[gnupg2] do not dump core if hash algorithm not available in the FIPS mode
Tomáš Mráz
tmraz at fedoraproject.org
Wed May 7 14:53:33 UTC 2014
commit db860fa735af16b9b1bb19b7d382c20005ca1096
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date: Wed May 7 16:53:53 2014 +0200
do not dump core if hash algorithm not available in the FIPS mode
gnupg-2.0.19-fips-algo.patch | 37 +++++++++++++++++++++++++++++++++++++
gnupg2.spec | 5 ++++-
2 files changed, 41 insertions(+), 1 deletions(-)
---
diff --git a/gnupg-2.0.19-fips-algo.patch b/gnupg-2.0.19-fips-algo.patch
index 4eaea75..f7b4ae9 100644
--- a/gnupg-2.0.19-fips-algo.patch
+++ b/gnupg-2.0.19-fips-algo.patch
@@ -39,3 +39,40 @@ diff -up gnupg-2.0.19/g10/mainproc.c.fips gnupg-2.0.19/g10/mainproc.c
}
if( opt.pgp2_workarounds && only_md5 && !opt.skip_verify ) {
/* This is a kludge to work around a bug in pgp2. It does only
+@@ -2157,24 +2159,30 @@ proc_tree( CTX c, KBNODE node )
+ else if( !c->any.data ) {
+ /* detached signature */
+ free_md_filter_context( &c->mfx );
+- if (gcry_md_open (&c->mfx.md, sig->digest_algo, 0))
+- BUG ();
++ if (gcry_md_open (&c->mfx.md, sig->digest_algo, 0)) {
++ log_error("Digest algorithm not available probably due to FIPS mode.\n");
++ return;
++ }
+
+ if( !opt.pgp2_workarounds )
+ ;
+ else if( sig->digest_algo == DIGEST_ALGO_MD5
+ && is_RSA( sig->pubkey_algo ) ) {
+ /* enable a workaround for a pgp2 bug */
+- if (gcry_md_open (&c->mfx.md2, DIGEST_ALGO_MD5, 0))
+- BUG ();
++ if (gcry_md_open (&c->mfx.md2, DIGEST_ALGO_MD5, 0)) {
++ log_error("Digest algorithm not available probably due to FIPS mode.\n");
++ return;
++ }
+ }
+ else if( sig->digest_algo == DIGEST_ALGO_SHA1
+ && sig->pubkey_algo == PUBKEY_ALGO_DSA
+ && sig->sig_class == 0x01 ) {
+ /* enable the workaround also for pgp5 when the detached
+ * signature has been created in textmode */
+- if (gcry_md_open (&c->mfx.md2, sig->digest_algo, 0 ))
+- BUG ();
++ if (gcry_md_open (&c->mfx.md2, sig->digest_algo, 0 )) {
++ log_error("Digest algorithm not available.\n");
++ return;
++ }
+ }
+ #if 0 /* workaround disabled */
+ /* Here we have another hack to work around a pgp 2 bug
diff --git a/gnupg2.spec b/gnupg2.spec
index 88d86a8..9cad929 100644
--- a/gnupg2.spec
+++ b/gnupg2.spec
@@ -1,7 +1,7 @@
Summary: Utility for secure communication and data storage
Name: gnupg2
Version: 2.0.22
-Release: 2%{?dist}
+Release: 3%{?dist}
License: GPLv3+
Group: Applications/System
@@ -193,6 +193,9 @@ fi
%changelog
+* Wed May 7 2014 Tomáš Mráz <tmraz at redhat.com> - 2.0.22-3
+- do not dump core if hash algorithm not available in the FIPS mode
+
* Tue Mar 4 2014 Tomáš Mráz <tmraz at redhat.com> - 2.0.22-2
- rebuilt against new libgcrypt
More information about the scm-commits
mailing list