[gnutls-devel] GnuTLS | cipher: add restriction on CCM tag length under FIPS mode (!1658)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Sat Oct 22 02:26:16 CEST 2022
Daiki Ueno commented on a discussion on tests/fips-test.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1658#note_1145211750
> +
> + fips_push_context(fips_context);
> + memset(buffer, 0, sizeof(buffer));
> + length = sizeof(buffer);
> + ret = gnutls_aead_cipher_encrypt(h, iv_data, gnutls_cipher_get_iv_size(cipher),
> + NULL, 0, tag_length,
> + buffer, length - tag_length,
> + buffer, &length);
> + if (ret != expected_ret) {
> + fail("gnutls_aead_cipher_encrypt(%s) returned %d while %d is expected\n",
> + gnutls_cipher_get_name(cipher),
> + ret, expected_ret);
> + }
> + fips_pop_context(fips_context, expected_state);
> +
> + /* We can't proceed with decryption when encryption failed,
Reworked so the decryption test is always exercised.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1658#note_1145211750
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20221022/cd9fbfff/attachment-0001.html>
More information about the Gnutls-devel
mailing list