diff options
| author | Jakub Jelen <jjelen@redhat.com> | 2022-10-26 15:41:29 +0900 |
|---|---|---|
| committer | NIIBE Yutaka <gniibe@fsij.org> | 2022-10-26 15:41:46 +0900 |
| commit | b095ea7559734f519fbe92d570afe567330eb474 (patch) | |
| tree | a4e894248dc759942c0a107a241898d9d23b7840 /src | |
| parent | 47db7fe3a0c36523d2ccec31705cffff9a2337bc (diff) | |
| download | libgcrypt-b095ea7559734f519fbe92d570afe567330eb474.tar.gz | |
hmac,hkdf: Check the HMAC key length in FIPS mode.
* src/visibility.c (gcry_md_setkey): Add the check here, too.
--
GnuPG-bug-id: 6039
Fixes-commit: 58c92098d053aae7c78cc42bdd7c80c13efc89bb
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/visibility.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/visibility.c b/src/visibility.c index 150b197d..73db3dea 100644 --- a/src/visibility.c +++ b/src/visibility.c @@ -1357,6 +1357,10 @@ gcry_md_setkey (gcry_md_hd_t hd, const void *key, size_t keylen) { if (!fips_is_operational ()) return gpg_error (fips_not_operational ()); + + if (fips_mode () && keylen < 14) + return GPG_ERR_INV_VALUE; + return gpg_error (_gcry_md_setkey (hd, key, keylen)); } |