pool/libgcrypt
SHA256
3
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a52145f041
libgcrypt/libgcrypt-FIPS-disable-DSA.patch

45 lines
1.1 KiB
Diff
Raw Normal View History

Accepting request 950433 from home:pmonrealgonzalez:branches:devel:libraries:c_c++ - FIPS: Disable DSA in FIPS mode [bsc#1195385] * Upstream task: https://dev.gnupg.org/T5710 * Add libgcrypt-FIPS-disable-DSA.patch - FIPS: Service level indicator [bsc#1190700] * Provide an indicator to check wether the service utilizes an approved cryptographic algorithm or not. * Add patches: - libgcrypt-FIPS-service-indicators.patch - libgcrypt-FIPS-verify-unsupported-KDF-test.patch - libgcrypt-FIPS-HMAC-short-keylen.patch - FIPS: Define an entropy source SP800-90B compliant [bsc#1185140] * Disable jitter entropy by default in random.conf * Disable only-urandom option by default in random.conf - FIPS: RSA KeyGen/SigGen fail with 4096 bit key sizes [bsc#1192240] * rsa: Check RSA keylen constraints for key operations. * rsa: Fix regression in not returning an error for prime generation. * tests: Add 2k RSA key working in FIPS mode. * tests: pubkey: Replace RSA key to one of 2k. * tests: pkcs1v2: Skip tests with small keys in FIPS. * Add patches: - libgcrypt-FIPS-RSA-keylen.patch - libgcrypt-FIPS-RSA-keylen-tests.patch - FIPS: Disable 3DES/Triple-DES in FIPS mode [bsc#1185138] * Add libgcrypt-FIPS-disable-3DES.patch - FIPS: PBKDF requirements [bsc#1185137] OBS-URL: https://build.opensuse.org/request/show/950433 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=153
2022-02-01 14:12:14 +01:00
From ea362090fc11caa28643153fc6444442243c8765 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 8 Dec 2021 09:52:02 +0900
Subject: [PATCH 0937/1000] fips: Disable DSA in FIPS mode.
* cipher/dsa.c (run_selftests): Disable DSA spec in FIPS mode.
* src/fips.c (run_pubkey_selftests): Skip DSA power-on selftests.
--
GnuPG-bug-id: 5710
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
cipher/dsa.c | 2 +-
src/fips.c | 1 -
2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/cipher/dsa.c b/cipher/dsa.c
index d5b00912..e559f9f5 100644
--- a/cipher/dsa.c
+++ b/cipher/dsa.c
@@ -1441,7 +1441,7 @@ run_selftests (int algo, int extended, selftest_report_func_t report)
gcry_pk_spec_t _gcry_pubkey_spec_dsa =
{
- GCRY_PK_DSA, { 0, 1 },
+ GCRY_PK_DSA, { 0, 0 },
GCRY_PK_USAGE_SIGN,
"DSA", dsa_names,
"pqgy", "pqgyx", "", "rs", "pqgy",
diff --git a/src/fips.c b/src/fips.c
index 0ab7fecc..bcadc5f2 100644
--- a/src/fips.c
+++ b/src/fips.c
@@ -522,7 +522,6 @@ run_pubkey_selftests (int extended)
static int algos[] =
{
GCRY_PK_RSA,
- GCRY_PK_DSA,
GCRY_PK_ECC,
0
};
--
2.34.1
Reference in New Issue Copy Permalink