Home GnuPG

Disable non-allowed algorithms in FIPS mode
ce1cbe16992aUnpublished

Unpublished Commit ยท Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

Disable non-allowed algorithms in FIPS mode

* cipher/cipher.c (_gcry_cipher_init),
* cipher/mac.c (_gcry_mac_init),
* cipher/md.c (_gcry_md_init),
* cipher/pubkey.c (_gcry_pk_init): In the FIPS mode, disable all the
non-allowed ciphers.
* cipher/md5.c: Mark MD5 as not allowed in FIPS.
* src/g10lib.h (_gcry_mac_init): New.
* src/global.c (global_init): Call the new _gcry_mac_init.
* tests/basic.c (check_ciphers): Fix a typo.

When running in the FIPS mode, disable all the ciphers that don't have
the fips flag set.
Skip the non-allowed algos during testing in the FIPS mode.

Thanks to Ludwig Nussel.

  • Signed-off-by: Vitezslav Cizek <vcizek@suse.com>

Details

Provenance
civAuthored on Oct 29 2015, 5:13 PM
wernerCommitted on Mar 18 2016, 3:48 PM
Parents
rCc478cf175887: kdf: Make PBKDF2 check work on all platforms.
Branches
Unknown
Tags
Unknown