gentleknife / rpms / libgcrypt

Forked from rpms/libgcrypt 4 years ago
Clone

Blame SOURCES/libgcrypt-1.7.3-fips-reqs.patch

9fde57
diff -up libgcrypt-1.7.3/src/visibility.c.fips-reqs libgcrypt-1.7.3/src/visibility.c
9fde57
--- libgcrypt-1.7.3/src/visibility.c.fips-reqs	2016-03-23 12:59:34.000000000 +0100
9fde57
+++ libgcrypt-1.7.3/src/visibility.c	2016-11-22 16:29:36.992042480 +0100
9fde57
@@ -1288,6 +1288,8 @@ gcry_kdf_derive (const void *passphrase,
9fde57
                  unsigned long iterations,
9fde57
                  size_t keysize, void *keybuffer)
9fde57
 {
9fde57
+  if (!fips_is_operational ())
9fde57
+    return gpg_error (fips_not_operational ());
9fde57
   return gpg_error (_gcry_kdf_derive (passphrase, passphraselen, algo, hashalgo,
9fde57
                                       salt, saltlen, iterations,
9fde57
                                       keysize, keybuffer));
9fde57
@@ -1343,6 +1345,13 @@ void
9fde57
 gcry_mpi_randomize (gcry_mpi_t w,
9fde57
                     unsigned int nbits, enum gcry_random_level level)
9fde57
 {
9fde57
+  if (!fips_is_operational ())
9fde57
+    {
9fde57
+      (void)fips_not_operational ();
9fde57
+      fips_signal_fatal_error ("called in non-operational state");
9fde57
+      fips_noreturn ();
9fde57
+    }
9fde57
+
9fde57
   _gcry_mpi_randomize (w, nbits, level);
9fde57
 }
9fde57
 
9fde57
@@ -1368,6 +1377,8 @@ gcry_prime_generate (gcry_mpi_t *prime,
9fde57
                      gcry_random_level_t random_level,
9fde57
                      unsigned int flags)
9fde57
 {
9fde57
+  if (!fips_is_operational ())
9fde57
+    return gpg_error (fips_not_operational ());
9fde57
   return gpg_error (_gcry_prime_generate (prime, prime_bits, factor_bits,
9fde57
                                           factors, cb_func, cb_arg,
9fde57
                                           random_level, flags));