Home GnuPG

Remove the forced fips mode

Description

Remove the forced fips mode

* cipher/rsa.c (generate_fips): Drop reference to enforced fips mode and
  use normal FIPS mode check
* doc/gcrypt.texi: Drop references to enforced FIPS mode
* src/fips.c (enforced_fips_mode): Removed
  (_gcry_initialize_fips_mode): Remove reading of the FIPS_FORCE_FILE
  to enforce FIPS mode
  (_gcry_enforced_fips_mode): Remove
  (_gcry_set_enforced_fips_mode): Remove
* src/g10lib.h (_gcry_enforced_fips_mode): Remove declaration
  (_gcry_set_enforced_fips_mode): Remova declaration
* src/global.c (print_config): Remove the forced fips flag
  (_gcry_vcontrol): Deprecate GCRYCTL_SET_ENFORCED_FIPS_FLAG
  (get_no_secure_memory): Ignore the option in FIPS mode

(_gcry_vcontrol): Simply ignore GCRYCTL_SET_ENFORCED_FIPS_FLAG.

  • Signed-off-by: Werner Koch <wk@gnupg.org>
  • GnuPG-bug-id: T5244

Details

Provenance
JakujeAuthored on Sep 17 2021, 3:03 PM
wernerCommitted on Sep 20 2021, 8:32 AM
Parents
rCedbc1dd10bc3: Remove a way to inactive FIPS mode
Branches
Unknown
Tags
Unknown
Tasks
T5244: libgcrypt: Restrict MD5 use