Index: libgcrypt-1.8.2/src/fips.c =================================================================== --- libgcrypt-1.8.2.orig/src/fips.c 2019-03-27 13:15:14.190987624 +0100 +++ libgcrypt-1.8.2/src/fips.c 2019-03-27 13:18:07.047986428 +0100 @@ -115,6 +115,50 @@ _gcry_initialize_fsm_lock (void) abort (); } } + +/* Checks whether the library will enter the FIPS mode. + Uses the same logic as _gcry_initialize_fips_mode */ +static int +will_enter_fips (void) +{ + /* for convenience, so that a process can run fips-enabled, but + not necessarily all of them, enable FIPS mode via environment + variable LIBGCRYPT_FORCE_FIPS_MODE. */ + if (getenv("LIBGCRYPT_FORCE_FIPS_MODE") != NULL) + return 1; + + /* For testing the system it is useful to override the system + provided detection of the FIPS mode and force FIPS mode using a + file. The filename is hardwired so that there won't be any + confusion on whether /etc/gcrypt/ or /usr/local/etc/gcrypt/ is + actually used. The file itself may be empty. */ + if ( !access (FIPS_FORCE_FILE, F_OK) ) + return 1; + + /* Checking based on /proc file properties. */ + { + static const char procfname[] = "/proc/sys/crypto/fips_enabled"; + FILE *fp; + + fp = fopen (procfname, "r"); + if (fp) + { + char line[256]; + + if (fgets (line, sizeof line, fp) && atoi (line)) + { + /* System is in fips mode. */ + fclose (fp); + return 1; + } + fclose (fp); + } + } + + return 0; +} + + /* Check whether the OS is in FIPS mode and record that in a module local variable. If FORCE is passed as true, fips mode will be @@ -631,10 +675,10 @@ get_library_path(const char *libname, co /* Run an integrity check on the binary. Returns 0 on success. */ static int -check_binary_integrity (void) +check_binary_integrity () { #ifdef ENABLE_HMAC_BINARY_CHECK - gpg_error_t err; + gpg_error_t err = 0; char libpath[4096]; unsigned char digest[32]; int dlen; @@ -675,7 +719,14 @@ check_binary_integrity (void) /* Open the file. */ fp = fopen (fname, "r"); if (!fp) - err = gpg_error_from_syserror (); + { + /* Missing checksum is a problem only in FIPS mode. + As the integrity check was moved to the POWERON state, + we no longer can rely on fips_mode(). Because at the point, + the library is not yet initialized. */ + if (will_enter_fips() || errno != ENOENT) + err = gpg_error_from_syserror (); + } else { /* A buffer of 64 bytes plus one for a LF and one to @@ -743,9 +794,8 @@ _gcry_fips_run_selftests (int extended) we return and finish the remaining selftests before real use of the library. It will be in the POWERON state meanwhile. */ - if (in_poweron) - if (check_binary_integrity ()) - goto leave; + if (check_binary_integrity ()) + goto leave; if (in_poweron) return 0;