[gnutls-devel] GnuTLS | fips: add functions to inspect thread-local FIPS operation state (!1465)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Tue Nov 23 15:38:46 CET 2021




Daiki Ueno commented:


@smuellerDD I think this is almost ready; could you take a look? I've also adjusted some function/enum names in the linked gdoc.

A main caveat is that GnuTLS already prohibits most of the invalid uses of crypto primitives (such as RSA key shorter than 2048 bits) in FIPS mode and returns an error; this is the case of "Group 4" in the [IG](https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validation-program/documents/fips%20140-3/FIPS%20140-3%20IG.pdf). Therefore checks for "approved"/"non-approved" checks are only found in particular operations (e.g., uses of Edwards curves; I know they are being approved, but currently only prohibited by other means: crypto-policies).

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1465#note_741473996
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20211123/e40e509b/attachment.html>


More information about the Gnutls-devel mailing list