diff -up libgcrypt-1.8.5/src/fips.c.use-fipscheck libgcrypt-1.8.5/src/fips.c --- libgcrypt-1.8.5/src/fips.c.use-fipscheck 2017-11-23 19:16:58.000000000 +0100 +++ libgcrypt-1.8.5/src/fips.c 2020-04-23 10:18:36.235764741 +0200 @@ -581,23 +581,50 @@ run_random_selftests (void) return !!err; } +#ifdef ENABLE_HMAC_BINARY_CHECK +static int +get_library_path(const char *libname, const char *symbolname, char *path, size_t pathlen) +{ + Dl_info info; + void *dl, *sym; + int rv = -1; + + dl = dlopen(libname, RTLD_LAZY); + if (dl == NULL) { + return -1; + } + + sym = dlsym(dl, symbolname); + + if (sym != NULL && dladdr(sym, &info)) { + strncpy(path, info.dli_fname, pathlen-1); + path[pathlen-1] = '\0'; + rv = 0; + } + + dlclose(dl); + + return rv; +} +#endif + /* Run an integrity check on the binary. Returns 0 on success. */ static int check_binary_integrity (void) { #ifdef ENABLE_HMAC_BINARY_CHECK gpg_error_t err; - Dl_info info; + char libpath[4096]; unsigned char digest[32]; int dlen; char *fname = NULL; - const char key[] = "What am I, a doctor or a moonshuttle conductor?"; - - if (!dladdr ("gcry_check_version", &info)) + const char key[] = "orboDeJITITejsirpADONivirpUkvarP"; + + if (get_library_path ("libgcrypt.so.20", "gcry_check_version", libpath, sizeof(libpath))) err = gpg_error_from_syserror (); else { - dlen = _gcry_hmac256_file (digest, sizeof digest, info.dli_fname, + dlen = _gcry_hmac256_file (digest, sizeof digest, libpath, key, strlen (key)); if (dlen < 0) err = gpg_error_from_syserror (); @@ -605,7 +632,7 @@ check_binary_integrity (void) err = gpg_error (GPG_ERR_INTERNAL); else { - fname = xtrymalloc (strlen (info.dli_fname) + 1 + 5 + 1 ); + fname = xtrymalloc (strlen (libpath) + 1 + 5 + 1 ); if (!fname) err = gpg_error_from_syserror (); else @@ -614,7 +641,7 @@ check_binary_integrity (void) char *p; /* Prefix the basename with a dot. */ - strcpy (fname, info.dli_fname); + strcpy (fname, libpath); p = strrchr (fname, '/'); if (p) p++;