From e9366faa1a9fd5625a0c64ae43e8c708e089ffc4 Mon Sep 17 00:00:00 2001
From: Vitezslav Cizek <vcizek@suse.com>
Date: Tue, 27 Oct 2015 14:29:11 +0100
Subject: [PATCH 02/11] ECDSA adjustments for FIPS 186-4
- cipher/ecc-curves.c: Unmark curve P-192 for FIPS.
- cipher/ecc.c: Add ECDSA self test.
- cipher/pubkey-util.c (_gcry_pk_util_init_encoding_ctx): Use SHA-2
in FIPS mode.
- tests/fipsdrv.c: Add support for ECDSA signatures. --
Enable ECC in FIPS mode.
According to NIST SP 800-131A, curve P-192 and SHA-1 are disallowed
for key pair generation and signature generation after 2013.
Thanks to Jan Matejek for the patch.
Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
cipher/ecc-curves.c | 2 +-
cipher/ecc.c | 163 +++++++++++++++++++++++++++++++-
cipher/pubkey-util.c | 6 +-
src/fips.c | 2 +-
tests/fipsdrv.c | 258 ++++++++++++++++++++++++++++++++++++++++++++++++++-
5 files changed, 421 insertions(+), 10 deletions(-)
2.6.2