FIPS 140 service indicator revamp
Werner Koch
wk at gnupg.org
Thu Oct 24 10:58:07 CEST 2024
On Thu, 24 Oct 2024 10:34, NIIBE Yutaka said:
> For this, firstly, I propose the API of following:
>
> void _gcry_thread_context_set_fsi (unsigned long fsi);
> unsigned long _gcry_thread_context_get_fsi (void);
> unsigned long gcry_thread_context_get_fsi (void);
I think we need to consider what to do with the older and FIPS approved
1.10 version. Adding a new function call extends the ABI but
application need to explicit test for the existance of the new function.
They can't just check the version number of Libgcrypt and conclude that
the new function exists.
We could step this aside by using gcry_control along with a macro to get
the FIPS indictor. gcry_control would return an error for an unknown
control code and the caller could test for this.
Or we use symbol versioning tricks.
Shalom-Salam,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20241024/2759460f/attachment.sig>
More information about the Gcrypt-devel
mailing list