[git] GCRYPT - branch, master, updated. libgcrypt-1.8.1-153-gad133fc

by NIIBE Yutaka cvs at cvs.gnupg.org
Mon Feb 25 01:07:19 CET 2019 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  ad133fc79757236359252e92244fe16e9adb45a3 (commit)
      from  d455068988e5779b0200c51415ddab6b51e12dc4 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ad133fc79757236359252e92244fe16e9adb45a3
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Mon Feb 25 09:02:59 2019 +0900

    fips: Only test check_binary_integrity when fips_mode is enabled.
    
    * src/fips.c (_gcry_fips_run_selftests): Check the status of fips_mode
    before calling check_binary_integrity.
    
    --
    
    GnuPG-bug-id: 4274
    Reported-by: Pedro Monreal
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>

diff --git a/src/fips.c b/src/fips.c
index 36358bf..1ac7f47 100644
--- a/src/fips.c
+++ b/src/fips.c
@@ -689,10 +689,13 @@ _gcry_fips_run_selftests (int extended)
   if (run_pubkey_selftests (extended))
     goto leave;
 
-  /* Now check the integrity of the binary.  We do this this after
-     having checked the HMAC code.  */
-  if (check_binary_integrity ())
-    goto leave;
+  if (fips_mode ())
+    {
+      /* Now check the integrity of the binary.  We do this this after
+         having checked the HMAC code.  */
+      if (check_binary_integrity ())
+        goto leave;
+    }
 
   /* All selftests passed.  */
   result = STATE_OPERATIONAL;

-----------------------------------------------------------------------

Summary of changes:
 src/fips.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org


_______________________________________________
Gnupg-commits mailing list
Gnupg-commits at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-commits

More information about the Gcrypt-devel mailing list