pool/gpg2
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
e04faea002
gpg2/gnupg-detect_FIPS_mode.patch
Tomáš Chvátal e04faea002 Accepting request 615233 from home:kbabioch:branches:Base:System 
- Applied spec-cleaner
- Refreshed patches
- Update to version 2.2.8:
  * gpg: Decryption of messages not using the MDC mode will now lead to a
    hard failure even if a legacy cipher algorithm was used. The option
    --ignore-mdc-error can be used to turn this failure into a warning. Take
    care: Never use that option unconditionally or without a prior warning.
  * gpg: The MDC encryption mode is now always used regardless of the
    cipher algorithm or any preferences.  For testing --rfc2440 can be
    used to create a message without an MDC.
  * gpg: Sanitize the diagnostic output of the original file name in
    verbose mode.
  * gpg: Detect suspicious multiple plaintext packets in a more reliable way.
  * gpg: Fix the duplicate key signature detection code.
  * gpg: The options --no-mdc-warn, --force-mdc, --no-force-mdc,
    --disable-mdc and --no-disable-mdc have no more effect.
  * agent: Add DBUS_SESSION_BUS_ADDRESS and a few other envvars to the
    list of startup environment variables.

OBS-URL: https://build.opensuse.org/request/show/615233
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=198
2018-06-08 12:49:21 +00:00

40 lines
1.7 KiB
Diff
Raw Blame History

---
g10/encrypt.c | 5 ++++-
g10/mainproc.c | 7 ++++++-
2 files changed, 10 insertions(+), 2 deletions(-)
Index: gnupg-2.2.8/g10/encrypt.c
===================================================================
--- gnupg-2.2.8.orig/g10/encrypt.c
+++ gnupg-2.2.8/g10/encrypt.c
@@ -825,7 +825,10 @@ encrypt_filter (void *opaque, int contro
/* Because 3DES is implicitly in the prefs, this can
only happen if we do not have any public keys in
the list. */
- efx->cfx.dek->algo = DEFAULT_CIPHER_ALGO;
+ /* Libgcrypt manual says that gcry_version_check must be called
+ before calling gcry_fips_mode_active. */
+ gcry_check_version (NULL);
+ efx->cfx.dek->algo = gcry_fips_mode_active() ? CIPHER_ALGO_AES : DEFAULT_CIPHER_ALGO;
}
/* In case 3DES has been selected, print a warning if
Index: gnupg-2.2.8/g10/mainproc.c
===================================================================
--- gnupg-2.2.8.orig/g10/mainproc.c
+++ gnupg-2.2.8/g10/mainproc.c
@@ -821,7 +821,12 @@ proc_plaintext( CTX c, PACKET *pkt )
according to 2440, so hopefully it won't come up that often.
There is no good way to specify what algorithms to use in
that case, so these there are the historical answer. */
- gcry_md_enable (c->mfx.md, DIGEST_ALGO_RMD160);
+
+ /* Libgcrypt manual says that gcry_version_check must be called
+ before calling gcry_fips_mode_active. */
+ gcry_check_version (NULL);
+ if( !gcry_fips_mode_active() )
+ gcry_md_enable( c->mfx.md, DIGEST_ALGO_RMD160 );
gcry_md_enable (c->mfx.md, DIGEST_ALGO_SHA1);
}
if (DBG_HASHING)
Reference in New Issue View Git Blame Copy Permalink