aboutsummaryrefslogtreecommitdiffstats
path: root/lib/crypto
diff options
context:
space:
mode:
authorHans Nilsson <[email protected]>2019-06-17 10:31:32 +0200
committerHans Nilsson <[email protected]>2019-06-19 08:52:40 +0200
commit0043ddb78e4b88999b3ad6dbab271b1426cbf8c3 (patch)
treeb89c3c3b62d554438b88ca893e1a27da4f1e8bc2 /lib/crypto
parent52944a455694069b0eb22726ba72452065125f1a (diff)
downloadotp-0043ddb78e4b88999b3ad6dbab271b1426cbf8c3.tar.gz
otp-0043ddb78e4b88999b3ad6dbab271b1426cbf8c3.tar.bz2
otp-0043ddb78e4b88999b3ad6dbab271b1426cbf8c3.zip
crypto: Fix FIPS flags for digests in HMAC
Diffstat (limited to 'lib/crypto')
-rw-r--r--lib/crypto/c_src/mac.c12
1 files changed, 10 insertions, 2 deletions
diff --git a/lib/crypto/c_src/mac.c b/lib/crypto/c_src/mac.c
index ed09dae8e4..cec9996afc 100644
--- a/lib/crypto/c_src/mac.c
+++ b/lib/crypto/c_src/mac.c
@@ -245,7 +245,11 @@ ERL_NIF_TERM mac_one_time(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
return_term = EXCP_NOTSUP(env, "Unsupported digest algorithm");
goto err;
}
-
+ if (DIGEST_FORBIDDEN_IN_FIPS(digp))
+ {
+ return_term = EXCP_NOTSUP(env, "Digest algorithm for HMAC forbidden in FIPS");
+ goto err;
+ }
md = digp->md.p;
#ifdef HAS_EVP_PKEY_CTX
@@ -522,7 +526,11 @@ ERL_NIF_TERM mac_init_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
return_term = EXCP_NOTSUP(env, "Unsupported digest algorithm");
goto err;
}
-
+ if (DIGEST_FORBIDDEN_IN_FIPS(digp))
+ {
+ return_term = EXCP_NOTSUP(env, "Digest algorithm for HMAC forbidden in FIPS");
+ goto err;
+ }
md = digp->md.p;
# ifdef HAVE_PKEY_new_raw_private_key