forked from pool/libgcrypt
655523d262
- Don't run full self-tests from constructor (bsc#1097073)
* Don't call global_init() from the constructor, _gcry_global_constructor()
from libgcrypt-1.8.3-fips-ctor.patch takes care of the binary
integrity check instead.
* Only the binary checksum will be verified, the remaining
self-tests will be run upon the library initialization
- Add libgcrypt-fips_ignore_FIPS_MODULE_PATH.patch
- Drop libgcrypt-init-at-elf-load-fips.patch and
libgcrypt-fips_run_selftest_at_constructor.patch obsoleted
by libgcrypt-1.8.3-fips-ctor.patch
- Skip all the self-tests except for binary integrity when called
from the constructor (bsc#1097073)
* Added libgcrypt-1.8.3-fips-ctor.patch from Fedora
OBS-URL: https://build.opensuse.org/request/show/688356
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=121
29 lines
868 B
Diff
29 lines
868 B
Diff
Index: libgcrypt-1.8.4/src/global.c
|
|
===================================================================
|
|
--- libgcrypt-1.8.4.orig/src/global.c 2019-03-25 16:58:45.880313488 +0100
|
|
+++ libgcrypt-1.8.4/src/global.c 2019-03-25 16:58:45.896313582 +0100
|
|
@@ -144,11 +144,6 @@ global_init (void)
|
|
BUG ();
|
|
}
|
|
|
|
-
|
|
-#ifndef FIPS_MODULE_PATH
|
|
-#define FIPS_MODULE_PATH "/etc/system-fips"
|
|
-#endif
|
|
-
|
|
void __attribute__ ((constructor)) _gcry_global_constructor (void)
|
|
{
|
|
int rv;
|
|
@@ -156,11 +151,6 @@ void __attribute__ ((constructor)) _gcry
|
|
/* We always need the FSM lock to be functional. */
|
|
_gcry_initialize_fsm_lock ();
|
|
|
|
- rv = access (FIPS_MODULE_PATH, F_OK);
|
|
- if (rv < 0 && errno != ENOENT)
|
|
- rv = 0;
|
|
-
|
|
- if (!rv)
|
|
{
|
|
/* We run the integrity check at this point. The remaining
|
|
selftests are run before use of the library by application. */
|