712_0004-Disable-non-allowed-algorithms-in-FIPS-mode.patch
AbandonedPublic

Authored by civ on Nov 5 2015, 2:18 PM.

Details

Reviewers
None
Summary

From fe93fe9c74de406407ccccdc3c226a9a8e50fb98 Mon Sep 17 00:00:00 2001
From: Vitezslav Cizek <vcizek@suse.com>
Date: Thu, 29 Oct 2015 17:13:16 +0100
Subject: [PATCH 04/11] Disable non-allowed algorithms in FIPS mode

  • cipher/cipher.c (_gcry_cipher_init),
  • cipher/mac.c (_gcry_mac_init),
  • cipher/md.c (_gcry_md_init),
  • cipher/pubkey.c (_gcry_pk_init): In the FIPS mode, disable all the

non-allowed ciphers.

  • cipher/md5.c: Mark MD5 as not allowed in FIPS.
  • src/g10lib.h (_gcry_mac_init): New.
  • src/global.c (global_init): Call the new _gcry_mac_init.
  • tests/basic.c (check_ciphers): Fix a typo. --

When running in the FIPS mode, disable all the ciphers that don't have
the fips flag set.
Skip the non-allowed algos during testing in the FIPS mode.

Thanks to Ludwig Nussel.
Signed-off-by: Vitezslav Cizek <vcizek@suse.com>

Signed-off-by: Vitezslav Cizek <vcizek@suse.com>

cipher/cipher.c | 11 ++++++++++
cipher/mac.c | 17 +++++++++++++++
cipher/md.c | 11 ++++++++++
cipher/md5.c | 2 +-
cipher/pubkey.c | 11 ++++++++++
src/g10lib.h | 1 +
src/global.c | 3 +++
tests/basic.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++-------
8 files changed, 115 insertions(+), 9 deletions(-)

2.6.2

Test Plan

Diff Detail

Lint
Lint Skipped
Unit
Unit Tests Skipped