Improve test coverage of the new FIPS indicators

Resolves: rhbz#2176145
2023-03-07 14:51:48 +01:00 · 2023-03-07 14:51:48 +01:00 · d7a150a176
commit d7a150a176
parent 12a13f840d
1 changed files with 63 additions and 0 deletions
--- a/libgcrypt-1.10.0-fips-indicator-md-hmac.patch
+++ b/libgcrypt-1.10.0-fips-indicator-md-hmac.patch
@ -212,3 +212,66 @@ index 5457fc38..744a2cc1 100644
 -- 
 2.39.2

+From f52f33389da3302f51b6b00451cf9fc7e7a7e277 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Mon, 6 Mar 2023 17:26:17 +0100
+Subject: [PATCH] tests: Improve test coverage for FIPS service indicators
+
+* tests/basic.c (check_digests): Check the FIPS indicators
+  (check_mac): Ditto.
+--
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+---
+ tests/basic.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/tests/basic.c b/tests/basic.c
+index 095bdc97..5d5ceac9 100644
+--- a/tests/basic.c
+++ b/tests/basic.c
+@@ -14086,6 +14086,7 @@ check_mac (void)
+ 	"\x13\x46\x76\xfb\x6d\xe0\x44\x60\x65\xc9\x74\x40\xfa\x8c\x6a\x58" },
+       {	0 },
+     };
+  gcry_error_t err;
+   int i;
+ 
+   if (verbose)
+@@ -15370,6 +15370,12 @@ check_digests (void)
+         {
+           if (in_fips_mode)
+             {
+              err = gcry_control(GCRYCTL_FIPS_SERVICE_INDICATOR_MD, algos[i].md);
+              if (err == GPG_ERR_NO_ERROR)
+                {
+                  fail ("algo %d, gcry_md_test_algo failed while it should"
+                        " have worked in FIPS mode\n", algos[i].md);
+                }
+               if (verbose)
+                 fprintf (stderr, "  algorithm %d not available in fips mode\n",
+                          algos[i].md);
+@@ -16948,6 +16954,7 @@ check_mac (void)
+ #endif /* USE_GOST28147 */
+       { 0 },
+     };
+  gcry_error_t err;
+   int i;
+ 
+   if (verbose)
+@@ -16961,6 +16968,12 @@ check_mac (void)
+         {
+           if (in_fips_mode)
+             {
+              err = gcry_control(GCRYCTL_FIPS_SERVICE_INDICATOR_MAC, algos[i].algo);
+              if (err == GPG_ERR_NO_ERROR)
+                {
+                  fail ("algo %d, gcry_mac_test_algo failed while it should"
+                        " have worked in FIPS mode\n", algos[i].algo);
+                }
+               if (verbose)
+                 fprintf (stderr, "  algorithm %d not available in fips mode\n",
+                          algos[i].algo);
+-- 
+2.39.2
+