[gnutls-devel] GnuTLS | fips: mark sha1 as not approved for SigVer in FIPS mode (!1900)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Fri Nov 29 00:41:36 CET 2024
Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1900 was reviewed by Daiki Ueno
--
Daiki Ueno started a new discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1900#note_2233101792
>
> - /* SHA-1 is allowed for SigVer in FIPS 140-3 in legacy
> + /* SHA-1 is not allowed for SigVer in FIPS 140-3 in legacy
As mentioned previously, this comment no longer makes sense and should be removed.
--
Daiki Ueno started a new discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1900#note_2233101795
> /* In FIPS 140-3, RSA key size should be larger than 2048-bit.
> - * In addition to this, only SHA-1 and SHA-2 are allowed
> + * In addition to this, SHA-2 is allowed
I'd keep "only" here
--
Daiki Ueno started a new discussion on lib/pubkey.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1900#note_2233101797
> /* SHA-1 is allowed for SigVer in FIPS 140-3 in legacy
Remove this comment as well.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1900
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241128/8c014c7e/attachment.html>
More information about the Gnutls-devel
mailing list