Diffusion libgcrypt a242e3d9185e

ecc: ECDSA adjustments for FIPS 186-4
a242e3d9185eUnpublished
Actions

Tags

None

Subscribers

None

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

ecc: ECDSA adjustments for FIPS 186-4

* cipher/ecc-curves.c: Unmark curve P-192 for FIPS.
* cipher/ecc.c: Add ECDSA self test.
* cipher/pubkey-util.c (_gcry_pk_util_init_encoding_ctx): Use SHA-2
in FIPS mode.
* tests/fipsdrv.c: Add support for ECDSA signatures.

Enable ECC in FIPS mode.
According to NIST SP 800-131A, curve P-192 and SHA-1 are disallowed
for key pair generation and signature generation after 2013.

Thanks to Jan Matejek for the patch.

Minor source code re-formatting by -wk.

Signed-off-by: Vitezslav Cizek <vcizek@suse.com>

Details

Provenance

civ	Authored on Oct 27 2015, 2:29 PM
• werner	Committed on Mar 18 2016, 3:26 PM

Parents

rCe40939b21413: dsa: Make regression tests work.

Branches

Unknown

Tags

Unknown

Event Timeline

Werner Koch <wk@gnupg.org> committed rCa242e3d9185e: ecc: ECDSA adjustments for FIPS 186-4 (authored by Vitezslav Cizek <vcizek@suse.com>).Mar 18 2016, 3:26 PM

• gniibe mentioned this in T5433: libgcrypt: Do not use SHA1 by default.Oct 19 2021, 8:58 AM

Changes (5)

Path

Size

cipher/

src/

tests/

rCa242e3d9185e

cipher/ecc-curves.c

Loading...

cipher/ecc.c

Loading...

cipher/pubkey-util.c

Loading...

src/fips.c

Loading...

tests/fipsdrv.c

Loading...