3
0
forked from pool/libgcrypt
libgcrypt/libgcrypt-fips_rsa_no_enforced_mode.patch
Pedro Monreal Gonzalez 9563eb9685 Accepting request 689095 from home:vitezslav_cizek:branches:devel:libraries:c_c++
- libgcrypt-1.8.3-fips-ctor.patch changed the way the fips selftests
  are invoked as well as the state transition, adjust the code so
  a missing checksum file is not an issue in non-FIPS mode (bsc#1097073)
  * update libgcrypt-binary_integrity_in_non-FIPS.patch

- Enforce the minimal RSA keygen size in fips mode (bsc#1125740)
  * add libgcrypt-fips_rsa_no_enforced_mode.patch

OBS-URL: https://build.opensuse.org/request/show/689095
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=122
2019-03-27 14:36:50 +00:00

14 lines
603 B
Diff

Index: libgcrypt-1.8.2/cipher/rsa.c
===================================================================
--- libgcrypt-1.8.2.orig/cipher/rsa.c 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.2/cipher/rsa.c 2019-03-26 11:14:33.737388126 +0100
@@ -389,7 +389,7 @@ generate_fips (RSA_secret_key *sk, unsig
if (nbits < 1024 || (nbits & 0x1FF))
return GPG_ERR_INV_VALUE;
- if (_gcry_enforced_fips_mode() && nbits != 2048 && nbits != 3072)
+ if (fips_mode() && nbits != 2048 && nbits != 3072)
return GPG_ERR_INV_VALUE;
/* The random quality depends on the transient_key flag. */