From 412a9067fdaa3b4c7969d74bc311a31c2bf63126 Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Wed, 20 Jul 2022 16:58:28 -0400 Subject: [PATCH] swtpm: Rename disable_fips_mode() and move into tpmlib_start() Rename disable_fips_mode() to fips_mode_disable() amd move into tpmlib_start() after TPMLIB_MainInit(). Clean up the duplicate prototype. Signed-off-by: Stefan Berger --- src/swtpm/cuse_tpm.c | 5 ----- src/swtpm/fips.c | 4 ++-- src/swtpm/fips.h | 8 ++++---- src/swtpm/swtpm.c | 3 --- src/swtpm/swtpm_chardev.c | 3 --- src/swtpm/tpmlib.c | 5 +++++ src/swtpm/utils.h | 2 -- 7 files changed, 11 insertions(+), 19 deletions(-) diff --git a/src/swtpm/cuse_tpm.c b/src/swtpm/cuse_tpm.c index e69500b..e73b413 100644 --- a/src/swtpm/cuse_tpm.c +++ b/src/swtpm/cuse_tpm.c @@ -1722,11 +1722,6 @@ int swtpm_cuse_main(int argc, char **argv, const char *prgname, const char *ifac goto exit; } - if (disable_fips_mode() < 0) { - ret = -1; - goto exit; - } - if (tpmlib_register_callbacks(&cbs) != TPM_SUCCESS) { ret = -1; goto exit; diff --git a/src/swtpm/fips.c b/src/swtpm/fips.c index eeb2a0c..0ae2845 100644 --- a/src/swtpm/fips.c +++ b/src/swtpm/fips.c @@ -63,7 +63,7 @@ extern int FIPS_mode_set(int); * Returns < 0 on error, 0 otherwise. */ #if defined(HAVE_OPENSSL_FIPS_H) || defined(HAVE_OPENSSL_FIPS_MODE_SET_API) -int disable_fips_mode(void) +int fips_mode_disable(void) { #if OPENSSL_VERSION_NUMBER >= 0x30000000L int mode = EVP_default_properties_is_fips_enabled(NULL); @@ -93,7 +93,7 @@ int disable_fips_mode(void) } #else /* OpenBSD & DragonFlyBSD case */ -int disable_fips_mode(void) +int fips_mode_disable(void) { return 0; } diff --git a/src/swtpm/fips.h b/src/swtpm/fips.h index 14d4e9f..40cda4d 100644 --- a/src/swtpm/fips.h +++ b/src/swtpm/fips.h @@ -35,9 +35,9 @@ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#ifndef _SWTPM_UTILS_H_ -#define _SWTPM_UTILS_H_ +#ifndef _SWTPM_FIPS_H_ +#define _SWTPM_FIPS_H_ -int disable_fips_mode(void); +int fips_mode_disable(void); -#endif /* _SWTPM_UTILS_H_ */ +#endif /* _SWTPM_FIPS_H_ */ diff --git a/src/swtpm/swtpm.c b/src/swtpm/swtpm.c index 0714d9d..b8bf8d9 100644 --- a/src/swtpm/swtpm.c +++ b/src/swtpm/swtpm.c @@ -520,9 +520,6 @@ int swtpm_main(int argc, char **argv, const char *prgname, const char *iface) daemonize_finish(); } - if (disable_fips_mode() < 0) - goto error_seccomp_profile; - rc = mainLoop(&mlp, notify_fd[0]); error_seccomp_profile: diff --git a/src/swtpm/swtpm_chardev.c b/src/swtpm/swtpm_chardev.c index be92e7c..6c9ef13 100644 --- a/src/swtpm/swtpm_chardev.c +++ b/src/swtpm/swtpm_chardev.c @@ -572,9 +572,6 @@ int swtpm_chardev_main(int argc, char **argv, const char *prgname, const char *i daemonize_finish(); } - if (disable_fips_mode() < 0) - goto error_seccomp_profile; - rc = mainLoop(&mlp, notify_fd[0]); error_seccomp_profile: diff --git a/src/swtpm/tpmlib.c b/src/swtpm/tpmlib.c index 569b968..fa1a3f6 100644 --- a/src/swtpm/tpmlib.c +++ b/src/swtpm/tpmlib.c @@ -59,6 +59,7 @@ #include "utils.h" #include "compiler_dependencies.h" #include "swtpm_utils.h" +#include "fips.h" /* * convert the blobtype integer into a string that libtpms @@ -130,6 +131,10 @@ TPM_RESULT tpmlib_start(uint32_t flags, TPMLIB_TPMVersion tpmversion) goto error_terminate; } } + + if (fips_mode_disable() < 0) + goto error_terminate; + return TPM_SUCCESS; error_terminate: diff --git a/src/swtpm/utils.h b/src/swtpm/utils.h index b8acd89..7502442 100644 --- a/src/swtpm/utils.h +++ b/src/swtpm/utils.h @@ -71,6 +71,4 @@ ssize_t writev_full(int fd, const struct iovec *iov, int iovcnt); ssize_t read_eintr(int fd, void *buffer, size_t buflen); -int disable_fips_mode(void); - #endif /* _SWTPM_UTILS_H_ */ -- 2.39.2