[gnutls-devel] GnuTLS | fips: add functions to inspect thread-local FIPS operation state (!1465)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Tue Dec 28 16:34:20 CET 2021
Daiki Ueno commented:
@smuellerDD thank you for the review. So far, I've made the following changes based on the suggestions from @pmgdeb:
- DH now checks if the prime is 2048-bit (otherwise mark the op as non-approved), ECDH now additionally checks P-192
- RSA and RSA-PSS now have explicit check on the key length in KeyGen, SigGen, and SigVer
- RSA and RSA-PSS now have explicit check on the hash algorithm in KeyGen, SigGen, and SigVer (SHA-2 only for KeyGen and SigGen, SHA-1 is also marked as approved for SigVer)
- DSA is marked as non-approved for all uses
- ECDSA now additionally checks P-192
- GCM is marked as non-approved for all uses including TLS
- HKDF is marked as non-approved for all uses including TLS
For the last two we plan to mark the TLS uses as approved, but I think it covers most of the certification requirements now.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1465#note_796799143
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20211228/b11c8a7a/attachment.html>
More information about the Gnutls-devel
mailing list