[gnutls-devel] GnuTLS | tests/fips-test: minor extension (!1605)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Thu Jun 30 16:01:56 CEST 2022
Daiki Ueno commented on a discussion on tests/fips-test.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1605#note_1012163291
> fail("gnutls_privkey_sign_data failed\n");
> }
> - gnutls_free(signature.data);
> FIPS_POP_CONTEXT(NOT_APPROVED);
>
> - /* Verify a signature created with SHA-1; approved */
> + /* Verify a signature created with 2432-bit RSA and SHA-1; approved */
> FIPS_PUSH_CONTEXT();
> - ret = gnutls_pubkey_verify_data2(pubkey, GNUTLS_SIGN_RSA_SHA1, 0, &data,
> - &rsa2342_sha1_sig);
> + ret = gnutls_pubkey_verify_data2(pubkey, GNUTLS_SIGN_RSA_SHA1, 0,
> + &data, &rsa2342_sha1_sig);
> if (ret < 0) {
> fail("gnutls_pubkey_verify_data2 failed\n");
> }
> FIPS_POP_CONTEXT(APPROVED);
My understanding is that SHA-1 is still allowed in SigVer in legacy mode. Should we change it to non-approved?
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1605#note_1012163291
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220630/bad455b8/attachment-0001.html>
More information about the Gnutls-devel
mailing list