37 lines
1002 B
Diff
37 lines
1002 B
Diff
From facea2b7659e11efce7014bda8800574d35dd05d Mon Sep 17 00:00:00 2001
|
|
From: Daiki Ueno <dueno@redhat.com>
|
|
Date: Wed, 12 Jun 2019 14:02:05 +0200
|
|
Subject: [PATCH] fips: run selftests over overridden AES-CBC algorithm
|
|
|
|
Previously, we only tested nettle's AES-CBC in
|
|
_gnutls_fips_perform_self_checks1(), which is called before the
|
|
implementation is overridden. This adds an AES-CBC self-test in
|
|
_gnutls_fips_perform_self_checks2() so it can test the actual
|
|
implementation.
|
|
|
|
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|
---
|
|
lib/fips.c | 6 ++++++
|
|
1 file changed, 6 insertions(+)
|
|
|
|
diff --git a/lib/fips.c b/lib/fips.c
|
|
index b92edbbd7..902af5674 100644
|
|
--- a/lib/fips.c
|
|
+++ b/lib/fips.c
|
|
@@ -317,6 +317,12 @@ int _gnutls_fips_perform_self_checks2(void)
|
|
goto error;
|
|
}
|
|
|
|
+ ret = gnutls_cipher_self_test(0, GNUTLS_CIPHER_AES_256_CBC);
|
|
+ if (ret < 0) {
|
|
+ gnutls_assert();
|
|
+ goto error;
|
|
+ }
|
|
+
|
|
ret = gnutls_cipher_self_test(0, GNUTLS_CIPHER_AES_256_GCM);
|
|
if (ret < 0) {
|
|
gnutls_assert();
|
|
--
|
|
2.20.1
|
|
|