Diffusion libgcrypt 60e5039793c2

cipher:rsa: Mark/reject SHA1/unknown with RSA signature generation.
60e5039793c2
Actions

Tags

None

Subscribers

None

Description

cipher:rsa: Mark/reject SHA1/unknown with RSA signature generation.

* cipher/rsa-common.c (_gcry_rsa_pkcs1_encode_raw_for_sig): We can't
determine if it's compliant when raw PKCS1 encoding is used.
(_gcry_rsa_pss_encode): Add the behavior of marking non-compliant use.
(_gcry_rsa_pss_verify): Likewise.
* cipher/rsa.c (rsa_sign): Handle the check for SHA1.
(rsa_verify): Likewise.
* tests/t-fips-service-ind.c (check_pk_s_v): Add use cases for RSA
and Ed25519.

GnuPG-bug-id: T7338
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

Details

Provenance

Authored on Fri, Feb 21, 6:24 AM

Parents

rC1e815a00c302: Revert "md: Make SHA1 non-FIPS and differentiate in the SLI"

Branches

Unknown

Tags

Unknown

Tasks

T7338: Revamp the FIPS service indicator

Event Timeline

• gniibe committed rC60e5039793c2: cipher:rsa: Mark/reject SHA1/unknown with RSA signature generation. (authored by • gniibe).Tue, Feb 25, 7:59 AM

• gniibe added a task: T7338: Revamp the FIPS service indicator.Tue, Mar 4, 4:05 AM

Changes (3)

Path

Size

cipher/

tests/

t-fips-service-ind.c

rC60e5039793c2

cipher/rsa-common.c

Loading...

cipher/rsa.c

Loading...

tests/t-fips-service-ind.c

Loading...