libgcrypt/libgcrypt-1.6.1-use-fipscheck.patch

---
 src/Makefile.in |    2 +-
 src/fips.c      |   39 ++++++++++++++++++++++++++++++++-------
 2 files changed, 33 insertions(+), 8 deletions(-)

Index: libgcrypt-1.9.0/src/fips.c
===================================================================
--- libgcrypt-1.9.0.orig/src/fips.c
+++ libgcrypt-1.9.0/src/fips.c
@@ -603,23 +603,49 @@ run_random_selftests (void)
   return !!err;
 }
 
+#ifdef ENABLE_HMAC_BINARY_CHECK
+static int
+get_library_path(const char *libname, const char *symbolname, char *path, size_t pathlen)
+{
+    Dl_info info;
+    void *dl, *sym;
+    int rv = -1;
+
+    dl = dlopen(libname, RTLD_LAZY);
+    if (dl == NULL)
+        return -1;
+
+    sym = dlsym(dl, symbolname);
+    if (sym != NULL && dladdr(sym, &info))
+      {
+        strncpy(path, info.dli_fname, pathlen-1);
+        path[pathlen-1] = '\0';
+        rv = 0;
+      }
+
+    dlclose(dl);
+
+    return rv;
+}
+#endif
+
 /* Run an integrity check on the binary.  Returns 0 on success.  */
 static int
 check_binary_integrity (void)
 {
 #ifdef ENABLE_HMAC_BINARY_CHECK
   gpg_error_t err;
-  Dl_info info;
+  char libpath[4096];
   unsigned char digest[32];
   int dlen;
   char *fname = NULL;
-  const char key[] = "What am I, a doctor or a moonshuttle conductor?";
+  const char key[] = "orboDeJITITejsirpADONivirpUkvarP";
 
-  if (!dladdr ("gcry_check_version", &info))
+  if (get_library_path ("libgcrypt.so.20", "gcry_check_version", libpath, sizeof(libpath)))
     err = gpg_error_from_syserror ();
   else
     {
-      dlen = _gcry_hmac256_file (digest, sizeof digest, info.dli_fname,
+      dlen = _gcry_hmac256_file (digest, sizeof digest, libpath,
                                  key, strlen (key));
       if (dlen < 0)
         err = gpg_error_from_syserror ();
@@ -627,7 +652,7 @@ check_binary_integrity (void)
         err = gpg_error (GPG_ERR_INTERNAL);
       else
         {
-          fname = xtrymalloc (strlen (info.dli_fname) + 1 + 5 + 1 );
+          fname = xtrymalloc (strlen (libpath) + 1 + 5 + 1 );
           if (!fname)
             err = gpg_error_from_syserror ();
           else
@@ -636,7 +661,7 @@ check_binary_integrity (void)
               char *p;
 
               /* Prefix the basename with a dot.  */
-              strcpy (fname, info.dli_fname);
+              strcpy (fname, libpath);
               p = strrchr (fname, '/');
               if (p)
                 p++;