diff options
author | NIIBE Yutaka <gniibe@fsij.org> | 2021-01-19 14:29:27 +0900 |
---|---|---|
committer | NIIBE Yutaka <gniibe@fsij.org> | 2021-01-19 14:29:27 +0900 |
commit | ebeae53222648c637907f4b358888fc0e7123dc9 (patch) | |
tree | 824ad08a3aee6d3f46ec617a8908a6870c5667e2 /src | |
parent | 7a0da24925361a3109474d0e433511467a9e35d1 (diff) | |
download | libgcrypt-ebeae53222648c637907f4b358888fc0e7123dc9.tar.gz |
Check if FIPS is operational and error return if not.
* src/visibility.c (gcry_kdf_derive): Add the check.
(gcry_prime_generate, gcry_prime_group_generator): Likewise.
(gcry_mpi_randomize): Likewise, but no return.
--
Original work was libgcrypt-1.7.3-fips-reqs.patch from Red Hat.
Also, adding the check to gcry_prime_group_generator.
GnuPG-bug-id: 5243
Co-authored-by: Tomáš Mráz <tm@t8m.info>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/visibility.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/src/visibility.c b/src/visibility.c index 4ea2d99e..eb0d7e3e 100644 --- a/src/visibility.c +++ b/src/visibility.c @@ -1307,6 +1307,8 @@ gcry_kdf_derive (const void *passphrase, size_t passphraselen, unsigned long iterations, size_t keysize, void *keybuffer) { + if (!fips_is_operational ()) + return gpg_error (fips_not_operational ()); return gpg_error (_gcry_kdf_derive (passphrase, passphraselen, algo, hashalgo, salt, saltlen, iterations, keysize, keybuffer)); @@ -1362,6 +1364,13 @@ void gcry_mpi_randomize (gcry_mpi_t w, unsigned int nbits, enum gcry_random_level level) { + if (!fips_is_operational ()) + { + (void)fips_not_operational (); + fips_signal_fatal_error ("called in non-operational state"); + fips_noreturn (); + } + _gcry_mpi_randomize (w, nbits, level); } @@ -1387,6 +1396,8 @@ gcry_prime_generate (gcry_mpi_t *prime, gcry_random_level_t random_level, unsigned int flags) { + if (!fips_is_operational ()) + return gpg_error (fips_not_operational ()); return gpg_error (_gcry_prime_generate (prime, prime_bits, factor_bits, factors, cb_func, cb_arg, random_level, flags)); @@ -1397,6 +1408,8 @@ gcry_prime_group_generator (gcry_mpi_t *r_g, gcry_mpi_t prime, gcry_mpi_t *factors, gcry_mpi_t start_g) { + if (!fips_is_operational ()) + return gpg_error (fips_not_operational ()); return gpg_error (_gcry_prime_group_generator (r_g, prime, factors, start_g)); } |