[gnutls-devel] GnuTLS | Expose a public interface for executing FIPS integrity tests on-demand (#1364)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Fri May 13 09:03:48 CEST 2022




Daiki Ueno commented:


Could you elaborate which requirement you are referring to? If it is FIPS140-3 IG [10.3.E](https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validation-program/documents/fips%20140-3/FIPS%20140-3%20IG.pdf#page=64) Periodic Self-Testing, it says:
> At security levels 1 and 2, acceptable means for initiating the periodic self-tests include a provided service, resetting, rebooting or power cycling.

Aside from that I also wonder whether it's meaningful to repeat the library integrity check after the library is loaded. While it would be possible that the library file is modified afterwards, that doesn't affect the application behavior.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1364#note_945515515
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220513/28744519/attachment.html>


More information about the Gnutls-devel mailing list