[gnutls-devel] GnuTLS | Improve FIPS signatures self-tests (!1206)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Mon Mar 16 13:45:55 CET 2020

Anderson Sasaki commented on a discussion on tests/slow/cipher-test.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1206#note_305520603

>  int main(int argc, char **argv)
>  {
> +
> +	if (gnutls_fips140_mode_enabled()) {

I take back my suggestion. Existing applications using the API wouldn't know about the introduced flag and could fail.

I suggest the test to detect if FIPS mode is enabled and the library state to know if it is running the POST. This way we can make it to fall back to use the pairwise-consistency test when called explicitly in FIPS mode. In other cases, the known answer test would be used.

This would make the tests to run using the right methods transparently.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1206#note_305520603
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200316/6896d60d/attachment.html>

More information about the Gnutls-devel mailing list