84f3f9aea5
* add libgcrypt-unresolved-dladdr.patch (bnc#701267) * add libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff (bnc#724841) * add libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff - install .hmac256.hmac (bnc#704068) - enable varuous new options in configure (m-guard, hmac binary check and random device linux) - build with all ciphers, pubkeys and digest by default as whitelist simply allowed them all - Library must be built with large file support in OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=27
28 lines
901 B
Diff
28 lines
901 B
Diff
From: draht@suse.com
|
|
Subject: LIBGCRYPT_FORCE_FIPS_MODE env
|
|
|
|
environ LIBGCRYPT_FORCE_FIPS_MODE forces FIPS mode of libgcrypt
|
|
|
|
Index: libgcrypt-1.5.2/src/fips.c
|
|
===================================================================
|
|
--- libgcrypt-1.5.2.orig/src/fips.c
|
|
+++ libgcrypt-1.5.2/src/fips.c
|
|
@@ -123,6 +123,17 @@ _gcry_initialize_fips_mode (int force)
|
|
goto leave;
|
|
}
|
|
|
|
+ /* for convenience, so that a process can run fips-enabled, but
|
|
+ not necessarily all of them, enable FIPS mode via environment
|
|
+ variable LIBGCRYPT_FORCE_FIPS_MODE. */
|
|
+
|
|
+ if (getenv("LIBGCRYPT_FORCE_FIPS_MODE") != NULL)
|
|
+ {
|
|
+ gcry_assert (!no_fips_mode_required);
|
|
+ goto leave;
|
|
+ }
|
|
+
|
|
+
|
|
/* For testing the system it is useful to override the system
|
|
provided detection of the FIPS mode and force FIPS mode using a
|
|
file. The filename is hardwired so that there won't be any
|