T7338: Make SHA1 non-FIPS and differentiate in the SLI
NIIBE Yutaka
gniibe at fsij.org
Thu Feb 20 08:08:45 CET 2025
Hello,
Sorry for my overlooking of your patches in previous message. I only
looked and pushed the first of patches. That's my mistake.
Looking the two patches, I realized that there are three different
purposes in those patches.
(1) Fixing the behaviour of gcry_pk_sign and gcry_pk_verify.
(2) Introduction of GCRY_FIPS_FLAG_REJECT_MD_SHA1, so that
application can reject use of SHA1 (even if it's approved
hash function at the time of execution).
(3) Deprecating SHA-1 for FIPS mode to prepare future when it will be
not approved hash function.
Shall we make three different patches for those?
To make commits record straight (for the situation when we will check in
future), I would like to revert your change of
0001-md-Make-SHA1-non-FIPS-and-differentiate-in-the-SLI.patch
And then, apply those three patches, step-by-step.
Firstly, let us focus and fix for (1). (In my opinion, (2) and (3) can
be deferred.)
In 1.10, gcry_pk_sign and gcry_pk_verify are not supported under FIPS
mode. gcry_pk_hash_sign and gcry_pk_hash_verify are supported, instead.
IIRC, this is to ensure rejecting use of SHA1 in digital signature under
FIPS mode.
With service indicator revamp, there are valid use cases where
gcry_pk_sign and gcry_pk_verify can be used under FIPS mode. But, it's
buggy now. Use of SHA1 should be marked/rejected with gcry_pk_sign and
gcry_pk_verify.
--
More information about the Gcrypt-devel
mailing list