Skip RSA encryption selftest in FIPS mode

Related: rhbz#2130275
2022-10-06 09:34:21 +02:00 · 2022-10-06 09:34:21 +02:00 · 5c38333ed4
commit 5c38333ed4
parent d712a009a1
1 changed files with 39 additions and 0 deletions
--- a/libgcrypt-1.10.0-fips-selftest.patch
+++ b/libgcrypt-1.10.0-fips-selftest.patch
@ -1158,3 +1158,42 @@ index 9a524ea4..6599121c 100644
 -- 
 2.37.3

+From f91a0ab12d242815f74bf26c6076e9cf7a790023 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Thu, 6 Oct 2022 09:30:24 +0200
+Subject: [PATCH] cipher: Do not run RSA encryption selftest by default
+
+* cipher/rsa.c (selftests_rsa): Skip encryption selftest as this
+  operation is not claimed as part of the certification.
+---
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+---
+ cipher/rsa.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/cipher/rsa.c b/cipher/rsa.c
+index 56dde3d1..df4af94b 100644
+--- a/cipher/rsa.c
+++ b/cipher/rsa.c
+@@ -2169,10 +2169,13 @@ selftests_rsa (selftest_report_func_t report, int extended)
+   if (errtxt)
+     goto failed;
+ 
+-  what = "encrypt";
+-  errtxt = selftest_encr_2048 (pkey, skey);
+-  if (errtxt)
+-    goto failed;
+  if (extended)
+    {
+      what = "encrypt";
+      errtxt = selftest_encr_2048 (pkey, skey);
+      if (errtxt)
+        goto failed;
+    }
+ 
+   sexp_release (pkey);
+   sexp_release (skey);
+-- 
+2.37.3
+