forked from pool/libgcrypt
Pedro Monreal Gonzalez
b5b243be7f
* Add --enable-marvin-workaround to spec to enable workaround * Fix timing based side-channel in RSA implementation ( Marvin attack ) * Add libgcrypt-CVE-2024-2236.patch OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=193
41 lines
1.1 KiB
Diff
41 lines
1.1 KiB
Diff
From 3bdb59c21b77711cf7d44d692a7a02f5f469033e Mon Sep 17 00:00:00 2001
|
|
From: Lucas Mulling via Gcrypt-devel <gcrypt-devel@gnupg.org>
|
|
Date: Wed, 26 Feb 2025 17:19:22 -0300
|
|
Subject: [PATCH 04/14] cipher: Differentiate igninvflag in the SLI
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
* cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Differentiate use
|
|
of igninvflag.
|
|
|
|
GnuPG-bug-id: 7338
|
|
Signed-off-by: Lucas Mulling <lucas.mulling@suse.com>
|
|
Signed-off-by: Lucas Mülling <lucas.mulling@suse.com>
|
|
---
|
|
cipher/pubkey-util.c | 8 ++++++++
|
|
1 file changed, 8 insertions(+)
|
|
|
|
diff --git a/cipher/pubkey-util.c b/cipher/pubkey-util.c
|
|
index 68defea6..9c927638 100644
|
|
--- a/cipher/pubkey-util.c
|
|
+++ b/cipher/pubkey-util.c
|
|
@@ -200,6 +200,14 @@ _gcry_pk_util_parse_flaglist (gcry_sexp_t list,
|
|
}
|
|
}
|
|
|
|
+ if (fips_mode () && igninvflag)
|
|
+ {
|
|
+ if (fips_check_rejection (GCRY_FIPS_FLAG_REJECT_PK))
|
|
+ rc = GPG_ERR_INV_FLAG;
|
|
+ else
|
|
+ fips_service_indicator_mark_non_compliant ();
|
|
+ }
|
|
+
|
|
if (r_flags)
|
|
*r_flags = flags;
|
|
if (r_encoding)
|
|
--
|
|
2.49.0
|
|
|