[PATCH 1/4] cipher: Differentiate igninvflag in the SLI
Lucas Mulling
lucas.mulling at suse.com
Wed Feb 26 21:19:22 CET 2025
* cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Differentiate use
of igninvflag.
Signed-off-by: Lucas Mulling <lucas.mulling at suse.com>
---
cipher/pubkey-util.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/cipher/pubkey-util.c b/cipher/pubkey-util.c
index 68defea6..9c927638 100644
--- a/cipher/pubkey-util.c
+++ b/cipher/pubkey-util.c
@@ -200,6 +200,14 @@ _gcry_pk_util_parse_flaglist (gcry_sexp_t list,
}
}
+ if (fips_mode () && igninvflag)
+ {
+ if (fips_check_rejection (GCRY_FIPS_FLAG_REJECT_PK))
+ rc = GPG_ERR_INV_FLAG;
+ else
+ fips_service_indicator_mark_non_compliant ();
+ }
+
if (r_flags)
*r_flags = flags;
if (r_encoding)
--
2.48.1
More information about the Gcrypt-devel
mailing list