cipher: Raise an error for non-approved digests correctly.

* cipher/md.c (md_enable): Remove check if it's enforced or not. -- GnuPG-bug-id: 5244 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
author: NIIBE Yutaka <gniibe@fsij.org> 2021-08-16 12:36:22 +0900
committer: NIIBE Yutaka <gniibe@fsij.org> 2021-08-16 12:36:22 +0900
commit: acc1598ea891180660d1a531823a1b5385e7f4e6 (patch)
tree: b87789be86d866b69a2c8aee1d703a1bf3c7f0b7 /cipher/md.c
parent: 347817438990b7adf22dc71e4fb581e3232f03a7 (diff)
download: libgcrypt-acc1598ea891180660d1a531823a1b5385e7f4e6.tar.gz
1 files changed, 1 insertions, 9 deletions
diff --git a/cipher/md.c b/cipher/md.c
index a1067f31..d6a80427 100644
--- a/cipher/md.c
+++ b/cipher/md.c
@@ -564,15 +564,7 @@ md_enable (gcry_md_hd_t hd, int algorithm)
 
   /* Any non-FIPS algorithm should go this way */
   if (!err && !spec->flags.fips && fips_mode ())
-    {
-      /* Do not drop from FIPS enforced mode if non-approved algorithm used */
-      if (_gcry_enforced_fips_mode () )
-        {
-          /* We will get here from constructed operations using non-FIPS
-           * approved algorithms */
-          err = GPG_ERR_DIGEST_ALGO;
-        }
-    }
+    err = GPG_ERR_DIGEST_ALGO;
 
   if (!err && h->flags.hmac && spec->read == NULL)
     {
author	NIIBE Yutaka <gniibe@fsij.org>	2021-08-16 12:36:22 +0900
committer	NIIBE Yutaka <gniibe@fsij.org>	2021-08-16 12:36:22 +0900
commit	acc1598ea891180660d1a531823a1b5385e7f4e6 (patch)
tree	b87789be86d866b69a2c8aee1d703a1bf3c7f0b7 /cipher/md.c
parent	347817438990b7adf22dc71e4fb581e3232f03a7 (diff)
download	libgcrypt-acc1598ea891180660d1a531823a1b5385e7f4e6.tar.gz