[gnutls-devel] GnuTLS | fips: make FIPS140-2 mode enablement logic simpler (!1253)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Tue May 19 17:59:02 CEST 2020

Daiki Ueno commented on a discussion on lib/crypto-selftests.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1253#note_345329190

>  			}
>  #define FIPS_STARTUP_ONLY_TEST_CASE(x, func, vectors) case x: \
> -			if (_gnutls_fips_mode_enabled() != 1) { \
> +			if (_gnutls_fips_mode_enabled() != 1 && \

After checking the history of the change, it seems that:
* the macro was introduced to avoid non-recoverable errors if the FIPS self-tests are run as part of library initialization
* that code path, however, has been removed in the later commit 3963518d067a64412bbe0aa9ce5fc33ae729c15f

Therefore, I am going to remove that macro and use `NON_FIPS_CASE` exclusively.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1253#note_345329190
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200519/03320dc7/attachment.html>

More information about the Gnutls-devel mailing list