diff options
author | Jakub Jelen <jjelen@redhat.com> | 2022-10-26 15:41:29 +0900 |
---|---|---|
committer | NIIBE Yutaka <gniibe@fsij.org> | 2022-10-27 10:20:47 +0900 |
commit | e7b1fbda6a9e0b6bf99062fc86139445a4e0766e (patch) | |
tree | 9a75fc7025402e2612e2272fe5e742c5ba7ddcb3 | |
parent | 7f4fafb5564dec6fe65f0e93a1125cb6ddb4d1ed (diff) | |
download | libgcrypt-e7b1fbda6a9e0b6bf99062fc86139445a4e0766e.tar.gz |
hmac,hkdf: Check the HMAC key length in FIPS mode.
* src/visibility.c (gcry_md_setkey): Add the check here, too.
--
Cherry-picked from the master commit of:
b095ea7559734f519fbe92d570afe567330eb474
GnuPG-bug-id: 6039
Fixes-commit: 58c92098d053aae7c78cc42bdd7c80c13efc89bb
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
-rw-r--r-- | src/visibility.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/visibility.c b/src/visibility.c index aee5bffb..4f3da33c 100644 --- a/src/visibility.c +++ b/src/visibility.c @@ -1339,6 +1339,10 @@ gcry_md_setkey (gcry_md_hd_t hd, const void *key, size_t keylen) { if (!fips_is_operational ()) return gpg_error (fips_not_operational ()); + + if (fips_mode () && keylen < 14) + return GPG_ERR_INV_VALUE; + return gpg_error (_gcry_md_setkey (hd, key, keylen)); } |