rpms / libgcrypt

Clone
Source Code
GIT

Blame SOURCES/libgcrypt-1.8.5-use-fipscheck.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s c9 c9-beta
  1.   e09bf52925cb2407c58553243873ecb3e8aa41d4
  2.   SOURCES
  3.   libgcrypt-1.8.5-use-fipscheck.patch
Blob History Raw
e09bf5 
diff -up libgcrypt-1.8.5/src/fips.c.use-fipscheck libgcrypt-1.8.5/src/fips.c
e09bf5 
--- libgcrypt-1.8.5/src/fips.c.use-fipscheck	2017-11-23 19:16:58.000000000 +0100
e09bf5 
+++ libgcrypt-1.8.5/src/fips.c	2020-04-23 10:18:36.235764741 +0200
e09bf5 
@@ -581,23 +581,50 @@ run_random_selftests (void)
e09bf5 
   return !!err;
e09bf5 
 }
e09bf5
e09bf5 
+#ifdef ENABLE_HMAC_BINARY_CHECK
e09bf5 
+static int
e09bf5 
+get_library_path(const char *libname, const char *symbolname, char *path, size_t pathlen)
e09bf5 
+{
e09bf5 
+    Dl_info info;
e09bf5 
+    void *dl, *sym;
e09bf5 
+    int rv = -1;
e09bf5 
+
e09bf5 
+        dl = dlopen(libname, RTLD_LAZY);
e09bf5 
+        if (dl == NULL) {
e09bf5 
+            return -1;
e09bf5 
+        }
e09bf5 
+
e09bf5 
+    sym = dlsym(dl, symbolname);
e09bf5 
+
e09bf5 
+    if (sym != NULL && dladdr(sym, &info)) {
e09bf5 
+	strncpy(path, info.dli_fname, pathlen-1);
e09bf5 
+	path[pathlen-1] = '\0';
e09bf5 
+	rv = 0;
e09bf5 
+    }
e09bf5 
+
e09bf5 
+    dlclose(dl);
e09bf5 
+
e09bf5 
+    return rv;
e09bf5 
+}
e09bf5 
+#endif
e09bf5 
+
e09bf5 
 /* Run an integrity check on the binary.  Returns 0 on success.  */
e09bf5 
 static int
e09bf5 
 check_binary_integrity (void)
e09bf5 
 {
e09bf5 
 #ifdef ENABLE_HMAC_BINARY_CHECK
e09bf5 
   gpg_error_t err;
e09bf5 
-  Dl_info info;
e09bf5 
+  char libpath[4096];
e09bf5 
   unsigned char digest[32];
e09bf5 
   int dlen;
e09bf5 
   char *fname = NULL;
e09bf5 
-  const char key[] = "What am I, a doctor or a moonshuttle conductor?";
e09bf5 
-
e09bf5 
-  if (!dladdr ("gcry_check_version", &info))
e09bf5 
+  const char key[] = "orboDeJITITejsirpADONivirpUkvarP";
e09bf5 
+
e09bf5 
+  if (get_library_path ("libgcrypt.so.20", "gcry_check_version", libpath, sizeof(libpath)))
e09bf5 
     err = gpg_error_from_syserror ();
e09bf5 
   else
e09bf5 
     {
e09bf5 
-      dlen = _gcry_hmac256_file (digest, sizeof digest, info.dli_fname,
e09bf5 
+      dlen = _gcry_hmac256_file (digest, sizeof digest, libpath,
e09bf5 
                                  key, strlen (key));
e09bf5 
       if (dlen < 0)
e09bf5 
         err = gpg_error_from_syserror ();
e09bf5 
@@ -605,7 +632,7 @@ check_binary_integrity (void)
e09bf5 
         err = gpg_error (GPG_ERR_INTERNAL);
e09bf5 
       else
e09bf5 
         {
e09bf5 
-          fname = xtrymalloc (strlen (info.dli_fname) + 1 + 5 + 1 );
e09bf5 
+          fname = xtrymalloc (strlen (libpath) + 1 + 5 + 1 );
e09bf5 
           if (!fname)
e09bf5 
             err = gpg_error_from_syserror ();
e09bf5 
           else
e09bf5 
@@ -614,7 +641,7 @@ check_binary_integrity (void)
e09bf5 
               char *p;
e09bf5
e09bf5 
               /* Prefix the basename with a dot.  */
e09bf5 
-              strcpy (fname, info.dli_fname);
e09bf5 
+              strcpy (fname, libpath);
e09bf5 
               p = strrchr (fname, '/');
e09bf5 
               if (p)
e09bf5 
                 p++;

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation