Page MenuHome GnuPG

FIPS: disable DSA for FIPS
Closed, ResolvedPublic

Description

While DSA support is out of support for our scope of FIPS support (to get certified), I'm not sure if it's good to set .fips = 0 in DSA module.

My concern is that, the possibility, some other party would want to get certified including DSA module.

To track things, I created this ticket.

Revisions and Commits

Event Timeline

gniibe triaged this task as Normal priority.Dec 2 2021, 1:12 AM
gniibe created this task.
gniibe added a subscriber: Jakuje.

This is the patch from @Jakuje

I have been convinced disabling DSA makes more sense.

gniibe changed the task status from Open to Testing.Dec 8 2021, 1:54 AM
gniibe added a project: Testing.

It turns out together with rCe96980022e5e some tests are failing in FIPS mode. The attached patch should handle the failures.

---removed outdated patch--

Sorry for the noise. There were couple of other places which I missed initially and which are covered in the v2 patch which follows:

gniibe removed a project: Testing.