[gnutls-devel] GnuTLS | Draft: fips: add functions to inspect thread-local FIPS operation state (!1465)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Fri Nov 19 20:23:27 CET 2021
Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1465#note_738647227
OK, we have `GNUTLS_FIPS140_OPERATION_STATE_ERROR` for that purpose. So, I'm going to add those calls like:
```c
void some_crypto_op(...) {
int ret;
bool approved = true;
switch (...) {
case APPROVED_ALGO1:
break;
case APPROVED_ALGO2:
if (!approved_mode)
approved = false;
break;
case NON_APPROVED_ALGO:
approved = false;
break;
}
...
cleanup:
if (ret < 0) {
/* state transition to GNUTLS_FIPS140_OPERATION_STATE_ERROR */
} else if (approved) {
/* state transition to GNUTLS_FIPS140_OPERATION_STATE_APPROVED */
} else {
/* state transition to GNUTLS_FIPS140_OPERATION_STATE_NOT_APPROVED */
}
}
```
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1465#note_738647227
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20211119/250e6973/attachment.html>
More information about the Gnutls-devel
mailing list