Hello,

Thank you for your comment.

Stephan Mueller <smuel...@chronox.de> wrote:
> I have only one comment: can I ask that the patch applies a fail-close 
> approach instead of a fail-open? I.e. teh indicator should be initialized to 
> return a failure and only if a known approved algorithm is found, it should 
> be 
> set to 0.

I will do; I will change for a fail-close approach.

Let me confirm the whole picture.  Here are ongoing changes:

* Change 1: use of a new internal API for the FIPS service indicator.
  Current proposal is using thread local storage, with compiler support
  (__thread), to be conservative (not by modern C11 _Thread_local or C23
  thread_local).

* Change 2: new libgcrypt API for the FIPS service indicator (by macro
  and gcry_control with new number), for applications.

* Change 3: using the new internal API, modify libgcrypt; put
  initialization (of false), put update (of true) in a success path, for
  all relevant functions.

* Change 4 (possibly, some parts would be optional): modify libgcrypt so
  that it doesn't reject computation under FIPS mode for parameters, but
  continue to finish the computation.  After this change, it won't
  return an error for parameters issue (if it's not fatal), only setting
  a failure with the FIPS service indicator.

For a while, we keep current code around gcry_control with
GCRYCTL_FIPS_SERVICE_INDICATOR_* in libgcrypt, because there are already
some external code which use this API.
-- 

_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gcrypt-devel

Reply via email to