Overview

File libgcrypt-FIPS-disable-DSA.patch of Package libgcrypt.25788

From ea362090fc11caa28643153fc6444442243c8765 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 8 Dec 2021 09:52:02 +0900
Subject: [PATCH 0937/1000] fips: Disable DSA in FIPS mode.

* cipher/dsa.c (run_selftests): Disable DSA spec in FIPS mode.
* src/fips.c (run_pubkey_selftests): Skip DSA power-on selftests.
--

GnuPG-bug-id: 5710
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
 cipher/dsa.c | 2 +-
 src/fips.c   | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/cipher/dsa.c b/cipher/dsa.c
index d5b00912..e559f9f5 100644
--- a/cipher/dsa.c
+++ b/cipher/dsa.c
@@ -1441,7 +1441,7 @@ run_selftests (int algo, int extended, selftest_report_func_t report)
 
 gcry_pk_spec_t _gcry_pubkey_spec_dsa =
   {
-    GCRY_PK_DSA, { 0, 1 },
+    GCRY_PK_DSA, { 0, 0 },
     GCRY_PK_USAGE_SIGN,
     "DSA", dsa_names,
     "pqgy", "pqgyx", "", "rs", "pqgy",
diff --git a/src/fips.c b/src/fips.c
index 0ab7fecc..bcadc5f2 100644
--- a/src/fips.c
+++ b/src/fips.c
@@ -522,7 +522,6 @@ run_pubkey_selftests (int extended)
   static int algos[] =
     {
       GCRY_PK_RSA,
-      GCRY_PK_DSA,
       GCRY_PK_ECC,
       0
     };
-- 
2.34.1
openSUSE Build Service is sponsored by
Places