rpms/libgcrypt
7
0
Fork 0
Code Issues Pull Requests Releases Activity

deinitialize the RNG after the selftest is run

Browse Source
This commit is contained in:
Tomas Mraz 2015-04-03 16:47:34 +02:00
parent 376991d05a
commit ab1d80feb6
2 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
libgcrypt-1.6.2-fips-ctor.patch
View File

@ -16,7 +16,7 @@ diff -up libgcrypt-1.6.2/cipher/md.c.fips-ctor libgcrypt-1.6.2/cipher/md.c
diff -up libgcrypt-1.6.2/src/global.c.fips-ctor libgcrypt-1.6.2/src/global.c diff -up libgcrypt-1.6.2/src/global.c.fips-ctor libgcrypt-1.6.2/src/global.c
--- libgcrypt-1.6.2/src/global.c.fips-ctor 2015-02-25 13:57:21.174704842 +0100 --- libgcrypt-1.6.2/src/global.c.fips-ctor 2015-02-25 13:57:21.174704842 +0100
+++ libgcrypt-1.6.2/src/global.c 2015-02-25 14:03:07.066864208 +0100 +++ libgcrypt-1.6.2/src/global.c 2015-02-25 14:03:07.066864208 +0100
@@ -132,6 +132,34 @@ global_init (void) @@ -132,6 +132,36 @@ global_init (void)
} }
@ -44,6 +44,8 @@ diff -up libgcrypt-1.6.2/src/global.c.fips-ctor libgcrypt-1.6.2/src/global.c
+ if (fips_mode ()) + if (fips_mode ())
+ _gcry_random_initialize (1); + _gcry_random_initialize (1);
+ _gcry_fips_run_selftests (0); + _gcry_fips_run_selftests (0);
+ if (!fips_mode())
+ _gcry_random_close_fds ();
+ no_secure_memory = no_secmem_save; + no_secure_memory = no_secmem_save;
+ } + }
+} +}
@ -51,7 +53,7 @@ diff -up libgcrypt-1.6.2/src/global.c.fips-ctor libgcrypt-1.6.2/src/global.c
/* This function is called by the macro fips_is_operational and makes /* This function is called by the macro fips_is_operational and makes
sure that the minimal initialization has been done. This is far sure that the minimal initialization has been done. This is far
from a perfect solution and hides problems with an improper from a perfect solution and hides problems with an improper
@@ -542,8 +570,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, @@ -542,8 +572,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
case GCRYCTL_FIPS_MODE_P: case GCRYCTL_FIPS_MODE_P:
if (fips_mode () if (fips_mode ()
@ -61,7 +63,7 @@ diff -up libgcrypt-1.6.2/src/global.c.fips-ctor libgcrypt-1.6.2/src/global.c
rc = GPG_ERR_GENERAL; /* Used as TRUE value */ rc = GPG_ERR_GENERAL; /* Used as TRUE value */
break; break;
@@ -635,7 +662,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, @@ -635,7 +664,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
break; break;
case GCRYCTL_SET_ENFORCED_FIPS_FLAG: case GCRYCTL_SET_ENFORCED_FIPS_FLAG:

5
libgcrypt.spec
View File

@ -1,6 +1,6 @@
Name: libgcrypt Name: libgcrypt
Version: 1.6.3 Version: 1.6.3
Release: 3%{?dist} Release: 4%{?dist}
URL: http://www.gnupg.org/ URL: http://www.gnupg.org/
Source0: libgcrypt-%{version}-hobbled.tar.xz Source0: libgcrypt-%{version}-hobbled.tar.xz
# The original libgcrypt sources now contain potentially patented ECC # The original libgcrypt sources now contain potentially patented ECC
@ -208,6 +208,9 @@ exit 0
%license COPYING %license COPYING
%changelog %changelog
* Fri Apr 3 2015 Tomáš Mráz <tmraz@redhat.com> 1.6.3-4
- deinitialize the RNG after the selftest is run
* Tue Mar 24 2015 Tomáš Mráz <tmraz@redhat.com> 1.6.3-3 * Tue Mar 24 2015 Tomáš Mráz <tmraz@redhat.com> 1.6.3-3
- touch only urandom in the selftest and when /dev/random is - touch only urandom in the selftest and when /dev/random is
unavailable for example by SELinux confinement unavailable for example by SELinux confinement