diff options
author | Jakub Jelen <jjelen@redhat.com> | 2021-09-17 15:03:57 +0200 |
---|---|---|
committer | Werner Koch <wk@gnupg.org> | 2021-09-20 08:32:25 +0200 |
commit | 3f4dd47ba74e0a9f18feba1809eeddff8790707e (patch) | |
tree | 1cf12a0335311635de85df031ba0e65d4a82d8d6 | |
parent | edbc1dd10bc3e1fcc0e355fe1a9c4c8769f51daf (diff) | |
download | libgcrypt-3f4dd47ba74e0a9f18feba1809eeddff8790707e.tar.gz |
Remove the forced fips mode
* cipher/rsa.c (generate_fips): Drop reference to enforced fips mode and
use normal FIPS mode check
* doc/gcrypt.texi: Drop references to enforced FIPS mode
* src/fips.c (enforced_fips_mode): Removed
(_gcry_initialize_fips_mode): Remove reading of the FIPS_FORCE_FILE
to enforce FIPS mode
(_gcry_enforced_fips_mode): Remove
(_gcry_set_enforced_fips_mode): Remove
* src/g10lib.h (_gcry_enforced_fips_mode): Remove declaration
(_gcry_set_enforced_fips_mode): Remova declaration
* src/global.c (print_config): Remove the forced fips flag
(_gcry_vcontrol): Deprecate GCRYCTL_SET_ENFORCED_FIPS_FLAG
(get_no_secure_memory): Ignore the option in FIPS mode
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
(_gcry_vcontrol): Simply ignore GCRYCTL_SET_ENFORCED_FIPS_FLAG.
Signed-off-by: Werner Koch <wk@gnupg.org>
GnuPG-bug-id: 5244
-rw-r--r-- | cipher/rsa.c | 2 | ||||
-rw-r--r-- | doc/gcrypt.texi | 42 | ||||
-rw-r--r-- | src/fips.c | 34 | ||||
-rw-r--r-- | src/g10lib.h | 4 | ||||
-rw-r--r-- | src/global.c | 16 |
5 files changed, 13 insertions, 85 deletions
diff --git a/cipher/rsa.c b/cipher/rsa.c index cdb355fa..2461c4ef 100644 --- a/cipher/rsa.c +++ b/cipher/rsa.c @@ -381,7 +381,7 @@ generate_fips (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e, if (nbits <= 1024 || (nbits & 0x1FF)) return GPG_ERR_INV_VALUE; - if (_gcry_enforced_fips_mode() && nbits != 2048 && nbits != 3072) + if (fips_mode() && nbits != 2048 && nbits != 3072) return GPG_ERR_INV_VALUE; /* The random quality depends on the transient_key flag. */ diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 6ef68884..4d7d93f1 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -535,21 +535,6 @@ initialization (i.e. before @code{gcry_check_version}). @end itemize -@cindex Enforced FIPS mode - -In addition to the standard FIPS mode, Libgcrypt may also be put into -an Enforced FIPS mode by writing a non-zero value into the file -@file{/etc/gcrypt/fips_enabled} or by using the control command -@code{GCRYCTL_SET_ENFORCED_FIPS_FLAG} before any other calls to -libgcrypt. The Enforced FIPS mode helps to detect applications -which don't fulfill all requirements for using -Libgcrypt in FIPS mode (@pxref{FIPS Mode}). - -Once Libgcrypt has been put into FIPS mode, it is not possible to -switch back to standard mode without terminating the process first. -If the logging verbosity level of Libgcrypt has been set to at least -2, the state transitions and the self-tests are logged. - @node Hardware features @section How to disable hardware features @cindex hardware features @@ -677,10 +662,8 @@ to disable secure memory is to use @code{GCRYCTL_DISABLE_SECMEM} right after initialization. @item GCRYCTL_DISABLE_SECMEM; Arguments: none -This command disables the use of secure memory. If this command is -used in FIPS mode, FIPS mode will be disabled and the function -@code{gcry_fips_mode_active} returns false. However, in Enforced FIPS -mode this command has no effect at all. +This command disables the use of secure memory. In FIPS mode this command +has no effect at all. Many applications do not require secure memory, so they should disable it right away. This command should be executed right after @@ -889,13 +872,7 @@ application switch the library into FIPS mode. Note that Libgcrypt will reject an attempt to switch to fips mode during or after the initialization. @item GCRYCTL_SET_ENFORCED_FIPS_FLAG; Arguments: none -Running this command sets the internal flag that puts the library into -the enforced FIPS mode during the FIPS mode initialization. This command -does not affect the library if the library is not put into the FIPS mode and -it must be used before any other libgcrypt library calls that initialize -the library such as @code{gcry_check_version}. Note that Libgcrypt will -reject an attempt to switch to the enforced fips mode during or after -the initialization. +This command is obsolete and has no effect; do not use it. @item GCRYCTL_SET_PREFERRED_RNG_TYPE; Arguments: int These are advisory commands to select a certain random number @@ -6771,18 +6748,15 @@ On-the-fly self-tests are not performed, instead self-tests are run before entering operational state. @item -The function @code{gcry_set_allocation_handler} may not be used. If -it is used Libgcrypt disables FIPS mode unless Enforced FIPS mode is -enabled, in which case Libgcrypt will enter the error state. +The function @code{gcry_set_allocation_handler} may not be used. In FIPS mode +this function does not have any effect, because FIPS has a requirements for +memory zeroization. @item -The digest algorithm MD5 may not be used. If it is used Libgcrypt -disables FIPS mode unless Enforced FIPS mode is enabled, in which case -Libgcrypt will enter the error state. +The digest algorithm MD5 may not be used. @item -In Enforced FIPS mode the command @code{GCRYCTL_DISABLE_SECMEM} is -ignored. In standard FIPS mode it disables FIPS mode. +In FIPS mode the command @code{GCRYCTL_DISABLE_SECMEM} is ignored. @item A handler set by @code{gcry_set_outofcore_handler} is ignored. @@ -58,9 +58,6 @@ enum module_states fips_mode()! */ int _gcry_no_fips_mode_required; -/* Flag to indicate that we are in the enforced FIPS mode. */ -static int enforced_fips_mode; - /* This is the lock we use to protect the FSM. */ GPGRT_LOCK_DEFINE (fsm_lock); @@ -171,7 +168,6 @@ _gcry_initialize_fips_mode (int force) if (!_gcry_no_fips_mode_required) { /* Yes, we are in FIPS mode. */ - FILE *fp; /* Intitialize the lock to protect the FSM. */ err = gpgrt_lock_init (&fsm_lock); @@ -190,19 +186,6 @@ _gcry_initialize_fips_mode (int force) abort (); } - - /* If the FIPS force files exists, is readable and has a number - != 0 on its first line, we enable the enforced fips mode. */ - fp = fopen (FIPS_FORCE_FILE, "r"); - if (fp) - { - char line[256]; - - if (fgets (line, sizeof line, fp) && atoi (line)) - enforced_fips_mode = 1; - fclose (fp); - } - /* Now get us into the INIT state. */ fips_new_state (STATE_INIT); @@ -249,23 +232,6 @@ unlock_fsm (void) } -/* Return a flag telling whether we are in the enforced fips mode. */ -int -_gcry_enforced_fips_mode (void) -{ - if (!fips_mode ()) - return 0; - return enforced_fips_mode; -} - -/* Set a flag telling whether we are in the enforced fips mode. */ -void -_gcry_set_enforced_fips_mode (void) -{ - enforced_fips_mode = 1; -} - - static const char * state2str (enum module_states state) { diff --git a/src/g10lib.h b/src/g10lib.h index 74de3653..0f827074 100644 --- a/src/g10lib.h +++ b/src/g10lib.h @@ -435,10 +435,6 @@ void _gcry_initialize_fips_mode (int force); existing. */ #define fips_mode() (!_gcry_no_fips_mode_required) -int _gcry_enforced_fips_mode (void); - -void _gcry_set_enforced_fips_mode (void); - void _gcry_fips_signal_error (const char *srcfile, int srcline, diff --git a/src/global.c b/src/global.c index bebd0818..0e5acd5f 100644 --- a/src/global.c +++ b/src/global.c @@ -370,9 +370,8 @@ print_config (const char *what, gpgrt_stream_t fp) /* We use y/n instead of 1/0 for the stupid reason that * Emacsen's compile error parser would accidentally flag that * line when printed during "make check" as an error. */ - gpgrt_fprintf (fp, "fips-mode:%c:%c:\n", - fips_mode ()? 'y':'n', - _gcry_enforced_fips_mode ()? 'y':'n' ); + gpgrt_fprintf (fp, "fips-mode:%c:\n", + fips_mode ()? 'y':'n' ); } if (!what || !strcmp (what, "rng-type")) @@ -768,14 +767,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr) break; case GCRYCTL_SET_ENFORCED_FIPS_FLAG: - if (!_gcry_global_any_init_done) - { - /* Not yet initialized at all. Set the enforced fips mode flag */ - _gcry_set_preferred_rng_type (0); - _gcry_set_enforced_fips_mode (); - } - else - rc = GPG_ERR_GENERAL; + /* Obsolete - ignore */ break; case GCRYCTL_SET_PREFERRED_RNG_TYPE: @@ -912,7 +904,7 @@ get_no_secure_memory (void) { if (!no_secure_memory) return 0; - if (_gcry_enforced_fips_mode ()) + if (fips_mode ()) { no_secure_memory = 0; return 0; |