diff options
author | Vitezslav Cizek <vcizek@suse.com> | 2015-10-27 14:29:11 +0100 |
---|---|---|
committer | Werner Koch <wk@gnupg.org> | 2016-03-18 15:26:28 +0100 |
commit | a242e3d9185e6e2dc13902ea9331131755bbba01 (patch) | |
tree | 11679a351ba6f54edf67fc395bf1d3d5ff80f7c5 /cipher/pubkey-util.c | |
parent | e40939b2141306238cc30a340b867b60fa4dc2a3 (diff) | |
download | libgcrypt-a242e3d9185e6e2dc13902ea9331131755bbba01.tar.gz |
ecc: ECDSA adjustments for FIPS 186-4
* cipher/ecc-curves.c: Unmark curve P-192 for FIPS.
* cipher/ecc.c: Add ECDSA self test.
* cipher/pubkey-util.c (_gcry_pk_util_init_encoding_ctx): Use SHA-2
in FIPS mode.
* tests/fipsdrv.c: Add support for ECDSA signatures.
--
Enable ECC in FIPS mode.
According to NIST SP 800-131A, curve P-192 and SHA-1 are disallowed
for key pair generation and signature generation after 2013.
Thanks to Jan Matejek for the patch.
Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
Minor source code re-formatting by -wk.
Diffstat (limited to 'cipher/pubkey-util.c')
-rw-r--r-- | cipher/pubkey-util.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/cipher/pubkey-util.c b/cipher/pubkey-util.c index d0d6003a..76d39232 100644 --- a/cipher/pubkey-util.c +++ b/cipher/pubkey-util.c @@ -617,7 +617,14 @@ _gcry_pk_util_init_encoding_ctx (struct pk_encoding_ctx *ctx, ctx->nbits = nbits; ctx->encoding = PUBKEY_ENC_UNKNOWN; ctx->flags = 0; - ctx->hash_algo = GCRY_MD_SHA1; + if (fips_mode ()) + { + ctx->hash_algo = GCRY_MD_SHA256; + } + else + { + ctx->hash_algo = GCRY_MD_SHA1; + } ctx->label = NULL; ctx->labellen = 0; ctx->saltlen = 20; |