diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-01-21 15:07:00 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-02-19 08:39:36 +0100 |
| commit | dc3aa56779581b661311f1c4603f3383f252b3b3 (patch) | |
| tree | 6f7c19ca00afb58b1f988a5b8b7e6333c4d29575 /lib/nettle/cipher.c | |
| parent | e89e981a2c6fab9ea5419207710b0f716df1c148 (diff) | |
| download | gnutls-dc3aa56779581b661311f1c4603f3383f252b3b3.tar.gz | |
fips140: added function for applications to switch the FIPS140-2 mode
That would allow FIPS140-2 compliant applications to use forbidden
algorithms by switching to a lax FIPS140-2 mode.
Resolves #352
Resolves #353
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Diffstat (limited to 'lib/nettle/cipher.c')
| -rw-r--r-- | lib/nettle/cipher.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c index 68215c50cf..4bcbe42269 100644 --- a/lib/nettle/cipher.c +++ b/lib/nettle/cipher.c @@ -562,8 +562,7 @@ wrap_nettle_cipher_setiv(void *_ctx, const void *iv, size_t iv_size) switch (ctx->cipher->algo) { case GNUTLS_CIPHER_AES_128_GCM: case GNUTLS_CIPHER_AES_256_GCM: - if (_gnutls_fips_mode_enabled() != 0 && iv_size < GCM_IV_SIZE) - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + FIPS_RULE(iv_size < GCM_IV_SIZE, GNUTLS_E_INVALID_REQUEST, "access to short GCM nonce size\n"); break; case GNUTLS_CIPHER_SALSA20_256: case GNUTLS_CIPHER_ESTREAM_SALSA20_256: |