gnutls_key_generate() is restricted by the size of the initial RNG seed in FIPS140-2 mode.

author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2013-11-22 12:27:57 +0100
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2013-11-27 11:41:44 +0100
commit: 9bab9962c2f423ba7cd8e774cf571632a7672eba (patch)
tree: 3d8f72a5f480ac5fa9530c3649268d8337a6c75a /lib/crypto-api.c
parent: 0d0bd4ce53623590fd1009e59bda0af05413afdf (diff)
download: gnutls-9bab9962c2f423ba7cd8e774cf571632a7672eba.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/crypto-api.c b/lib/crypto-api.c
index 354dd14b6c..0f421fae22 100644
--- a/lib/crypto-api.c
+++ b/lib/crypto-api.c
@@ -28,6 +28,7 @@
 #include <algorithms.h>
 #include <random.h>
 #include <crypto.h>
+#include <fips.h>
 
 typedef struct api_cipher_hd_st {
 	cipher_hd_st ctx_enc;
@@ -576,6 +577,14 @@ int gnutls_key_generate(gnutls_datum_t * key, unsigned int key_size)
 {
 	int ret;
 
+#ifdef ENABLE_FIPS140
+	/* The FIPS140 approved RNGs are not allowed to be used
+	 * to extract key sizes longer than their original seed.
+	 */
+	if (key_size > FIPS140_RND_KEY_SIZE)
+		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+#endif
+
 	key->size = key_size;
 	key->data = gnutls_malloc(key->size);
 	if (!key->data) {
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2013-11-22 12:27:57 +0100
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2013-11-27 11:41:44 +0100
commit	9bab9962c2f423ba7cd8e774cf571632a7672eba (patch)
tree	3d8f72a5f480ac5fa9530c3649268d8337a6c75a /lib/crypto-api.c
parent	0d0bd4ce53623590fd1009e59bda0af05413afdf (diff)
download	gnutls-9bab9962c2f423ba7cd8e774cf571632a7672eba.tar.gz