Diffusion libgcrypt ce1cbe16992a

Disable non-allowed algorithms in FIPS mode
ce1cbe16992aUnpublished
Actions

Tags

None

Subscribers

None

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

Disable non-allowed algorithms in FIPS mode

* cipher/cipher.c (_gcry_cipher_init),
* cipher/mac.c (_gcry_mac_init),
* cipher/md.c (_gcry_md_init),
* cipher/pubkey.c (_gcry_pk_init): In the FIPS mode, disable all the
non-allowed ciphers.
* cipher/md5.c: Mark MD5 as not allowed in FIPS.
* src/g10lib.h (_gcry_mac_init): New.
* src/global.c (global_init): Call the new _gcry_mac_init.
* tests/basic.c (check_ciphers): Fix a typo.

When running in the FIPS mode, disable all the ciphers that don't have
the fips flag set.
Skip the non-allowed algos during testing in the FIPS mode.

Thanks to Ludwig Nussel.

Signed-off-by: Vitezslav Cizek <vcizek@suse.com>

Details

Provenance

civ	Authored on Oct 29 2015, 5:13 PM
• werner	Committed on Mar 18 2016, 3:48 PM

Parents

rCc478cf175887: kdf: Make PBKDF2 check work on all platforms.

Branches

Unknown

Tags

Unknown

Event Timeline

Werner Koch <wk@gnupg.org> committed rCce1cbe16992a: Disable non-allowed algorithms in FIPS mode (authored by Vitezslav Cizek <vcizek@suse.com>).Mar 18 2016, 3:48 PM

• gniibe mentioned this in T5244: libgcrypt: Restrict MD5 use.Jan 15 2021, 8:56 AM

Changes (8)

Path

Size

cipher/

src/

tests/

rCce1cbe16992a

cipher/cipher.c

Loading...

cipher/mac.c

Loading...

cipher/md.c

Loading...

cipher/md5.c

Loading...

cipher/pubkey.c

Loading...

src/g10lib.h

Loading...

src/global.c

Loading...

tests/basic.c

Loading...