Andreas Stieger
a1f48048e7
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=202
35 lines
1.6 KiB
Diff
35 lines
1.6 KiB
Diff
Index: gnupg-2.1.1/g10/encrypt.c
|
|
===================================================================
|
|
--- gnupg-2.1.1.orig/g10/encrypt.c
|
|
+++ gnupg-2.1.1/g10/encrypt.c
|
|
@@ -783,7 +783,10 @@ encrypt_filter (void *opaque, int contro
|
|
/* Because 3DES is implicitly in the prefs, this can
|
|
only happen if we do not have any public keys in
|
|
the list. */
|
|
- efx->cfx.dek->algo = DEFAULT_CIPHER_ALGO;
|
|
+ /* Libgcrypt manual says that gcry_version_check must be called
|
|
+ before calling gcry_fips_mode_active. */
|
|
+ gcry_check_version (NULL);
|
|
+ efx->cfx.dek->algo = gcry_fips_mode_active() ? CIPHER_ALGO_AES : DEFAULT_CIPHER_ALGO;
|
|
}
|
|
|
|
/* In case 3DES has been selected, print a warning if
|
|
Index: gnupg-2.1.1/g10/mainproc.c
|
|
===================================================================
|
|
--- gnupg-2.1.1.orig/g10/mainproc.c
|
|
+++ gnupg-2.1.1/g10/mainproc.c
|
|
@@ -719,7 +719,12 @@ proc_plaintext( CTX c, PACKET *pkt )
|
|
according to 2440, so hopefully it won't come up that often.
|
|
There is no good way to specify what algorithms to use in
|
|
that case, so these there are the historical answer. */
|
|
- gcry_md_enable (c->mfx.md, DIGEST_ALGO_RMD160);
|
|
+
|
|
+ /* Libgcrypt manual says that gcry_version_check must be called
|
|
+ before calling gcry_fips_mode_active. */
|
|
+ gcry_check_version (NULL);
|
|
+ if( !gcry_fips_mode_active() )
|
|
+ gcry_md_enable( c->mfx.md, DIGEST_ALGO_RMD160 );
|
|
gcry_md_enable (c->mfx.md, DIGEST_ALGO_SHA1);
|
|
}
|
|
if (DBG_HASHING)
|