<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<table border="0" cellpadding="0" cellspacing="0" style="width: 100%; border-collapse: separate; border-spacing: 0; margin: 0 auto;">

<tbody>

<tr>

<td style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; overflow: hidden;" align="left" bgcolor="#ffffff">

<table border="0" cellpadding="0" cellspacing="0" style="width: 100%; border-collapse: separate; border-spacing: 0;">

<tbody>

<tr>

<td style="color: #333333; border-bottom-width: 1px; border-bottom-color: #ededed; border-bottom-style: solid; font-size: 15px; font-weight: bold; line-height: 1.4; padding: 20px 0;">

Merge request

<a href="https://gitlab.com/gnutls/gnutls/-/merge_requests/1253">!1253</a>

was reviewed by

<a href="https://gitlab.com/asosedkin">Alexander Sosedkin</a>

</td>

</tr>

<tr>

<td style="overflow: hidden; font-size: 14px; line-height: 1.4; display: grid;">

<p style="color: #777777;">

<a href="https://gitlab.com/asosedkin">Alexander Sosedkin</a>

started a new

discussion on <a href="https://gitlab.com/gnutls/gnutls/-/merge_requests/1253#note_344496724">doc/cha-internals.texi</a>:

</p>

<table>

<tr class="line_holder old" id="">

<td class="diff-line-num old old_line" data-linenumber="674" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">

674

</td>

<td class="diff-line-num new_line old" data-linenumber="682" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content old" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#fbe9eb">

<pre style="margin: 0;">-<span id="LC674" class="line" lang="plaintext">@item Only approved by FIPS140-2 algorithms are enabled</span>

</pre>

</td>

</tr>

<tr class="line_holder old" id="">

<td class="diff-line-num old old_line" data-linenumber="675" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">

675

</td>

<td class="diff-line-num new_line old" data-linenumber="682" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content old" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#fbe9eb">

<pre style="margin: 0;">-<span id="LC675" class="line" lang="plaintext">@item Only approved by FIPS140-2 key lengths are allowed for key generation</span>

</pre>

</td>

</tr>

<tr class="line_holder" id="">

<td class="diff-line-num old_line" data-linenumber="676" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

676

</td>

<td class="diff-line-num new_line" data-linenumber="682" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

682

</td>

<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;">

<pre style="margin: 0;"> <span id="LC682" class="line" lang="plaintext">@item The random generator used switches to DRBG-AES</span>

</pre>

</td>

</tr>

</table>

<div style="border-bottom-width: 1px; border-bottom-color: #ededed; border-bottom-style: solid;">

<p dir="auto">I don't think it's true, based on <a href="https://gitlab.com/gnutls/gnutls/-/blob/a9f907be146be0df2cc756c19543ec1d10ccdef9/lib/random.c#L110">https://gitlab.com/gnutls/gnutls/-/blob/a9f907be146be0df2cc756c19543ec1d10ccdef9/lib/random.c#L110</a>.</p>

<p dir="auto">I'm not against switching to FIPS RNG on FIPS-enabled, but then I consider this MR to be dependent on actually ensuring that FIPS RNG is both enabled and self-tested in FIPS-installed-and-not-enabled scenario.</p>

<p dir="auto">On the subject of non-zero comparisons, <a href="https://gitlab.com/gnutls/gnutls/-/blob/a9f907be146be0df2cc756c19543ec1d10ccdef9/lib/crypto-selftests.c#L1943">https://gitlab.com/gnutls/gnutls/-/blob/a9f907be146be0df2cc756c19543ec1d10ccdef9/lib/crypto-selftests.c#L1943</a> also seems strange to me; whatever it is, I can't really rationalize it.</p>

</div>

<p style="color: #777777;">

<a href="https://gitlab.com/asosedkin">Alexander Sosedkin</a>

started a new

discussion on <a href="https://gitlab.com/gnutls/gnutls/-/merge_requests/1253#note_344496730">doc/cha-internals.texi</a>:

</p>

<table>

<tr class="line_holder new" id="">

<td class="diff-line-num new old_line" data-linenumber="679" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">

</td>

<td class="diff-line-num new new_line" data-linenumber="689" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">

689

</td>

<td class="line_content new" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0">

<pre style="margin: 0;">+<span id="LC689" class="line" lang="plaintext"></span>

</pre>

</td>

</tr>

<tr class="line_holder new" id="">

<td class="diff-line-num new old_line" data-linenumber="679" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">

</td>

<td class="diff-line-num new new_line" data-linenumber="690" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">

690

</td>

<td class="line_content new" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0">

<pre style="margin: 0;">+<span id="LC690" class="line" lang="plaintext">@itemize</span>

</pre>

</td>

</tr>

<tr class="line_holder new" id="">

<td class="diff-line-num new old_line" data-linenumber="679" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">

</td>

<td class="diff-line-num new new_line" data-linenumber="691" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">

691

</td>

<td class="line_content new" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0">

<pre style="margin: 0;">+<span id="LC691" class="line" lang="plaintext">@item Only approved by FIPS140-2 algorithms are enabled</span>

</pre>

</td>

</tr>

</table>

<div style="border-bottom-width: 1px; border-bottom-color: #ededed; border-bottom-style: solid;">

<p dir="auto">I think it'd be nice to elaborate which classes of algorithms have the restriction enforced and which are not. AFAIK, ciphers and macs are limited, when, e.g., curve selection is not restricted.</p>

</div>

</td>

</tr>

</tbody>

</table>

</td>

</tr>

</tbody>

</table>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777;">

—

<br>

Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/-/merge_requests/1253">view it on GitLab</a>.

<br>

You're receiving this email because of your account on gitlab.com.

If you'd like to receive fewer emails, you can

<a href="https://gitlab.com/-/sent_notifications/8aee48d6cd8ac3336fa0ac6b517bbe98/unsubscribe">unsubscribe</a>

from this thread or

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Merge request","url":"https://gitlab.com/gnutls/gnutls/-/merge_requests/1253"}}</script>

</p>

</div>

</body>

</html>