2019-03-27 15:36:50 +01:00
|
|
|
|
Index: libgcrypt-1.8.2/src/fips.c
|
2018-11-26 18:27:31 +01:00
|
|
|
|
===================================================================
|
2019-03-27 15:36:50 +01:00
|
|
|
|
--- libgcrypt-1.8.2.orig/src/fips.c 2019-03-27 13:15:14.190987624 +0100
|
|
|
|
|
|
+++ libgcrypt-1.8.2/src/fips.c 2019-03-27 13:18:07.047986428 +0100
|
|
|
|
|
|
@@ -115,6 +115,50 @@ _gcry_initialize_fsm_lock (void)
|
|
|
|
|
|
abort ();
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
+
|
|
|
|
|
|
+/* Checks whether the library will enter the FIPS mode.
|
|
|
|
|
|
+ Uses the same logic as _gcry_initialize_fips_mode */
|
|
|
|
|
|
+static int
|
|
|
|
|
|
+will_enter_fips (void)
|
|
|
|
|
|
+{
|
|
|
|
|
|
+ /* for convenience, so that a process can run fips-enabled, but
|
|
|
|
|
|
+ not necessarily all of them, enable FIPS mode via environment
|
|
|
|
|
|
+ variable LIBGCRYPT_FORCE_FIPS_MODE. */
|
|
|
|
|
|
+ if (getenv("LIBGCRYPT_FORCE_FIPS_MODE") != NULL)
|
|
|
|
|
|
+ return 1;
|
|
|
|
|
|
+
|
|
|
|
|
|
+ /* For testing the system it is useful to override the system
|
|
|
|
|
|
+ provided detection of the FIPS mode and force FIPS mode using a
|
|
|
|
|
|
+ file. The filename is hardwired so that there won't be any
|
|
|
|
|
|
+ confusion on whether /etc/gcrypt/ or /usr/local/etc/gcrypt/ is
|
|
|
|
|
|
+ actually used. The file itself may be empty. */
|
|
|
|
|
|
+ if ( !access (FIPS_FORCE_FILE, F_OK) )
|
|
|
|
|
|
+ return 1;
|
|
|
|
|
|
+
|
|
|
|
|
|
+ /* Checking based on /proc file properties. */
|
|
|
|
|
|
+ {
|
|
|
|
|
|
+ static const char procfname[] = "/proc/sys/crypto/fips_enabled";
|
|
|
|
|
|
+ FILE *fp;
|
|
|
|
|
|
+
|
|
|
|
|
|
+ fp = fopen (procfname, "r");
|
|
|
|
|
|
+ if (fp)
|
|
|
|
|
|
+ {
|
|
|
|
|
|
+ char line[256];
|
|
|
|
|
|
+
|
|
|
|
|
|
+ if (fgets (line, sizeof line, fp) && atoi (line))
|
|
|
|
|
|
+ {
|
|
|
|
|
|
+ /* System is in fips mode. */
|
|
|
|
|
|
+ fclose (fp);
|
|
|
|
|
|
+ return 1;
|
|
|
|
|
|
+ }
|
|
|
|
|
|
+ fclose (fp);
|
|
|
|
|
|
+ }
|
|
|
|
|
|
+ }
|
|
|
|
|
|
+
|
|
|
|
|
|
+ return 0;
|
|
|
|
|
|
+}
|
|
|
|
|
|
+
|
|
|
|
|
|
+
|
|
|
|
|
|
�
|
|
|
|
|
|
/* Check whether the OS is in FIPS mode and record that in a module
|
|
|
|
|
|
local variable. If FORCE is passed as true, fips mode will be
|
|
|
|
|
|
@@ -631,10 +675,10 @@ get_library_path(const char *libname, co
|
|
|
|
|
|
|
|
|
|
|
|
/* Run an integrity check on the binary. Returns 0 on success. */
|
|
|
|
|
|
static int
|
|
|
|
|
|
-check_binary_integrity (void)
|
|
|
|
|
|
+check_binary_integrity ()
|
|
|
|
|
|
{
|
|
|
|
|
|
#ifdef ENABLE_HMAC_BINARY_CHECK
|
|
|
|
|
|
- gpg_error_t err;
|
|
|
|
|
|
+ gpg_error_t err = 0;
|
|
|
|
|
|
char libpath[4096];
|
|
|
|
|
|
unsigned char digest[32];
|
|
|
|
|
|
int dlen;
|
|
|
|
|
|
@@ -675,7 +719,14 @@ check_binary_integrity (void)
|
2018-11-26 18:27:31 +01:00
|
|
|
|
/* Open the file. */
|
|
|
|
|
|
fp = fopen (fname, "r");
|
|
|
|
|
|
if (!fp)
|
|
|
|
|
|
- err = gpg_error_from_syserror ();
|
|
|
|
|
|
+ {
|
2019-03-27 15:36:50 +01:00
|
|
|
|
+ /* Missing checksum is a problem only in FIPS mode.
|
|
|
|
|
|
+ As the integrity check was moved to the POWERON state,
|
|
|
|
|
|
+ we no longer can rely on fips_mode(). Because at the point,
|
|
|
|
|
|
+ the library is not yet initialized. */
|
|
|
|
|
|
+ if (will_enter_fips() || errno != ENOENT)
|
2018-11-26 18:27:31 +01:00
|
|
|
|
+ err = gpg_error_from_syserror ();
|
|
|
|
|
|
+ }
|
|
|
|
|
|
else
|
|
|
|
|
|
{
|
|
|
|
|
|
/* A buffer of 64 bytes plus one for a LF and one to
|
2019-03-27 15:36:50 +01:00
|
|
|
|
@@ -743,9 +794,8 @@ _gcry_fips_run_selftests (int extended)
|
|
|
|
|
|
we return and finish the remaining selftests before
|
|
|
|
|
|
real use of the library. It will be in the POWERON
|
|
|
|
|
|
state meanwhile. */
|
|
|
|
|
|
- if (in_poweron)
|
|
|
|
|
|
- if (check_binary_integrity ())
|
|
|
|
|
|
- goto leave;
|
|
|
|
|
|
+ if (check_binary_integrity ())
|
|
|
|
|
|
+ goto leave;
|
|
|
|
|
|
|
|
|
|
|
|
if (in_poweron)
|
|
|
|
|
|
return 0;
|
