FIPS 140 service indicator revamp
NIIBE Yutaka
gniibe at fsij.org
Fri Dec 20 02:49:33 CET 2024
NIIBE Yutaka <gniibe at fsij.org> wrote:
> To support old behavior, I introduced GCRYCTL_FIPS_REJECT_NON_FIPS.
The expression "old" is not good. It's the behavior of libgcrypt 1.10
(and older).
Here is another patch to prefer GCRYCTL_FIPS_REJECT_NON_FIPS, removing
GCRY_CIPHER_FLAG_REJECT_NON_FIPS, GCRY_MD_FLAG_REJECT_NON_FIPS, and
GCRY_MAC_FLAG_REJECT_NON_FIPS in master.
I'm going to push those changes to master.
Then, I'll work on other gcry_pk_* API.
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-fips-Rejection-by-GCRYCTL_FIPS_REJECT_NON_FIPS-not-b.patch
Type: text/x-diff
Size: 17026 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20241220/2f740941/attachment-0001.patch>
More information about the Gcrypt-devel
mailing list