Diffusion libgcrypt 9f0fd2656d7d

cipher: Check and mark non-compliant cipher modes in the SLI
9f0fd2656d7d
Actions

Tags

None

Subscribers

None

Description

cipher: Check and mark non-compliant cipher modes in the SLI

* cipher/cipher.c (_gcry_cipher_open_internal): Check and mark if the
cipher mode is compliant and reject accordingly.
(_gcry_cipher_is_mode_fips_compliant): New.
* src/gcrypt.h.in (GCRY_FIPS_FLAG_REJECT_CIPHER_MODE): New.
* tests/t-fips-service-ind.c (check_cipher_o_s_e_d_c): Add test to
verify that the service level indication is correctly set for non-
compliant cipher modes, and correctly rejected if
GCRY_FIPS_FLAG_REJECT_CIPHER_MODE is set.

GnuPG-bug-id: T7338
Signed-off-by: Lucas Mulling <lucas.mulling@suse.com>

Details

Provenance

Lucas Mulling <lucas.mulling@suse.com>	Authored on Fri, Jan 24, 1:57 PM
• gniibe	Committed on Mon, Jan 27, 1:03 AM

Parents

rC24a2ca672b21: Remove WindowsCE support.

Branches

Unknown

Tags

Unknown

Tasks

T7338: Revamp the FIPS service indicator

Event Timeline

• gniibe committed rC9f0fd2656d7d: cipher: Check and mark non-compliant cipher modes in the SLI (authored by Lucas Mulling <lucas.mulling@suse.com>).Mon, Jan 27, 1:03 AM

• gniibe added a task: T7338: Revamp the FIPS service indicator.Mon, Jan 27, 1:05 AM

Changes (3)

Path

Size

cipher/

src/

tests/

t-fips-service-ind.c

rC9f0fd2656d7d

cipher/cipher.c

Loading...

src/gcrypt.h.in

Loading...

tests/t-fips-service-ind.c

Loading...