From fe93fe9c74de406407ccccdc3c226a9a8e50fb98 Mon Sep 17 00:00:00 2001
From: Vitezslav Cizek <vcizek@suse.com>
Date: Thu, 29 Oct 2015 17:13:16 +0100
Subject: [PATCH 04/11] Disable non-allowed algorithms in FIPS mode

• cipher/cipher.c (_gcry_cipher_init),
• cipher/mac.c (_gcry_mac_init),
• cipher/md.c (_gcry_md_init),
• cipher/pubkey.c (_gcry_pk_init): In the FIPS mode, disable all the

non-allowed ciphers.

• cipher/md5.c: Mark MD5 as not allowed in FIPS.
• src/g10lib.h (_gcry_mac_init): New.
• src/global.c (global_init): Call the new _gcry_mac_init.
• tests/basic.c (check_ciphers): Fix a typo. --

When running in the FIPS mode, disable all the ciphers that don't have
the fips flag set.
Skip the non-allowed algos during testing in the FIPS mode.

Thanks to Ludwig Nussel.
Signed-off-by: Vitezslav Cizek <vcizek@suse.com>

Signed-off-by: Vitezslav Cizek <vcizek@suse.com>

cipher/cipher.c | 11 ++++++++++
cipher/mac.c | 17 +++++++++++++++
cipher/md.c | 11 ++++++++++
cipher/md5.c | 2 +-
cipher/pubkey.c | 11 ++++++++++
src/g10lib.h | 1 +
src/global.c | 3 +++
tests/basic.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++-------
8 files changed, 115 insertions(+), 9 deletions(-)

2.6.2

See T1736: FIPS 186-4 compliance patches