diff options
author | Alexandre Oliva <aoliva@redhat.com> | 2012-10-10 07:05:46 -0300 |
---|---|---|
committer | Alexandre Oliva <aoliva@redhat.com> | 2012-10-10 07:05:46 -0300 |
commit | e745142509a427ccb9b14ee94ff24f7f36f7f4b6 (patch) | |
tree | 4edd9f6cf6db3b386639494f831105ee557d452a | |
parent | 4ba74a357376c8f8bf49487f96ae71cf2460c3f3 (diff) | |
download | glibc-e745142509a427ccb9b14ee94ff24f7f36f7f4b6.tar.gz glibc-e745142509a427ccb9b14ee94ff24f7f36f7f4b6.tar.xz glibc-e745142509a427ccb9b14ee94ff24f7f36f7f4b6.zip |
* crypt/crypt-entry.c: Include fips-private.h.
(__crypt_r, __crypt): Disable MD5 and DES if FIPS is enabled. * crypt/md5c-test.c (main): Tolerate disabled MD5. * sysdeps/unix/sysv/linux/fips-private.h: New file. * sysdeps/generic/fips-private.h: New file, dummy fallback.
-rw-r--r-- | ChangeLog | 8 | ||||
-rw-r--r-- | crypt/crypt-entry.c | 24 | ||||
-rw-r--r-- | crypt/md5c-test.c | 5 | ||||
-rw-r--r-- | sysdeps/generic/fips-private.h | 36 | ||||
-rw-r--r-- | sysdeps/unix/sysv/linux/fips-private.h | 74 |
5 files changed, 143 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog index b45289db8c..98561a2530 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,13 @@ 2012-10-10 Alexandre Oliva <aoliva@redhat.com> + * crypt/crypt-entry.c: Include fips-private.h. + (__crypt_r, __crypt): Disable MD5 and DES if FIPS is enabled. + * crypt/md5c-test.c (main): Tolerate disabled MD5. + * sysdeps/unix/sysv/linux/fips-private.h: New file. + * sysdeps/generic/fips-private.h: New file, dummy fallback. + +2012-10-10 Alexandre Oliva <aoliva@redhat.com> + * crypt/crypt-private.h: Include stdbool.h. (_ufc_setup_salt_r): Return bool. * crypt/crypt-entry.c: Include errno.h. diff --git a/crypt/crypt-entry.c b/crypt/crypt-entry.c index 9fb22bdac4..89c22e6897 100644 --- a/crypt/crypt-entry.c +++ b/crypt/crypt-entry.c @@ -28,6 +28,7 @@ #endif #include <string.h> #include <errno.h> +#include <fips-private.h> #ifndef STATIC #define STATIC static @@ -92,8 +93,16 @@ __crypt_r (key, salt, data) #ifdef _LIBC /* Try to find out whether we have to use MD5 encryption replacement. */ if (strncmp (md5_salt_prefix, salt, sizeof (md5_salt_prefix) - 1) == 0) - return __md5_crypt_r (key, salt, (char *) data, - sizeof (struct crypt_data)); + { + /* FIPS rules out MD5 password encryption. */ + if (fips_enabled_p ()) + { + __set_errno (EPERM); + return NULL; + } + return __md5_crypt_r (key, salt, (char *) data, + sizeof (struct crypt_data)); + } /* Try to find out whether we have to use SHA256 encryption replacement. */ if (strncmp (sha256_salt_prefix, salt, sizeof (sha256_salt_prefix) - 1) == 0) @@ -115,6 +124,13 @@ __crypt_r (key, salt, data) return NULL; } + /* FIPS rules out DES password encryption. */ + if (fips_enabled_p ()) + { + __set_errno (EPERM); + return NULL; + } + /* * Setup key schedule */ @@ -148,7 +164,9 @@ crypt (key, salt) { #ifdef _LIBC /* Try to find out whether we have to use MD5 encryption replacement. */ - if (strncmp (md5_salt_prefix, salt, sizeof (md5_salt_prefix) - 1) == 0) + if (strncmp (md5_salt_prefix, salt, sizeof (md5_salt_prefix) - 1) == 0 + /* Let __crypt_r deal with the error code if FIPS is enabled. */ + && !fips_enabled_p ()) return __md5_crypt (key, salt); /* Try to find out whether we have to use SHA256 encryption replacement. */ diff --git a/crypt/md5c-test.c b/crypt/md5c-test.c index f56d0eb4ab..c80e40202d 100644 --- a/crypt/md5c-test.c +++ b/crypt/md5c-test.c @@ -9,7 +9,10 @@ main (int argc, char *argv[]) int result = 0; cp = crypt ("Hello world!", salt); - result |= strcmp ("$1$saltstri$YMyguxXMBpd2TEZ.vS/3q1", cp); + + /* MD5 is disabled in FIPS mode. */ + if (cp) + result |= strcmp ("$1$saltstri$YMyguxXMBpd2TEZ.vS/3q1", cp); return result; } diff --git a/sysdeps/generic/fips-private.h b/sysdeps/generic/fips-private.h new file mode 100644 index 0000000000..0dff087c11 --- /dev/null +++ b/sysdeps/generic/fips-private.h @@ -0,0 +1,36 @@ +/* Dummy implementation of FIPS compliance status test. + Copyright (C) 2012 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + <http://www.gnu.org/licenses/>. */ + +#ifndef _FIPS_PRIVATE_H +#define _FIPS_PRIVATE_H + +#include <stdbool.h> + +/* Return true if compliance with the FIPS security standards is + enabled. + + This is only relevant within crypt, to tell whether MD5 and DES + algorithms should be rejected. */ + +static inline bool +fips_enabled_p (void) +{ + return false; +} + +#endif /* _FIPS_PRIVATE_H */ diff --git a/sysdeps/unix/sysv/linux/fips-private.h b/sysdeps/unix/sysv/linux/fips-private.h new file mode 100644 index 0000000000..81d1b617f4 --- /dev/null +++ b/sysdeps/unix/sysv/linux/fips-private.h @@ -0,0 +1,74 @@ +/* FIPS compliance status test for GNU/Linux systems. + Copyright (C) 2012 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + <http://www.gnu.org/licenses/>. */ + +#ifndef _FIPS_PRIVATE_H +#define _FIPS_PRIVATE_H + +#include <errno.h> +#include <fcntl.h> +#include <stdlib.h> +#include <unistd.h> +#include <not-cancel.h> +#include <stdbool.h> + +/* Return true if FIPS mode is enabled. See + sysdeps/generic/fips-private.h for more information. */ + +static inline bool +fips_enabled_p (void) +{ + static enum + { + FIPS_UNTESTED = 0, + FIPS_ENABLED = 1, + FIPS_DISABLED = -1, + FIPS_TEST_FAILED = -2 + } checked; + + if (checked == FIPS_UNTESTED) + { + int fd = open_not_cancel_2 ("/proc/sys/crypto/fips_enabled", O_RDONLY); + + if (fd != -1) + { + /* This is more than enough, the file contains a single integer. */ + char buf[32]; + ssize_t n; + n = TEMP_FAILURE_RETRY (read_not_cancel (fd, buf, sizeof (buf) - 1)); + close_not_cancel_no_status (fd); + + if (n > 0) + { + /* Terminate the string. */ + buf[n] = '\0'; + + char *endp; + long int res = strtol (buf, &endp, 10); + if (endp != buf && (*endp == '\0' || *endp == '\n')) + checked = (res > 0) ? FIPS_ENABLED : FIPS_DISABLED; + } + } + + if (checked == FIPS_UNTESTED) + checked = FIPS_TEST_FAILED; + } + + return checked == FIPS_ENABLED; +} + +#endif /* _FIPS_PRIVATE_H */ |