#include <algorithms.h>
#include <random.h>
#include <crypto.h>
+#include <fips.h>
typedef struct api_cipher_hd_st {
cipher_hd_st ctx_enc;
{
int ret;
+#ifdef ENABLE_FIPS140
+ /* The FIPS140 approved RNGs are not allowed to be used
+ * to extract key sizes longer than their original seed.
+ */
+ if (key_size > FIPS140_RND_KEY_SIZE)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+#endif
+
key->size = key_size;
key->data = gnutls_malloc(key->size);
if (!key->data) {
#define SEED_TTL 1000
-/* The length of the key we use: 16 bytes (128 bit) for AES128. */
-#define X931_AES_KEYLEN 16
-
/* This random context type is used to track properties of one random
generator. Thee context are usually allocated in secure memory so
that the seed value is well protected. There are a couble of guard
the standard generator. On error NULL is returned. */
static int x931_generate_key(struct aes_ctx* ctx)
{
- uint8_t buffer[X931_AES_KEYLEN];
+ uint8_t buffer[FIPS140_RND_KEY_SIZE];
int ret;
/* Get a key from the standard RNG or from the entropy source. */