Bug in fips_is_operational in libgcrypt master

Jussi Kivilinna jussi.kivilinna at iki.fi
Fri Oct 26 07:14:46 CEST 2018


On 26.10.2018 7.02, NIIBE Yutaka wrote:
> Hello,
> I encounterd failures when I build gnupg master with new libgcrypt master.
> All failures are same cause: gcry_md_open fails.  
> Example is: the test program gnupg/common/t-ssh-utils.c fails,
> when the function get_fingerprint in gnupg/common/ssh-utils.c
> calls gcry_md_open.
> I located this commit has a problem:
> 	Add fast path for _gcry_fips_is_operational
> 	commit: b6e6ace324440f564df664e27f8276ef01f76795
> It seems for me that _gcry_global_is_operational should be
> used (for the case global_init is not called yet).

Oh, yes. I did not read old code carefully enough. It was:

  int _gcry_fips_is_operational (void);
  #define fips_is_operational() (_gcry_global_is_operational ()) 

I missed that macro uses _gcry_global_is_operational, not

Looks like fast-path is not possible with _gcry_global_is_operational,
so problematic commit should be reverted. I'll patch this on weekend.


More information about the Gcrypt-devel mailing list