File gnupg-detect_FIPS_mode.patch of Package gpg2.7706
Index: gnupg-2.1.1/g10/encrypt.c
===================================================================
--- gnupg-2.1.1.orig/g10/encrypt.c
+++ gnupg-2.1.1/g10/encrypt.c
@@ -783,7 +783,10 @@ encrypt_filter (void *opaque, int contro
/* Because 3DES is implicitly in the prefs, this can
only happen if we do not have any public keys in
the list. */
- efx->cfx.dek->algo = DEFAULT_CIPHER_ALGO;
+ /* Libgcrypt manual says that gcry_version_check must be called
+ before calling gcry_fips_mode_active. */
+ gcry_check_version (NULL);
+ efx->cfx.dek->algo = gcry_fips_mode_active() ? CIPHER_ALGO_AES : DEFAULT_CIPHER_ALGO;
}
/* In case 3DES has been selected, print a warning if
Index: gnupg-2.1.1/g10/mainproc.c
===================================================================
--- gnupg-2.1.1.orig/g10/mainproc.c
+++ gnupg-2.1.1/g10/mainproc.c
@@ -719,7 +719,12 @@ proc_plaintext( CTX c, PACKET *pkt )
according to 2440, so hopefully it won't come up that often.
There is no good way to specify what algorithms to use in
that case, so these there are the historical answer. */
- gcry_md_enable (c->mfx.md, DIGEST_ALGO_RMD160);
+
+ /* Libgcrypt manual says that gcry_version_check must be called
+ before calling gcry_fips_mode_active. */
+ gcry_check_version (NULL);
+ if( !gcry_fips_mode_active() )
+ gcry_md_enable( c->mfx.md, DIGEST_ALGO_RMD160 );
gcry_md_enable (c->mfx.md, DIGEST_ALGO_SHA1);
}
if (DBG_HASHING)