Red Hat's patch of libgcrypt-1.8.3-md-fips-enforce.patch:
I'd understand the intention of this change (as the title of patch suggests), but we need to make sure if it works well.
- With the patch, for MD5, when fips_mode() returns 1 but it's not enforced, it just go through with no errors.
- I wonder if the check of _gcry_enforced_fips_mode () should be also removed.
- We also have such checks and relaxing in gcry_md_hash_buffer and gcry_md_hash_buffers, don't we need to change too?
The original commit which add relaxing is:
rC3f204a1533f1: Do no restrtc usage of MD5 in fips mode.
I wonder if the intention of the patch is reverting rC3f204a15.