Sorry, I didn't test for non-FIPS mode when I committed rC347817438990: fips: Fix tests in fips mode..
Tweaking the value for memory allocation is needed for FIPS mode, because it uses some secure memory by DRBG.

Since I think there is no reason why checking _gcry_enforced_fips_mode () here, I remove the check.

Applied by rC0f118c2dfb8e: cipher: Do not use of non-approved digests in FIPS mode.

There are two things here.
(1) Use of [] (FLEXIBLE_ARRAY_MEMBER)
(2) Use of offsetof (instead of sizeof) for computation of size of allocation.

Here is the documentation of the new way of single-threaded execution:
https://www.gnu.org/software/libc/manual/html_node/Single_002dThreaded.html

We also need to update m4/threadlib.m4.
Now, it's maintained in gnulib.
See the changes in:
https://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=commitdiff;h=12b5b00f93c6433c3df8176fc9674d7600f8b268

Ah, I understand the point (at least, partially); My understanding is: With FIPS mode, at the module boundary (== libgcrypt), it ensures that all cipher/digest/etc. operations are done under the standard compliance, and it is considered wrong (violation) when non-FIPS mode operation (such as SHA-1) and FIPS mode operation are mixed.

SUSE has patches and version 3235 of cavs_driver.pl, bud it seems that it doesn't support DSA with Q+HASHALGO yet.

Thank you for the information.

I checked with my OpenPGP card v3.4.
It works for me with GnuPG 2.2.x and 2.3.x.
My setting is for RSA-2048 key.

As a start, I applied your patches.

And... as long as I read the PCT patches, it is not needed to export those API to users.
It is only needed internally for PCT tests (at most).

I am considering API enhancement, for this task.

This rwlock guarantees access with ctrl->card_ctx is always valid.

(OpenSSL for FIPS support is a bit tricky, which is described in README-FIPS.md in their distribution. It offers OpenSSL FIPS provider as shared library fips.so.)

Just FYI, NSS offers following API:

With `/etc/gcrypt/fips_enabled/', make check fails by:

If I understand correctly, to conform FIPS, we need to ensure Key/IV pair uniqueness (See "Implementation Guidance for FIPS 140-3", Annex C. "C.H Key/IV Pair Uniqueness Requirements from SP 800-38D").
Use of the API to set IV by any value may be considered bad.

Update: still ./basic --fips fails (for me), because of GCM (18 errors).
Need to fix T4873: Enable AES GCM in FIPS mode.

I applied rC297d31294333: tests: Fix messages to STDERR when FIPS mode is enabled.. Please note that your intention to change check_digests is right, but your patch actually didn't; When a MD algo is not supported, gcry_md_test_algo returns != 0 (an error code), and it "continues" to next entry (before the change).

Thank you for your report.

In agent_write_private_key of agent/findkey.c, when file is available, it returns GPG_ERR_EEXIST error. Thus, private (stub) key will be kept.

Implementation Guidance for FIPS 140-3 and the Cryptographic Module Validation Program:
https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validation-program/documents/fips%20140-3/FIPS%20140-3%20IG.pdf

There are multiple issues here.

For KDF setup (00F9), setting it to '' (null, to reset the DO) doesn't work, but it raises 6a80.
Once KDF is enabled, only factory-reset can reset the feature.