New commits:
commit 84c0cb7fc22a0ce82be7ceeb7b535edf66fb41c7
Author: Andrew Cagney <[email protected]>
Date: Fri Jun 21 17:34:05 2024 -0400
crypto FIPS: for AES_GCM replace PK11_{Encrypt,Decrypt} with PK11_AEADOp()
Use the sequence:
PK11_CreateContextBySymKey()
PK11_AEADOp()
PK11_Finish()
PK11_DestroyContext()
just note that, while better, it isn't FIPS perfect.
It needs to be further changed to:
- let PK11_AEADOp() generate the IV
- for a given key, only call PK11_{Create,Delete}() once
however.
see #1535 in the GCM code, replace PK11_Encrypt() with PK11_AEADOp()
commit 1c43b2432e5453aba33f169edd606284d4878383
Author: Andrew Cagney <[email protected]>
Date: Fri Jun 21 17:33:17 2024 -0400
nss: in jam_nss_cka() handle CKA_NSS_MESSAGE_MASK
_______________________________________________
Swan-commit mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-commit
