diff options
| author | Vitezslav Cizek <vcizek@suse.com> | 2015-10-29 17:13:16 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2016-03-18 15:48:15 +0100 |
| commit | ce1cbe16992a7340edcf8e6576973e3508267640 (patch) | |
| tree | ab4d7c4b3429f83878803f1db98df8830a856dc9 /src | |
| parent | c478cf175887c84dc071c4f73a7667603b354789 (diff) | |
| download | libgcrypt-ce1cbe16992a7340edcf8e6576973e3508267640.tar.gz | |
Disable non-allowed algorithms in FIPS mode
* cipher/cipher.c (_gcry_cipher_init),
* cipher/mac.c (_gcry_mac_init),
* cipher/md.c (_gcry_md_init),
* cipher/pubkey.c (_gcry_pk_init): In the FIPS mode, disable all the
non-allowed ciphers.
* cipher/md5.c: Mark MD5 as not allowed in FIPS.
* src/g10lib.h (_gcry_mac_init): New.
* src/global.c (global_init): Call the new _gcry_mac_init.
* tests/basic.c (check_ciphers): Fix a typo.
--
When running in the FIPS mode, disable all the ciphers that don't have
the fips flag set.
Skip the non-allowed algos during testing in the FIPS mode.
Thanks to Ludwig Nussel.
Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/g10lib.h | 1 | ||||
| -rw-r--r-- | src/global.c | 3 |
2 files changed, 4 insertions, 0 deletions
diff --git a/src/g10lib.h b/src/g10lib.h index 7352556a..af688700 100644 --- a/src/g10lib.h +++ b/src/g10lib.h @@ -381,6 +381,7 @@ typedef struct fast_wipememory_s gcry_err_code_t _gcry_cipher_init (void); gcry_err_code_t _gcry_md_init (void); +gcry_err_code_t _gcry_mac_init (void); gcry_err_code_t _gcry_pk_init (void); gcry_err_code_t _gcry_secmem_module_init (void); gcry_err_code_t _gcry_mpi_init (void); diff --git a/src/global.c b/src/global.c index 4d69b27b..8669a46c 100644 --- a/src/global.c +++ b/src/global.c @@ -105,6 +105,9 @@ global_init (void) err = _gcry_md_init (); if (err) goto fail; + err = _gcry_mac_init (); + if (err) + goto fail; err = _gcry_pk_init (); if (err) goto fail; |