Handle key length limits also in the md API in FIPS Mode

Resolves: rhbz#2130275
2022-10-20 16:55:18 +02:00 · 2022-10-20 16:55:18 +02:00 · c0e2cdd3ce
commit c0e2cdd3ce
parent 2786fa2515
1 changed files with 26 additions and 0 deletions
--- a/libgcrypt-1.10.0-allow-short-salt.patch
+++ b/libgcrypt-1.10.0-allow-short-salt.patch
@ -48,4 +48,30 @@ index c98247d8..aee5bffb 100644
 -- 
 2.37.1
 commit 02718ade6ab5eee38169c2102097166770a2456d
 Author: Jakub Jelen <jjelen@redhat.com>
 Date:   Thu Oct 20 16:33:11 2022 +0200
    visiblity: Check the HMAC key length in FIPS mode
    ---
    * src/visibility.c (gcry_md_setkey): Check the HMAC key length in FIPS
      mode also in the md_ API.
    Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 diff --git a/src/visibility.c b/src/visibility.c
 index 150b197d..73db3dea 100644
 --- a/src/visibility.c
 +++ b/src/visibility.c
@@ -1357,6 +1357,10 @@ gcry_md_setkey (gcry_md_hd_t hd, const void *key, size_t keylen)
 {
   if (!fips_is_operational ())
     return gpg_error (fips_not_operational ());
 +
 +  if (fips_mode () && keylen < 14)
 +    return GPG_ERR_INV_VALUE;
 +
   return gpg_error (_gcry_md_setkey (hd, key, keylen));
 }