Next: How to disable the FIPS mode, Previous: Multi-Threading, Up: Preparation [Contents][Index]
Libgcrypt may be used in a FIPS 140-3 mode. Note, that this does not necessary mean that Libcgrypt is an appoved FIPS 140-3 module. Check the NIST database at http://csrc.nist.gov/groups/STM/cmvp/ to see what versions of Libgcrypt are approved.
Because FIPS 140 has certain restrictions on the use of cryptography which are not always wanted, Libgcrypt needs to be put into FIPS mode explicitly. Four alternative mechanisms are provided to switch Libgcrypt into this mode:
0
, Libgcrypt is put into FIPS mode at
initialization time. Obviously this works only on systems with a
proc
file system (i.e. GNU/Linux).
LIBGCRYPT_FORCE_FIPS_MODE
,
Libgcrypt is put into FIPS mode at initialization time.
GCRYCTL_FORCE_FIPS_MODE
. This must be done prior to any
initialization (i.e. before gcry_check_version
).