[gnutls-devel] GnuTLS | Add missing FIPS service indicator transitions (!1569)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Tue Apr 5 18:04:49 CEST 2022
Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1569 was reviewed by Daiki Ueno
--
Daiki Ueno started a new discussion on lib/ext/session_ticket.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1569#note_901437601
> }
>
> + if (is_cipher_algo_allowed(TICKET_CIPHER))
Given `TICKET_CIPHER` is fixed, we could set it to `GNUTLS_FIPS140_OP_APPROVED` always.
--
Daiki Ueno started a new discussion on lib/nettle/rnd.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1569#note_901437623
> *_ctx = ctx;
>
> + _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_NOT_APPROVED);
I would limit the state transition in `.rnd`, which corresponds to the public API (`gnutls_rnd`). As `.init` is called from the library constructor, there is no way to set FIPS context.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1569
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220405/f65bbc06/attachment.html>
More information about the Gnutls-devel
mailing list