diff --git a/libgcrypt-1.10.0-allow-small-RSA-verify.patch b/libgcrypt-1.10.0-allow-small-RSA-verify.patch
new file mode 100644
index 0000000..278afa7
--- /dev/null
+++ b/libgcrypt-1.10.0-allow-small-RSA-verify.patch
@@ -0,0 +1,70 @@
+From ca2afc9fb64d9a9b2f8930ba505d9ab6c8a57667 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Thu, 12 May 2022 10:56:47 +0200
+Subject: [PATCH] cipher: Allow verification of small RSA signatures in FIPS
+ mode
+
+* cipher/rsa.c (rsa_check_keysize): Formatting.
+  (rsa_check_verify_keysize): New function.
+  (rsa_verify): Allow using smaller keys for verification.
+--
+
+GnuPG-bug-id: 5975
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+---
+ cipher/rsa.c | 26 ++++++++++++++++++++++++--
+ 1 file changed, 24 insertions(+), 2 deletions(-)
+
+diff --git a/cipher/rsa.c b/cipher/rsa.c
+index c6319b67..9f2b36e8 100644
+--- a/cipher/rsa.c
++++ b/cipher/rsa.c
+@@ -352,13 +352,35 @@ generate_std (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e,
+ static gpg_err_code_t
+ rsa_check_keysize (unsigned int nbits)
+ {
+-  if (fips_mode() && nbits < 2048)
++  if (fips_mode () && nbits < 2048)
+     return GPG_ERR_INV_VALUE;
+ 
+   return GPG_ERR_NO_ERROR;
+ }
+ 
+ 
++/* Check the RSA key length is acceptable for signature verification
++ *
++ * FIPS allows signature verification with RSA keys of size
++ * 1024, 1280, 1536 and 1792 in legacy mode, but this is up to the
++ * calling application to decide if the signature is legacy and
++ * should be accepted.
++ */
++static gpg_err_code_t
++rsa_check_verify_keysize (unsigned int nbits)
++{
++  if (fips_mode ())
++    {
++      if ((nbits >= 1024 && (nbits % 256) == 0) || nbits >= 2048)
++        return GPG_ERR_NO_ERROR;
++
++      return GPG_ERR_INV_VALUE;
++    }
++
++  return GPG_ERR_NO_ERROR;
++}
++
++
+ /****************
+  * Generate a key pair with a key of size NBITS.
+  * USE_E = 0 let Libcgrypt decide what exponent to use.
+@@ -1602,7 +1624,7 @@ rsa_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms)
+   gcry_mpi_t result = NULL;
+   unsigned int nbits = rsa_get_nbits (keyparms);
+ 
+-  rc = rsa_check_keysize (nbits);
++  rc = rsa_check_verify_keysize (nbits);
+   if (rc)
+     return rc;
+ 
+-- 
+2.37.1
+
diff --git a/libgcrypt.spec b/libgcrypt.spec
index d01d935..01e4585 100644
--- a/libgcrypt.spec
+++ b/libgcrypt.spec
@@ -24,6 +24,7 @@ Source2: wk@g10code.com
 Patch1: libgcrypt-1.10.0-disable-brainpool.patch
 Patch2: libgcrypt-1.10.0-fips-disable-pkcs1.5.patch
 Patch3: libgcrypt-1.10.0-ppc-hwf.patch
+Patch4: libgcrypt-1.10.0-allow-small-RSA-verify.patch
 
 %global gcrylibdir %{_libdir}
 %global gcrysoname libgcrypt.so.20
@@ -62,6 +63,7 @@ applications using libgcrypt.
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1
 
 %build
 # This package has a configure test which uses ASMs, but does not link the