Commit Graph

2 Commits

Author SHA1 Message Date
Clemens Lang
61f739868e FIPS: Fix memory leak in digest_sign self-test
Contrary to what the documentation for EVP_DigestSignInit(3) and
EVP_DigestVerifyInit(3) says, the EVP_PKEY_CTX created by these
functions is not automatically released inside of the FIPS provider due
to an #ifndef FIPS_MODULE in evp_md_ctx_reset_ex.

Resolves: rhbz#2102535
2022-08-03 18:04:36 +02:00
Clemens Lang
08d6c35051 FIPS self-test: RSA-OAEP, FFDHE2048, digest_sign
Use RSA-OAEP in FIPS self-tests and support a fixed OAEP seed to make
the test deterministic as required for a known-answer test.

Switch the signature FIPS self-test to use the digest_sign and
digest_verify provider functions using the EVP_DigestSign and
EVP_DigestVerify APIs, as the existing signature self-test does not
cover hash computation.

Switch the existing Diffie-Hellman FIPS self-test to use FFDHE2048,
a known safe prime from RFC 7919.

Signed-off-by: Clemens Lang <cllang@redhat.com>
Resolves: rhbz#2102535
2022-08-01 17:18:12 +02:00