File gnutls-3.6.7-fips-rsa-4096.patch of Package gnutls.27841
diff -Nurp gnutls-3.6.7-orig/lib/nettle/int/rsa-keygen-fips186.c gnutls-3.6.7/lib/nettle/int/rsa-keygen-fips186.c
--- gnutls-3.6.7-orig/lib/nettle/int/rsa-keygen-fips186.c 2019-01-05 12:28:47.000000000 +0100
+++ gnutls-3.6.7/lib/nettle/int/rsa-keygen-fips186.c 2020-05-08 23:39:04.206472627 +0200
@@ -269,7 +269,8 @@ _rsa_generate_fips186_4_keypair(struct r
FIPS_RULE(n_size == 2048 && seed_length != 14 * 2, 0, "seed length other than 28 bytes\n");
FIPS_RULE(n_size == 3072 && seed_length != 16 * 2, 0, "seed length other than 32 bytes\n");
- FIPS_RULE(n_size != 2048 && n_size != 3072, 0, "unsupported size for modulus\n");
+ FIPS_RULE(n_size == 4096 && seed_length != 24 * 2, 0, "seed length other than 48 bytes\n");
+ FIPS_RULE(n_size != 2048 && n_size != 3072 && n_size != 4096, 0, "unsupported size for modulus\n");
if (!mpz_tstbit(pub->e, 0)) {
_gnutls_debug_log("Unacceptable e (it is even)\n");
@@ -407,7 +408,7 @@ rsa_generate_fips186_4_keypair(struct rs
unsigned seed_length;
int ret;
- FIPS_RULE(n_size != 2048 && n_size != 3072, 0, "size of prime of other than 2048 or 3072\n");
+ FIPS_RULE(n_size != 2048 && n_size != 3072 && n_size != 4096, 0, "size of prime of other than 2048, 3072 or 4096\n");
seed_length = SEED_LENGTH(n_size);
if (seed_length > sizeof(seed))