Disable non-allowed algorithms in FIPS mode
authorVitezslav Cizek <vcizek@suse.com>
Thu, 29 Oct 2015 16:13:16 +0000 (17:13 +0100)
committerWerner Koch <wk@gnupg.org>
Fri, 18 Mar 2016 14:48:15 +0000 (15:48 +0100)
commitce1cbe16992a7340edcf8e6576973e3508267640
treeab4d7c4b3429f83878803f1db98df8830a856dc9
parentc478cf175887c84dc071c4f73a7667603b354789
Disable non-allowed algorithms in FIPS mode

* cipher/cipher.c (_gcry_cipher_init),
* cipher/mac.c (_gcry_mac_init),
* cipher/md.c (_gcry_md_init),
* cipher/pubkey.c (_gcry_pk_init): In the FIPS mode, disable all the
non-allowed ciphers.
* cipher/md5.c: Mark MD5 as not allowed in FIPS.
* src/g10lib.h (_gcry_mac_init): New.
* src/global.c (global_init): Call the new _gcry_mac_init.
* tests/basic.c (check_ciphers): Fix a typo.
--

When running in the FIPS mode, disable all the ciphers that don't have
the fips flag set.
Skip the non-allowed algos during testing in the FIPS mode.

Thanks to Ludwig Nussel.
Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
cipher/cipher.c
cipher/mac.c
cipher/md.c
cipher/md5.c
cipher/pubkey.c
src/g10lib.h
src/global.c
tests/basic.c