pool/gpg2
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
848ac5d6a6
gpg2/gnupg-add_legacy_FIPS_mode_option.patch
Pedro Monreal Gonzalez 8386d6f0f3 Accepting request 1089861 from home:pmonrealgonzalez:branches:Base:System 
- Update to 2.4.2:
  * gpg: Print a warning if no more encryption subkeys are left over
    after changing the expiration date.  [rGef2c3d50fa]
  * gpg: Fix searching for the ADSK key when adding an ADSK.  [T6504]
  * gpgsm: Speed up key listings on Windows.  [rG08ff55bd44]
  * gpgsm: Reduce the number of "failed to open policy file"
    diagnostics.  [rG68613a6a9d]
  * agent: Make updating of private key files more robust and track
    display S/N.  [T6135]
  * keyboxd: Avoid longish delays on Windows when listing keys.
    [rG6944aefa3c]
  * gpgtar: Emit extra status lines to help GPGME.  [T6497]
  * w32: Avoid using the VirtualStore.  [T6403]
  * Rebase gnupg-add_legacy_FIPS_mode_option.patch

- Update to 2.4.1:
  * If the ~/.gnupg directory does not exist, the keyboxd is now
    automagically enabled. [rGd9e7488b17]
  * gpg: New option --add-desig-revoker. [rG3d094e2bcf]
  * gpg: New option --assert-signer. [rGc9e95b8dee]
  * gpg: New command --quick-add-adsk and other ADSK features.
    [T6395, https://gnupg.org/blog/20230321-adsk.html]
  * gpg: New list-option "show-unusable-sigs". Also show "[self-signature]"
    instead of the user-id in key signature listings. [rG103acfe9ca]
  * gpg: For symmetric encryption the default S2K hash is now SHA256. [T6367]
  * gpg: Detect already compressed data also when using a pipe. Also
    detect JPEG and PNG file formats. [T6332]
  * gpg: New subcommand "openpgp" for --card-edit. [T6462]
  * gpgsm: Verification of detached signatures does now strip trailing
    zeroes from the input if --assume-binary is used. [rG2a13f7f9dc]

OBS-URL: https://build.opensuse.org/request/show/1089861
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=287
2023-06-05 06:26:02 +00:00

70 lines
2.6 KiB
Diff
Raw Blame History

---
doc/gpg.texi | 18 ++++++++++++++++++
g10/gpg.c | 9 +++++++++
2 files changed, 27 insertions(+)
Index: gnupg-2.4.2/doc/gpg.texi
===================================================================
--- gnupg-2.4.2.orig/doc/gpg.texi
+++ gnupg-2.4.2/doc/gpg.texi
@@ -2285,6 +2285,24 @@ implies, this option is for experts only
understand the implications of what it allows you to do, leave this
off. @option{--no-expert} disables this option.
+@item --set-legacy-fips
+@itemx --set-legacy-fips
+@opindex set-legacy-fips
+Enable legacy support even when the libgcrypt library is in FIPS 140-2
+mode. The legacy mode of libgcrypt allows the use of all ciphers,
+including non-approved ciphers. This mode is needed when for legacy
+reasons a message must be encrypted or decrypted. Legacy reasons for
+decryptions include the decryption of old messages created with a
+public key that use cipher settings which do not meet FIPS 140-2
+requirements. Legacy reasons for encryption include the encryption
+of messages with a recipients public key where the recipient is not
+bound to FIPS 140-2 regulation and therefore provided a key using
+non-approved ciphers. Although the legacy mode is a violation of strict
+FIPS 140-2 rule interpretations, it is wise to use this mode or
+either not being able to access old messages or not being able
+to create encrypted messages to a recipient that is not adhering
+to FIPS 140-2 rules.
+
@end table
Index: gnupg-2.4.2/g10/gpg.c
===================================================================
--- gnupg-2.4.2.orig/g10/gpg.c
+++ gnupg-2.4.2/g10/gpg.c
@@ -446,6 +446,7 @@ enum cmd_and_opt_values
oForceSignKey,
oForbidGenKey,
oRequireCompliance,
+ oSetLegacyFips,
oCompatibilityFlags,
oAddDesigRevoker,
oAssertSigner,
@@ -886,6 +887,7 @@ static gpgrt_opt_t opts[] = {
ARGPARSE_s_s (oCipherAlgo, "cipher-algo", "@"),
ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"),
ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"),
+ ARGPARSE_s_n (oSetLegacyFips, "set-legacy-fips", "@"),
ARGPARSE_header (NULL, N_("Options for unattended use")),
@@ -3756,6 +3758,14 @@ main (int argc, char **argv)
keybox_set_buffersize (pargs.r.ret_ulong, 0);
break;
+ case oSetLegacyFips:
+ if(gcry_fips_mode_active())
+ gcry_control (GCRYCTL_INACTIVATE_FIPS_FLAG,
+ "Enable legacy support in FIPS 140-2 mode");
+ else
+ log_info ("Command set-legacy-fips ignored as libgcrypt is not in FIPS mode\n");
+ break;
+
case oNoop: break;
default:
Reference in New Issue View Git Blame Copy Permalink