diff options
| author | Vitezslav Cizek <vcizek@suse.com> | 2015-10-27 14:29:11 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2016-03-18 15:26:28 +0100 |
| commit | a242e3d9185e6e2dc13902ea9331131755bbba01 (patch) | |
| tree | 11679a351ba6f54edf67fc395bf1d3d5ff80f7c5 /src/fips.c | |
| parent | e40939b2141306238cc30a340b867b60fa4dc2a3 (diff) | |
| download | libgcrypt-a242e3d9185e6e2dc13902ea9331131755bbba01.tar.gz | |
ecc: ECDSA adjustments for FIPS 186-4
* cipher/ecc-curves.c: Unmark curve P-192 for FIPS.
* cipher/ecc.c: Add ECDSA self test.
* cipher/pubkey-util.c (_gcry_pk_util_init_encoding_ctx): Use SHA-2
in FIPS mode.
* tests/fipsdrv.c: Add support for ECDSA signatures.
--
Enable ECC in FIPS mode.
According to NIST SP 800-131A, curve P-192 and SHA-1 are disallowed
for key pair generation and signature generation after 2013.
Thanks to Jan Matejek for the patch.
Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
Minor source code re-formatting by -wk.
Diffstat (limited to 'src/fips.c')
| -rw-r--r-- | src/fips.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -549,7 +549,7 @@ run_pubkey_selftests (int extended) { GCRY_PK_RSA, GCRY_PK_DSA, - /* GCRY_PK_ECC is not enabled in fips mode. */ + GCRY_PK_ECC, 0 }; int idx; |