Support for SHA-1 was removed, but the 160 bit message size remained.

OS PP v4.3 is modified as follows, with strikethroughs denoting deletions:

FCS_COP.1.1/HASH is modified as follows:

FCS_COP.1.1/HASH

The OS shall perform [cryptographic hashing services] in accordance with a

specified cryptographic algorithm [selection:

·        SHA-256

·        SHA-384

·        SHA-512

] and message digest sizes [selection:

·        160 bits

·        256 bits

·        384 bits

·        512 bits

] that meet the following: [FIPS Pub 180-4].

FCS_COP.1.1/KEYHMAC is modified as follows:

FCS_COP.1.1/KEYHMAC (Refined)

The OS shall perform [keyed-hash message authentication services] in

accordance with a specified cryptographic algorithm [selection: SHA-256,

SHA-384, SHA-512] with key sizes [assignment: key size (in bits) used in

HMAC] and message digest sizes [selection: 160 bits, 256 bits, 384 bits, 512

bits] that meet the following: [FIPS Pub 198-1 The Keyed-Hash Message

Authentication Code and FIPS Pub 180-4 Secure Hash Standard].

SHA-1 algorithms from TLS Functional Package v1.1 and SSH Functional Package v1.0 cannot be selected when used with OS PP v4.3. Therefore, the 160 bits selection can be removed.