diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2019-02-14 10:30:25 +0000 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2019-02-14 10:30:25 +0000 |
| commit | a3817b292674c3d5a524f8466c428ec8311d0c3a (patch) | |
| tree | f155e9aa9fb183733f259a3a61201d34447a1ae1 | |
| parent | 7747d0a93b59b51e2b9047f9039f07a236151c55 (diff) | |
| parent | 277dec94e525460a98f6315e58a7f94d4a86a18c (diff) | |
| download | gnutls_3_3_x.tar.gz | |
Merge branch 'fips140_ecdsa_kat' into 'gnutls_3_3_x'gnutls_3_3_x
fips140: Run ECDSA self-test in startup for FIPS
See merge request gnutls/gnutls!915
| -rw-r--r-- | lib/crypto-selftests-pk.c | 44 |
1 files changed, 23 insertions, 21 deletions
diff --git a/lib/crypto-selftests-pk.c b/lib/crypto-selftests-pk.c index 31afb0be14..8f54e272da 100644 --- a/lib/crypto-selftests-pk.c +++ b/lib/crypto-selftests-pk.c @@ -731,30 +731,9 @@ int gnutls_pk_self_test(unsigned all, gnutls_pk_algorithm_t pk) goto cleanup; } - if (all == 0) - return 0; #endif /* Test ECDSA */ -#ifdef ENABLE_NON_SUITEB_CURVES - PK_KNOWN_TEST(GNUTLS_PK_EC, 0, - GNUTLS_CURVE_TO_BITS - (GNUTLS_ECC_CURVE_SECP192R1), - GNUTLS_DIG_SHA256, ecdsa_secp192r1_privkey, - ecdsa_secp192r1_sig); - PK_TEST(GNUTLS_PK_EC, test_sig, - GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP192R1), - GNUTLS_DIG_SHA256); - - PK_KNOWN_TEST(GNUTLS_PK_EC, 0, - GNUTLS_CURVE_TO_BITS - (GNUTLS_ECC_CURVE_SECP224R1), - GNUTLS_DIG_SHA256, ecdsa_secp224r1_privkey, - ecdsa_secp224r1_sig); - PK_TEST(GNUTLS_PK_EC, test_sig, - GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP224R1), - GNUTLS_DIG_SHA256); -#endif PK_KNOWN_TEST(GNUTLS_PK_EC, 0, GNUTLS_CURVE_TO_BITS (GNUTLS_ECC_CURVE_SECP256R1), @@ -764,6 +743,9 @@ int gnutls_pk_self_test(unsigned all, gnutls_pk_algorithm_t pk) GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP256R1), GNUTLS_DIG_SHA256); + if (all == 0) + return 0; + PK_KNOWN_TEST(GNUTLS_PK_EC, 0, GNUTLS_CURVE_TO_BITS (GNUTLS_ECC_CURVE_SECP384R1), @@ -782,6 +764,26 @@ int gnutls_pk_self_test(unsigned all, gnutls_pk_algorithm_t pk) GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP521R1), GNUTLS_DIG_SHA512); +#ifdef ENABLE_NON_SUITEB_CURVES + PK_KNOWN_TEST(GNUTLS_PK_EC, 0, + GNUTLS_CURVE_TO_BITS + (GNUTLS_ECC_CURVE_SECP192R1), + GNUTLS_DIG_SHA256, ecdsa_secp192r1_privkey, + ecdsa_secp192r1_sig); + PK_TEST(GNUTLS_PK_EC, test_sig, + GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP192R1), + GNUTLS_DIG_SHA256); + + PK_KNOWN_TEST(GNUTLS_PK_EC, 0, + GNUTLS_CURVE_TO_BITS + (GNUTLS_ECC_CURVE_SECP224R1), + GNUTLS_DIG_SHA256, ecdsa_secp224r1_privkey, + ecdsa_secp224r1_sig); + PK_TEST(GNUTLS_PK_EC, test_sig, + GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP224R1), + GNUTLS_DIG_SHA256); +#endif + break; default: |