Pull Request (patch libgcrypt)
Antonio Harres
tom.mharres at gmail.com
Fri Aug 21 01:45:54 CEST 2020
diff --git a/src/fips.c b/src/fips.c
index 1ac7f477..c28efaef 100644
--- a/src/fips.c
+++ b/src/fips.c
@@ -138,8 +138,17 @@ _gcry_initialize_fips_mode (int force)
static const char procfname[] = "/proc/sys/crypto/fips_enabled";
FILE *fp;
int saved_errno;
-
+ saved_errno = errno;
+ /* since procfname may not exist and that's okay, we should ignore
+ if fopen sets errno to ENOENT (no such file) */
fp = fopen (procfname, "r");
+ /* if file doesn't exist, which is a condition described here:
+ https://www.gnupg.org/documentation/manuals/gcrypt/Enabling-FIPS-mode.html
*/
+ if (errno == ENOENT)
+ {
+ /* restore errno's value before fopen call */
+ errno = saved_errno;
+ }
if (fp)
{
char line[256];
@@ -178,6 +187,7 @@ _gcry_initialize_fips_mode (int force)
{
/* Yes, we are in FIPS mode. */
FILE *fp;
+ int saved_errno;
/* Intitialize the lock to protect the FSM. */
err = gpgrt_lock_init (&fsm_lock);
@@ -197,9 +207,16 @@ _gcry_initialize_fips_mode (int force)
}
+ saved_errno = errno;
/* If the FIPS force files exists, is readable and has a number
!= 0 on its first line, we enable the enforced fips mode. */
fp = fopen (FIPS_FORCE_FILE, "r");
+ if (errno == ENOENT)
+ {
+ /* since FIPS_FORCE_FILE may not exist, we ignore if fopen
+ returns ENOENT (file not found) */
+ errno = saved_errno;
+ }
if (fp)
{
char line[256];
Em qui., 20 de ago. de 2020 às 19:57, Antonio Harres <tom.mharres at gmail.com>
escreveu:
> Hello, I will be as descriptive as possible about the issue here:
> In order to probe if fips_mode is enabled in the operating system,
> libgcrypt will try to fopen "/proc/sys/crypto/fips_enabled", now according
> to libgcrypt documentation, this file may not exist...
> If it doesn't, then libgcrypt fallsback to "/etc/gcrypt/fips_enabled", it
> will again try to fopen it.
> This procedure is described here:
> https://www.gnupg.org/documentation/manuals/gcrypt/Enabling-FIPS-mode.html
> The key point here is that the relevant portion of code is using fopen to
> probe for the existence of the file, this may return all sorts of errors,
> but commonly it's ENOENT. which is then returned into any code that is
> initializing libgcrypt. But, I'm getting errno at something that is not an
> error, rather, a configuration detail, the fact that the file doesn't exist
> just means that libgcrypt should disable fips mode internally.
> While describing the problem here, I understood a flaw in my patch, allow
> me to send a new patch that will ignore errno only in case it's ENOENT.
>
> Em qua., 19 de ago. de 2020 às 14:29, Werner Koch <wk at gnupg.org> escreveu:
>
>> Hi!
>>
>> > I was coding with libcurl and decided to debug my code with a
>> > watchpoint on errno, to my unpleasent surprise, I found that libgcrypt
>> > was returning error, despite that I was doing everything okay and
>> > libgcrypt wasn't really having a decent reason to return error.
>>
>> Can you please describe the problem you are trying to address?
>>
>> May I assume that you are under the impression that Libgcrypt may not
>> change ERRNO while you call an arbitrary function of it? That is not
>> the case. Maybe you should take another path to debuggng that
>> watchpointing ERRNO.
>>
>>
>> Shalom-Salam,
>>
>> Werner
>>
>> --
>> Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20200820/009b25bc/attachment.html>
More information about the Gcrypt-devel
mailing list