diff options
-rw-r--r-- | src/fips.c | 9 | ||||
-rw-r--r-- | src/visibility.h | 5 |
2 files changed, 9 insertions, 5 deletions
@@ -30,15 +30,14 @@ # include <syslog.h> #endif /*HAVE_SYSLOG*/ +/* The name of the file used to force libgcrypt into fips mode. */ +#define FIPS_FORCE_FILE "/etc/gcrypt/fips_enabled" + #include "g10lib.h" #include "cipher-proto.h" #include "hmac256.h" -/* The name of the file used to force libgcrypt into fips mode. */ -#define FIPS_FORCE_FILE "/etc/gcrypt/fips_enabled" - - /* The states of the finite state machine used in fips mode. */ enum module_states { @@ -604,7 +603,7 @@ check_binary_integrity (void) char *fname = NULL; const char key[] = "What am I, a doctor or a moonshuttle conductor?"; - if (!dladdr ("gcry_check_version", &info)) + if (!dladdr (gcry_check_version, &info)) err = gpg_error_from_syserror (); else { diff --git a/src/visibility.h b/src/visibility.h index b7e8369a..c44cb836 100644 --- a/src/visibility.h +++ b/src/visibility.h @@ -298,7 +298,12 @@ MARK_VISIBLEX (_gcry_mpi_get_const) between a public and an internal version is that the internal version use gpg_err_code_t and the public version gpg_error_t. */ +#if defined(FIPS_FORCE_FILE) +/* It's valid use in src/fips.c to get the address of gcry_check_version. */ +#else #define gcry_check_version _gcry_USE_THE_UNDERSCORED_FUNCTION +#endif + #define gcry_control _gcry_USE_THE_UNDERSCORED_FUNCTION #define gcry_set_allocation_handler _gcry_USE_THE_UNDERSCORED_FUNCTION |