fips: Only test check_binary_integrity when fips_mode is enabled.
authorNIIBE Yutaka <gniibe@fsij.org>
Mon, 25 Feb 2019 00:02:59 +0000 (09:02 +0900)
committerNIIBE Yutaka <gniibe@fsij.org>
Mon, 25 Feb 2019 00:02:59 +0000 (09:02 +0900)
* src/fips.c (_gcry_fips_run_selftests): Check the status of fips_mode
before calling check_binary_integrity.

--

GnuPG-bug-id: 4274
Reported-by: Pedro Monreal
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
src/fips.c

index 36358bf..1ac7f47 100644 (file)
@@ -689,10 +689,13 @@ _gcry_fips_run_selftests (int extended)
   if (run_pubkey_selftests (extended))
     goto leave;
 
-  /* Now check the integrity of the binary.  We do this this after
-     having checked the HMAC code.  */
-  if (check_binary_integrity ())
-    goto leave;
+  if (fips_mode ())
+    {
+      /* Now check the integrity of the binary.  We do this this after
+         having checked the HMAC code.  */
+      if (check_binary_integrity ())
+        goto leave;
+    }
 
   /* All selftests passed.  */
   result = STATE_OPERATIONAL;