Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
gpg2.11995
gnupg-add_legacy_FIPS_mode_option.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File gnupg-add_legacy_FIPS_mode_option.patch of Package gpg2.11995
--- doc/gpg.texi | 18 ++++++++++++++++++ g10/gpg.c | 9 +++++++++ 2 files changed, 27 insertions(+) Index: gnupg-2.1.22/doc/gpg.texi =================================================================== --- gnupg-2.1.22.orig/doc/gpg.texi +++ gnupg-2.1.22/doc/gpg.texi @@ -2079,6 +2079,24 @@ implies, this option is for experts only understand the implications of what it allows you to do, leave this off. @option{--no-expert} disables this option. +@item --set-legacy-fips +@itemx --set-legacy-fips +@opindex set-legacy-fips +Enable legacy support even when the libgcrypt library is in FIPS 140-2 +mode. The legacy mode of libgcrypt allows the use of all ciphers, +including non-approved ciphers. This mode is needed when for legacy +reasons a message must be encrypted or decrypted. Legacy reasons for +decryptions include the decryption of old messages created with a +public key that use cipher settings which do not meet FIPS 140-2 +requirements. Legacy reasons for encryption include the encryption +of messages with a recipients public key where the recipient is not +bound to FIPS 140-2 regulation and therefore provided a key using +non-approved ciphers. Although the legacy mode is a violation of strict +FIPS 140-2 rule interpretations, it is wise to use this mode or +either not being able to access old messages or not being able +to create encrypted messages to a recipient that is not adhering +to FIPS 140-2 rules. + @end table Index: gnupg-2.1.22/g10/gpg.c =================================================================== --- gnupg-2.1.22.orig/g10/gpg.c +++ gnupg-2.1.22/g10/gpg.c @@ -422,6 +422,7 @@ enum cmd_and_opt_values oDisableSignerUID, oSender, oKeyOrigin, + oSetLegacyFips, oNoop }; @@ -867,6 +868,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"), ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"), ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"), + ARGPARSE_s_n (oSetLegacyFips, "set-legacy-fips", "@"), ARGPARSE_s_s (oDefaultNewKeyAlgo, "default-new-key-algo", "@"), @@ -3537,6 +3539,13 @@ main (int argc, char **argv) opt.def_new_key_algo = pargs.r.ret_str; break; + case oSetLegacyFips: + if(gcry_fips_mode_active()) + gcry_control (GCRYCTL_INACTIVATE_FIPS_FLAG, "Enable legacy support in FIPS 140-2 mode"); + else + log_info ("Command set-legacy-fips ignored as libgcrypt is not in FIPS mode\n"); + break; + case oNoop: break; default:
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor