Overview

File libgcrypt-FIPS-SLI-Add-rejecting-or-marking-for-gcry_pk_get_curve.patch of Package libgcrypt.38414

>From c6a092abbe7bea315394b15f28fd231dae0e4d7c Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Tue, 24 Dec 2024 17:01:45 +0900
Subject: [PATCH 1/3] fips,ecc: Add rejecting or marking for gcry_pk_get_curve.

* cipher/ecc-curves.c (_gcry_ecc_get_curve): Check under FIPS mode.

--

GnuPG-bug-id: 7338
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
 cipher/ecc-curves.c | 9 +++++++++
 1 file changed, 9 insertions(+)

Index: libgcrypt-1.10.3/cipher/ecc-curves.c
===================================================================
--- libgcrypt-1.10.3.orig/cipher/ecc-curves.c
+++ libgcrypt-1.10.3/cipher/ecc-curves.c
@@ -842,6 +842,15 @@ _gcry_ecc_get_curve (gcry_sexp_t keyparm
           if (r_nbits)
             *r_nbits = domain_parms[idx].nbits;
         }
+
+      if (fips_mode () && !domain_parms[idx].fips)
+        {
+          if (fips_check_rejection (GCRY_FIPS_FLAG_REJECT_PK))
+            return NULL;
+          else
+            fips_service_indicator_mark_non_compliant ();
+        }
+
       return result;
     }
openSUSE Build Service is sponsored by
Places