2102751 – mark SHA-1 verification in FIPS as non-approved, not just block with config

Bug 2102751 - mark SHA-1 verification in FIPS as non-approved, not just block with config

Summary: mark SHA-1 verification in FIPS as non-approved, not just block with config

Keywords:
Status:	VERIFIED
Alias:	None
Product:	Red Hat Enterprise Linux 9
Classification:	Red Hat
Component:	gnutls
Sub Component:
Version:	9.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Daiki Ueno
QA Contact:	Alexander Sosedkin
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-06-30 14:40 UTC by Alexander Sosedkin
Modified:	2023-08-10 16:58 UTC (History)
CC List:	2 users (show)
Fixed In Version:	gnutls-3.7.6-23.el9
Doc Type:	No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed:
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	CRYPTO-7933	0	None	None	None	2022-07-19 14:55:03 UTC
Red Hat Issue Tracker	RHELPLAN-126751	0	None	None	None	2022-06-30 14:57:45 UTC

Description Alexander Sosedkin 2022-06-30 14:40:52 UTC

Doesn't look like we want to certify SHA-1 verification at all, even though it's allowed for legacy usage.
SHA-1 verification is blocked with config in FIPS, but for certification we should either hard-block or indicator-disapprove.
I propose doing the latter downstream. Impact should be minimal if we block it by default anyway.

Upstream test that checks for verification being approved:
https://gitlab.com/gnutls/gnutls/-/blob/ebfe675f15bfb52d61451e96d0f73d792a2b9a9b/tests/fips-test.c#L457

Comment 1 Daiki Ueno 2022-07-01 05:20:43 UTC

(In reply to Alexander Sosedkin from comment #0)
> Doesn't look like we want to certify SHA-1 verification at all, even though
> it's allowed for legacy usage.
> SHA-1 verification is blocked with config in FIPS, but for certification we
> should either hard-block or indicator-disapprove.
> I propose doing the latter downstream. Impact should be minimal if we block
> it by default anyway.

DSA verification is also allowed for legacy use but we mark them non-approved in upstream, so I guess we could do the same for SHA-1 signature verification.

Note You need to log in before you can comment on or make changes to this bug.