Page MenuHome GnuPG

Fail selftests when checksum file is missing in FIPS mode only
Closed, ResolvedPublic


Libgcrypt runs self-check including hmac based binary verification outside FIPS mode and breaks keepassxc. See SUSE bug report [0] and the patch submitted in the pull request [1].



External Link

Event Timeline

Adding the patch here.

gniibe added a subscriber: gniibe.

Thanks for your report.
I think that your patch is too generous to run HMAC even if fips_mode is not enabled; Simply, we can stop calling integrity check when fips_mode is not active.

gniibe triaged this task as Normal priority.Feb 25 2019, 1:10 AM
gniibe added a project: Restricted Project.

Fixed in master.

gniibe changed the task status from Open to Testing.Jun 25 2019, 6:01 AM