You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
75 lines
2.5 KiB
75 lines
2.5 KiB
From 873842046678d109d8e382ce2e2870909876bbfe Mon Sep 17 00:00:00 2001
|
|
From: Zoltan Fridrich <zfridric@redhat.com>
|
|
Date: Fri, 11 Aug 2023 12:20:22 +0200
|
|
Subject: [PATCH] Disable test of obsolete ansi_cprng in FIPS mode
|
|
|
|
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
|
Signed-off-by: Stephan Mueller <smueller@chronox.de>
|
|
---
|
|
test/kcapi-main.c | 45 ++++++++++++++++++++++-----------------------
|
|
1 file changed, 22 insertions(+), 23 deletions(-)
|
|
|
|
diff --git a/test/kcapi-main.c b/test/kcapi-main.c
|
|
index 67fb53f..23fc8ed 100644
|
|
--- a/test/kcapi-main.c
|
|
+++ b/test/kcapi-main.c
|
|
@@ -652,8 +652,6 @@ static int is_fips_mode(void)
|
|
static int auxiliary_tests(void)
|
|
{
|
|
struct kcapi_handle *handle = NULL;
|
|
- const char *ansi_cprng_name = is_fips_mode() ? "fips(ansi_cprng)"
|
|
- : "ansi_cprng";
|
|
int ret = 0;
|
|
|
|
if (kcapi_aead_init(&handle, "ccm(aes)", 0)) {
|
|
@@ -711,27 +709,28 @@ static int auxiliary_tests(void)
|
|
if (aux_test_rng("drbg_nopr_ctr_aes256", NULL, 0))
|
|
ret++;
|
|
|
|
- /* X9.31 RNG must require seed */
|
|
- printf("X9.31 missing seeding: ");
|
|
- if (!aux_test_rng(ansi_cprng_name, NULL, 0))
|
|
- ret++;
|
|
- /* X9.31 seed too short */
|
|
- printf("X9.31 insufficient seeding: ");
|
|
- if (!aux_test_rng(ansi_cprng_name,
|
|
- (uint8_t *)
|
|
- "\x00\x01\x02\x03\x04\x05\x06\x07\x08"
|
|
- "\x00\x01\x02\x03\x04\x05\x06\x07\x08", 16))
|
|
- ret++;
|
|
- /* X9.31 seed right sized short */
|
|
- if (aux_test_rng(ansi_cprng_name,
|
|
- (uint8_t *)
|
|
- "\x00\x01\x02\x03\x04\x05\x06\x07\x08"
|
|
- "\x00\x01\x02\x03\x04\x05\x06\x07\x08"
|
|
- "\x00\x01\x02\x03\x04\x05\x06\x07\x08"
|
|
- "\x00\x01\x02\x03\x04\x05\x06\x07\x08", 32)) {
|
|
- printf("Error for %s: kernel module ansi_cprng present?\n",
|
|
- ansi_cprng_name);
|
|
- ret++;
|
|
+ if (!is_fips_mode()) {
|
|
+ /* X9.31 RNG must require seed */
|
|
+ printf("X9.31 missing seeding: ");
|
|
+ if (!aux_test_rng("ansi_cprng", NULL, 0))
|
|
+ ret++;
|
|
+ /* X9.31 seed too short */
|
|
+ printf("X9.31 insufficient seeding: ");
|
|
+ if (!aux_test_rng("ansi_cprng",
|
|
+ (uint8_t *)
|
|
+ "\x00\x01\x02\x03\x04\x05\x06\x07\x08"
|
|
+ "\x00\x01\x02\x03\x04\x05\x06\x07\x08", 16))
|
|
+ ret++;
|
|
+ /* X9.31 seed right sized short */
|
|
+ if (aux_test_rng("ansi_cprng",
|
|
+ (uint8_t *)
|
|
+ "\x00\x01\x02\x03\x04\x05\x06\x07\x08"
|
|
+ "\x00\x01\x02\x03\x04\x05\x06\x07\x08"
|
|
+ "\x00\x01\x02\x03\x04\x05\x06\x07\x08"
|
|
+ "\x00\x01\x02\x03\x04\x05\x06\x07\x08", 32)) {
|
|
+ printf("Error for ansi_cprng: kernel module ansi_cprng present?\n");
|
|
+ ret++;
|
|
+ }
|
|
}
|
|
|
|
return ret;
|