[svn] gcry - r1350 - in trunk: . cipher doc src tests
svn author wk
cvs at cvs.gnupg.org
Fri Oct 24 19:01:31 CEST 2008
Author: wk
Date: 2008-10-24 19:01:30 +0200 (Fri, 24 Oct 2008)
New Revision: 1350
Modified:
trunk/NEWS
trunk/cipher/ChangeLog
trunk/cipher/md.c
trunk/cipher/rsa.c
trunk/doc/gcrypt.texi
trunk/src/ChangeLog
trunk/src/fips.c
trunk/src/g10lib.h
trunk/src/global.c
trunk/tests/ChangeLog
trunk/tests/basic.c
trunk/tests/benchmark.c
Log:
Do no restrtc usage of MD5 in fips mode.
Modified: trunk/cipher/ChangeLog
===================================================================
--- trunk/cipher/ChangeLog 2008-10-20 15:24:01 UTC (rev 1349)
+++ trunk/cipher/ChangeLog 2008-10-24 17:01:30 UTC (rev 1350)
@@ -1,3 +1,9 @@
+2008-10-24 Werner Koch <wk at g10code.com>
+
+ * md.c (digest_table): Allow MD5 in fips mode.
+ (md_register_default): Take special action for MD5.
+ (md_enable, gcry_md_hash_buffer): Ditto.
+
2008-09-30 Werner Koch <wk at g10code.com>
* rijndael.c (do_setkey): Properly align "t" and "tk".
Modified: trunk/src/ChangeLog
===================================================================
--- trunk/src/ChangeLog 2008-10-20 15:24:01 UTC (rev 1349)
+++ trunk/src/ChangeLog 2008-10-24 17:01:30 UTC (rev 1350)
@@ -1,3 +1,10 @@
+2008-10-24 Werner Koch <wk at g10code.com>
+
+ * global.c (inactive_fips_mode): Move to fips.c.
+ (gcry_set_allocation_handler): Factor code out to ...
+ * fips.c (_gcry_inactivate_fips_mode): New.
+ (_gcry_is_fips_mode_inactive): New.
+
2008-09-29 Werner Koch <wk at g10code.com>
* gcrypt-module.h (GCRY_MODULE_ID_USER, GCRY_MODULE_ID_USER_LAST):
Modified: trunk/tests/ChangeLog
===================================================================
--- trunk/tests/ChangeLog 2008-10-20 15:24:01 UTC (rev 1349)
+++ trunk/tests/ChangeLog 2008-10-24 17:01:30 UTC (rev 1350)
@@ -1,3 +1,8 @@
+2008-10-24 Werner Koch <wk at g10code.com>
+
+ * benchmark.c (md_bench): Do not test MD5 in fips mode.
+ * basic.c (check_digests, check_hmac): Ditto.
+
2008-10-06 Werner Koch <wk at g10code.com>
* cavs_driver.pl: New version from upstream.
Modified: trunk/NEWS
===================================================================
--- trunk/NEWS 2008-10-20 15:24:01 UTC (rev 1349)
+++ trunk/NEWS 2008-10-24 17:01:30 UTC (rev 1350)
@@ -4,7 +4,9 @@
* Publish GCRY_MODULE_ID_USER and GCRY_MODULE_ID_USER_LAST constants.
This functionality is in Libgcrypt since 1.3.0.
+ * MD5 may now be used in non-enforced fips mode.
+
Noteworthy changes in version 1.4.3 (2008-09-18)
------------------------------------------------
Modified: trunk/cipher/md.c
===================================================================
--- trunk/cipher/md.c 2008-10-20 15:24:01 UTC (rev 1349)
+++ trunk/cipher/md.c 2008-10-24 17:01:30 UTC (rev 1350)
@@ -43,7 +43,7 @@
gcry_md_spec_t *digest;
md_extra_spec_t *extraspec;
unsigned int algorithm;
- int fips_allowed;
+ int fips_allowed;
} digest_table[] =
{
#if USE_CRC
@@ -62,7 +62,7 @@
#endif
#if USE_MD5
{ &_gcry_digest_spec_md5,
- &dummy_extra_spec, GCRY_MD_MD5 },
+ &dummy_extra_spec, GCRY_MD_MD5, 1 },
#endif
#if USE_RMD160
{ &_gcry_digest_spec_rmd160,
@@ -176,8 +176,14 @@
for (i = 0; !err && digest_table[i].digest; i++)
{
- if ( fips_mode () && !digest_table[i].fips_allowed )
- continue;
+ if ( fips_mode ())
+ {
+ if (!digest_table[i].fips_allowed)
+ continue;
+ if (digest_table[i].algorithm == GCRY_MD_MD5
+ && _gcry_enforced_fips_mode () )
+ continue; /* Do not register in enforced fips mode. */
+ }
err = _gcry_module_add (&digests_registered,
digest_table[i].algorithm,
@@ -550,11 +556,23 @@
log_debug ("md_enable: algorithm %d not available\n", algorithm);
err = GPG_ERR_DIGEST_ALGO;
}
- else
+ else
digest = (gcry_md_spec_t *) module->spec;
- if (! err)
+
+ if (!err && algorithm == GCRY_MD_MD5 && fips_mode ())
{
+ _gcry_inactivate_fips_mode ("MD5 used");
+ if (_gcry_enforced_fips_mode () )
+ {
+ /* We should never get to here because we do not register
+ MD5 in enforced fips mode. But better throw an error. */
+ err = GPG_ERR_DIGEST_ALGO;
+ }
+ }
+
+ if (!err)
+ {
size_t size = (sizeof (*entry)
+ digest->contextsize
- sizeof (entry->context));
@@ -992,7 +1010,20 @@
/* For the others we do not have a fast function, so we use the
normal functions. */
gcry_md_hd_t h;
- gpg_err_code_t err = md_open (&h, algo, 0, 0);
+ gpg_err_code_t err;
+
+ if (algo == GCRY_MD_MD5 && fips_mode ())
+ {
+ _gcry_inactivate_fips_mode ("MD5 used");
+ if (_gcry_enforced_fips_mode () )
+ {
+ /* We should never get to here because we do not register
+ MD5 in enforced fips mode. */
+ _gcry_fips_noreturn ();
+ }
+ }
+
+ err = md_open (&h, algo, 0, 0);
if (err)
log_bug ("gcry_md_open failed for algo %d: %s",
algo, gpg_strerror (gcry_error(err)));
Modified: trunk/cipher/rsa.c
===================================================================
--- trunk/cipher/rsa.c 2008-10-20 15:24:01 UTC (rev 1349)
+++ trunk/cipher/rsa.c 2008-10-24 17:01:30 UTC (rev 1350)
@@ -196,12 +196,12 @@
gcry_random_level_t random_level;
if (fips_mode ())
- {
- if (nbits < 1024)
- return GPG_ERR_INV_VALUE;
- if (transient_key)
- return GPG_ERR_INV_VALUE;
- }
+ {
+ if (nbits < 1024)
+ return GPG_ERR_INV_VALUE;
+ if (transient_key)
+ return GPG_ERR_INV_VALUE;
+ }
/* The random quality depends on the transient_key flag. */
random_level = transient_key ? GCRY_STRONG_RANDOM : GCRY_VERY_STRONG_RANDOM;
Modified: trunk/doc/gcrypt.texi
===================================================================
--- trunk/doc/gcrypt.texi 2008-10-20 15:24:01 UTC (rev 1349)
+++ trunk/doc/gcrypt.texi 2008-10-24 17:01:30 UTC (rev 1350)
@@ -5524,6 +5524,11 @@
it is used Libgcrypt disables FIPS mode unless Enforced FIPS mode is
enabled, in which case Libgcrypt will enter the error state.
+ at item
+The digest algorithm MD5 may not be used. If it is used Libgcrypt
+disables FIPS mode unless Enforced FIPS mode is enabled, in which case
+Libgcrypt will enter the error state.
+
@item
In Enforced FIPS mode the command @code{GCRYCTL_DISABLE_SECMEM} is
ignored. In standard FIPS mode it disables FIPS mode.
@@ -5536,10 +5541,9 @@
@end itemize
Note that when we speak about disabling FIPS mode, it merely means
-that the fucntion @code{gcry_fips_mode_active} returns false; it does
+that the function @code{gcry_fips_mode_active} returns false; it does
not mean that any non FIPS algorithms are allowed.
-
@c ********************************************
@section FIPS Finite State Machine
@@ -5688,6 +5692,25 @@
@end table
@end float
+ at c ********************************************
+ at section FIPS Miscellaneous Information
+
+Libgcrypt does not do any key management on itself; the application
+needs to care about it. Keys which are passed to Libgcrypt should be
+allocated in secure memory as available with the functions
+ at code{gcry_malloc_secure} and @code{gcry_calloc_secure}. By calling
+ at code{gcry_free} on this memory, the memory and thus the keys are
+overwritten with zero bytes before releasing the memory.
+
+For use with the random number generator, Libgcrypt generates 3
+internal keys which are stored in the encryption contexts used by the
+RNG. These keys are stored in secure memory for the lifetime of the
+process. Application are required to use @code{GCRYCTL_TERM_SECMEM}
+before process termination. This will zero out the entire secure
+memory and thus also the encryption contexts with these keys.
+
+
+
@c **********************************************************
@c ************* Appendices (license etc.) ****************
@c **********************************************************
Modified: trunk/src/fips.c
===================================================================
--- trunk/src/fips.c 2008-10-20 15:24:01 UTC (rev 1349)
+++ trunk/src/fips.c 2008-10-24 17:01:30 UTC (rev 1350)
@@ -63,6 +63,11 @@
/* Flag to indicate that we are in the enforced FIPS mode. */
static int enforced_fips_mode;
+/* If this flag is set, the application may no longer assume that the
+ process is running in FIPS mode. This flag is protected by the
+ FSM_LOCK. */
+static int inactive_fips_mode;
+
/* This is the lock we use to protect the FSM. */
static ath_mutex_t fsm_lock = ATH_MUTEX_INITIALIZER;
@@ -259,7 +264,7 @@
{
/* No locking is required becuase we have the requirement that this
variable is only intialized once with no other threads
- exiisting. */
+ existing. */
return !no_fips_mode_required;
}
@@ -272,6 +277,54 @@
}
+/* If we do not want to enforce the fips mode, we can set a flag so
+ that the application may check whether it is still in fips mode.
+ TEXT will be printed as part of a syslog message. This function
+ may only be be called if in fips mode. */
+void
+_gcry_inactivate_fips_mode (const char *text)
+{
+ gcry_assert (_gcry_fips_mode ());
+
+ if (_gcry_enforced_fips_mode () )
+ {
+ /* Get us into the error state. */
+ fips_signal_error (text);
+ return;
+ }
+
+ lock_fsm ();
+ if (!inactive_fips_mode)
+ {
+ inactive_fips_mode = 1;
+ unlock_fsm ();
+#ifdef HAVE_SYSLOG
+ syslog (LOG_USER|LOG_WARNING, "Libgcrypt warning: "
+ "%s - FIPS mode inactivated", text);
+#endif /*HAVE_SYSLOG*/
+ }
+ else
+ unlock_fsm ();
+}
+
+
+/* Return the FIPS mode inactive flag. If it is true the FIPS mode is
+ not anymore active. */
+int
+_gcry_is_fips_mode_inactive (void)
+{
+ int flag;
+
+ if (!_gcry_fips_mode ())
+ return 0;
+ lock_fsm ();
+ flag = inactive_fips_mode;
+ unlock_fsm ();
+ return flag;
+}
+
+
+
static const char *
state2str (enum module_states state)
{
Modified: trunk/src/g10lib.h
===================================================================
--- trunk/src/g10lib.h 2008-10-20 15:24:01 UTC (rev 1349)
+++ trunk/src/g10lib.h 2008-10-24 17:01:30 UTC (rev 1350)
@@ -295,6 +295,10 @@
int _gcry_enforced_fips_mode (void);
+void _gcry_inactivate_fips_mode (const char *text);
+int _gcry_is_fips_mode_inactive (void);
+
+
void _gcry_fips_signal_error (const char *srcfile,
int srcline,
const char *srcfunc,
Modified: trunk/src/global.c
===================================================================
--- trunk/src/global.c 2008-10-20 15:24:01 UTC (rev 1349)
+++ trunk/src/global.c 2008-10-24 17:01:30 UTC (rev 1350)
@@ -50,10 +50,6 @@
intialization code swicthed fips mode on. */
static int force_fips_mode;
-/* If this flag is set, the application may no longer assume that the
- process is running in FIPS mode. */
-static int inactive_fips_mode;
-
/* Controlled by global_init(). */
static int any_init_done;
@@ -495,7 +491,9 @@
break;
case GCRYCTL_FIPS_MODE_P:
- if (fips_mode () && !inactive_fips_mode && !no_secure_memory)
+ if (fips_mode ()
+ && !_gcry_is_fips_mode_inactive ()
+ && !no_secure_memory)
err = GPG_ERR_GENERAL; /* Used as TRUE value */
break;
@@ -658,20 +656,10 @@
if (fips_mode ())
{
- if (_gcry_enforced_fips_mode () )
- {
- /* Get us into the error state. */
- fips_signal_error ("custom allocation handler used");
- return;
- }
/* We do not want to enforce the fips mode, but merely set a
- flag so that the application may check wheter it is still in
+ flag so that the application may check whether it is still in
fips mode. */
- inactive_fips_mode = 1;
-#ifdef HAVE_SYSLOG
- syslog (LOG_USER|LOG_WARNING, "Libgcrypt warning: "
- "custom allocation handler used - FIPS mode disabled");
-#endif /*HAVE_SYSLOG*/
+ _gcry_inactivate_fips_mode ("custom allocation handler");
}
alloc_func = new_alloc_func;
Modified: trunk/tests/basic.c
===================================================================
--- trunk/tests/basic.c 2008-10-20 15:24:01 UTC (rev 1349)
+++ trunk/tests/basic.c 2008-10-24 17:01:30 UTC (rev 1350)
@@ -1316,7 +1316,8 @@
for (i = 0; algos[i].md; i++)
{
- if (gcry_md_test_algo (algos[i].md) && in_fips_mode)
+ if ((gcry_md_test_algo (algos[i].md) || algos[i].md == GCRY_MD_MD5)
+ && in_fips_mode)
{
if (verbose)
fprintf (stderr, " algorithm %d not available in fips mode\n",
@@ -1685,7 +1686,8 @@
for (i = 0; algos[i].md; i++)
{
- if (gcry_md_test_algo (algos[i].md) && in_fips_mode)
+ if ((gcry_md_test_algo (algos[i].md) || algos[i].md == GCRY_MD_MD5)
+ && in_fips_mode)
{
if (verbose)
fprintf (stderr, " algorithm %d not available in fips mode\n",
@@ -2117,6 +2119,7 @@
check_pubkey ();
}
+
if (in_fips_mode && !selftest_only)
{
/* If we are in fips mode do some more tests. */
@@ -2170,5 +2173,8 @@
if (verbose)
fprintf (stderr, "\nAll tests completed. Errors: %i\n", error_count);
+ if (in_fips_mode && !gcry_fips_mode_active ())
+ fprintf (stderr, "FIPS mode is not anymore active\n");
+
return error_count ? 1 : 0;
}
Modified: trunk/tests/benchmark.c
===================================================================
--- trunk/tests/benchmark.c 2008-10-20 15:24:01 UTC (rev 1349)
+++ trunk/tests/benchmark.c 2008-10-24 17:01:30 UTC (rev 1350)
@@ -41,7 +41,10 @@
/* Number of cipher repetitions. */
static int cipher_repetitions;
+/* Whether fips mode was active at startup. */
+static int in_fips_mode;
+
static const char sample_private_dsa_key_1024[] =
"(private-key\n"
" (dsa\n"
@@ -373,7 +376,9 @@
if (!algoname)
{
for (i=1; i < 400; i++)
- if ( !gcry_md_test_algo (i) )
+ if (in_fips_mode && i == GCRY_MD_MD5)
+ ; /* Don't use MD5 in fips mode. */
+ else if ( !gcry_md_test_algo (i) )
md_bench (gcry_md_algo_name (i));
return;
}
@@ -1055,7 +1060,9 @@
exit (1);
}
- if (!gcry_fips_mode_active ())
+ if (gcry_fips_mode_active ())
+ in_fips_mode = 1;
+ else
gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
if (use_random_daemon)
@@ -1135,6 +1142,10 @@
fprintf (stderr, PGM ": bad arguments\n");
return 1;
}
+
+
+ if (in_fips_mode && !gcry_fips_mode_active ())
+ fprintf (stderr, PGM ": FIPS mode is not anymore active\n");
return 0;
}
More information about the Gnupg-commits
mailing list