Pull Request (patch libgcrypt)

Antonio Harres tom.mharres at gmail.com
Thu Aug 13 18:52:22 CEST 2020


>From fd982bd34338d4824bf69c07b6776d75d1d88877 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ant=C3=B4nio=20Martos=20Harres?= <tom.mharres at gmail.com>
Date: Thu, 13 Aug 2020 00:20:47 -0300
Subject: [PATCH] Fix libgcrypt returning errno 2 (file not found)

I was coding with libcurl and decided to debug my code with a
watchpoint on errno, to my unpleasent surprise, I found that libgcrypt
was returning error, despite that I was doing everything okay and
libgcrypt wasn't really having a decent reason to return error.
So I found the reason why, apparently it was trying to open a file
that doesn't exist, now fips_enabled doesn't actually *need* to exist
by design, so libgcrypt should not set errno if it doesn't exist
---
 src/fips.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/fips.c b/src/fips.c
index 1ac7f477..9ff5e578 100644
--- a/src/fips.c
+++ b/src/fips.c
@@ -137,9 +137,11 @@ _gcry_initialize_fips_mode (int force)
   {
     static const char procfname[] = "/proc/sys/crypto/fips_enabled";
     FILE *fp;
-    int saved_errno;
-
+    int saved_errno = errno;
+    /* since procfname may not exist and that's okay, we should ignore
+       any changes that fopen does to errno. */
     fp = fopen (procfname, "r");
+    errno = saved_errno;
     if (fp)
       {
         char line[256];
@@ -197,9 +199,11 @@ _gcry_initialize_fips_mode (int force)
         }


+      int saved_errno = errno; /* since FIPS_FORCE_FILE may not
exist, we ignore any error set by fopen */
       /* If the FIPS force files exists, is readable and has a number
          != 0 on its first line, we enable the enforced fips mode.  */
       fp = fopen (FIPS_FORCE_FILE, "r");
+      errno = saved_errno;
       if (fp)
         {
           char line[256];
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20200813/76eed3c9/attachment.html>


More information about the Gcrypt-devel mailing list