Right, thanks for the review! Updated patches below.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed Advanced Search
Advanced Search
Advanced Search
Mar 6 2023
Mar 6 2023
tobhe added a comment to T6376: FIPS 140-3: add explicit indicators for md and mac to unblock MD5 in apt.
Mar 1 2023
Mar 1 2023
tobhe added a comment to T6376: FIPS 140-3: add explicit indicators for md and mac to unblock MD5 in apt.
After consulting with our certs lab and studying the code I think SHAKE should not be a problem for now. All of the _gcry_digest_spec_shakeXXX seem to neither have an mdlen nor a read() function. pk_sign and pk_verify seem to both call md_read() which should fail because of the missing read function, kdf checks _gcry_md_get_algo_dlen() which should also disallow SHAKE.
Feb 27 2023
Feb 27 2023
tobhe added a comment to T6376: FIPS 140-3: add explicit indicators for md and mac to unblock MD5 in apt.
Good catch. A similar problem might arise with SHA384 according to section D.R which states
tobhe added a comment to T6376: FIPS 140-3: add explicit indicators for md and mac to unblock MD5 in apt.
Right, we have received the same feedback from our cert lab but I haven't found time to update the bug yet. Here are the updated patches:
Feb 16 2023
Feb 16 2023
Sep 27 2022
Sep 27 2022
Sep 26 2022
Sep 26 2022