File gnupg-detect_FIPS_mode.patch of Package gpg2.24602

Index: gnupg-2.2.27/g10/encrypt.c
===================================================================
--- gnupg-2.2.27.orig/g10/encrypt.c
+++ gnupg-2.2.27/g10/encrypt.c
@@ -577,7 +577,8 @@ encrypt_crypt (ctrl_t ctrl, int filefd,
          that the implementation behind any v4 key can handle 3DES. */
       if (cfx.dek->algo == -1)
         {
-          cfx.dek->algo = CIPHER_ALGO_3DES;
+	  gcry_check_version (NULL);
+	  cfx.dek->algo = gcry_fips_mode_active() ? CIPHER_ALGO_AES : CIPHER_ALGO_3DES;
         }
 
       /* In case 3DES has been selected, print a warning if any key
@@ -841,7 +842,10 @@ encrypt_filter (void *opaque, int contro
                   /* Because 3DES is implicitly in the prefs, this can
                      only happen if we do not have any public keys in
                      the list.  */
-                  efx->cfx.dek->algo = DEFAULT_CIPHER_ALGO;
+		   /* Libgcrypt manual says that gcry_version_check must be called
+		      before calling gcry_fips_mode_active. */
+		    gcry_check_version (NULL);
+		    efx->cfx.dek->algo = gcry_fips_mode_active() ? CIPHER_ALGO_AES : DEFAULT_CIPHER_ALGO;
                 }
 
               /* In case 3DES has been selected, print a warning if
Index: gnupg-2.2.27/g10/mainproc.c
===================================================================
--- gnupg-2.2.27.orig/g10/mainproc.c
+++ gnupg-2.2.27/g10/mainproc.c
@@ -953,7 +953,12 @@ proc_plaintext( CTX c, PACKET *pkt )
          according to 2440, so hopefully it won't come up that often.
          There is no good way to specify what algorithms to use in
          that case, so these there are the historical answer. */
-	gcry_md_enable (c->mfx.md, DIGEST_ALGO_RMD160);
+
+	/* Libgcrypt manual says that gcry_version_check must be called
+	   before calling gcry_fips_mode_active. */
+	gcry_check_version (NULL);
+	if( !gcry_fips_mode_active() )
+	  gcry_md_enable( c->mfx.md, DIGEST_ALGO_RMD160 );
 	gcry_md_enable (c->mfx.md, DIGEST_ALGO_SHA1);
     }
   if (DBG_HASHING)
openSUSE Build Service is sponsored by