled +@item Only approved by FIPS140-2 key lengths are allowed for key generation @item Any cryptographic operation will be refused if any of the self-tests failed @end itemize diff --git a/lib/fips.c b/lib/fips.c index 3c43250aaf..75f26f629e 100644 --- a/lib/fips.c +++ b/lib/fips.c @@ -102,14 +102,13 @@ unsigned _gnutls_fips_mode_enabled(void) else f1p = 0; } - f2p = !access(FIPS_SYSTEM_FILE, F_OK); - - if (f1p != 0 && f2p != 0) { + if (f1p != 0) { _gnutls_debug_log("FIPS140-2 mode enabled\n"); ret = GNUTLS_FIPS140_STRICT; goto exit; } + f2p = !access(FIPS_SYSTEM_FILE, F_OK); if (f2p != 0) { /* a funny state where self tests are performed * and ignored */ diff --git a/lib/random.c b/lib/random.c index 6462738416..605fc8d51a 100644 --- a/lib/random.c +++ b/lib/random.c @@ -105,9 +105,9 @@ int _gnutls_rnd_preinit(void) #elif defined(ENABLE_FIPS140) /* The FIPS140 random generator is only enabled when we are compiled - * with FIPS support, _and_ the system requires FIPS140. + * with FIPS support, _and_ the system is in FIPS installed state. */ - if (_gnutls_fips_mode_enabled() == 1) { + if (_gnutls_fips_mode_enabled() != 0) { ret = gnutls_crypto_rnd_register(100, &_gnutls_fips_rnd_ops); if (ret < 0) return ret; -- cgit v1.2.1 From a53007d1986bcec8b042cabdcecef7e95de68b93 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Tue, 19 May 2020 16:18:39 +0200 Subject: fips: remove FIPS_STARTUP_ONLY_TEST_CASE macro The macro was intended to avoid non-recoverable errors during library initialization, but the code path has been removed in commit 3963518d067a64412bbe0aa9ce5fc33ae729c15f. Signed-off-by: Daiki Ueno --- lib/crypto-selftests.c | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/lib/crypto-selftests.c b/lib/crypto-selftests.c index f904b029b2..f915b6d744 100644 --- a/lib/crypto-selftests.c +++ b/lib/crypto-selftests.c @@ -1939,13 +1939,6 @@ static int test_mac(gnutls_mac_algorithm_t mac, return ret; \ } -#define FIPS_STARTUP_ONLY_TEST_CASE(x, func, vectors) case x: \ - if (_gnutls_fips_mode_enabled() != 1) { \ - ret = func(x, V(vectors), flags); \ - if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL) || ret < 0) \ - return ret; \ - } - /*- * gnutls_cipher_self_test: * @flags: GNUTLS_SELF_TEST_FLAG flags @@ -2075,7 +2068,7 @@ int gnutls_mac_self_test(unsigned flags, gnutls_mac_algorithm_t mac) switch (mac) { case GNUTLS_MAC_UNKNOWN: - FIPS_STARTUP_ONLY_TEST_CASE(GNUTLS_MAC_MD5, test_mac, hmac_md5_vectors); + NON_FIPS_CASE(GNUTLS_MAC_MD5, test_mac, hmac_md5_vectors); FALLTHROUGH; CASE(GNUTLS_MAC_SHA1, test_mac, hmac_sha1_vectors); FALLTHROUGH; @@ -2135,7 +2128,7 @@ int gnutls_digest_self_test(unsigned flags, gnutls_digest_algorithm_t digest) switch (digest) { case GNUTLS_DIG_UNKNOWN: - FIPS_STARTUP_ONLY_TEST_CASE(GNUTLS_DIG_MD5, test_digest, md5_vectors); + NON_FIPS_CASE(GNUTLS_DIG_MD5, test_digest, md5_vectors); FALLTHROUGH; CASE(GNUTLS_DIG_SHA1, test_digest, sha1_vectors); FALLTHROUGH; -- cgit v1.2.1