Remove a way to inactive FIPS mode

* cipher/md.c (_gcry_md_hash_buffer): Remove inactivation of FIPS mode
  when MD5 is used
  (_gcry_md_hash_buffers_extract): Ditto.
* src/fips.c (gcry_is_fips_mode_inactive): Removed
  (_gcry_inactivate_fips_mode): Removed
  (_gcry_is_fips_mode_inactive): Removed
* src/g10lib.h (_gcry_inactivate_fips_mode): Remove declaration
  (_gcry_is_fips_mode_inactive): Remove declaration
* global.c (_gcry_vcontrol): Update the GCRYCTL_FIPS_MODE_P
  (_gcry_set_allocation_handler): Silently ignore custom alocation
  handlers in FIPS mode
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>

4 files changed, 6 insertions, 83 deletions

diff --git a/cipher/md.c b/cipher/md.c
index 5f1c05b4..428959b2 100644
--- a/cipher/md.c
+++ b/cipher/md.c
@@ -1189,17 +1189,6 @@ _gcry_md_hash_buffer (int algo, void *digest,
       return;
     }
 
-  if (algo == GCRY_MD_MD5 && fips_mode ())
-    {
-      _gcry_inactivate_fips_mode ("MD5 used");
-      if (_gcry_enforced_fips_mode () )
-        {
-          /* We should never get to here because we do not register
-             MD5 in enforced fips mode.  */
-          _gcry_fips_noreturn ();
-        }
-    }
-
   if (spec->hash_buffers != NULL)
     {
       gcry_buffer_t iov;
@@ -1271,17 +1260,6 @@ _gcry_md_hash_buffers_extract (int algo, unsigned int flags, void *digest,
       return GPG_ERR_DIGEST_ALGO;
     }
 
-  if (algo == GCRY_MD_MD5 && fips_mode ())
-    {
-      _gcry_inactivate_fips_mode ("MD5 used");
-      if (_gcry_enforced_fips_mode () )
-        {
-          /* We should never get to here because we do not register
-             MD5 in enforced fips mode.  */
-          _gcry_fips_noreturn ();
-        }
-    }
-
   if (spec->mdlen > 0 && digestlen != -1 && digestlen != spec->mdlen)
     return GPG_ERR_DIGEST_ALGO;
   if (spec->mdlen == 0 && digestlen == -1)
diff --git a/src/fips.c b/src/fips.c
index 2f418284..3759a67a 100644
--- a/src/fips.c
+++ b/src/fips.c
@@ -61,11 +61,6 @@ int _gcry_no_fips_mode_required;
 /* Flag to indicate that we are in the enforced FIPS mode.  */
 static int enforced_fips_mode;
 
-/* If this flag is set, the application may no longer assume that the
-   process is running in FIPS mode.  This flag is protected by the
-   FSM_LOCK.  */
-static int inactive_fips_mode;
-
 /* This is the lock we use to protect the FSM.  */
 GPGRT_LOCK_DEFINE (fsm_lock);
 
@@ -270,53 +265,6 @@ _gcry_set_enforced_fips_mode (void)
   enforced_fips_mode = 1;
 }
 
-/* If we do not want to enforce the fips mode, we can set a flag so
-   that the application may check whether it is still in fips mode.
-   TEXT will be printed as part of a syslog message.  This function
-   may only be be called if in fips mode. */
-void
-_gcry_inactivate_fips_mode (const char *text)
-{
-  gcry_assert (fips_mode ());
-
-  if (_gcry_enforced_fips_mode () )
-    {
-      /* Get us into the error state. */
-      fips_signal_error (text);
-      return;
-    }
-
-  lock_fsm ();
-  if (!inactive_fips_mode)
-    {
-      inactive_fips_mode = 1;
-      unlock_fsm ();
-#ifdef HAVE_SYSLOG
-      syslog (LOG_USER|LOG_WARNING, "Libgcrypt warning: "
-              "%s - FIPS mode inactivated", text);
-#endif /*HAVE_SYSLOG*/
-    }
-  else
-    unlock_fsm ();
-}
-
-
-/* Return the FIPS mode inactive flag.  If it is true the FIPS mode is
-   not anymore active.  */
-int
-_gcry_is_fips_mode_inactive (void)
-{
-  int flag;
-
-  if (!fips_mode ())
-    return 0;
-  lock_fsm ();
-  flag = inactive_fips_mode;
-  unlock_fsm ();
-  return flag;
-}
-
-
 
 static const char *
 state2str (enum module_states state)
diff --git a/src/g10lib.h b/src/g10lib.h
index ed908742..74de3653 100644
--- a/src/g10lib.h
+++ b/src/g10lib.h
@@ -439,9 +439,6 @@ int _gcry_enforced_fips_mode (void);
 
 void _gcry_set_enforced_fips_mode (void);
 
-void _gcry_inactivate_fips_mode (const char *text);
-int _gcry_is_fips_mode_inactive (void);
-
 
 void _gcry_fips_signal_error (const char *srcfile,
                               int srcline,
diff --git a/src/global.c b/src/global.c
index ffc62488..bebd0818 100644
--- a/src/global.c
+++ b/src/global.c
@@ -698,8 +698,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr)
       break;
 
     case GCRYCTL_FIPS_MODE_P:
-      if (fips_mode ()
-          && !_gcry_is_fips_mode_inactive ())
+      if (fips_mode ())
 	rc = GPG_ERR_GENERAL; /* Used as TRUE value */
       break;
 
@@ -862,10 +861,11 @@ _gcry_set_allocation_handler (gcry_handler_alloc_t new_alloc_func,
 
   if (fips_mode ())
     {
-      /* We do not want to enforce the fips mode, but merely set a
-         flag so that the application may check whether it is still in
-         fips mode.  */
-      _gcry_inactivate_fips_mode ("custom allocation handler");
+      /* In FIPS mode, we can not use custom allocation handlers because
+       * fips requires explicit zeroization and we can not guarantee that
+       * with custom free functions (and we can not do it transparently as
+       * in free we do not know the zize). */
+      return;
     }
 
   alloc_func = new_alloc_func;