|
 |
e35e9c |
From 654d0dfa04993ebe28c0536d42f4bc6d87c28369 Mon Sep 17 00:00:00 2001
|
|
|
e35e9c |
From: Jakub Jelen <jjelen@redhat.com>
|
|
|
e35e9c |
Date: Wed, 1 Mar 2023 17:14:00 +0100
|
|
|
e35e9c |
Subject: [PATCH] visibility: Check FIPS operational status for MD+Sign
|
|
|
e35e9c |
operation.
|
|
|
e35e9c |
|
|
|
e35e9c |
* src/visibility.c (gcry_pk_hash_sign): Check fips status before
|
|
|
e35e9c |
calling the operation itself.
|
|
|
e35e9c |
(gcry_pk_hash_verify): Ditto.
|
|
|
e35e9c |
|
|
|
e35e9c |
--
|
|
|
e35e9c |
|
|
|
e35e9c |
GnuPG-bug-id: 6396
|
|
|
e35e9c |
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
e35e9c |
---
|
|
|
e35e9c |
src/visibility.c | 7 +++++++
|
|
|
e35e9c |
1 file changed, 7 insertions(+)
|
|
|
e35e9c |
|
|
|
e35e9c |
diff --git a/src/visibility.c b/src/visibility.c
|
|
|
e35e9c |
index 73db3dea..1f17e147 100644
|
|
|
e35e9c |
--- a/src/visibility.c
|
|
|
e35e9c |
+++ b/src/visibility.c
|
|
|
e35e9c |
@@ -1050,6 +1050,11 @@ gcry_error_t
|
|
|
e35e9c |
gcry_pk_hash_sign (gcry_sexp_t *result, const char *data_tmpl, gcry_sexp_t skey,
|
|
|
e35e9c |
gcry_md_hd_t hd, gcry_ctx_t ctx)
|
|
|
e35e9c |
{
|
|
|
e35e9c |
+ if (!fips_is_operational ())
|
|
|
e35e9c |
+ {
|
|
|
e35e9c |
+ *result = NULL;
|
|
|
e35e9c |
+ return gpg_error (fips_not_operational ());
|
|
|
e35e9c |
+ }
|
|
|
e35e9c |
return gpg_error (_gcry_pk_sign_md (result, data_tmpl, hd, skey, ctx));
|
|
|
e35e9c |
}
|
|
|
e35e9c |
|
|
|
e35e9c |
@@ -1065,6 +1070,8 @@ gcry_error_t
|
|
|
e35e9c |
gcry_pk_hash_verify (gcry_sexp_t sigval, const char *data_tmpl, gcry_sexp_t pkey,
|
|
|
e35e9c |
gcry_md_hd_t hd, gcry_ctx_t ctx)
|
|
|
e35e9c |
{
|
|
|
e35e9c |
+ if (!fips_is_operational ())
|
|
|
e35e9c |
+ return gpg_error (fips_not_operational ());
|
|
|
e35e9c |
return gpg_error (_gcry_pk_verify_md (sigval, data_tmpl, hd, pkey, ctx));
|
|
|
e35e9c |
}
|
|
|
e35e9c |
|
|
|
e35e9c |
--
|
|
|
e35e9c |
2.39.2
|
|
|
e35e9c |
|