[gnutls-devel] GnuTLS | Expose a public interface for executing FIPS integrity tests on-demand (#1364)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Fri May 13 12:04:03 CEST 2022

Richard Costa commented:

Hi, thanks for your answer.

Yes, that's the requirement. Note that for many environments resetting, rebooting or power cycles are not adequate, so that's why I'd like to include a provided service (which essentially reuses function which are already provided).

>From what I discussed with a FIPS specialist, there is the option of doing a deinitializing/initializing cycle of the library. However, I hold the opinion that such an alternative is quite extreme, since it not only executes integrity tests, but a whole bunch of other operations.

I agree with you that integrity checks after library modules are loaded doesn't look very useful. However, this is still a FIPS requirement, so anyone who plans to get GnuTLS compliant will have to provide a alternative anyway.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1364#note_945763826
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220513/fd5d0736/attachment.html>

More information about the Gnutls-devel mailing list