[gnutls-devel] GnuTLS | FIPS140: mark HKDF and AES-GCM as approved when used in TLS (#1311)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Fri Jan 7 15:43:24 CET 2022

Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1311

As suggested in !1465, [HKDF](https://gitlab.com/gnutls/gnutls/-/merge_requests/1465#note_745619911) and [AES-GCM](https://gitlab.com/gnutls/gnutls/-/merge_requests/1465#note_745612424) are approved in FIPS when used in TLS, while currently they are marked as non-approved for all uses.

We could relax the check a little maybe using a temporary FIPS context, or adding internal API for HKDF and AES-GCM that leaves state change to the caller.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1311
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220107/977a880f/attachment.html>

More information about the Gnutls-devel mailing list