diff -up libgcrypt-1.8.3/cipher/md.c.fips-ctor libgcrypt-1.8.3/cipher/md.c

--- libgcrypt-1.8.3/cipher/md.c.fips-ctor	2017-11-23 19:16:58.000000000 +0100

+++ libgcrypt-1.8.3/cipher/md.c	2018-07-12 13:24:54.088403006 +0200

@@ -411,11 +411,8 @@ md_enable (gcry_md_hd_t hd, int algorith

   if (!err && algorithm == GCRY_MD_MD5 && fips_mode ())

     {

-      _gcry_inactivate_fips_mode ("MD5 used");

       if (_gcry_enforced_fips_mode () )

         {

-          /* We should never get to here because we do not register

-             MD5 in enforced fips mode. But better throw an error.  */

           err = GPG_ERR_DIGEST_ALGO;

         }

     }

diff -up libgcrypt-1.8.3/src/fips.c.fips-ctor libgcrypt-1.8.3/src/fips.c

--- libgcrypt-1.8.3/src/fips.c.fips-ctor	2018-07-12 13:24:54.075402698 +0200

+++ libgcrypt-1.8.3/src/fips.c	2018-07-12 13:24:54.088403006 +0200

@@ -91,6 +91,31 @@ static void fips_new_state (enum module_

+/* Initialize the FSM lock - this function may only

+   be called once and is intended to be run from the library

+   constructor  */

+void

+_gcry_initialize_fsm_lock (void)

+{

+  gpg_error_t err;

+  /* Intitialize the lock to protect the FSM.  */

+  err = gpgrt_lock_init (&fsm_lock);

+  if (err)

+    {

+      /* If that fails we can't do anything but abort the

+         process. We need to use log_info so that the FSM won't

+         get involved.  */

+      log_info ("FATAL: failed to create the FSM lock in libgcrypt: %s\n",

+                gpg_strerror (err));

+#ifdef HAVE_SYSLOG

+      syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "

+              "creating FSM lock failed: %s - abort",

+              gpg_strerror (err));

+#endif /*HAVE_SYSLOG*/

+      abort ();

+    }

+}

+

 /* Check whether the OS is in FIPS mode and record that in a module

    local variable.  If FORCE is passed as true, fips mode will be

    enabled anyway. Note: This function is not thread-safe and should

@@ -100,7 +125,6 @@ void

 _gcry_initialize_fips_mode (int force)

 {

   static int done;

-  gpg_error_t err;

   /* Make sure we are not accidentally called twice.  */

   if (done)

@@ -179,24 +203,6 @@ _gcry_initialize_fips_mode (int force)

       /* Yes, we are in FIPS mode.  */

       FILE *fp;

-      /* Intitialize the lock to protect the FSM.  */

-      err = gpgrt_lock_init (&fsm_lock);

-      if (err)

-        {

-          /* If that fails we can't do anything but abort the

-             process. We need to use log_info so that the FSM won't

-             get involved.  */

-          log_info ("FATAL: failed to create the FSM lock in libgcrypt: %s\n",

-                    gpg_strerror (err));

-#ifdef HAVE_SYSLOG

-          syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "

-                  "creating FSM lock failed: %s - abort",

-                  gpg_strerror (err));

-#endif /*HAVE_SYSLOG*/

-          abort ();

-        }

-

-

       /* If the FIPS force files exists, is readable and has a number

          != 0 on its first line, we enable the enforced fips mode.  */

       fp = fopen (FIPS_FORCE_FILE, "r");

@@ -359,16 +365,20 @@ _gcry_fips_is_operational (void)

 {

   int result;

-  if (!fips_mode ())

+  lock_fsm ();

+  if (current_state == STATE_POWERON && !fips_mode ())

+    /* If we are at this point in POWERON state it means the FIPS

+       module installation was not completed. (/etc/system-fips

+      is not present.) */

     result = 1;

   else

     {

-      lock_fsm ();

-      if (current_state == STATE_INIT)

+      if (current_state == STATE_INIT || current_state == STATE_SELFTEST)

         {

-          /* If we are still in the INIT state, we need to run the

-             selftests so that the FSM can eventually get into

-             operational state.  Given that we would need a 2-phase

+          /* If we are still in the INIT (or SELFTEST) state,

+             we need to run (or finish) the selftests so

+             that the FSM can eventually get into operational

+             state. Given that we would need a 2-phase

              initialization of libgcrypt, but that has traditionally

              not been enforced, we use this on demand self-test

              checking.  Note that Proper applications would do the

@@ -384,9 +394,11 @@ _gcry_fips_is_operational (void)

           lock_fsm ();

         }

-      result = (current_state == STATE_OPERATIONAL);

-      unlock_fsm ();

+      result = (current_state == STATE_OPERATIONAL) || !fips_mode ();

+      /* We always run the selftests but ignore the result

+         in non-FIPS mode. */

     }

+  unlock_fsm ();

   return result;

 }

@@ -709,9 +721,25 @@ _gcry_fips_run_selftests (int extended)

 {

   enum module_states result = STATE_ERROR;

   gcry_err_code_t ec = GPG_ERR_SELFTEST_FAILED;

+  int in_poweron;

-  if (fips_mode ())

-    fips_new_state (STATE_SELFTEST);

+  lock_fsm ();

+  in_poweron = (current_state == STATE_POWERON);

+  unlock_fsm ();

+

+  fips_new_state (STATE_SELFTEST);

+

+  /* We first check the integrity of the binary.

+     If run from the constructor we are in POWERON state,

+     we return and finish the remaining selftests before

+     real use of the library. It will be in the POWERON

+     state meanwhile.  */

+  if (in_poweron)

+    if (check_binary_integrity ())

+      goto leave;

+

+  if (in_poweron)

+    return 0;

   if (run_cipher_selftests (extended))

     goto leave;

@@ -730,18 +758,12 @@ _gcry_fips_run_selftests (int extended)

   if (run_pubkey_selftests (extended))

     goto leave;

-  /* Now check the integrity of the binary.  We do this this after

-     having checked the HMAC code.  */

-  if (check_binary_integrity ())

-    goto leave;

-

   /* All selftests passed.  */

   result = STATE_OPERATIONAL;

   ec = 0;

  leave:

-  if (fips_mode ())

-    fips_new_state (result);

+  fips_new_state (result);

   return ec;

 }

@@ -797,6 +819,7 @@ fips_new_state (enum module_states new_s

     {

     case STATE_POWERON:

       if (new_state == STATE_INIT

+          || new_state == STATE_SELFTEST

           || new_state == STATE_ERROR

           || new_state == STATE_FATALERROR)

         ok = 1;

@@ -811,6 +834,8 @@ fips_new_state (enum module_states new_s

     case STATE_SELFTEST:

       if (new_state == STATE_OPERATIONAL

+          || new_state == STATE_INIT

+          || new_state == STATE_SELFTEST

           || new_state == STATE_ERROR

           || new_state == STATE_FATALERROR)

         ok = 1;

diff -up libgcrypt-1.8.3/src/global.c.fips-ctor libgcrypt-1.8.3/src/global.c

--- libgcrypt-1.8.3/src/global.c.fips-ctor	2017-11-23 19:25:58.000000000 +0100

+++ libgcrypt-1.8.3/src/global.c	2018-07-17 19:15:43.933827112 +0200

@@ -141,6 +141,29 @@ global_init (void)

 }

+#ifndef FIPS_MODULE_PATH

+#define FIPS_MODULE_PATH "/etc/system-fips"

+#endif

+

+void __attribute__ ((constructor)) _gcry_global_constructor (void)

+{

+  int rv;

+

+  /* We always need the FSM lock to be functional. */

+  _gcry_initialize_fsm_lock ();

+

+  rv = access (FIPS_MODULE_PATH, F_OK);

+  if (rv < 0 && errno != ENOENT)

+    rv = 0;

+

+  if (!rv)

+    {

+      /* We run the integrity check at this point. The remaining

+         selftests are run before use of the library by application. */

+      _gcry_fips_run_selftests (0);

+    }

+}

+

 /* This function is called by the macro fips_is_operational and makes

    sure that the minimal initialization has been done.  This is far

    from a perfect solution and hides problems with an improper

@@ -671,8 +694,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,

     case GCRYCTL_FIPS_MODE_P:

       if (fips_mode ()

-          && !_gcry_is_fips_mode_inactive ()

-          && !no_secure_memory)

+          && !_gcry_is_fips_mode_inactive ())

 	rc = GPG_ERR_GENERAL; /* Used as TRUE value */

       break;

@@ -749,9 +771,9 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,

       break;

     case GCRYCTL_SET_ENFORCED_FIPS_FLAG:

-      if (!any_init_done)

+      if (fips_mode ())

         {

-          /* Not yet initialized at all.  Set the enforced fips mode flag */

+          /* We are in FIPS mode, we can set the enforced fips mode flag. */

           _gcry_set_preferred_rng_type (0);

           _gcry_set_enforced_fips_mode ();

         }

diff -up libgcrypt-1.8.3/src/g10lib.h.fips-ctor libgcrypt-1.8.3/src/g10lib.h

--- libgcrypt-1.8.3/src/g10lib.h.fips-ctor	2017-11-23 19:16:58.000000000 +0100

+++ libgcrypt-1.8.3/src/g10lib.h	2018-07-12 13:24:54.089403030 +0200

@@ -422,6 +422,8 @@ gpg_err_code_t _gcry_sexp_vextract_param

 /*-- fips.c --*/

+void _gcry_initialize_fsm_lock (void);

+

 void _gcry_initialize_fips_mode (int force);

 int _gcry_fips_mode (void);