[Bug 1117355] New: libgcrypt runs selfcheck including hmac based binary verifcation outside fips mode. breaks keepassxc
http://bugzilla.opensuse.org/show_bug.cgi?id=1117355 Bug ID: 1117355 Summary: libgcrypt runs selfcheck including hmac based binary verifcation outside fips mode. breaks keepassxc Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: vcizek@suse.com Reporter: mrueckert@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- (gdb) bt #0 0x00007ffff6b03110 in _gcry_fips_run_selftests (extended=1) at fips.c:722 #1 0x00007ffff6af8889 in gcry_control (cmd=cmd@entry=GCRYCTL_SELFTEST) at visibility.c:79 #2 0x00005555555b987b in Crypto::backendSelfTest() () at /usr/src/debug/keepassxc-2.3.4+git194.a67cac13-38.1.x86_64/src/crypto/Crypto.cpp:78 #3 0x00005555555b987b in Crypto::init() () at /usr/src/debug/keepassxc-2.3.4+git194.a67cac13-38.1.x86_64/src/crypto/Crypto.cpp:53 #4 0x00005555555ab457 in main(int, char**) (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/keepassxc-2.3.4+git194.a67cac13-38.1.x86_64/src/main.cpp:101 This also affects SLE15/Leap15 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1117355 http://bugzilla.opensuse.org/show_bug.cgi?id=1117355#c1 Vítězslav Čížek <vcizek@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |vcizek@suse.com --- Comment #1 from Vítězslav Čížek <vcizek@suse.com> --- Created attachment 790914 --> http://bugzilla.opensuse.org/attachment.cgi?id=790914&action=edit reproducer that triggers the selftests # cc -lgcrypt SELFCHECK.c && ./a.out -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1117355 http://bugzilla.opensuse.org/show_bug.cgi?id=1117355#c2 --- Comment #2 from Vítězslav Čížek <vcizek@suse.com> --- Created attachment 790915 --> http://bugzilla.opensuse.org/attachment.cgi?id=790915&action=edit patch Make sure the missing checksums cause selftest failure in FIPS mode only. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1117355 http://bugzilla.opensuse.org/show_bug.cgi?id=1117355#c3 Vítězslav Čížek <vcizek@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |IN_PROGRESS Assignee|vcizek@suse.com |pmonrealgonzalez@suse.com --- Comment #3 from Vítězslav Čížek <vcizek@suse.com> --- Submitted in https://build.opensuse.org/request/show/652048. Pedro, please add the patch to the next maintenance round. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1117355 http://bugzilla.opensuse.org/show_bug.cgi?id=1117355#c5 --- Comment #5 from Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com> --- Packages submitted for SLE-15 and SLE-12. Also reported upstream in https://dev.gnupg.org/T4274 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1117355 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com