diff options
| author | Daiki Ueno <dueno@redhat.com> | 2019-06-12 14:02:05 +0200 |
|---|---|---|
| committer | Daiki Ueno <dueno@redhat.com> | 2019-06-12 14:56:07 +0200 |
| commit | facea2b7659e11efce7014bda8800574d35dd05d (patch) | |
| tree | 558a3518257ed9ff14a3231a89e8ff17c501c679 | |
| parent | ab6fc5a3251e8467d2e5ed3fa576488e102b6b03 (diff) | |
| download | gnutls-tmp-aes-cbc-selftest.tar.gz | |
fips: run selftests over overridden AES-CBC algorithmtmp-aes-cbc-selftest
Previously, we only tested nettle's AES-CBC in
_gnutls_fips_perform_self_checks1(), which is called before the
implementation is overridden. This adds an AES-CBC self-test in
_gnutls_fips_perform_self_checks2() so it can test the actual
implementation.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
| -rw-r--r-- | lib/fips.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/fips.c b/lib/fips.c index b92edbbd79..902af56749 100644 --- a/lib/fips.c +++ b/lib/fips.c @@ -317,6 +317,12 @@ int _gnutls_fips_perform_self_checks2(void) goto error; } + ret = gnutls_cipher_self_test(0, GNUTLS_CIPHER_AES_256_CBC); + if (ret < 0) { + gnutls_assert(); + goto error; + } + ret = gnutls_cipher_self_test(0, GNUTLS_CIPHER_AES_256_GCM); if (ret < 0) { gnutls_assert(); |