[gnutls-devel] GnuTLS | Draft: fips: add functions to inspect thread-local FIPS operation state (!1465)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Thu Nov 18 10:06:54 CET 2021
Daiki Ueno commented:
@smuellerDD this is the service indicator implementation we discussed some time ago. I'm currently adding the state transitions everywhere, but stumbled on where and when to trigger the indication.
Someone told me it would be reasonable to add it right after validating the arguments, but I'm a bit skeptical about that.
Suppose we have a FFDH calculation; when an approved parameter is chosen, we know that the library is going to perform the actual calculation, though it will also validates Z (as in bea53f1b46a64d6dcf5bbe4794740c4d4459f9bf) after that. If it fails (though unlikely), should we mark the state as if there was no crypto operation performed? The DH function nevertheless return an error in that case.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1465#note_736633369
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20211118/97368a24/attachment-0001.html>
More information about the Gnutls-devel
mailing list