[gnutls-devel] GnuTLS | Mark HKDF and AES-GCM as approved when used in TLS (!1568)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Tue Apr 5 13:10:42 CEST 2022




Zoltán Fridrich commented on a discussion on lib/constate.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1568#note_900944600

>  	key.data = state->key;
>  	key.size = state->key_size;
>  
> -	ret = _gnutls_aead_cipher_init(&state->ctx.aead,
> -				       algo, &key);
> -	if (ret < 0)
> +	ret = _gnutls_aead_cipher_init(&state->ctx.aead, algo, &key);
> +	if (ret < 0) {
> +		_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
>  		return gnutls_assert_val(ret);
> +	}
> +
> +	if (is_cipher_algo_allowed(algo))

I think it looks cleaner as it is

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1568#note_900944600
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220405/3906d5e8/attachment-0001.html>


More information about the Gnutls-devel mailing list