FIPS 140 service indicator revamp
NIIBE Yutaka
gniibe at fsij.org
Wed Dec 18 06:57:20 CET 2024
NIIBE Yutaka <gniibe at fsij.org> wrote:
> continue on gcry_pk_hash_* functions.
Here are changes for gcry_pk_hash_* functions.
This change includes stop rejecting non-compliant cases.
With LIBGCRYPT_FORCE_FIPS_MODE=true, "make check" result 7 failures.
FAIL: basic
FAIL: t-kem
FAIL: dsa-rfc6979
FAIL: curves
FAIL: t-cv25519
FAIL: t-x448
FAIL: basic-disable-all-hwf
Perhaps, to keep old behavior, we would introduce
GCRYCTL_FIPS_NO_REJECTION
for a thread (of new code) which wants no-rejection behavior.
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-fips-md-gcry_md_copy-should-care-about-FIPS-service-.patch
Type: text/x-diff
Size: 2168 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20241218/dd514e27/attachment-0002.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-fips-cipher-Implement-FIPS-service-indicator-for-gcr.patch
Type: text/x-diff
Size: 12035 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20241218/dd514e27/attachment-0003.patch>
More information about the Gcrypt-devel
mailing list