From 242f11d393c6b864d9ec0c011383e6f61309eeec Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Wed, 5 Oct 2022 18:18:25 +0200 Subject: [PATCH] Fix function name FIPS service indicator and disable PK encryption Related: rhbz#2130275 --- libgcrypt-1.10.0-fips-selftest.patch | 34 ++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/libgcrypt-1.10.0-fips-selftest.patch b/libgcrypt-1.10.0-fips-selftest.patch index 6b9a4fb..5816b32 100644 --- a/libgcrypt-1.10.0-fips-selftest.patch +++ b/libgcrypt-1.10.0-fips-selftest.patch @@ -1124,3 +1124,37 @@ index 00000000..65617855 +} -- 2.37.3 +From 149f6f8654fdeaf7aa1ff8ac3d00d7454c0e6eff Mon Sep 17 00:00:00 2001 +From: Jakub Jelen +Date: Wed, 5 Oct 2022 16:50:08 +0200 +Subject: [PATCH] fips: Mark gcry_pk_encrypt/decrypt function non-approved + +* src/fips.c (_gcry_fips_indicator_function): Fix typo in sign/verify + function names and add gcry_pk_encrypt and gcry_pk_decrypt. +-- + +Signed-off-by: Jakub Jelen +--- + src/fips.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/fips.c b/src/fips.c +index 9a524ea4..6599121c 100644 +--- a/src/fips.c ++++ b/src/fips.c +@@ -395,8 +395,10 @@ _gcry_fips_indicator_function (va_list arg_ptr) + { + const char *function = va_arg (arg_ptr, const char *); + +- if (strcmp (function, "gcry_sign") == 0 || +- strcmp (function, "gcry_verify") == 0) ++ if (strcmp (function, "gcry_pk_sign") == 0 || ++ strcmp (function, "gcry_pk_verify") == 0 || ++ strcmp (function, "gcry_pk_encrypt") == 0 || ++ strcmp (function, "gcry_pk_decrypt") == 0) + return GPG_ERR_NOT_SUPPORTED; + + return GPG_ERR_NO_ERROR; +-- +2.37.3 +