[gnutls-devel] GnuTLS | _gnutls_priority_update_fips is called when the fips mode is off (#1485)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Wed Jun 7 06:14:14 CEST 2023
Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1485#note_1421116417
Thank you for the report, but I don't think this is a bug: the return value 2 means `GNUTLS_FIPS140_LAX`as defined as:
> The library still uses the FIPS140-2 relevant algorithms but all forbidden by FIPS140-2 operations are allowed; this is useful when the application is aware of the followed security policy, and needs to utilize disallowed operations for other reasons (e.g., compatibility).
https://www.gnutls.org/manual/html_node/FIPS140_002d2-mode.html#Relaxing-FIPS140_002d2-requirements
Therefore, it not only affects self-tests but also is meant to simulate the FIPS behavior. If that is not clear, we can update the comment.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1485#note_1421116417
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20230607/71ee9b50/attachment-0001.html>
More information about the Gnutls-devel
mailing list