GCM: add FIPS mode restrictions
56d352d6bdcfUnpublished
Actions

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

GCM: add FIPS mode restrictions

* cipher/cipher-gcm.c (_gcry_cipher_gcm_encrypt)
(_gcry_cipher_gcm_get_tag): Do not allow using in FIPS mode is setiv
was invocated directly.
(_gcry_cipher_gcm_setiv): Rename to...
(_gcry_cipher_gcm_initiv): ...this.
(_gcry_cipher_gcm_setiv): New setiv function with check for FIPS mode.
[TODO] (_gcry_cipher_gcm_getiv): New.
* cipher/cipher-internal.h (gcry_cipher_handle): Add
'u_mode.gcm.disallow_encryption_because_of_setiv_in_fips_mode'.

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>

Details

Provenance

jukivili

Authored on Nov 19 2013, 10:26 PM

Parents

rC32a2da9abc91: GCM: Add clearing and checking of marks.tag

Branches

Unknown

Tags

Unknown

Event Timeline

Jussi Kivilinna <jussi.kivilinna@iki.fi> committed rC56d352d6bdcf: GCM: add FIPS mode restrictions (authored by Jussi Kivilinna <jussi.kivilinna@iki.fi>).Nov 20 2013, 5:39 PM

• werner mentioned this in T4873: Enable AES GCM in FIPS mode.Sep 22 2022, 10:57 AM