[gnutls-devel] GnuTLS | fipshmac: pathname checking should resolve realpath of libraries (#1426)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Mon Nov 14 03:09:03 CET 2022
Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1426
With the following `.gnutls.hmac` file:
```
[global]
format-version = 1
[libgnutls.so.30]
path = /lib64/libgnutls.so.30
hmac = b94b08e69e16fe9822fce3f548ada7bff35cb501be1d29fe359df8152920897a
[libnettle.so.8]
path = /lib64/libnettle.so.8
hmac = 91d1e4123f06097a7ba0457425b16f5dbc63e8b4367ec6f34478a6581926f160
[libhogweed.so.6]
path = /lib64/libhogweed.so.6
hmac = 982e7cd42272a96080afc180dd7655d097051e1292cac8caee8f125a2988e61c
[libgmp.so.10]
path = /lib64/libgmp.so.10
hmac = c7850b25b26e8fd2a26722e6aaabfcf74327044a9fe59ebc66707741a2bb8e82
```
and `/lib64` is actually a symlink to `/usr/lib64`, the FIPS library integrity check may fail with certain LD_LIBRARY_PATH setting:
```console
$ LD_LIBRARY_PATH=/usr/lib64 GNUTLS_FORCE_FIPS_MODE=1 gnutls-cli-debug
Error in GnuTLS initialization: Error while performing self checks.
global state initialization error
```
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1426
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20221114/4d4fd7aa/attachment.html>
More information about the Gnutls-devel
mailing list