Page MenuHome GnuPG

710_0002-ECDSA-adjustments-for-FIPS-186-4.patch
AbandonedPublic

Authored by civ on Nov 5 2015, 2:18 PM.

Details

Reviewers
None
Summary

From e9366faa1a9fd5625a0c64ae43e8c708e089ffc4 Mon Sep 17 00:00:00 2001
From: Vitezslav Cizek <vcizek@suse.com>
Date: Tue, 27 Oct 2015 14:29:11 +0100
Subject: [PATCH 02/11] ECDSA adjustments for FIPS 186-4

  • cipher/ecc-curves.c: Unmark curve P-192 for FIPS.
  • cipher/ecc.c: Add ECDSA self test.
  • cipher/pubkey-util.c (_gcry_pk_util_init_encoding_ctx): Use SHA-2

in FIPS mode.

  • tests/fipsdrv.c: Add support for ECDSA signatures. --

Enable ECC in FIPS mode.
According to NIST SP 800-131A, curve P-192 and SHA-1 are disallowed
for key pair generation and signature generation after 2013.

Thanks to Jan Matejek for the patch.
Signed-off-by: Vitezslav Cizek <vcizek@suse.com>

Signed-off-by: Vitezslav Cizek <vcizek@suse.com>

cipher/ecc-curves.c | 2 +-
cipher/ecc.c | 163 +++++++++++++++++++++++++++++++-
cipher/pubkey-util.c | 6 +-
src/fips.c | 2 +-
tests/fipsdrv.c | 258 ++++++++++++++++++++++++++++++++++++++++++++++++++-
5 files changed, 421 insertions(+), 10 deletions(-)

2.6.2

Test Plan

Diff Detail

Lint
Lint Skipped
Unit
Unit Tests Skipped