FIPS 140 service indicator revamp
NIIBE Yutaka
gniibe at fsij.org
Thu Dec 19 03:39:38 CET 2024
NIIBE Yutaka <gniibe at fsij.org> wrote:
> Here are changes for gcry_pk_hash_* functions.
>
> This change includes stop rejecting non-compliant cases.
>
> With LIBGCRYPT_FORCE_FIPS_MODE=true, "make check" result 7 failures.
>
> FAIL: basic
> FAIL: t-kem
> FAIL: dsa-rfc6979
> FAIL: curves
> FAIL: t-cv25519
> FAIL: t-x448
> FAIL: basic-disable-all-hwf
To support old behavior, I introduced GCRYCTL_FIPS_REJECT_NON_FIPS.
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0003-fips-Introduce-GCRYCTL_FIPS_REJECT_NON_FIPS.patch
Type: text/x-diff
Size: 8997 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20241219/cc841e45/attachment.patch>
More information about the Gcrypt-devel
mailing list