T7338: Make SHA1 non-FIPS and differentiate in the SLI

NIIBE Yutaka gniibe at fsij.org
Tue Mar 4 03:48:15 CET 2025 

"Lucas Mulling" <lucas.mulling at suse.com> wrote:
> Sorry for the delay, I've tested the patches everything seems to be in order.

Thank you for your testing.  I'm going to push the changes so far.

> The only thing I had to change was:
>
> diff --git a/tests/basic.c b/tests/basic.c
> index f32e41db..5e1f94b5 100644
> --- a/tests/basic.c
> +++ b/tests/basic.c
> @@ -17268,8 +17268,9 @@ check_pubkey_sign (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
>        rc = gcry_pk_sign (&sig, hash, skey);
>        if (in_fips_mode && (flags & FLAG_NOFIPS || datas[dataidx].flags & FLAG_NOFIPS))
>          {
> -          if (!rc)
> -            fail ("gcry_pk_sign did not fail as expected in FIPS mode\n");
> +          if ((datas[dataidx].expected_rc && !rc))
> +            fail ("gcry_pk_sign (%d) did not fail as expected in FIPS mode\n",
> +                  dataidx);
>            goto next;
>          }
>        if (gcry_err_code (rc) != datas[dataidx].expected_rc)

I see the point.  But, let me defer changing test program(s) in 1.11.

Newer FIPS conscious applications with the indicator, it won't use
rejection, but will check the indicator.  For this new use case, current
test programs in tests/ are somewhat irrelevant and need to be updated.
Yes, you are right that tests/basic.c is one of those test programs.
Others are: keygen, t-kem, dsa-rfc6979, curves, t-cv25519, and t-x448.
Those programs assumes that it rejects computation under FIPS mode.


For 1.10 compatibility, GCRY_FIPS_FLAG_REJECT_PK is enabled by default
and GCRY_FIPS_FLAG_REJECT_PK_MD is not enabled by default.

GCRY_FIPS_FLAG_REJECT_PK is the flag rejecting non-compliant use cases
in public key operations.

GCRY_FIPS_FLAG_REJECT_PK_MD is the flag rejecting non-compliant use
cases with regards to public key operation using message digest SHA1,
specifically, for gcry_pk_sign/gcry_pk_verify functions.

Please note that in 1.10, gcry_pk_sign/gcry_pk_verify functions were not
covered as intended functions to be used in FIPS conscious applications,
so, not rejecting public key operation using SHA1 were OK.

For gcry_pk_hash_sign/gcry_pk_hash_verify functions, which are covered
as intended functions to be used in FIPS conscious applications, public
key operation using message digest SHA1 are rejected when either
GCRY_FIPS_FLAG_REJECT_PK is enabled or GCRY_FIPS_FLAG_REJECT_PK_MD is
enabled.
--

More information about the Gcrypt-devel mailing list