File gnupg-detect_FIPS_mode.patch of Package gpg2.7706

Index: gnupg-2.1.1/g10/encrypt.c
===================================================================
--- gnupg-2.1.1.orig/g10/encrypt.c
+++ gnupg-2.1.1/g10/encrypt.c
@@ -783,7 +783,10 @@ encrypt_filter (void *opaque, int contro
                   /* Because 3DES is implicitly in the prefs, this can
                      only happen if we do not have any public keys in
                      the list.  */
-                  efx->cfx.dek->algo = DEFAULT_CIPHER_ALGO;
+		   /* Libgcrypt manual says that gcry_version_check must be called
+		      before calling gcry_fips_mode_active. */
+		    gcry_check_version (NULL);
+		    efx->cfx.dek->algo = gcry_fips_mode_active() ? CIPHER_ALGO_AES : DEFAULT_CIPHER_ALGO;
                 }
 
               /* In case 3DES has been selected, print a warning if
Index: gnupg-2.1.1/g10/mainproc.c
===================================================================
--- gnupg-2.1.1.orig/g10/mainproc.c
+++ gnupg-2.1.1/g10/mainproc.c
@@ -719,7 +719,12 @@ proc_plaintext( CTX c, PACKET *pkt )
          according to 2440, so hopefully it won't come up that often.
          There is no good way to specify what algorithms to use in
          that case, so these there are the historical answer. */
-	gcry_md_enable (c->mfx.md, DIGEST_ALGO_RMD160);
+
+	/* Libgcrypt manual says that gcry_version_check must be called
+	   before calling gcry_fips_mode_active. */
+	gcry_check_version (NULL);
+	if( !gcry_fips_mode_active() )
+	  gcry_md_enable( c->mfx.md, DIGEST_ALGO_RMD160 );
 	gcry_md_enable (c->mfx.md, DIGEST_ALGO_SHA1);
     }
   if (DBG_HASHING)
openSUSE Build Service is sponsored by