libkcapi/SOURCES/002-fips-disable-ansi_cprng.patch

75 lines
2.5 KiB
Diff
Raw Normal View History

2024-04-30 15:58:04 +00:00
From 873842046678d109d8e382ce2e2870909876bbfe Mon Sep 17 00:00:00 2001
From: Zoltan Fridrich <zfridric@redhat.com>
Date: Fri, 11 Aug 2023 12:20:22 +0200
Subject: [PATCH] Disable test of obsolete ansi_cprng in FIPS mode
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
test/kcapi-main.c | 45 ++++++++++++++++++++++-----------------------
1 file changed, 22 insertions(+), 23 deletions(-)
diff --git a/test/kcapi-main.c b/test/kcapi-main.c
index 67fb53f..23fc8ed 100644
--- a/test/kcapi-main.c
+++ b/test/kcapi-main.c
@@ -652,8 +652,6 @@ static int is_fips_mode(void)
static int auxiliary_tests(void)
{
struct kcapi_handle *handle = NULL;
- const char *ansi_cprng_name = is_fips_mode() ? "fips(ansi_cprng)"
- : "ansi_cprng";
int ret = 0;
if (kcapi_aead_init(&handle, "ccm(aes)", 0)) {
@@ -711,27 +709,28 @@ static int auxiliary_tests(void)
if (aux_test_rng("drbg_nopr_ctr_aes256", NULL, 0))
ret++;
- /* X9.31 RNG must require seed */
- printf("X9.31 missing seeding: ");
- if (!aux_test_rng(ansi_cprng_name, NULL, 0))
- ret++;
- /* X9.31 seed too short */
- printf("X9.31 insufficient seeding: ");
- if (!aux_test_rng(ansi_cprng_name,
- (uint8_t *)
- "\x00\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x00\x01\x02\x03\x04\x05\x06\x07\x08", 16))
- ret++;
- /* X9.31 seed right sized short */
- if (aux_test_rng(ansi_cprng_name,
- (uint8_t *)
- "\x00\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x00\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x00\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x00\x01\x02\x03\x04\x05\x06\x07\x08", 32)) {
- printf("Error for %s: kernel module ansi_cprng present?\n",
- ansi_cprng_name);
- ret++;
+ if (!is_fips_mode()) {
+ /* X9.31 RNG must require seed */
+ printf("X9.31 missing seeding: ");
+ if (!aux_test_rng("ansi_cprng", NULL, 0))
+ ret++;
+ /* X9.31 seed too short */
+ printf("X9.31 insufficient seeding: ");
+ if (!aux_test_rng("ansi_cprng",
+ (uint8_t *)
+ "\x00\x01\x02\x03\x04\x05\x06\x07\x08"
+ "\x00\x01\x02\x03\x04\x05\x06\x07\x08", 16))
+ ret++;
+ /* X9.31 seed right sized short */
+ if (aux_test_rng("ansi_cprng",
+ (uint8_t *)
+ "\x00\x01\x02\x03\x04\x05\x06\x07\x08"
+ "\x00\x01\x02\x03\x04\x05\x06\x07\x08"
+ "\x00\x01\x02\x03\x04\x05\x06\x07\x08"
+ "\x00\x01\x02\x03\x04\x05\x06\x07\x08", 32)) {
+ printf("Error for ansi_cprng: kernel module ansi_cprng present?\n");
+ ret++;
+ }
}
return ret;