Page MenuHome GnuPG

libgcrypt: Do not use SHA1 by default
Open, NormalPublic

Description

There is one place, where libgcrypt is using SHA-1 by default. It is already gated by fips_mode() check, but I think it would make sense to move away from SHA-1 by default generally.

  • cipher/pubkey-util.c: _gcry_pk_util_init_encoding_ctx -- sets default ctx->hash_algo to GCRY_MD_SHA1 unless in FIPS mode

It might be that the default is overridden in all the uses of this function (did not check that), but the following patch seems to work fine for me and tests keep passing for me locally:

diff --git a/cipher/pubkey-util.c b/cipher/pubkey-util.c
index b41135e6..7229b76a 100644
--- a/cipher/pubkey-util.c
+++ b/cipher/pubkey-util.c
@@ -629,14 +629,7 @@ _gcry_pk_util_init_encoding_ctx (struct pk_encoding_ctx *ctx,
   ctx->nbits = nbits;
   ctx->encoding = PUBKEY_ENC_UNKNOWN;
   ctx->flags = 0;
-  if (fips_mode ())
-    {
-      ctx->hash_algo = GCRY_MD_SHA256;
-    }
-  else
-    {
-      ctx->hash_algo = GCRY_MD_SHA1;
-    }
+  ctx->hash_algo = GCRY_MD_SHA256;
   ctx->label = NULL;
   ctx->labellen = 0;
   ctx->saltlen = 20;

Event Timeline

Jakuje renamed this task from Do not use SHA1 by default to libgcrypt: Do not use SHA1 by default.May 24 2021, 4:38 PM

That patch consists an ABI change. We might consider this for 1.10 but we can't do such a change in 1.9.

With the planned new context aware pubkey functions we technically could do this change w/o an ABI break.

werner triaged this task as Normal priority.Aug 1 2021, 10:57 AM
werner added a project: FIPS.