Pull Request (patch libgcrypt)
Antonio Harres
tom.mharres at gmail.com
Thu Aug 13 18:52:22 CEST 2020
>From fd982bd34338d4824bf69c07b6776d75d1d88877 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ant=C3=B4nio=20Martos=20Harres?= <tom.mharres at gmail.com>
Date: Thu, 13 Aug 2020 00:20:47 -0300
Subject: [PATCH] Fix libgcrypt returning errno 2 (file not found)
I was coding with libcurl and decided to debug my code with a
watchpoint on errno, to my unpleasent surprise, I found that libgcrypt
was returning error, despite that I was doing everything okay and
libgcrypt wasn't really having a decent reason to return error.
So I found the reason why, apparently it was trying to open a file
that doesn't exist, now fips_enabled doesn't actually *need* to exist
by design, so libgcrypt should not set errno if it doesn't exist
---
src/fips.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/fips.c b/src/fips.c
index 1ac7f477..9ff5e578 100644
--- a/src/fips.c
+++ b/src/fips.c
@@ -137,9 +137,11 @@ _gcry_initialize_fips_mode (int force)
{
static const char procfname[] = "/proc/sys/crypto/fips_enabled";
FILE *fp;
- int saved_errno;
-
+ int saved_errno = errno;
+ /* since procfname may not exist and that's okay, we should ignore
+ any changes that fopen does to errno. */
fp = fopen (procfname, "r");
+ errno = saved_errno;
if (fp)
{
char line[256];
@@ -197,9 +199,11 @@ _gcry_initialize_fips_mode (int force)
}
+ int saved_errno = errno; /* since FIPS_FORCE_FILE may not
exist, we ignore any error set by fopen */
/* If the FIPS force files exists, is readable and has a number
!= 0 on its first line, we enable the enforced fips mode. */
fp = fopen (FIPS_FORCE_FILE, "r");
+ errno = saved_errno;
if (fp)
{
char line[256];
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20200813/76eed3c9/attachment.html>
More information about the Gcrypt-devel
mailing list