[gnutls-devel] GnuTLS | DRBG: Remove all traces of FIPS 140-2 continuous self test (!820)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Wed Nov 28 07:10:31 CET 2018
There are two reasons: first, the first block in ctx->prev_block never seems to be used anywhere. Thus, maintaining this ctx->prev_block would be meaningless these days. It used to be there to perform the memcmp with the current block to implement the FIPS 140-2 continuous self test. That is not required any more and thus the memcmp was removed. Yet, the copying of the previous block was still present.
Second, for the ACVP testing, we need the very first block after initializaing a DRBG instance. In the past, I set the ctx->prev_block_present to 1 immediately after initializing in my test harness. But somehow that did not work. Instead of spending time to debug it, I felt to completely remove the code that seems to serve no purpose any more.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/820#note_120604357
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181128/65526f10/attachment.html>
More information about the Gnutls-devel
mailing list