gpg2/gnupg-detect_FIPS_mode.patch

19 lines
784 B
Diff

Index: gnupg-2.3.8/g10/mainproc.c
===================================================================
--- gnupg-2.3.8.orig/g10/mainproc.c
+++ gnupg-2.3.8/g10/mainproc.c
@@ -1011,7 +1011,12 @@ proc_plaintext( CTX c, PACKET *pkt )
according to 2440, so hopefully it won't come up that often.
There is no good way to specify what algorithms to use in
that case, so these there are the historical answer. */
- gcry_md_enable (c->mfx.md, DIGEST_ALGO_RMD160);
+
+ /* Libgcrypt manual says that gcry_version_check must be called
+ * before calling gcry_fips_mode_active. */
+ gcry_check_version (NULL);
+ if(!gcry_fips_mode_active())
+ gcry_md_enable(c->mfx.md, DIGEST_ALGO_RMD160);
gcry_md_enable (c->mfx.md, DIGEST_ALGO_SHA1);
}
if (DBG_HASHING)