pool/libgcrypt
SHA256
2
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
141234108e
libgcrypt/libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff

28 lines
901 B
Diff
Raw Normal View History

- port SLE enhancenments to Factory (bnc#831028) * add libgcrypt-unresolved-dladdr.patch (bnc#701267) * add libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff (bnc#724841) * add libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff - install .hmac256.hmac (bnc#704068) - enable varuous new options in configure (m-guard, hmac binary check and random device linux) - build with all ciphers, pubkeys and digest by default as whitelist simply allowed them all - Library must be built with large file support in OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=27
2013-07-25 11:26:56 +02:00
From: draht@suse.com
Subject: LIBGCRYPT_FORCE_FIPS_MODE env
environ LIBGCRYPT_FORCE_FIPS_MODE forces FIPS mode of libgcrypt
Index: libgcrypt-1.5.2/src/fips.c
===================================================================
--- libgcrypt-1.5.2.orig/src/fips.c
+++ libgcrypt-1.5.2/src/fips.c
@@ -123,6 +123,17 @@ _gcry_initialize_fips_mode (int force)
goto leave;
}
+ /* for convenience, so that a process can run fips-enabled, but
+ not necessarily all of them, enable FIPS mode via environment
+ variable LIBGCRYPT_FORCE_FIPS_MODE. */
+
+ if (getenv("LIBGCRYPT_FORCE_FIPS_MODE") != NULL)
+ {
+ gcry_assert (!no_fips_mode_required);
+ goto leave;
+ }
+
+
/* For testing the system it is useful to override the system
provided detection of the FIPS mode and force FIPS mode using a
file. The filename is hardwired so that there won't be any
Reference in New Issue Copy Permalink