3
0
forked from pool/libgcrypt
libgcrypt/libgcrypt-fips_ecdsa.patch
Ismail Dönmez c1ef8148bf Accepting request 250747 from home:vitezslav_cizek:branches:devel:libraries:c_c++
- disabled curve P-192 in FIPS mode (bnc#896202)
  * added libgcrypt-fips_ecdsa.patch
- don't use SHA-1 for ECDSA in FIPS mode
- also run the fips self tests only in FIPS mode

- run the fips self tests at the constructor code
  * added libgcrypt-fips_run_selftest_at_constructor.patch

- rewrite the DSA-2 code to be FIPS 186-4 compliant (bnc#894216)
  * added libgcrypt-fips-dsa.patch
  * install fips186_dsa
- use 2048 bit keys in selftests_dsa

OBS-URL: https://build.opensuse.org/request/show/250747
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=63
2014-09-22 20:11:21 +00:00

31 lines
1.3 KiB
Diff

Index: libgcrypt-1.6.1/cipher/ecc-curves.c
===================================================================
--- libgcrypt-1.6.1.orig/cipher/ecc-curves.c 2014-01-29 10:48:38.000000000 +0100
+++ libgcrypt-1.6.1/cipher/ecc-curves.c 2014-09-18 17:48:15.645814378 +0200
@@ -114,7 +114,7 @@ static const ecc_domain_parms_t domain_p
"0x6666666666666666666666666666666666666666666666666666666666666658"
},
{
- "NIST P-192", 192, 1,
+ "NIST P-192", 192, 0,
MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD,
"0xfffffffffffffffffffffffffffffffeffffffffffffffff",
"0xfffffffffffffffffffffffffffffffefffffffffffffffc",
Index: libgcrypt-1.6.1/cipher/pubkey-util.c
===================================================================
--- libgcrypt-1.6.1.orig/cipher/pubkey-util.c 2013-12-16 18:44:32.000000000 +0100
+++ libgcrypt-1.6.1/cipher/pubkey-util.c 2014-09-18 18:27:24.928658758 +0200
@@ -593,7 +593,11 @@ _gcry_pk_util_init_encoding_ctx (struct
ctx->nbits = nbits;
ctx->encoding = PUBKEY_ENC_UNKNOWN;
ctx->flags = 0;
- ctx->hash_algo = GCRY_MD_SHA1;
+ if (fips_mode()) {
+ ctx->hash_algo = GCRY_MD_SHA256;
+ } else {
+ ctx->hash_algo = GCRY_MD_SHA1;
+ }
ctx->label = NULL;
ctx->labellen = 0;
ctx->saltlen = 20;