Page MenuHome GnuPG
Projects FIPS

FIPSTag
ActivePublic
Watch Project

Members (3)

Watchers (3)

Details

Description

FIPS related

Recent Activity
View All

Tue, Jun 17

gniibe closed T5964: gnupg should use the KDFs implemented in libgcrypt, a subtask of T6191: FIPS: Supporting running FIPS enabled machine, as Resolved.
Tue, Jun 17, 2:38 AM · gnupg24, FIPS, Bug Report
gniibe closed T5964: gnupg should use the KDFs implemented in libgcrypt as Resolved.
Tue, Jun 17, 2:38 AM · gnupg26, FIPS, Feature Request

May 26 2025

gniibe added a parent task for T5964: gnupg should use the KDFs implemented in libgcrypt: T7649: gnupg: Use KEM interface for encryption/decryption.
May 26 2025, 6:34 AM · gnupg26, FIPS, Feature Request
gniibe changed the status of T5964: gnupg should use the KDFs implemented in libgcrypt, a subtask of T6191: FIPS: Supporting running FIPS enabled machine, from Open to Testing.
May 26 2025, 6:32 AM · gnupg24, FIPS, Bug Report
gniibe changed the status of T5964: gnupg should use the KDFs implemented in libgcrypt from Open to Testing.

Done by T7649: gnupg: Use KEM interface for encryption/decryption

May 26 2025, 6:32 AM · gnupg26, FIPS, Feature Request

May 11 2025

gniibe closed T7338: Revamp the FIPS service indicator as Resolved.

Included in 1.11.1.

May 11 2025, 3:24 AM · libgcrypt, FIPS, Feature Request

Mar 13 2025

gniibe changed the status of T7338: Revamp the FIPS service indicator from Open to Testing.
Mar 13 2025, 7:05 AM · libgcrypt, FIPS, Feature Request

Dec 12 2024

gniibe added a comment to T7338: Revamp the FIPS service indicator.

Here are changes for gcry_md_open and its friends.

0001-fips-Change-the-internal-API-for-new-FIPS-service-in.patch4 KBDownload

Dec 12 2024, 6:43 AM · libgcrypt, FIPS, Feature Request
gniibe added a comment to T7338: Revamp the FIPS service indicator.

My idea in https://dev.gnupg.org/T7338#195529 doesn't work well when a function call is done multiple times.
Assuming SUCCESS, and marking all non-compliant places in the code works, and it would be good because libgcrypt so far maintains non-compliant path with rejection.

Dec 12 2024, 3:09 AM · libgcrypt, FIPS, Feature Request

Dec 9 2024

gniibe added a comment to T7338: Revamp the FIPS service indicator.

Pushed the change for adding hash tests in rC7faf542f1573: fips,tests: Add t-digest.

Dec 9 2024, 6:34 AM · libgcrypt, FIPS, Feature Request

Dec 6 2024

gniibe added a comment to T7338: Revamp the FIPS service indicator.

It seems that the internal API (as of 2024-12-06) is not enough.
Now, we have _gcry_md_hash_buffer function with the new FIPS service indicator.
It's used for public key crypto, too.
The compliance for hash function is a part of public key crypto, but not all.

Dec 6 2024, 6:54 AM · libgcrypt, FIPS, Feature Request
gniibe added a comment to T7338: Revamp the FIPS service indicator.

A change for gcry_md_hash_* functions are pushed by rC3478caac62c7: fips,md: Implement new FIPS service indicator for gcry_md_hash_*..
It doesn't have tests with FIPS service indicator yet.

Dec 6 2024, 6:40 AM · libgcrypt, FIPS, Feature Request

Dec 5 2024

gniibe added a comment to T7338: Revamp the FIPS service indicator.

New external API is by GCRYCTL_FIPS_SERVICE_INDICATOR and/or the new macro gcry_get_fips_service_indicator.
This change is pushed by rCf51f4e98930e: fips: Introduce GCRYCTL_FIPS_SERVICE_INDICATOR and the macro.

Dec 5 2024, 3:37 AM · libgcrypt, FIPS, Feature Request
gniibe added a comment to T7338: Revamp the FIPS service indicator.

New internal API is introduced with T7340 by the commit rCe1cf31232825: fips: Introduce an internal API for FIPS service indicator.

Dec 5 2024, 3:30 AM · libgcrypt, FIPS, Feature Request
gniibe changed the status of T7340: Introduced a context with thread local storage, a subtask of T7338: Revamp the FIPS service indicator, from Open to Testing.
Dec 5 2024, 3:28 AM · libgcrypt, FIPS, Feature Request
gniibe changed the status of T7340: Introduced a context with thread local storage from Open to Testing.

Change is pushed by rCe1cf31232825: fips: Introduce an internal API for FIPS service indicator.

Dec 5 2024, 3:28 AM · libgcrypt, FIPS, Feature Request

Nov 4 2024

werner triaged T7338: Revamp the FIPS service indicator as High priority.
Nov 4 2024, 12:54 PM · libgcrypt, FIPS, Feature Request

Oct 24 2024

gniibe added a comment to T7340: Introduced a context with thread local storage.

I created a branch: https://dev.gnupg.org/source/libgcrypt/history/gniibe%252Ft7340/

Oct 24 2024, 3:27 AM · libgcrypt, FIPS, Feature Request

Oct 16 2024

gniibe added a comment to T7340: Introduced a context with thread local storage.

Autoconf archive has AX_TLS: https://www.gnu.org/software/autoconf-archive/ax_tls.html
Also, AX_GCC_VAR_ATTRIBUTE(tls_model) could be used: https://www.gnu.org/software/autoconf-archive/ax_gcc_var_attribute.html

Oct 16 2024, 7:31 AM · libgcrypt, FIPS, Feature Request
gniibe updated the task description for T7340: Introduced a context with thread local storage.
Oct 16 2024, 7:28 AM · libgcrypt, FIPS, Feature Request
gniibe updated the task description for T7340: Introduced a context with thread local storage.
Oct 16 2024, 7:22 AM · libgcrypt, FIPS, Feature Request
gniibe triaged T7340: Introduced a context with thread local storage as Normal priority.
Oct 16 2024, 7:21 AM · libgcrypt, FIPS, Feature Request

Oct 15 2024

gniibe claimed T7338: Revamp the FIPS service indicator.
Oct 15 2024, 11:25 AM · libgcrypt, FIPS, Feature Request
werner created T7338: Revamp the FIPS service indicator.
Oct 15 2024, 11:24 AM · libgcrypt, FIPS, Feature Request

Jun 19 2024

werner closed T6976: RSA PKCS#1v1.5 signatures with SHA3 use invalid encoding as Resolved.
Jun 19 2024, 12:11 PM · FIPS, libgcrypt, Bug Report
werner closed T6557: Support of SHAKE in MGF function of RSA, a subtask of T6539: The digest&sign/verify API with SHAKE-class digests does not work, as Resolved.
Jun 19 2024, 12:10 PM · libgcrypt, FIPS, Bug Report
werner closed T6557: Support of SHAKE in MGF function of RSA as Resolved.
Jun 19 2024, 12:10 PM · libgcrypt, FIPS, Bug Report
werner removed a project from T5964: gnupg should use the KDFs implemented in libgcrypt: libgcrypt.
Jun 19 2024, 12:09 PM · gnupg26, FIPS, Feature Request

May 8 2024

werner closed T6511: EdDSA support in FIPS mode as Resolved.
May 8 2024, 8:32 AM · FIPS, libgcrypt, Bug Report

May 7 2024

Jakuje added a comment to T6511: EdDSA support in FIPS mode.

I think so. We did not submit a modules for recertification with these changes, but we do not plan this in close future so you can consider it completed.

May 7 2024, 3:01 PM · FIPS, libgcrypt, Bug Report
werner added a comment to T6511: EdDSA support in FIPS mode.

Can we close this?

May 7 2024, 2:44 PM · FIPS, libgcrypt, Bug Report

Apr 3 2024

werner closed T6515: GPG in FIPS mode spits out useless "out of core handler ignored in FIPS mode" message on every execution as Resolved.
Apr 3 2024, 9:28 AM · FIPS, Bug Report

Feb 9 2024

gniibe changed the status of T6976: RSA PKCS#1v1.5 signatures with SHA3 use invalid encoding from Open to Testing.

Applied the change. I write the ChangeLog entry by commit message.

Feb 9 2024, 8:32 AM · FIPS, libgcrypt, Bug Report

Feb 7 2024

werner triaged T6976: RSA PKCS#1v1.5 signatures with SHA3 use invalid encoding as Normal priority.
Feb 7 2024, 9:20 AM · FIPS, libgcrypt, Bug Report
werner added projects to T6976: RSA PKCS#1v1.5 signatures with SHA3 use invalid encoding: libgcrypt, FIPS.
Feb 7 2024, 9:17 AM · FIPS, libgcrypt, Bug Report

Nov 15 2023

gniibe closed T6539: The digest&sign/verify API with SHAKE-class digests does not work as Resolved.

The fix is in 1.10.3.

Nov 15 2023, 1:02 AM · libgcrypt, FIPS, Bug Report
gniibe closed T6507: SCRYPT does not work in FIPS mode as Resolved.

Fix is in 1.10.3.

Nov 15 2023, 12:54 AM · libgcrypt, FIPS, Bug Report

Nov 14 2023

werner closed T6217: sha3: wrong results for large inputs as Resolved.
Nov 14 2023, 1:18 PM · libgcrypt, FIPS, Bug Report
werner closed T4873: Enable AES GCM in FIPS mode as Resolved.
Nov 14 2023, 1:17 PM · FIPS, libgcrypt, Feature Request
werner closed T4873: Enable AES GCM in FIPS mode, a subtask of T5870: libgcrypt: AEAD API for FIPS 140 (in future), as Resolved.
Nov 14 2023, 1:17 PM · Feature Request, FIPS, libgcrypt
werner moved T6217: sha3: wrong results for large inputs from Backlog to For 1.10 on the libgcrypt board.
Nov 14 2023, 1:14 PM · libgcrypt, FIPS, Bug Report

Aug 8 2023

werner moved T6515: GPG in FIPS mode spits out useless "out of core handler ignored in FIPS mode" message on every execution from Backlog to Ready for release on the FIPS board.
Aug 8 2023, 11:08 AM · FIPS, Bug Report

Jun 28 2023

gniibe changed the status of T6539: The digest&sign/verify API with SHAKE-class digests does not work from Open to Testing.

Add the check of digest algorithm for EdDSA in: rCd15fe6aac10b: cipher:ecc:fips: Only allow defined digest algo for EdDSA.

Jun 28 2023, 7:23 AM · libgcrypt, FIPS, Bug Report
gniibe added a comment to T6539: The digest&sign/verify API with SHAKE-class digests does not work.

No, there are use cases in GnuPG, where we specify the hash algo for signing, and our own tests/benchmark.c.

Jun 28 2023, 3:54 AM · libgcrypt, FIPS, Bug Report
gniibe added a comment to T6539: The digest&sign/verify API with SHAKE-class digests does not work.

For the first issue, I added a check in: rCf65c30d470f5: cipher:ecc:fips: Reject use of SHAKE when it's ECDSA with RFC6979.

Jun 28 2023, 3:52 AM · libgcrypt, FIPS, Bug Report

Jun 27 2023

Jakuje added a comment to T6539: The digest&sign/verify API with SHAKE-class digests does not work.

From the FIPS 186-5 there are some limitations to use the SHAKE in FIPS Mode that we will have to reflect:

Jun 27 2023, 5:22 PM · libgcrypt, FIPS, Bug Report

Jun 23 2023

gniibe added a comment to T6557: Support of SHAKE in MGF function of RSA.

Pushed a change in master.

Jun 23 2023, 6:00 AM · libgcrypt, FIPS, Bug Report
gniibe changed the status of T6557: Support of SHAKE in MGF function of RSA, a subtask of T6539: The digest&sign/verify API with SHAKE-class digests does not work, from Open to Testing.
Jun 23 2023, 6:00 AM · libgcrypt, FIPS, Bug Report
gniibe changed the status of T6557: Support of SHAKE in MGF function of RSA from Open to Testing.
Jun 23 2023, 6:00 AM · libgcrypt, FIPS, Bug Report
gniibe updated the task description for T6557: Support of SHAKE in MGF function of RSA.
Jun 23 2023, 3:28 AM · libgcrypt, FIPS, Bug Report