Hi Jeff,
These DRBGs were originally disallowed by FIPS 140-3 Implementation
Guidance D.R.
That IG has since been withdrawn (i.e., they are allowed again), but
nobody has proposed a patch to enable them again.
Kind regards,
Joachim
On 4/23/25 7:31 AM, Jeff Barnes wrote:
Hello,
I noticed that the following algorithms don't have .fips_allowed enabled in testmgr.c. All of the other drbg algorithms have it enabled. I didn't see a git log entry explaining why.
By not enabling .fips_allowed, the algorithms won't load when fips=1. What is the reason for this?
Thanks
Jeff Barnes
}, {
/* covered by drbg_nopr_hmac_sha256 test */
.alg = "drbg_nopr_hmac_sha384",
.test = alg_test_null,
}, {
...
{
/* covered by drbg_pr_hmac_sha256 test */
.alg = "drbg_pr_hmac_sha384",
.test = alg_test_null,
},
...
}, {
/* covered by drbg_nopr_sha256 test */
.alg = "drbg_nopr_sha384",
.test = alg_test_null,
}, {
...
}, {
/* covered by drbg_pr_sha256 test */
.alg = "drbg_pr_sha384",
.test = alg_test_null,
}, {
