From b4ff889083fcfc70daa770ccc548695cf8216ee0 Mon Sep 17 00:00:00 2001
From: Packit Service <user-cont-team+packit-service@redhat.com>
Date: Dec 09 2020 19:00:51 +0000
Subject: Apply patch libgcrypt-1.7.3-fips-reqs.patch


patch_name: libgcrypt-1.7.3-fips-reqs.patch
present_in_specfile: true

---

diff --git a/src/visibility.c b/src/visibility.c
index 104c70d..7f87d00 100644
--- a/src/visibility.c
+++ b/src/visibility.c
@@ -1294,6 +1294,8 @@ gcry_kdf_derive (const void *passphrase, size_t passphraselen,
                  unsigned long iterations,
                  size_t keysize, void *keybuffer)
 {
+  if (!fips_is_operational ())
+    return gpg_error (fips_not_operational ());
   return gpg_error (_gcry_kdf_derive (passphrase, passphraselen, algo, hashalgo,
                                       salt, saltlen, iterations,
                                       keysize, keybuffer));
@@ -1349,6 +1351,13 @@ void
 gcry_mpi_randomize (gcry_mpi_t w,
                     unsigned int nbits, enum gcry_random_level level)
 {
+  if (!fips_is_operational ())
+    {
+      (void)fips_not_operational ();
+      fips_signal_fatal_error ("called in non-operational state");
+      fips_noreturn ();
+    }
+
   _gcry_mpi_randomize (w, nbits, level);
 }
 
@@ -1374,6 +1383,8 @@ gcry_prime_generate (gcry_mpi_t *prime,
                      gcry_random_level_t random_level,
                      unsigned int flags)
 {
+  if (!fips_is_operational ())
+    return gpg_error (fips_not_operational ());
   return gpg_error (_gcry_prime_generate (prime, prime_bits, factor_bits,
                                           factors, cb_func, cb_arg,
                                           random_level, flags));