Home GnuPG
Diffusion libgcrypt 392e0ccd25f3

fips,rsa: Prevent usage of X9.31 keygen in FIPS mode.
392e0ccd25f3Unpublished
Actions

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

fips,rsa: Prevent usage of X9.31 keygen in FIPS mode.

* cipher/rsa.c (rsa_generate): Do not accept use-x931 or derive-parms
in FIPS mode.
* tests/pubkey.c (get_keys_x931_new): Expect failure in FIPS mode.
(check_run): Skip checking X9.31 keys in FIPS mode.
* doc/gcrypt.texi: Document "test-parms" and clarify some cases around
the X9.31 keygen.

Cherry-pick master commit of:
06ea5b5332ffdb44a0a394d766be8989bcb6a95c

  • Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Details

Provenance
JakujeAuthored on Dec 6 2022, 2:03 AM
gniibeCommitted on Dec 7 2022, 11:25 AM
Parents
rCfdd2a8b3329e: rsa: Prevent usage of long salt in FIPS mode
Branches
Unknown
Tags
Unknown

Changes (3)

PathSize
cipher/
doc/
tests/

rC392e0ccd25f3

View Options

cipher/rsa.c

Loading...
View Options

doc/gcrypt.texi

Loading...
View Options

tests/pubkey.c

Loading...