3
0
forked from pool/libgcrypt

Accepting request 652048 from home:vitezslav_cizek:branches:devel:libraries:c_c++

- Fail selftests when checksum file is missing in FIPS mode only
  (bsc#1117355)
  * add libgcrypt-binary_integrity_in_non-FIPS.patch

OBS-URL: https://build.opensuse.org/request/show/652048
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=119
This commit is contained in:
Tomáš Chvátal 2018-11-26 17:27:31 +00:00 committed by Git OBS Bridge
parent 5a5bf04851
commit b13fa86e81
3 changed files with 27 additions and 1 deletions

View File

@ -0,0 +1,17 @@
Index: libgcrypt-1.8.4/src/fips.c
===================================================================
--- libgcrypt-1.8.4.orig/src/fips.c 2018-11-26 17:30:28.040692529 +0100
+++ libgcrypt-1.8.4/src/fips.c 2018-11-26 17:59:04.130934181 +0100
@@ -663,7 +663,11 @@ check_binary_integrity (void)
/* Open the file. */
fp = fopen (fname, "r");
if (!fp)
- err = gpg_error_from_syserror ();
+ {
+ /* Missing checksum is a problem only in FIPS mode */
+ if (fips_mode() || errno != ENOENT)
+ err = gpg_error_from_syserror ();
+ }
else
{
/* A buffer of 64 bytes plus one for a LF and one to

View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Mon Nov 26 17:09:47 UTC 2018 - Vítězslav Čížek <vcizek@suse.com>
- Fail selftests when checksum file is missing in FIPS mode only
(bsc#1117355)
* add libgcrypt-binary_integrity_in_non-FIPS.patch
-------------------------------------------------------------------
Sun Oct 28 18:57:53 UTC 2018 - astieger@suse.com

View File

@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
@ -57,6 +57,7 @@ Patch32: libgcrypt-fips_run_selftest_at_constructor.patch
Patch35: libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch
#PATCH-FIX-UPSTREAM bsc#1064455 fipsdrv patch to enable --algo for dsa-verify
Patch36: libgcrypt-fipsdrv-enable-algo-for-dsa-verify.patch
Patch37: libgcrypt-binary_integrity_in_non-FIPS.patch
BuildRequires: automake >= 1.14
BuildRequires: fipscheck
BuildRequires: libgpg-error-devel >= 1.25
@ -149,6 +150,7 @@ understanding of applied cryptography is required to use Libgcrypt.
%patch14 -p1
%patch35 -p1
%patch36 -p1
%patch37 -p1
%build
echo building with build_hmac256 set to %{build_hmac256}