[gnutls-devel] GnuTLS | fips: make FIPS140-2 mode enablement logic simpler (!1253)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Tue May 19 17:59:02 CEST 2020
Daiki Ueno commented on a discussion on lib/crypto-selftests.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1253#note_345329190
> }
>
> #define FIPS_STARTUP_ONLY_TEST_CASE(x, func, vectors) case x: \
> - if (_gnutls_fips_mode_enabled() != 1) { \
> + if (_gnutls_fips_mode_enabled() != 1 && \
After checking the history of the change, it seems that:
* the macro was introduced to avoid non-recoverable errors if the FIPS self-tests are run as part of library initialization
* that code path, however, has been removed in the later commit 3963518d067a64412bbe0aa9ce5fc33ae729c15f
Therefore, I am going to remove that macro and use `NON_FIPS_CASE` exclusively.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1253#note_345329190
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200519/03320dc7/attachment.html>
More information about the Gnutls-devel
mailing list