Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP3:GA
libgcrypt.4929
skip-GCM-for-FIPS.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File skip-GCM-for-FIPS.patch of Package libgcrypt.4929
From bb35f855a9eca3171abed6848d29a95c85a68ffa Mon Sep 17 00:00:00 2001 From: Ludwig Nussel <ludwig.nussel@suse.de> Date: Wed, 24 Sep 2014 17:59:26 +0200 Subject: [PATCH 4/6] skip GCM for FIPS --- cipher/cipher.c | 5 ++++- cipher/mac-gmac.c | 3 ++- src/global.c | 3 ++- tests/basic.c | 6 ++++++ 4 files changed, 14 insertions(+), 3 deletions(-) diff --git a/cipher/cipher.c b/cipher/cipher.c index f0a7973..ac59922 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -799,7 +799,10 @@ cipher_encrypt (gcry_cipher_hd_t c, byte *outbuf, size_t outbuflen, break; case GCRY_CIPHER_MODE_GCM: - rc = _gcry_cipher_gcm_encrypt (c, outbuf, outbuflen, inbuf, inbuflen); + if (fips_mode ()) + rc = GPG_ERR_INV_CIPHER_MODE; + else + rc = _gcry_cipher_gcm_encrypt (c, outbuf, outbuflen, inbuf, inbuflen); break; case GCRY_CIPHER_MODE_STREAM: diff --git a/cipher/mac-gmac.c b/cipher/mac-gmac.c index 18d56b5..63cffe5 100644 --- a/cipher/mac-gmac.c +++ b/cipher/mac-gmac.c @@ -155,7 +155,8 @@ static gcry_mac_spec_ops_t gmac_ops = { #if USE_AES gcry_mac_spec_t _gcry_mac_type_spec_gmac_aes = { - GCRY_MAC_GMAC_AES, {0, 1}, "GMAC_AES", + /* uses GCM so not available for FIPS at this point */ + GCRY_MAC_GMAC_AES, {0, 0}, "GMAC_AES", &gmac_ops }; #endif diff --git a/src/global.c b/src/global.c index 2e5439b..91ee862 100644 --- a/src/global.c +++ b/src/global.c @@ -389,7 +389,8 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr) case GCRYCTL_DISABLE_SECMEM: global_init (); - no_secure_memory = 1; + if (!fips_mode ()) + no_secure_memory = 1; break; case GCRYCTL_INIT_SECMEM: diff --git a/tests/basic.c b/tests/basic.c index 8657936..f7e2005 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -1563,6 +1563,9 @@ _check_gcm_cipher (unsigned int step) static void check_gcm_cipher (void) { + /* GCM not available in FIPS mode */ + if (in_fips_mode) + return; /* Large buffers, no splitting. */ _check_gcm_cipher(0xffffffff); /* Split input to one byte buffers. */ @@ -3653,6 +3656,9 @@ check_ciphers (void) check_one_cipher (algos[i], GCRY_CIPHER_MODE_CBC, 0); check_one_cipher (algos[i], GCRY_CIPHER_MODE_CBC, GCRY_CIPHER_CBC_CTS); check_one_cipher (algos[i], GCRY_CIPHER_MODE_CTR, 0); + /* GCM not available in FIPS mode */ + if (in_fips_mode) + continue; if (gcry_cipher_get_algo_blklen (algos[i]) == GCRY_GCM_BLOCK_LEN) check_one_cipher (algos[i], GCRY_CIPHER_MODE_GCM, 0); } -- 2.1.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor