diff options
author | Jakub Jelen <jjelen@redhat.com> | 2021-09-17 15:03:57 +0200 |
---|---|---|
committer | Werner Koch <wk@gnupg.org> | 2021-09-20 08:32:25 +0200 |
commit | 3f4dd47ba74e0a9f18feba1809eeddff8790707e (patch) | |
tree | 1cf12a0335311635de85df031ba0e65d4a82d8d6 /src/global.c | |
parent | edbc1dd10bc3e1fcc0e355fe1a9c4c8769f51daf (diff) | |
download | libgcrypt-3f4dd47ba74e0a9f18feba1809eeddff8790707e.tar.gz |
Remove the forced fips mode
* cipher/rsa.c (generate_fips): Drop reference to enforced fips mode and
use normal FIPS mode check
* doc/gcrypt.texi: Drop references to enforced FIPS mode
* src/fips.c (enforced_fips_mode): Removed
(_gcry_initialize_fips_mode): Remove reading of the FIPS_FORCE_FILE
to enforce FIPS mode
(_gcry_enforced_fips_mode): Remove
(_gcry_set_enforced_fips_mode): Remove
* src/g10lib.h (_gcry_enforced_fips_mode): Remove declaration
(_gcry_set_enforced_fips_mode): Remova declaration
* src/global.c (print_config): Remove the forced fips flag
(_gcry_vcontrol): Deprecate GCRYCTL_SET_ENFORCED_FIPS_FLAG
(get_no_secure_memory): Ignore the option in FIPS mode
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
(_gcry_vcontrol): Simply ignore GCRYCTL_SET_ENFORCED_FIPS_FLAG.
Signed-off-by: Werner Koch <wk@gnupg.org>
GnuPG-bug-id: 5244
Diffstat (limited to 'src/global.c')
-rw-r--r-- | src/global.c | 16 |
1 files changed, 4 insertions, 12 deletions
diff --git a/src/global.c b/src/global.c index bebd0818..0e5acd5f 100644 --- a/src/global.c +++ b/src/global.c @@ -370,9 +370,8 @@ print_config (const char *what, gpgrt_stream_t fp) /* We use y/n instead of 1/0 for the stupid reason that * Emacsen's compile error parser would accidentally flag that * line when printed during "make check" as an error. */ - gpgrt_fprintf (fp, "fips-mode:%c:%c:\n", - fips_mode ()? 'y':'n', - _gcry_enforced_fips_mode ()? 'y':'n' ); + gpgrt_fprintf (fp, "fips-mode:%c:\n", + fips_mode ()? 'y':'n' ); } if (!what || !strcmp (what, "rng-type")) @@ -768,14 +767,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr) break; case GCRYCTL_SET_ENFORCED_FIPS_FLAG: - if (!_gcry_global_any_init_done) - { - /* Not yet initialized at all. Set the enforced fips mode flag */ - _gcry_set_preferred_rng_type (0); - _gcry_set_enforced_fips_mode (); - } - else - rc = GPG_ERR_GENERAL; + /* Obsolete - ignore */ break; case GCRYCTL_SET_PREFERRED_RNG_TYPE: @@ -912,7 +904,7 @@ get_no_secure_memory (void) { if (!no_secure_memory) return 0; - if (_gcry_enforced_fips_mode ()) + if (fips_mode ()) { no_secure_memory = 0; return 0; |