Home GnuPG

fips,cipher: Add behavior not to reject but mark non-compliant.

Description

fips,cipher: Add behavior not to reject but mark non-compliant.

* cipher/dsa.c (dsa_check_keysize): Check reject flag for rejection,
or mark non-comliant in FIPS mode.
* cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Likewise.
* cipher/ecc.c (ecc_sign, ecc_verify): Likewise.
* cipher/pubkey.c (_gcry_pk_encrypt, _gcry_pk_sign): Likewise.
(_gcry_pk_verify, _gcry_pk_testkey, _gcry_pk_genkey): Likewise.
(_gcry_pk_get_nbits, _gcry_pk_get_curve): Likewise.
* src/visibility.c (gcry_pk_encrypt): Initialize the indicator.
(gcry_pk_decrypt, gcry_pk_sign, gcry_pk_verify): Likewise.
(gcry_pk_testkey, gcry_pk_genkey), gcry_pk_get_nbits)
(gcry_pk_get_curve): Likewise.
  • GnuPG-bug-id: T7338
  • Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

Details

Provenance
gniibeAuthored on Fri, Dec 20, 5:36 AM
Parents
rCd060dd58b828: fips: Rejection by GCRYCTL_FIPS_REJECT_NON_FIPS, not by open flags.
Branches
Unknown
Tags
Unknown
References
HEAD -> master
Tasks
T7338: Revamp the FIPS service indicator