[libgcrypt] do not initialize secure memory during the selftest (#1195850)

Tomáš Mráz tmraz at fedoraproject.org
Wed Feb 25 13:22:35 UTC 2015 

commit eea28299998482345b35df12066b13c5af0b4f06
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date:   Wed Feb 25 14:22:30 2015 +0100

    do not initialize secure memory during the selftest (#1195850)

 libgcrypt-1.6.2-fips-ctor.patch | 28 +++++++++++++++++++++++-----
 libgcrypt-1.6.2-fips-test.patch | 13 -------------
 libgcrypt.spec                  |  5 ++++-
 3 files changed, 27 insertions(+), 19 deletions(-)
---
diff --git a/libgcrypt-1.6.2-fips-ctor.patch b/libgcrypt-1.6.2-fips-ctor.patch
index 3934669..a1b5501 100644
--- a/libgcrypt-1.6.2-fips-ctor.patch
+++ b/libgcrypt-1.6.2-fips-ctor.patch
@@ -1,6 +1,6 @@
 diff -up libgcrypt-1.6.2/cipher/md.c.fips-ctor libgcrypt-1.6.2/cipher/md.c
 --- libgcrypt-1.6.2/cipher/md.c.fips-ctor	2014-08-21 14:50:39.000000000 +0200
-+++ libgcrypt-1.6.2/cipher/md.c	2014-12-08 16:45:01.095256244 +0100
++++ libgcrypt-1.6.2/cipher/md.c	2015-02-25 13:57:21.175704866 +0100
 @@ -413,11 +413,8 @@ md_enable (gcry_md_hd_t hd, int algorith
  
    if (!err && algorithm == GCRY_MD_MD5 && fips_mode ())
@@ -14,9 +14,9 @@ diff -up libgcrypt-1.6.2/cipher/md.c.fips-ctor libgcrypt-1.6.2/cipher/md.c
          }
      }
 diff -up libgcrypt-1.6.2/src/global.c.fips-ctor libgcrypt-1.6.2/src/global.c
---- libgcrypt-1.6.2/src/global.c.fips-ctor	2014-12-08 16:45:01.094256222 +0100
-+++ libgcrypt-1.6.2/src/global.c	2014-12-08 16:46:29.182248403 +0100
-@@ -132,6 +132,28 @@ global_init (void)
+--- libgcrypt-1.6.2/src/global.c.fips-ctor	2015-02-25 13:57:21.174704842 +0100
++++ libgcrypt-1.6.2/src/global.c	2015-02-25 14:03:07.066864208 +0100
+@@ -132,6 +132,34 @@ global_init (void)
  }
  
  
@@ -34,18 +34,36 @@ diff -up libgcrypt-1.6.2/src/global.c.fips-ctor libgcrypt-1.6.2/src/global.c
 +
 +  if (!rv)
 +    {
++      int no_secmem_save;
++
++      /* it should be always 0 at this point but let's keep on the safe side */
++      no_secmem_save = no_secure_memory;
++      no_secure_memory = 1;
 +      /* force selftests */
 +      global_init ();
 +      if (fips_mode ())
 +         _gcry_random_initialize (1);
 +      _gcry_fips_run_selftests (0);
++      no_secure_memory = no_secmem_save;
 +    }
 +}
 +
  /* This function is called by the macro fips_is_operational and makes
     sure that the minimal initialization has been done.  This is far
     from a perfect solution and hides problems with an improper
-@@ -635,7 +657,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
+@@ -542,9 +570,8 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
+ 
+     case GCRYCTL_FIPS_MODE_P:
+       if (fips_mode ()
+-          && !_gcry_is_fips_mode_inactive ()
+-          && !no_secure_memory)
+-	rc = GPG_ERR_GENERAL; /* Used as TRUE value */
++          && !_gcry_is_fips_mode_inactive ())
++	err = GPG_ERR_GENERAL; /* Used as TRUE value */
+       break;
+ 
+     case GCRYCTL_FORCE_FIPS_MODE:
+@@ -635,7 +662,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
        break;
  
      case GCRYCTL_SET_ENFORCED_FIPS_FLAG:
diff --git a/libgcrypt-1.6.2-fips-test.patch b/libgcrypt-1.6.2-fips-test.patch
index 9c0a64c..b21d4a1 100644
--- a/libgcrypt-1.6.2-fips-test.patch
+++ b/libgcrypt-1.6.2-fips-test.patch
@@ -1,16 +1,3 @@
-diff -up libgcrypt-1.6.2/src/global.c.fips-test libgcrypt-1.6.2/src/global.c
---- libgcrypt-1.6.2/src/global.c.fips-test	2014-12-08 16:54:07.766619659 +0100
-+++ libgcrypt-1.6.2/src/global.c	2014-12-08 16:55:18.555220601 +0100
-@@ -564,8 +564,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
- 
-     case GCRYCTL_FIPS_MODE_P:
-       if (fips_mode ()
--          && !_gcry_is_fips_mode_inactive ()
--          && !no_secure_memory)
-+          && !_gcry_is_fips_mode_inactive ())
- 	rc = GPG_ERR_GENERAL; /* Used as TRUE value */
-       break;
- 
 diff -up libgcrypt-1.6.2/tests/basic.c.fips-test libgcrypt-1.6.2/tests/basic.c
 --- libgcrypt-1.6.2/tests/basic.c.fips-test	2014-08-21 14:50:39.000000000 +0200
 +++ libgcrypt-1.6.2/tests/basic.c	2014-12-08 16:54:07.767619682 +0100
diff --git a/libgcrypt.spec b/libgcrypt.spec
index 3d0d4c3..1a71b93 100644
--- a/libgcrypt.spec
+++ b/libgcrypt.spec
@@ -1,6 +1,6 @@
 Name: libgcrypt
 Version: 1.6.2
-Release: 3%{?dist}
+Release: 4%{?dist}
 URL: http://www.gnupg.org/
 Source0: libgcrypt-%{version}-hobbled.tar.xz
 # The original libgcrypt sources now contain potentially patented ECC
@@ -201,6 +201,9 @@ exit 0
 %license COPYING
 
 %changelog
+* Wed Feb 25 2015 Tomáš Mráz <tmraz at redhat.com> 1.6.2-4
+- do not initialize secure memory during the selftest (#1195850)
+
 * Sat Feb 21 2015 Till Maas <opensource at till.name> - 1.6.2-3
 - Rebuilt for Fedora 23 Change
   https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code

More information about the scm-commits mailing list