[git] GCRYPT - branch, master, updated. libgcrypt-1.8.1-112-g6e669e0
by Jussi Kivilinna
cvs at cvs.gnupg.org
Sat Oct 27 15:16:29 CEST 2018
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via 6e669e09603e5a98b59dcf35f77f346db6c81eac (commit)
from f1fe145a2958ba7a51113d35a83cfc676a920a86 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 6e669e09603e5a98b59dcf35f77f346db6c81eac
Author: Jussi Kivilinna <jussi.kivilinna at iki.fi>
Date: Sat Oct 27 15:48:29 2018 +0300
Fix missing global initialization in fips_is_operational
* src/g10lib.h (_gcry_global_any_init_done): New extern.
(fips_is_operational): Check for _gcry_global_any_init_done and call
_gcry_global_is_operational.
* src/global.c (any_init_done): Rename to ...
(_gcry_global_any_init_done): ... this and make externally available.
--
Commit b6e6ace324440f564df664e27f8276ef01f76795 "Add fast path for
_gcry_fips_is_operational" inadvertently replaced function call to
_gcry_global_is_operational with call to _gcry_fips_is_operational
in fips_is_operational macro. This can cause libgcrypt to miss
initialization. This patch restores _gcry_global_is_operational
functionality to fips_is_operational macro while keeping fast-path
to reduce call-overhead to gcry_* functions.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna at iki.fi>
diff --git a/src/g10lib.h b/src/g10lib.h
index d52eef3..c1f84ee 100644
--- a/src/g10lib.h
+++ b/src/g10lib.h
@@ -102,6 +102,7 @@
/*-- src/global.c -*/
+extern int _gcry_global_any_init_done;
int _gcry_global_is_operational (void);
gcry_err_code_t _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr);
void _gcry_check_heap (const void *a);
@@ -466,7 +467,9 @@ int _gcry_fips_is_operational (void);
/* Return true if the library is in the operational state. */
#define fips_is_operational() \
- (!fips_mode () || _gcry_fips_is_operational ())
+ (!_gcry_global_any_init_done ? \
+ _gcry_global_is_operational() : \
+ (!fips_mode () || _gcry_global_is_operational ()))
#define fips_not_operational() (GPG_ERR_NOT_OPERATIONAL)
diff --git a/src/global.c b/src/global.c
index 6c2486c..d82c680 100644
--- a/src/global.c
+++ b/src/global.c
@@ -54,7 +54,7 @@ static unsigned int debug_flags;
static int force_fips_mode;
/* Controlled by global_init(). */
-static int any_init_done;
+int _gcry_global_any_init_done;
/*
* Functions called before and after blocking syscalls.
@@ -91,9 +91,9 @@ global_init (void)
{
gcry_error_t err = 0;
- if (any_init_done)
+ if (_gcry_global_any_init_done)
return;
- any_init_done = 1;
+ _gcry_global_any_init_done = 1;
/* Tell the random module that we have seen an init call. */
_gcry_set_preferred_rng_type (0);
@@ -161,7 +161,7 @@ global_init (void)
int
_gcry_global_is_operational (void)
{
- if (!any_init_done)
+ if (!_gcry_global_any_init_done)
{
#ifdef HAVE_SYSLOG
syslog (LOG_USER|LOG_WARNING, "Libgcrypt warning: "
@@ -570,7 +570,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr)
break;
case GCRYCTL_ANY_INITIALIZATION_P:
- if (any_init_done)
+ if (_gcry_global_any_init_done)
rc = GPG_ERR_GENERAL;
break;
@@ -682,7 +682,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr)
selftest is triggered. It is not possible to put the libraty
into fips mode after having passed the initialization. */
_gcry_set_preferred_rng_type (0);
- if (!any_init_done)
+ if (!_gcry_global_any_init_done)
{
/* Not yet initialized at all. Set a flag so that we are put
into fips mode during initialization. */
@@ -749,7 +749,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr)
break;
case GCRYCTL_SET_ENFORCED_FIPS_FLAG:
- if (!any_init_done)
+ if (!_gcry_global_any_init_done)
{
/* Not yet initialized at all. Set the enforced fips mode flag */
_gcry_set_preferred_rng_type (0);
@@ -773,7 +773,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr)
{
int *ip = va_arg (arg_ptr, int*);
if (ip)
- *ip = _gcry_get_rng_type (!any_init_done);
+ *ip = _gcry_get_rng_type (!_gcry_global_any_init_done);
}
break;
@@ -801,7 +801,8 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr)
int npers = va_arg (arg_ptr, int);
if (va_arg (arg_ptr, void *) || npers < 0)
rc = GPG_ERR_INV_ARG;
- else if (_gcry_get_rng_type (!any_init_done) != GCRY_RNG_TYPE_FIPS)
+ else if (_gcry_get_rng_type (!_gcry_global_any_init_done)
+ != GCRY_RNG_TYPE_FIPS)
rc = GPG_ERR_NOT_SUPPORTED;
else
rc = _gcry_rngdrbg_reinit (flagstr, pers, npers);
-----------------------------------------------------------------------
Summary of changes:
src/g10lib.h | 5 ++++-
src/global.c | 19 ++++++++++---------
2 files changed, 14 insertions(+), 10 deletions(-)
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
More information about the Gnupg-commits
mailing list