Pedro Monreal Gonzalez
9563eb9685
- libgcrypt-1.8.3-fips-ctor.patch changed the way the fips selftests are invoked as well as the state transition, adjust the code so a missing checksum file is not an issue in non-FIPS mode (bsc#1097073) * update libgcrypt-binary_integrity_in_non-FIPS.patch - Enforce the minimal RSA keygen size in fips mode (bsc#1125740) * add libgcrypt-fips_rsa_no_enforced_mode.patch OBS-URL: https://build.opensuse.org/request/show/689095 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=122
14 lines
603 B
Diff
14 lines
603 B
Diff
Index: libgcrypt-1.8.2/cipher/rsa.c
|
|
===================================================================
|
|
--- libgcrypt-1.8.2.orig/cipher/rsa.c 2017-11-23 19:16:58.000000000 +0100
|
|
+++ libgcrypt-1.8.2/cipher/rsa.c 2019-03-26 11:14:33.737388126 +0100
|
|
@@ -389,7 +389,7 @@ generate_fips (RSA_secret_key *sk, unsig
|
|
|
|
if (nbits < 1024 || (nbits & 0x1FF))
|
|
return GPG_ERR_INV_VALUE;
|
|
- if (_gcry_enforced_fips_mode() && nbits != 2048 && nbits != 3072)
|
|
+ if (fips_mode() && nbits != 2048 && nbits != 3072)
|
|
return GPG_ERR_INV_VALUE;
|
|
|
|
/* The random quality depends on the transient_key flag. */
|