gpg2/gnupg-detect_FIPS_mode.patch

Index: gnupg-2.3.8/g10/mainproc.c
===================================================================
--- gnupg-2.3.8.orig/g10/mainproc.c
+++ gnupg-2.3.8/g10/mainproc.c
@@ -1011,7 +1011,12 @@ proc_plaintext( CTX c, PACKET *pkt )
          according to 2440, so hopefully it won't come up that often.
          There is no good way to specify what algorithms to use in
          that case, so these there are the historical answer. */
-	gcry_md_enable (c->mfx.md, DIGEST_ALGO_RMD160);
+
+	/* Libgcrypt manual says that gcry_version_check must be called
+	 * before calling gcry_fips_mode_active. */
+	gcry_check_version (NULL);
+	if(!gcry_fips_mode_active())
+	  gcry_md_enable(c->mfx.md, DIGEST_ALGO_RMD160);
 	gcry_md_enable (c->mfx.md, DIGEST_ALGO_SHA1);
     }
   if (DBG_HASHING)
Accepting request 1012076 from home:pmonrealgonzalez:branches:Base:System - GnuPG 2.3.8: * gpg: Do not consider unknown public keys as non-compliant while decrypting. * gpg: Avoid to emit a compliance mode line if Libgcrypt is non-compliant. * gpg: Improve --edit-key setpref command to ease c+p. * gpg: Emit an ERROR status if --quick-set-primary-uid fails and allow to pass the user ID by hash. * gpg: Actually show symmetric+pubkey encrypted data as de-vs compliant. Add extra compliance checks for symkey_enc packets. * gpg: In de-vs mode use SHA-256 instead of SHA-1 as implicit preference. * gpgsm: Fix reporting of bad passphrase error during PKCS#11 import. * agent: Fix a regression in "READKEY --format=ssh". * agent: New option --need-attr for KEYINFO. * agent: New attribute "Remote-list" for use by KEYINFO. * scd: Fix problem with Yubikey 5.4 firmware. * dirmngr: Fix CRL Distribution Point fallback to other schemes. * dirmngr: New LDAP server flag "areconly" (A-record-only). * dirmngr: Fix upload of multiple keys for an LDAP server specified using the colon format. * dirmngr: Use LDAP schema v2 when a Base DN is specified. * dirmngr: Avoid caching expired certificates. * wkd: Fix path traversal attack in gpg-wks-server. Add the mail address to the pending request data. * wkd: New command --mirror for gpg-wks-client. * gpg-auth: New tool for authentication. * New common.conf option no-autostart. * Silence warnings from AllowSetForegroundWindow unless OBS-URL: https://build.opensuse.org/request/show/1012076 OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=280 2022-10-17 20:43:45 +02:00			`Index: gnupg-2.3.8/g10/mainproc.c`
Accepting request 175573 from home:vitezslav_cizek:branches:Base:System - set safe umask before creating a plaintext file (bnc#780943) added gpg2-set_umask_before_open_outfile.patch - select proper ciphers when running in FIPS mode (bnc#808958) added gnupg-detect_FIPS_mode.patch OBS-URL: https://build.opensuse.org/request/show/175573 OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=56 2013-05-16 12:06:39 +02:00			`===================================================================`
Accepting request 1012076 from home:pmonrealgonzalez:branches:Base:System - GnuPG 2.3.8: * gpg: Do not consider unknown public keys as non-compliant while decrypting. * gpg: Avoid to emit a compliance mode line if Libgcrypt is non-compliant. * gpg: Improve --edit-key setpref command to ease c+p. * gpg: Emit an ERROR status if --quick-set-primary-uid fails and allow to pass the user ID by hash. * gpg: Actually show symmetric+pubkey encrypted data as de-vs compliant. Add extra compliance checks for symkey_enc packets. * gpg: In de-vs mode use SHA-256 instead of SHA-1 as implicit preference. * gpgsm: Fix reporting of bad passphrase error during PKCS#11 import. * agent: Fix a regression in "READKEY --format=ssh". * agent: New option --need-attr for KEYINFO. * agent: New attribute "Remote-list" for use by KEYINFO. * scd: Fix problem with Yubikey 5.4 firmware. * dirmngr: Fix CRL Distribution Point fallback to other schemes. * dirmngr: New LDAP server flag "areconly" (A-record-only). * dirmngr: Fix upload of multiple keys for an LDAP server specified using the colon format. * dirmngr: Use LDAP schema v2 when a Base DN is specified. * dirmngr: Avoid caching expired certificates. * wkd: Fix path traversal attack in gpg-wks-server. Add the mail address to the pending request data. * wkd: New command --mirror for gpg-wks-client. * gpg-auth: New tool for authentication. * New common.conf option no-autostart. * Silence warnings from AllowSetForegroundWindow unless OBS-URL: https://build.opensuse.org/request/show/1012076 OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=280 2022-10-17 20:43:45 +02:00			`--- gnupg-2.3.8.orig/g10/mainproc.c`
			`+++ gnupg-2.3.8/g10/mainproc.c`
			`@@ -1011,7 +1011,12 @@ proc_plaintext( CTX c, PACKET *pkt )`
Accepting request 266475 from home:AndreasStieger:branches:Base:System gnupg 2.1.1 OBS-URL: https://build.opensuse.org/request/show/266475 OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=90 2014-12-29 07:05:14 +01:00			`according to 2440, so hopefully it won't come up that often.`
			`There is no good way to specify what algorithms to use in`
			`that case, so these there are the historical answer. */`
			`- gcry_md_enable (c->mfx.md, DIGEST_ALGO_RMD160);`
Accepting request 175573 from home:vitezslav_cizek:branches:Base:System - set safe umask before creating a plaintext file (bnc#780943) added gpg2-set_umask_before_open_outfile.patch - select proper ciphers when running in FIPS mode (bnc#808958) added gnupg-detect_FIPS_mode.patch OBS-URL: https://build.opensuse.org/request/show/175573 OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=56 2013-05-16 12:06:39 +02:00			`+`
			`+ /* Libgcrypt manual says that gcry_version_check must be called`
Accepting request 1012076 from home:pmonrealgonzalez:branches:Base:System - GnuPG 2.3.8: * gpg: Do not consider unknown public keys as non-compliant while decrypting. * gpg: Avoid to emit a compliance mode line if Libgcrypt is non-compliant. * gpg: Improve --edit-key setpref command to ease c+p. * gpg: Emit an ERROR status if --quick-set-primary-uid fails and allow to pass the user ID by hash. * gpg: Actually show symmetric+pubkey encrypted data as de-vs compliant. Add extra compliance checks for symkey_enc packets. * gpg: In de-vs mode use SHA-256 instead of SHA-1 as implicit preference. * gpgsm: Fix reporting of bad passphrase error during PKCS#11 import. * agent: Fix a regression in "READKEY --format=ssh". * agent: New option --need-attr for KEYINFO. * agent: New attribute "Remote-list" for use by KEYINFO. * scd: Fix problem with Yubikey 5.4 firmware. * dirmngr: Fix CRL Distribution Point fallback to other schemes. * dirmngr: New LDAP server flag "areconly" (A-record-only). * dirmngr: Fix upload of multiple keys for an LDAP server specified using the colon format. * dirmngr: Use LDAP schema v2 when a Base DN is specified. * dirmngr: Avoid caching expired certificates. * wkd: Fix path traversal attack in gpg-wks-server. Add the mail address to the pending request data. * wkd: New command --mirror for gpg-wks-client. * gpg-auth: New tool for authentication. * New common.conf option no-autostart. * Silence warnings from AllowSetForegroundWindow unless OBS-URL: https://build.opensuse.org/request/show/1012076 OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=280 2022-10-17 20:43:45 +02:00			`+ * before calling gcry_fips_mode_active. */`
Accepting request 175573 from home:vitezslav_cizek:branches:Base:System - set safe umask before creating a plaintext file (bnc#780943) added gpg2-set_umask_before_open_outfile.patch - select proper ciphers when running in FIPS mode (bnc#808958) added gnupg-detect_FIPS_mode.patch OBS-URL: https://build.opensuse.org/request/show/175573 OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=56 2013-05-16 12:06:39 +02:00			`+ gcry_check_version (NULL);`
Accepting request 1012076 from home:pmonrealgonzalez:branches:Base:System - GnuPG 2.3.8: * gpg: Do not consider unknown public keys as non-compliant while decrypting. * gpg: Avoid to emit a compliance mode line if Libgcrypt is non-compliant. * gpg: Improve --edit-key setpref command to ease c+p. * gpg: Emit an ERROR status if --quick-set-primary-uid fails and allow to pass the user ID by hash. * gpg: Actually show symmetric+pubkey encrypted data as de-vs compliant. Add extra compliance checks for symkey_enc packets. * gpg: In de-vs mode use SHA-256 instead of SHA-1 as implicit preference. * gpgsm: Fix reporting of bad passphrase error during PKCS#11 import. * agent: Fix a regression in "READKEY --format=ssh". * agent: New option --need-attr for KEYINFO. * agent: New attribute "Remote-list" for use by KEYINFO. * scd: Fix problem with Yubikey 5.4 firmware. * dirmngr: Fix CRL Distribution Point fallback to other schemes. * dirmngr: New LDAP server flag "areconly" (A-record-only). * dirmngr: Fix upload of multiple keys for an LDAP server specified using the colon format. * dirmngr: Use LDAP schema v2 when a Base DN is specified. * dirmngr: Avoid caching expired certificates. * wkd: Fix path traversal attack in gpg-wks-server. Add the mail address to the pending request data. * wkd: New command --mirror for gpg-wks-client. * gpg-auth: New tool for authentication. * New common.conf option no-autostart. * Silence warnings from AllowSetForegroundWindow unless OBS-URL: https://build.opensuse.org/request/show/1012076 OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=280 2022-10-17 20:43:45 +02:00			`+ if(!gcry_fips_mode_active())`
			`+ gcry_md_enable(c->mfx.md, DIGEST_ALGO_RMD160);`
Accepting request 266475 from home:AndreasStieger:branches:Base:System gnupg 2.1.1 OBS-URL: https://build.opensuse.org/request/show/266475 OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=90 2014-12-29 07:05:14 +01:00			`gcry_md_enable (c->mfx.md, DIGEST_ALGO_SHA1);`
			`}`
			`if (DBG_HASHING)`