3
0
forked from pool/libgcrypt
libgcrypt/libgcrypt-fips_run_selftest_at_constructor.patch
Ismail Dönmez c1ef8148bf Accepting request 250747 from home:vitezslav_cizek:branches:devel:libraries:c_c++
- disabled curve P-192 in FIPS mode (bnc#896202)
  * added libgcrypt-fips_ecdsa.patch
- don't use SHA-1 for ECDSA in FIPS mode
- also run the fips self tests only in FIPS mode

- run the fips self tests at the constructor code
  * added libgcrypt-fips_run_selftest_at_constructor.patch

- rewrite the DSA-2 code to be FIPS 186-4 compliant (bnc#894216)
  * added libgcrypt-fips-dsa.patch
  * install fips186_dsa
- use 2048 bit keys in selftests_dsa

OBS-URL: https://build.opensuse.org/request/show/250747
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=63
2014-09-22 20:11:21 +00:00

18 lines
466 B
Diff

Index: libgcrypt-1.6.1/src/global.c
===================================================================
--- libgcrypt-1.6.1.orig/src/global.c 2014-09-21 11:41:09.242948783 +0200
+++ libgcrypt-1.6.1/src/global.c 2014-09-21 11:54:49.567586644 +0200
@@ -124,7 +124,11 @@ global_init (void)
err = _gcry_mpi_init ();
if (err)
goto fail;
-
+ if (fips_mode()) {
+ err = _gcry_fips_run_selftests (0);
+ if (err)
+ goto fail;
+ }
return;
fail: