rpms/libgcrypt
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Skip RSA encryption selftest in FIPS mode

Browse Source 
Related: rhbz#2130275
This commit is contained in:
Jakub Jelen 2022-10-06 09:34:21 +02:00
parent d712a009a1
commit 5c38333ed4
1 changed files with 39 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
libgcrypt-1.10.0-fips-selftest.patch
View File

@ -1158,3 +1158,42 @@ index 9a524ea4..6599121c 100644
-- --
2.37.3 2.37.3
From f91a0ab12d242815f74bf26c6076e9cf7a790023 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Thu, 6 Oct 2022 09:30:24 +0200
Subject: [PATCH] cipher: Do not run RSA encryption selftest by default
* cipher/rsa.c (selftests_rsa): Skip encryption selftest as this
operation is not claimed as part of the certification.
---
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
cipher/rsa.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/cipher/rsa.c b/cipher/rsa.c
index 56dde3d1..df4af94b 100644
--- a/cipher/rsa.c
+++ b/cipher/rsa.c
@@ -2169,10 +2169,13 @@ selftests_rsa (selftest_report_func_t report, int extended)
if (errtxt)
goto failed;
- what = "encrypt";
- errtxt = selftest_encr_2048 (pkey, skey);
- if (errtxt)
- goto failed;
+ if (extended)
+ {
+ what = "encrypt";
+ errtxt = selftest_encr_2048 (pkey, skey);
+ if (errtxt)
+ goto failed;
+ }
sexp_release (pkey);
sexp_release (skey);
--
2.37.3