|
|
9fde57 |
diff -up libgcrypt-1.7.3/src/visibility.c.fips-reqs libgcrypt-1.7.3/src/visibility.c
|
|
|
9fde57 |
--- libgcrypt-1.7.3/src/visibility.c.fips-reqs 2016-03-23 12:59:34.000000000 +0100
|
|
|
9fde57 |
+++ libgcrypt-1.7.3/src/visibility.c 2016-11-22 16:29:36.992042480 +0100
|
|
|
9fde57 |
@@ -1288,6 +1288,8 @@ gcry_kdf_derive (const void *passphrase,
|
|
|
9fde57 |
unsigned long iterations,
|
|
|
9fde57 |
size_t keysize, void *keybuffer)
|
|
|
9fde57 |
{
|
|
|
9fde57 |
+ if (!fips_is_operational ())
|
|
|
9fde57 |
+ return gpg_error (fips_not_operational ());
|
|
|
9fde57 |
return gpg_error (_gcry_kdf_derive (passphrase, passphraselen, algo, hashalgo,
|
|
|
9fde57 |
salt, saltlen, iterations,
|
|
|
9fde57 |
keysize, keybuffer));
|
|
|
9fde57 |
@@ -1343,6 +1345,13 @@ void
|
|
|
9fde57 |
gcry_mpi_randomize (gcry_mpi_t w,
|
|
|
9fde57 |
unsigned int nbits, enum gcry_random_level level)
|
|
|
9fde57 |
{
|
|
|
9fde57 |
+ if (!fips_is_operational ())
|
|
|
9fde57 |
+ {
|
|
|
9fde57 |
+ (void)fips_not_operational ();
|
|
|
9fde57 |
+ fips_signal_fatal_error ("called in non-operational state");
|
|
|
9fde57 |
+ fips_noreturn ();
|
|
|
9fde57 |
+ }
|
|
|
9fde57 |
+
|
|
|
9fde57 |
_gcry_mpi_randomize (w, nbits, level);
|
|
|
9fde57 |
}
|
|
|
9fde57 |
|
|
|
9fde57 |
@@ -1368,6 +1377,8 @@ gcry_prime_generate (gcry_mpi_t *prime,
|
|
|
9fde57 |
gcry_random_level_t random_level,
|
|
|
9fde57 |
unsigned int flags)
|
|
|
9fde57 |
{
|
|
|
9fde57 |
+ if (!fips_is_operational ())
|
|
|
9fde57 |
+ return gpg_error (fips_not_operational ());
|
|
|
9fde57 |
return gpg_error (_gcry_prime_generate (prime, prime_bits, factor_bits,
|
|
|
9fde57 |
factors, cb_func, cb_arg,
|
|
|
9fde57 |
random_level, flags));
|