[libgcrypt] do not initialize secure memory during the selftest (#1195850)
Tomáš Mráz
tmraz at fedoraproject.org
Wed Feb 25 13:22:35 UTC 2015
commit eea28299998482345b35df12066b13c5af0b4f06
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date: Wed Feb 25 14:22:30 2015 +0100
do not initialize secure memory during the selftest (#1195850)
libgcrypt-1.6.2-fips-ctor.patch | 28 +++++++++++++++++++++++-----
libgcrypt-1.6.2-fips-test.patch | 13 -------------
libgcrypt.spec | 5 ++++-
3 files changed, 27 insertions(+), 19 deletions(-)
---
diff --git a/libgcrypt-1.6.2-fips-ctor.patch b/libgcrypt-1.6.2-fips-ctor.patch
index 3934669..a1b5501 100644
--- a/libgcrypt-1.6.2-fips-ctor.patch
+++ b/libgcrypt-1.6.2-fips-ctor.patch
@@ -1,6 +1,6 @@
diff -up libgcrypt-1.6.2/cipher/md.c.fips-ctor libgcrypt-1.6.2/cipher/md.c
--- libgcrypt-1.6.2/cipher/md.c.fips-ctor 2014-08-21 14:50:39.000000000 +0200
-+++ libgcrypt-1.6.2/cipher/md.c 2014-12-08 16:45:01.095256244 +0100
++++ libgcrypt-1.6.2/cipher/md.c 2015-02-25 13:57:21.175704866 +0100
@@ -413,11 +413,8 @@ md_enable (gcry_md_hd_t hd, int algorith
if (!err && algorithm == GCRY_MD_MD5 && fips_mode ())
@@ -14,9 +14,9 @@ diff -up libgcrypt-1.6.2/cipher/md.c.fips-ctor libgcrypt-1.6.2/cipher/md.c
}
}
diff -up libgcrypt-1.6.2/src/global.c.fips-ctor libgcrypt-1.6.2/src/global.c
---- libgcrypt-1.6.2/src/global.c.fips-ctor 2014-12-08 16:45:01.094256222 +0100
-+++ libgcrypt-1.6.2/src/global.c 2014-12-08 16:46:29.182248403 +0100
-@@ -132,6 +132,28 @@ global_init (void)
+--- libgcrypt-1.6.2/src/global.c.fips-ctor 2015-02-25 13:57:21.174704842 +0100
++++ libgcrypt-1.6.2/src/global.c 2015-02-25 14:03:07.066864208 +0100
+@@ -132,6 +132,34 @@ global_init (void)
}
@@ -34,18 +34,36 @@ diff -up libgcrypt-1.6.2/src/global.c.fips-ctor libgcrypt-1.6.2/src/global.c
+
+ if (!rv)
+ {
++ int no_secmem_save;
++
++ /* it should be always 0 at this point but let's keep on the safe side */
++ no_secmem_save = no_secure_memory;
++ no_secure_memory = 1;
+ /* force selftests */
+ global_init ();
+ if (fips_mode ())
+ _gcry_random_initialize (1);
+ _gcry_fips_run_selftests (0);
++ no_secure_memory = no_secmem_save;
+ }
+}
+
/* This function is called by the macro fips_is_operational and makes
sure that the minimal initialization has been done. This is far
from a perfect solution and hides problems with an improper
-@@ -635,7 +657,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
+@@ -542,9 +570,8 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
+
+ case GCRYCTL_FIPS_MODE_P:
+ if (fips_mode ()
+- && !_gcry_is_fips_mode_inactive ()
+- && !no_secure_memory)
+- rc = GPG_ERR_GENERAL; /* Used as TRUE value */
++ && !_gcry_is_fips_mode_inactive ())
++ err = GPG_ERR_GENERAL; /* Used as TRUE value */
+ break;
+
+ case GCRYCTL_FORCE_FIPS_MODE:
+@@ -635,7 +662,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
break;
case GCRYCTL_SET_ENFORCED_FIPS_FLAG:
diff --git a/libgcrypt-1.6.2-fips-test.patch b/libgcrypt-1.6.2-fips-test.patch
index 9c0a64c..b21d4a1 100644
--- a/libgcrypt-1.6.2-fips-test.patch
+++ b/libgcrypt-1.6.2-fips-test.patch
@@ -1,16 +1,3 @@
-diff -up libgcrypt-1.6.2/src/global.c.fips-test libgcrypt-1.6.2/src/global.c
---- libgcrypt-1.6.2/src/global.c.fips-test 2014-12-08 16:54:07.766619659 +0100
-+++ libgcrypt-1.6.2/src/global.c 2014-12-08 16:55:18.555220601 +0100
-@@ -564,8 +564,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
-
- case GCRYCTL_FIPS_MODE_P:
- if (fips_mode ()
-- && !_gcry_is_fips_mode_inactive ()
-- && !no_secure_memory)
-+ && !_gcry_is_fips_mode_inactive ())
- rc = GPG_ERR_GENERAL; /* Used as TRUE value */
- break;
-
diff -up libgcrypt-1.6.2/tests/basic.c.fips-test libgcrypt-1.6.2/tests/basic.c
--- libgcrypt-1.6.2/tests/basic.c.fips-test 2014-08-21 14:50:39.000000000 +0200
+++ libgcrypt-1.6.2/tests/basic.c 2014-12-08 16:54:07.767619682 +0100
diff --git a/libgcrypt.spec b/libgcrypt.spec
index 3d0d4c3..1a71b93 100644
--- a/libgcrypt.spec
+++ b/libgcrypt.spec
@@ -1,6 +1,6 @@
Name: libgcrypt
Version: 1.6.2
-Release: 3%{?dist}
+Release: 4%{?dist}
URL: http://www.gnupg.org/
Source0: libgcrypt-%{version}-hobbled.tar.xz
# The original libgcrypt sources now contain potentially patented ECC
@@ -201,6 +201,9 @@ exit 0
%license COPYING
%changelog
+* Wed Feb 25 2015 Tomáš Mráz <tmraz at redhat.com> 1.6.2-4
+- do not initialize secure memory during the selftest (#1195850)
+
* Sat Feb 21 2015 Till Maas <opensource at till.name> - 1.6.2-3
- Rebuilt for Fedora 23 Change
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
More information about the scm-commits
mailing list