On Thu, 7 May 2020 at 00:19, Paul Wouters <[email protected]> wrote: > > On Sun, 3 May 2020, Andrew Cagney wrote: > > >> So NSS is running in fips mode, but when we asked it, it said it was > >> not running in fips mode. So, using NSS to determine fips mode means we > >> have to open the NSS > >> database in algparse too? Ofcourse, we don't parse ipsec.conf so we do > >> not know which database to open. > > > > Why do I have this feeling of deja-vu... > > > > * Need to ensure that NSS is initialized before calling > > * ike_alg_init(). Sanity checks and algorithm testing > > * require a working NSS. > > * > > * When testing the algorithms in FIPS mode (i.e., executing > > * crypto code) NSS needs to be pointed at a real FIPS mode > > * NSS directory. > > Things in git master should now be working properly again. The plutomain > code was changed so it does not have to check the fips status twice. And > the algparse case now initializes nss without db, so then nss returns > the system/kernel fips mode as its own fips mode.
Nice, testing made a big jump in the right direction. _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
