Overview

File libgcrypt-FIPS-disable-GCRYCTL_NO_FIPS_MODE.patch of Package libgcrypt.37939

Index: libgcrypt-1.10.3/src/global.c
===================================================================
--- libgcrypt-1.10.3.orig/src/global.c
+++ libgcrypt-1.10.3/src/global.c
@@ -755,9 +755,14 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
       break;
 
     case GCRYCTL_NO_FIPS_MODE:
+      /* Disable the command to put the library in non-fips mode to
+       * comply with the FIPS 140-3 certification. */
+      if (fips_mode ())
+        break;
+
       /* Performing this command puts the library into non-fips mode,
          even if system has fips setting.  It is not possible to put
-         the libraty into non-fips mode after having passed the
+         the library into non-fips mode after having passed the
          initialization. */
       _gcry_set_preferred_rng_type (0);
       if (!_gcry_global_any_init_done)
Index: libgcrypt-1.10.3/doc/gcrypt.info-1
===================================================================
--- libgcrypt-1.10.3.orig/doc/gcrypt.info-1
+++ libgcrypt-1.10.3/doc/gcrypt.info-1
@@ -465,7 +465,9 @@ provided to switch Libgcrypt into non-FI
 
    * If the application requests non-FIPS mode using the control command
      'GCRYCTL_NO_FIPS_MODE'.  This must be done prior to any
-     initialization (i.e.  before 'gcry_check_version').
+     initialization (i.e.  before 'gcry_check_version'). Note that,
+     using this mechanism has been disabled to comply with the FIPS 140-3
+     certification.
 
 
 File: gcrypt.info,  Node: Hardware features,  Prev: Disabling FIPS mode,  Up: Preparation
@@ -826,7 +828,8 @@ File: gcrypt.info,  Node: Controlling th
           and that is actually the recommended way to let an application
           switch the library into non-FIPS mode.  Note that Libgcrypt
           will reject an attempt to switch to non-FIPS mode during or
-          after the initialization.
+          after the initialization. Note that, using this mechanism has
+          been disabled to comply with the FIPS 140-3 certification.
 
      'GCRYCTL_SET_ENFORCED_FIPS_FLAG; Arguments: none'
           This command is obsolete and has no effect; do not use it.
Index: libgcrypt-1.10.3/doc/gcrypt.texi
===================================================================
--- libgcrypt-1.10.3.orig/doc/gcrypt.texi
+++ libgcrypt-1.10.3/doc/gcrypt.texi
@@ -546,7 +546,10 @@ is provided to switch Libgcrypt into non
 @item
 If the application requests non-FIPS mode using the control command
 @code{GCRYCTL_NO_FIPS_MODE}.  This must be done prior to any
-initialization (i.e. before @code{gcry_check_version}).
+initialization (i.e. before @code{gcry_check_version}). Note that,
+using this mechanism has been disabled to comply with the FIPS 140-3
+certification.
+
 @end itemize
 
 
@@ -894,7 +897,9 @@ Running this command puts the library in
 command may be used before a call to @code{gcry_check_version} and
 that is actually the recommended way to let an application switch the
 library into non-FIPS mode.  Note that Libgcrypt will reject an attempt to
-switch to non-FIPS mode during or after the initialization.
+switch to non-FIPS mode during or after the initialization. Note that,
+using this mechanism has been disabled to comply with the FIPS 140-3
+certification.
 
 @item GCRYCTL_SET_ENFORCED_FIPS_FLAG; Arguments: none
 This command is obsolete and has no effect; do not use it.
openSUSE Build Service is sponsored by
Places