libgcrypt/libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
Michal Vyskocil 84f3f9aea5 - port SLE enhancenments to Factory (bnc#831028)
* add libgcrypt-unresolved-dladdr.patch (bnc#701267)
  * add libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff (bnc#724841)
  * add libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
- install .hmac256.hmac (bnc#704068)
- enable varuous new options in configure (m-guard, hmac binary check and
  random device linux)
- build with all ciphers, pubkeys and digest by default as whitelist
  simply allowed them all
- Library must be built with large file support in

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=27
2013-07-25 09:26:56 +00:00

28 lines
901 B
Diff

From: draht@suse.com
Subject: LIBGCRYPT_FORCE_FIPS_MODE env
environ LIBGCRYPT_FORCE_FIPS_MODE forces FIPS mode of libgcrypt
Index: libgcrypt-1.5.2/src/fips.c
===================================================================
--- libgcrypt-1.5.2.orig/src/fips.c
+++ libgcrypt-1.5.2/src/fips.c
@@ -123,6 +123,17 @@ _gcry_initialize_fips_mode (int force)
goto leave;
}
+ /* for convenience, so that a process can run fips-enabled, but
+ not necessarily all of them, enable FIPS mode via environment
+ variable LIBGCRYPT_FORCE_FIPS_MODE. */
+
+ if (getenv("LIBGCRYPT_FORCE_FIPS_MODE") != NULL)
+ {
+ gcry_assert (!no_fips_mode_required);
+ goto leave;
+ }
+
+
/* For testing the system it is useful to override the system
provided detection of the FIPS mode and force FIPS mode using a
file. The filename is hardwired so that there won't be any