From d7a150a1768b7f089ed18b5cd0c010c6702cdc35 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Tue, 7 Mar 2023 14:51:48 +0100
Subject: [PATCH] Improve test coverage of the new FIPS indicators

Resolves: rhbz#2176145
---
 libgcrypt-1.10.0-fips-indicator-md-hmac.patch | 63 +++++++++++++++++++
 1 file changed, 63 insertions(+)

diff --git a/libgcrypt-1.10.0-fips-indicator-md-hmac.patch b/libgcrypt-1.10.0-fips-indicator-md-hmac.patch
index 15fe7f5..a1c4e18 100644
--- a/libgcrypt-1.10.0-fips-indicator-md-hmac.patch
+++ b/libgcrypt-1.10.0-fips-indicator-md-hmac.patch
@@ -212,3 +212,66 @@ index 5457fc38..744a2cc1 100644
 -- 
 2.39.2
 
+From f52f33389da3302f51b6b00451cf9fc7e7a7e277 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Mon, 6 Mar 2023 17:26:17 +0100
+Subject: [PATCH] tests: Improve test coverage for FIPS service indicators
+
+* tests/basic.c (check_digests): Check the FIPS indicators
+  (check_mac): Ditto.
+--
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+---
+ tests/basic.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/tests/basic.c b/tests/basic.c
+index 095bdc97..5d5ceac9 100644
+--- a/tests/basic.c
++++ b/tests/basic.c
+@@ -14086,6 +14086,7 @@ check_mac (void)
+ 	"\x13\x46\x76\xfb\x6d\xe0\x44\x60\x65\xc9\x74\x40\xfa\x8c\x6a\x58" },
+       {	0 },
+     };
++  gcry_error_t err;
+   int i;
+ 
+   if (verbose)
+@@ -15370,6 +15370,12 @@ check_digests (void)
+         {
+           if (in_fips_mode)
+             {
++              err = gcry_control(GCRYCTL_FIPS_SERVICE_INDICATOR_MD, algos[i].md);
++              if (err == GPG_ERR_NO_ERROR)
++                {
++                  fail ("algo %d, gcry_md_test_algo failed while it should"
++                        " have worked in FIPS mode\n", algos[i].md);
++                }
+               if (verbose)
+                 fprintf (stderr, "  algorithm %d not available in fips mode\n",
+                          algos[i].md);
+@@ -16948,6 +16954,7 @@ check_mac (void)
+ #endif /* USE_GOST28147 */
+       { 0 },
+     };
++  gcry_error_t err;
+   int i;
+ 
+   if (verbose)
+@@ -16961,6 +16968,12 @@ check_mac (void)
+         {
+           if (in_fips_mode)
+             {
++              err = gcry_control(GCRYCTL_FIPS_SERVICE_INDICATOR_MAC, algos[i].algo);
++              if (err == GPG_ERR_NO_ERROR)
++                {
++                  fail ("algo %d, gcry_mac_test_algo failed while it should"
++                        " have worked in FIPS mode\n", algos[i].algo);
++                }
+               if (verbose)
+                 fprintf (stderr, "  algorithm %d not available in fips mode\n",
+                          algos[i].algo);
+-- 
+2.39.2
+