[git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-60-g50aeee5
Dmitry Eremin-Solenikov
dbaryshkov at gmail.com
Thu Mar 13 14:44:03 CET 2014
On Thu, Mar 13, 2014 at 5:32 PM, Werner Koch <wk at gnupg.org> wrote:
> On Thu, 13 Mar 2014 12:19, dbaryshkov at gmail.com said:
>
>>> if ((gcry_md_test_algo (algos[i].md) || algos[i].md == GCRY_MD_MD5)
>>> && in_fips_mode)
>>> {
>>
>> Will the code ever hit the in_fips_mode check? I assume not.
>
> Yes - at least once. If we are not in enforced FIPS mode the use of MD
> will inactivate the FIPS mode.
Please excuse me if I'm wrong - too tired ATM. But before this condition
you already have if (gcry_md_test_algo(algo)) { ... continue; }
Thus if algo is disabled, you will go to next iteration w/o entering
in_fips_mode check.
--
With best wishes
Dmitry
More information about the Gcrypt-devel
mailing list