FIPS140-2 mode: enforce the minimum GCM IV size required by SP800-38D (section 8.2)

author Nikos Mavrogiannopoulos <nmav@redhat.com>

Mon, 7 Jul 2014 16:34:02 +0000 (18:34 +0200)

committer Nikos Mavrogiannopoulos <nmav@redhat.com>

Mon, 7 Jul 2014 16:34:02 +0000 (18:34 +0200)
author Nikos Mavrogiannopoulos <nmav@redhat.com>
Mon, 7 Jul 2014 16:34:02 +0000 (18:34 +0200)
committer Nikos Mavrogiannopoulos <nmav@redhat.com>
Mon, 7 Jul 2014 16:34:02 +0000 (18:34 +0200)
diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c

index 1bc164960b8d8a610a7390a5b75934e58b17ceb0..f367f2f9fa6d6be2431d927174c9f6dd6bc6a6fd 100644 (file)
--- a/lib/nettle/cipher.c
+++ b/lib/nettle/cipher.c
@@ -391,6 +391,8 @@ wrap_nettle_cipher_setiv(void *_ctx, const void *iv, size_t ivsize)
         switch (ctx->algo) {
         case GNUTLS_CIPHER_AES_128_GCM:
         case GNUTLS_CIPHER_AES_256_GCM:
+               if (_gnutls_fips_mode_enabled() != 0 && ivsize < GCM_IV_SIZE)
+                       return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
                 gcm_aes_set_iv(&ctx->ctx.aes_gcm, 
                                 ivsize, iv);
                 break;
author	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Mon, 7 Jul 2014 16:34:02 +0000 (18:34 +0200)
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Mon, 7 Jul 2014 16:34:02 +0000 (18:34 +0200)