From: Nikos Mavrogiannopoulos Date: Fri, 22 Nov 2013 11:27:57 +0000 (+0100) Subject: gnutls_key_generate() is restricted by the size of the initial RNG seed in FIPS140... X-Git-Tag: gnutls_3_3_0pre0~520^2~55 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9bab9962c2f423ba7cd8e774cf571632a7672eba;p=thirdparty%2Fgnutls.git gnutls_key_generate() is restricted by the size of the initial RNG seed in FIPS140-2 mode. --- diff --git a/lib/crypto-api.c b/lib/crypto-api.c index 354dd14b6c..0f421fae22 100644 --- a/lib/crypto-api.c +++ b/lib/crypto-api.c @@ -28,6 +28,7 @@ #include #include #include +#include typedef struct api_cipher_hd_st { cipher_hd_st ctx_enc; @@ -576,6 +577,14 @@ int gnutls_key_generate(gnutls_datum_t * key, unsigned int key_size) { int ret; +#ifdef ENABLE_FIPS140 + /* The FIPS140 approved RNGs are not allowed to be used + * to extract key sizes longer than their original seed. + */ + if (key_size > FIPS140_RND_KEY_SIZE) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); +#endif + key->size = key_size; key->data = gnutls_malloc(key->size); if (!key->data) { diff --git a/lib/fips.h b/lib/fips.h index c94cb07863..867431c5e7 100644 --- a/lib/fips.h +++ b/lib/fips.h @@ -29,6 +29,8 @@ /* This must be removed when finished */ #define FIPS140_TEST +#define FIPS140_RND_KEY_SIZE 32 + typedef enum { FIPS_STATE_POWERON, FIPS_STATE_INIT, diff --git a/lib/nettle/rnd-fips.c b/lib/nettle/rnd-fips.c index 20d86b1540..8b2097048d 100644 --- a/lib/nettle/rnd-fips.c +++ b/lib/nettle/rnd-fips.c @@ -81,9 +81,6 @@ static void *rnd_mutex; #define SEED_TTL 1000 -/* The length of the key we use: 16 bytes (128 bit) for AES128. */ -#define X931_AES_KEYLEN 16 - /* This random context type is used to track properties of one random generator. Thee context are usually allocated in secure memory so that the seed value is well protected. There are a couble of guard @@ -312,7 +309,7 @@ x931_aes_driver(struct rng_context* rng_ctx, unsigned char *output, size_t lengt the standard generator. On error NULL is returned. */ static int x931_generate_key(struct aes_ctx* ctx) { - uint8_t buffer[X931_AES_KEYLEN]; + uint8_t buffer[FIPS140_RND_KEY_SIZE]; int ret; /* Get a key from the standard RNG or from the entropy source. */