Disable FIPS by application?
jussi.kivilinna at iki.fi
Sat May 13 15:14:48 CEST 2017
On 11.04.2017 17:48, Stephan Müller wrote:
> It is the idea of the FIPS mode to not allow MD5 and friends.
> However, for FIPS 140-2 level 1 validations (this is the highest that can be
> achieved by libgcrypt), there is *no* need for a techncial enforcement. I.e.
> it is perfectly viable to drop all code that disallows ciphers when in FIPS
So, to clarify, following code in cipher.c (and similar piece in md.c) could be
/* disable algorithms that are disallowed in fips */
for (idx = 0; (spec = cipher_list[idx]); idx++)
spec->flags.disabled = 1;
More information about the Gcrypt-devel