From b13fa86e81f175a0aab011cb96b26a2e0dc11ab5a764d42e82bee97b30478155 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= <tchvatal@suse.com>
Date: Mon, 26 Nov 2018 17:27:31 +0000
Subject: [PATCH] Accepting request 652048 from
 home:vitezslav_cizek:branches:devel:libraries:c_c++

- Fail selftests when checksum file is missing in FIPS mode only
  (bsc#1117355)
  * add libgcrypt-binary_integrity_in_non-FIPS.patch

OBS-URL: https://build.opensuse.org/request/show/652048
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=119
---
 libgcrypt-binary_integrity_in_non-FIPS.patch | 17 +++++++++++++++++
 libgcrypt.changes                            |  7 +++++++
 libgcrypt.spec                               |  4 +++-
 3 files changed, 27 insertions(+), 1 deletion(-)
 create mode 100644 libgcrypt-binary_integrity_in_non-FIPS.patch

diff --git a/libgcrypt-binary_integrity_in_non-FIPS.patch b/libgcrypt-binary_integrity_in_non-FIPS.patch
new file mode 100644
index 0000000..2daaa0a
--- /dev/null
+++ b/libgcrypt-binary_integrity_in_non-FIPS.patch
@@ -0,0 +1,17 @@
+Index: libgcrypt-1.8.4/src/fips.c
+===================================================================
+--- libgcrypt-1.8.4.orig/src/fips.c	2018-11-26 17:30:28.040692529 +0100
++++ libgcrypt-1.8.4/src/fips.c	2018-11-26 17:59:04.130934181 +0100
+@@ -663,7 +663,11 @@ check_binary_integrity (void)
+               /* Open the file.  */
+               fp = fopen (fname, "r");
+               if (!fp)
+-                err = gpg_error_from_syserror ();
++                {
++                  /* Missing checksum is a problem only in FIPS mode */
++                  if (fips_mode() || errno != ENOENT)
++                    err = gpg_error_from_syserror ();
++                }
+               else
+                 {
+                   /* A buffer of 64 bytes plus one for a LF and one to
diff --git a/libgcrypt.changes b/libgcrypt.changes
index 44cc9cf..2cd2107 100644
--- a/libgcrypt.changes
+++ b/libgcrypt.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Nov 26 17:09:47 UTC 2018 - Vítězslav Čížek <vcizek@suse.com>
+
+- Fail selftests when checksum file is missing in FIPS mode only
+  (bsc#1117355)
+  * add libgcrypt-binary_integrity_in_non-FIPS.patch
+
 -------------------------------------------------------------------
 Sun Oct 28 18:57:53 UTC 2018 - astieger@suse.com
 
diff --git a/libgcrypt.spec b/libgcrypt.spec
index 71196fc..e69ef7d 100644
--- a/libgcrypt.spec
+++ b/libgcrypt.spec
@@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
@@ -57,6 +57,7 @@ Patch32:        libgcrypt-fips_run_selftest_at_constructor.patch
 Patch35:        libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch
 #PATCH-FIX-UPSTREAM bsc#1064455 fipsdrv patch to enable --algo for dsa-verify
 Patch36:        libgcrypt-fipsdrv-enable-algo-for-dsa-verify.patch
+Patch37:        libgcrypt-binary_integrity_in_non-FIPS.patch
 BuildRequires:  automake >= 1.14
 BuildRequires:  fipscheck
 BuildRequires:  libgpg-error-devel >= 1.25
@@ -149,6 +150,7 @@ understanding of applied cryptography is required to use Libgcrypt.
 %patch14 -p1
 %patch35 -p1
 %patch36 -p1
+%patch37 -p1
 
 %build
 echo building with build_hmac256 set to %{build_hmac256}