T7338: Make SHA1 non-FIPS and differentiate in the SLI
NIIBE Yutaka
gniibe at fsij.org
Tue Mar 11 06:30:05 CET 2025
Hello,
I was wrong about SHA1. I had thought that I were able to defer the
change.
Actually, we need to apply this patch (attached), to support 1.12 (the
new service indicator) forward compatibility in 1.11.1.
Well, the implementation in 1.11 is a bit confusing, it allows use of
SHA1 (it is an approved hash function in the static indicator, and no
rejection for its use), no behavior changes for existing applications,
but it is _internally_ marked non-FIPS.
This is (hopefully) the last change for T7338.
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-md-Make-SHA-1-non-FIPS-internally-for-1.12-API.patch
Type: text/x-diff
Size: 6585 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20250311/2f780908/attachment-0001.patch>
More information about the Gcrypt-devel
mailing list