Bug in fips_is_operational in libgcrypt master
Jussi Kivilinna
jussi.kivilinna at iki.fi
Fri Oct 26 07:14:46 CEST 2018
Hello,
On 26.10.2018 7.02, NIIBE Yutaka wrote:
> Hello,
>
> I encounterd failures when I build gnupg master with new libgcrypt master.
>
> All failures are same cause: gcry_md_open fails.
> Example is: the test program gnupg/common/t-ssh-utils.c fails,
> when the function get_fingerprint in gnupg/common/ssh-utils.c
> calls gcry_md_open.
>
> I located this commit has a problem:
>
> Add fast path for _gcry_fips_is_operational
> commit: b6e6ace324440f564df664e27f8276ef01f76795
>
> It seems for me that _gcry_global_is_operational should be
> used (for the case global_init is not called yet).
>
Oh, yes. I did not read old code carefully enough. It was:
int _gcry_fips_is_operational (void);
#define fips_is_operational() (_gcry_global_is_operational ())
I missed that macro uses _gcry_global_is_operational, not
_gcry_fips_is_operational.
Looks like fast-path is not possible with _gcry_global_is_operational,
so problematic commit should be reverted. I'll patch this on weekend.
-Jussi
More information about the Gcrypt-devel
mailing list