diff options
author | Daiki Ueno <ueno@gnu.org> | 2020-10-05 16:12:46 +0200 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2020-10-06 14:15:32 +0200 |
commit | 93c0e3ba4d2cfee86b32f28f33303a2193c4133c (patch) | |
tree | 31e62f55e2949e0bb8169f8fcbc71e9f275f6d68 /lib/libgnutls.map | |
parent | 6f034aa2e9f140626de2b9413715651dffe9e394 (diff) | |
download | gnutls-93c0e3ba4d2cfee86b32f28f33303a2193c4133c.tar.gz |
fips: add self-tests for HKDF
FIPS140-2 IG D.8 mandates self-test on approved KDF algorithms. As
the guidance only requires running a single instance of each KDF
mechanism, this only exercises HKDF-Extract and HKDF-Expand operations
with HMAC-SHA-256 as the underlying MAC.
Although HKDF is non-approved, it would be sensible to do that as it
will be approved in FIPS140-3.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Diffstat (limited to 'lib/libgnutls.map')
-rw-r--r-- | lib/libgnutls.map | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/libgnutls.map b/lib/libgnutls.map index 61276e5340..386b66f83e 100644 --- a/lib/libgnutls.map +++ b/lib/libgnutls.map @@ -1347,6 +1347,7 @@ GNUTLS_FIPS140_3_4 { gnutls_pk_self_test; gnutls_mac_self_test; gnutls_digest_self_test; + gnutls_hkdf_self_test; #for FIPS140-2 validation drbg_aes_reseed; drbg_aes_init; |