[gnutls-devel] GnuTLS | fips: mark sha1 as not approved for SigVer in FIPS mode (!1891)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Wed Nov 6 06:40:26 CET 2024
Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1891 was reviewed by Daiki Ueno
--
Daiki Ueno started a new discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1891#note_2195826326
>
> - /* SHA-1 is allowed for SigVer in FIPS 140-3 in legacy
> + /* SHA-1 is not allowed for SigVer in FIPS 140-3 in legacy
Maybe remove this comment entirely, as it was an excuse to keep SHA1 here.
--
Daiki Ueno started a new discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1891#note_2195826329
>
> + /* Only SHA-2 is allowed in FIPS 140-3 */
> + if (DIG_TO_MAC(sign_params->dsa_dig) == GNUTLS_MAC_SHA1) {
I'd prefer to use `switch` and enumerate all SHA-2 algorithms, rather than special casing SHA-1.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1891
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241106/27a48998/attachment-0001.html>
More information about the Gnutls-devel
mailing list