fips: Add constructor to run selftests.

* src/fips.c (_gcry_fips_to_activate): New. * src/g10lib.h (_gcry_fips_to_activate): New. * src/global.c [ENABLE_HMAC_BINARY_CHECK] (_gcry_global_constructor): New. -- Note: constructor is non-portable feature of GCC. This behavior of running selftests just after the load of the library is specific to the build with ENABLE_HMAC_BINARY_CHECK. GnuPG-bug-id: 5636 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
author: NIIBE Yutaka <gniibe@fsij.org> 2021-12-17 09:02:30 +0900
committer: NIIBE Yutaka <gniibe@fsij.org> 2021-12-17 09:02:30 +0900
commit: 45974d87753978b953940045280e9f28f951dbe0 (patch)
tree: 91fb3a9dadd05258e851ff3f6dd54edc20a3d401
parent: 209d98dcf66bd7baeca37cd6b13b31c7f00f4625 (diff)
download: libgcrypt-45974d87753978b953940045280e9f28f951dbe0.tar.gz
3 files changed, 37 insertions, 0 deletions
diff --git a/src/fips.c b/src/fips.c
index bcadc5f2..5499aee8 100644
--- a/src/fips.c
+++ b/src/fips.c
@@ -82,6 +82,12 @@ static void fips_new_state (enum module_states new_state);
 
 
 
+/*
+ * Returns 1 if the FIPS mode is to be activated based on the
+ * environment variable LIBGCRYPT_FORCE_FIPS_MODE, the file defined by
+ * FIPS_FORCE_FILE, or /proc/sys/crypto/fips_enabled.
+ * This function aborts on misconfigured filesystems.
+ */
 static int
 check_fips_system_setting (void)
 {
@@ -136,6 +142,17 @@ check_fips_system_setting (void)
   return 0;
 }
 
+/*
+ * Initial check if the FIPS mode should be activated on startup.
+ * Called by the constructor at the initialization of the library.
+ */
+int
+_gcry_fips_to_activate (void)
+{
+  return check_fips_system_setting ();
+}
+
+
 /* Check whether the OS is in FIPS mode and record that in a module
    local variable.  If FORCE is passed as true, fips mode will be
    enabled anyway. Note: This function is not thread-safe and should
diff --git a/src/g10lib.h b/src/g10lib.h
index d2e718a5..c12cfef3 100644
--- a/src/g10lib.h
+++ b/src/g10lib.h
@@ -425,6 +425,7 @@ gpg_err_code_t _gcry_sexp_vextract_param (gcry_sexp_t sexp, const char *path,
 extern int _gcry_no_fips_mode_required;
 
 void _gcry_initialize_fips_mode (int force);
+int _gcry_fips_to_activate (void);
 
 /* This macro returns true if fips mode is enabled.  This is
    independent of the fips required finite state machine and only used
diff --git a/src/global.c b/src/global.c
index 47dd80ec..ad2e95a4 100644
--- a/src/global.c
+++ b/src/global.c
@@ -140,6 +140,25 @@ global_init (void)
   BUG ();
 }
 
+#ifdef ENABLE_HMAC_BINARY_CHECK
+# if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 7 )
+# define GCC_ATTR_CONSTRUCTOR  __attribute__ ((__constructor__))
+
+static void GCC_ATTR_CONSTRUCTOR
+_gcry_global_constructor (void)
+{
+  force_fips_mode = _gcry_fips_to_activate ();
+  if (force_fips_mode)
+    {
+      no_secure_memory = 1;
+      global_init ();
+      _gcry_fips_run_selftests (0);
+      _gcry_random_close_fds ();
+      no_secure_memory = 0;
+    }
+}
+# endif
+#endif /* ENABLE_HMAC_BINARY_CHECK */
 
 /* This function is called by the macro fips_is_operational and makes
    sure that the minimal initialization has been done.  This is far
author	NIIBE Yutaka <gniibe@fsij.org>	2021-12-17 09:02:30 +0900
committer	NIIBE Yutaka <gniibe@fsij.org>	2021-12-17 09:02:30 +0900
commit	45974d87753978b953940045280e9f28f951dbe0 (patch)
tree	91fb3a9dadd05258e851ff3f6dd54edc20a3d401
parent	209d98dcf66bd7baeca37cd6b13b31c7f00f4625 (diff)
download	libgcrypt-45974d87753978b953940045280e9f28f951dbe0.tar.gz