From 9518a6d3ed593d198fc7939cbe25003aa1948dff Mon Sep 17 00:00:00 2001 From: SHASHIKANTH THAMBRAHALLI Date: Sat, 14 Jan 2023 05:45:11 +0530 Subject: [PATCH] Srt 1899 fipsmessage (#367) * Fix FIPS message * Modify function name * Update FIPS message --- cmd/runmqserver/main.go | 11 +++-------- cmd/runmqserver/post_init.go | 4 ++-- internal/fips/fips.go | 25 +++++++++++++++++++++++-- internal/ha/ha.go | 2 +- internal/tls/tls.go | 2 +- 5 files changed, 30 insertions(+), 14 deletions(-) diff --git a/cmd/runmqserver/main.go b/cmd/runmqserver/main.go index bd330fa..e6482a4 100644 --- a/cmd/runmqserver/main.go +++ b/cmd/runmqserver/main.go @@ -1,5 +1,5 @@ /* -© Copyright IBM Corporation 2017, 2022 +© Copyright IBM Corporation 2017, 2023 Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -174,13 +174,8 @@ func doMain() error { } } - // Log a message on the console to indicate FIPS certified - // cryptography being used. - if fips.IsFIPSEnabled() { - log.Println("FIPS cryptography is enabled.") - } else { - log.Println("FIPS cryptography is not enabled.") - } + // Post FIPS initialization processing + fips.PostInit(log) enableTraceCrtmqm := os.Getenv("MQ_ENABLE_TRACE_CRTMQM") if enableTraceCrtmqm == "true" || enableTraceCrtmqm == "1" { diff --git a/cmd/runmqserver/post_init.go b/cmd/runmqserver/post_init.go index ffccaea..8e2123e 100644 --- a/cmd/runmqserver/post_init.go +++ b/cmd/runmqserver/post_init.go @@ -1,5 +1,5 @@ /* -© Copyright IBM Corporation 2018, 2022 +© Copyright IBM Corporation 2018, 2023 Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -38,7 +38,7 @@ func postInit(name, keyLabel string, p12Truststore tls.KeyStoreData) error { } // Enable FIPS for MQ Web Server if asked for. - if fips.IsFIPSEnabled() { + if len(keyLabel) > 0 && fips.IsFIPSEnabled() { err = configureFIPSWebServer(p12Truststore) if err != nil { return err diff --git a/internal/fips/fips.go b/internal/fips/fips.go index 70987bf..c410f4d 100644 --- a/internal/fips/fips.go +++ b/internal/fips/fips.go @@ -1,5 +1,5 @@ /* -© Copyright IBM Corporation 2022 +© Copyright IBM Corporation 2023 Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -24,7 +24,8 @@ import ( ) var ( - FIPSEnabledType int + FIPSEnabledType int + FIPSEnabledComponent int ) // FIPS has been turned off either because OS is not FIPS enabled or @@ -45,6 +46,7 @@ func ProcessFIPSType(logs *logger.Logger) { // Run "sysctl crypto.fips_enabled" command to determine if FIPS has been enabled // on OS. FIPSEnabledType = FIPS_ENABLED_OFF + out, _, err := command.Run("sysctl", "crypto.fips_enabled") if err == nil { // Check the output of the command for expected output @@ -76,3 +78,22 @@ func ProcessFIPSType(logs *logger.Logger) { func IsFIPSEnabled() bool { return FIPSEnabledType > FIPS_ENABLED_OFF } + +// Set a flag to indicate FIPS compliance for MQ compoments +// Queue manager, Native HA, MQ Web Server etc., +func SetComponent(componentId int) { + FIPSEnabledComponent += componentId +} + +// Log a message on the console to indicate FIPS certified +// cryptography being used. +func PostInit(log *logger.Logger) { + message := "FIPS cryptography is not enabled." + if FIPSEnabledType == FIPS_ENABLED_PLATFORM { + message = "FIPS cryptography is enabled. FIPS cryptography setting on the host is 'true'." + } else if FIPSEnabledType == FIPS_ENABLED_ENV_VAR { + message = "FIPS cryptography is enabled. FIPS cryptography setting on the host is 'false'." + } + + log.Println(message) +} diff --git a/internal/ha/ha.go b/internal/ha/ha.go index adb2e6c..fce088a 100644 --- a/internal/ha/ha.go +++ b/internal/ha/ha.go @@ -1,5 +1,5 @@ /* -© Copyright IBM Corporation 2020, 2022 +© Copyright IBM Corporation 2020, 2023 Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/internal/tls/tls.go b/internal/tls/tls.go index cd4f77b..ef5562a 100644 --- a/internal/tls/tls.go +++ b/internal/tls/tls.go @@ -1,5 +1,5 @@ /* -© Copyright IBM Corporation 2019, 2022 +© Copyright IBM Corporation 2019, 2023 Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.