GCM: add FIPS mode restrictions
authorJussi Kivilinna <jussi.kivilinna@iki.fi>
Tue, 19 Nov 2013 21:26:27 +0000 (23:26 +0200)
committerJussi Kivilinna <jussi.kivilinna@iki.fi>
Wed, 20 Nov 2013 16:39:02 +0000 (18:39 +0200)
commit56d352d6bdcf7abaa33c3399741f5063e2ddc32a
treef0ff0624e5e0bdec3f2054a3fc0e36d1e47fb7c9
parent32a2da9abc91394b23cf565c1c833fa964394083
GCM: add FIPS mode restrictions

* cipher/cipher-gcm.c (_gcry_cipher_gcm_encrypt)
(_gcry_cipher_gcm_get_tag): Do not allow using in FIPS mode is setiv
was invocated directly.
(_gcry_cipher_gcm_setiv): Rename to...
(_gcry_cipher_gcm_initiv): ...this.
(_gcry_cipher_gcm_setiv): New setiv function with check for FIPS mode.
[TODO] (_gcry_cipher_gcm_getiv): New.
* cipher/cipher-internal.h (gcry_cipher_handle): Add
'u_mode.gcm.disallow_encryption_because_of_setiv_in_fips_mode'.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
cipher/cipher-gcm.c
cipher/cipher-internal.h