On Wed, May 21, 2025 at 02:55:19PM +0200, Vegard Nossum wrote: > The sunset period of SHA-1 is approaching [1] and FIPS 140 certificates > have a validity of 5 years. Any distros starting FIPS certification for > their kernels now would therefore most likely end up on the NIST > Cryptographic Module Validation Program "historical" list before their > certification expires. > > While SHA-1 is technically still allowed until Dec. 31, 2030, it is > heavily discouraged by NIST and it makes sense to set .fips_allowed to > 0 now for any crypto algorithms that reference it in order to avoid any > costly surprises down the line. > > [1]: https://www.nist.gov/news-events/news/2022/12/nist-retires-sha-1-cryptographic-algorithm > > Acked-by: Stephan Mueller <smueller@xxxxxxxxxx> > Cc: Marcus Meissner <meissner@xxxxxxx> > Cc: Jarod Wilson <jarod@xxxxxxxxxx> > Cc: Neil Horman <nhorman@xxxxxxxxxxxxx> > Cc: John Haxby <john.haxby@xxxxxxxxxx> > Signed-off-by: Vegard Nossum <vegard.nossum@xxxxxxxxxx> > --- > crypto/testmgr.c | 5 ----- > 1 file changed, 5 deletions(-) Patch applied. Thanks. -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
