[gnutls-devel] GnuTLS | FIPS140: mark HKDF and AES-GCM as approved when used in TLS (#1311)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Fri Jan 7 15:43:24 CET 2022
Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1311
As suggested in !1465, [HKDF](https://gitlab.com/gnutls/gnutls/-/merge_requests/1465#note_745619911) and [AES-GCM](https://gitlab.com/gnutls/gnutls/-/merge_requests/1465#note_745612424) are approved in FIPS when used in TLS, while currently they are marked as non-approved for all uses.
We could relax the check a little maybe using a temporary FIPS context, or adding internal API for HKDF and AES-GCM that leaves state change to the caller.
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1311
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnutls-devel