From 00bbaddfd68b9988d3d5552a36f05c15f76778c4 Mon Sep 17 00:00:00 2001
From: Vishnudatha Kanjur <kanjur@ibm.com>
Date: Tue, 5 May 2026 14:54:48 +0200
Subject: [PATCH] Block SHA1 mechanism for FIPS 140-3:

This commit removes SHA1 mechanism when FIPS 140-3 is active.

Signed-off-by: Vishnudatha Kanjur <kanjur@ibm.com>
---
 src/fips.c              |  6 ++----
 src/ica_api.c           |  2 +-
 src/s390_ecc.c          |  7 +++++++
 test/icastats_test.c.in | 26 +++++++++++++++++---------
 test/sha1_test.c        |  8 ++++++++
 test/sha_test.c         |  9 +++++++++
 6 files changed, 44 insertions(+), 14 deletions(-)

diff --git a/src/fips.c b/src/fips.c
index 4bac3602..27c548eb 100644
--- a/src/fips.c
+++ b/src/fips.c
@@ -156,7 +156,6 @@ static int sha##_sha_##_kat(void) {					\
 	}								\
 	return 0;							\
 }
-SHA_KAT(1, );
 SHA_KAT(224, 256);
 SHA_KAT(256, 256);
 SHA_KAT(384, 512);
@@ -180,7 +179,6 @@ static int sha##_sha_##_kat(void) {					\
 	}								\
 	return 0;							\
 }
-SHA_KAT(1, );
 SHA_KAT(224, 256);
 SHA_KAT(256, 256);
 SHA_KAT(384, 512);
@@ -596,7 +594,7 @@ fips_powerup_tests(void)
 {
 	typedef int (*kat_func)(void);
 	kat_func kats[] = {
-		drbg_kat, sha1_kat, sha224_kat, sha256_kat, sha384_kat, sha512_kat,
+		drbg_kat, sha224_kat, sha256_kat, sha384_kat, sha512_kat,
 		sha3_224_kat, sha3_256_kat, sha3_384_kat, sha3_512_kat, aes_ecb_kat,
 		aes_cbc_kat, aes_cbc_cs_kat, aes_cfb_kat, aes_ctr_kat, aes_ofb_kat,
 		aes_ccm_kat, aes_gcm_kat, aes_xts_kat, aes_cmac_kat, rsa_kat,
@@ -1373,7 +1371,7 @@ int FIPS_BLACKLIST[] = {DES_ECB, DES_CBC, DES_CBC_CS, DES_OFB,
 	DES3_CBC, DES3_CBC_CS, DES3_OFB, DES3_CFB, DES3_CTR, DES3_CTRLST,
 	DES3_CBC_MAC, DES3_CMAC, ED25519_KEYGEN, ED25519_SIGN, ED25519_VERIFY,
 	ED448_KEYGEN, ED448_SIGN, ED448_VERIFY, X25519_KEYGEN, X25519_DERIVE,
-	X448_KEYGEN, X448_DERIVE, RSA_ME, RSA_CRT, SHA512_DRNG, -1, -1 };
+	X448_KEYGEN, X448_DERIVE, RSA_ME, RSA_CRT, SHA512_DRNG, SHA1, -1, -1 };
 const size_t FIPS_BLACKLIST_LEN
 	= sizeof(FIPS_BLACKLIST) / sizeof(FIPS_BLACKLIST[0]);
 
diff --git a/src/ica_api.c b/src/ica_api.c
index de9b2699..a0d2a761 100644
--- a/src/ica_api.c
+++ b/src/ica_api.c
@@ -413,7 +413,7 @@ unsigned int ica_sha1(unsigned int message_part,
 	int rc;
 
 #ifdef ICA_FIPS
-	if (fips >> 1)
+	if (fips)
 		return EACCES;
 #endif /* ICA_FIPS */
 
diff --git a/src/s390_ecc.c b/src/s390_ecc.c
index 7b633144..1f996ce2 100644
--- a/src/s390_ecc.c
+++ b/src/s390_ecc.c
@@ -2828,6 +2828,13 @@ static void ecdsa_test(void)
 	for (i = 0; i < ECDSA_TV_LEN; i++) {
 		switch (t->hash) {
 		case SHA1:
+#ifdef ICA_FIPS
+			if (fips & ICA_FIPS_MODE) {
+				printf("Skipping ECDSA test vector %lu (SHA-1 not FIPS approved)\n", i);
+				t++;
+				continue;
+			}
+#endif /* ICA_FIPS */
 			rc = ica_sha1(SHA_MSG_PART_ONLY, t->msglen, t->msg,
 				      &sha_ctx, hash);
 			hashlen = SHA1_HASH_LENGTH;
diff --git a/test/icastats_test.c.in b/test/icastats_test.c.in
index 89e63693..9384c68c 100644
--- a/test/icastats_test.c.in
+++ b/test/icastats_test.c.in
@@ -692,16 +692,24 @@ static int sha_tests()
 	shake_256_context_t shake_256_context;
 
 	/* Test SHA-1 */
-	rc = system("@builddir@icastats -r");
-	if (rc == -1)
-		return handle_ica_error(rc, "system");
+#ifdef ICA_FIPS
+	if (ica_fips_status() & ICA_FIPS_MODE) {
+		V_(printf("icastats SHA-1 test skipped. (SHA-1 not FIPS 140-3 approved)\n"));
+	} else {
+#endif /* ICA_FIPS */
+		rc = system("@builddir@icastats -r");
+		if (rc == -1)
+			return handle_ica_error(rc, "system");
 
-	rc = ica_sha1(SHA_MSG_PART_ONLY, DATA_LENGTH, plain_data, &sha_context0, hash);
-	if (rc)
-		return handle_ica_error(rc, "ica_sha1");
-	rc = check_icastats(SHA1, "SHA-1");
-	if (rc != 0)
-		return rc;
+		rc = ica_sha1(SHA_MSG_PART_ONLY, DATA_LENGTH, plain_data, &sha_context0, hash);
+		if (rc)
+			return handle_ica_error(rc, "ica_sha1");
+		rc = check_icastats(SHA1, "SHA-1");
+		if (rc != 0)
+			return rc;
+#ifdef ICA_FIPS
+	}
+#endif /* ICA_FIPS */
 
 	/* Test SHA-224 */
 	rc = system("@builddir@icastats -r");
diff --git a/test/sha1_test.c b/test/sha1_test.c
index 5372a4fb..047132c0 100644
--- a/test/sha1_test.c
+++ b/test/sha1_test.c
@@ -196,6 +196,14 @@ int main(int argc, char **argv)
 
 	set_verbosity(argc, argv);
 
+#ifdef ICA_FIPS
+	if (ica_fips_status() & ICA_FIPS_MODE) {
+		printf("All SHA-1 tests skipped."
+		    " (SHA-1 not FIPS approved)\n");
+		return TEST_SKIP;
+	}
+#endif /* ICA_FIPS */
+
 	rc = new_api_sha_test();
 	if (rc) {
 		printf("new_api_sha_test failed with rc = %i\n", rc);
diff --git a/test/sha_test.c b/test/sha_test.c
index 9ab55a73..7984e4af 100644
--- a/test/sha_test.c
+++ b/test/sha_test.c
@@ -151,6 +151,12 @@ int main(int argc, char *argv[])
 		switch (curr_test->type) {
 		case SHA1:
 			V_(printf("SHA1 ...\n"));
+#ifdef ICA_FIPS
+			if (ica_fips_status() & ICA_FIPS_MODE) {
+				V_(printf("SHA1 test skipped (SHA-1 not FIPS approved)\n"));
+				rc = TEST_SKIP;
+			} else
+#endif /* ICA_FIPS */
 			rc = sha1_new_api_test(curr_test);
 			break;
 		case SHA224:
@@ -202,6 +208,9 @@ int main(int argc, char *argv[])
 			V_(printf("... Passed.\n"));
 			queue.passed++;
 		}
+		else if (rc == TEST_SKIP) {
+			V_(printf("... Skipped.\n"));
+		}
 		else {
 			V_(printf("error: (%x).\n", rc));
 			queue.failed++;