[gnutls-devel] GnuTLS | DRBG: Remove all traces of FIPS 140-2 continuous self test (!820)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Wed Nov 28 07:20:06 CET 2018


> There is a crash though when the library is run on
> FIPS140 mode, which I could not figure why from the changes.

This issue is now fixed. The GnuTLS library could not initialize in FIPS mode
since the self test failed. I have updated the self test now to use an ACVP
test that I just successfully verified yesterday.

I took an ACVP test vector that contains the verification of personalization
string and additional information to cover more code paths. Yet I removed the
number of self tests from 3 to 1. If you think that more than one self test is
beneficial, I can easily add more self tests using other ACVP test vectors I
now have on file.

The crash though is interesting: when I use the GnuTLS library without the
updated self test in FIPS mode with my test harness, the library would simply
not initialize and my application stops. The test, however, crashes. It seems
that the test does not handle a failure in the initialization of GnuTLS
gracefully.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/820#note_120605715
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181128/6b4ee8b7/attachment.html>


More information about the Gnutls-devel mailing list