diff options
author | Anderson Toshiyuki Sasaki <ansasaki@redhat.com> | 2019-02-08 11:07:22 +0100 |
---|---|---|
committer | Anderson Toshiyuki Sasaki <ansasaki@redhat.com> | 2019-02-08 11:07:22 +0100 |
commit | 277dec94e525460a98f6315e58a7f94d4a86a18c (patch) | |
tree | 61b07743ec9a502f1d10fffa920b959578835bfa | |
parent | cd91840c564751924837ccdc9648d9a83a0b7601 (diff) | |
download | gnutls-277dec94e525460a98f6315e58a7f94d4a86a18c.tar.gz |
fips140: Run ECDSA self-test in startup for FIPS
When in FIPS mode, run a known answer test in startup for at least one
selected curve. The selected curve is secp256r1.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
-rw-r--r-- | lib/crypto-selftests-pk.c | 44 |
1 files changed, 23 insertions, 21 deletions
diff --git a/lib/crypto-selftests-pk.c b/lib/crypto-selftests-pk.c index 31afb0be14..8f54e272da 100644 --- a/lib/crypto-selftests-pk.c +++ b/lib/crypto-selftests-pk.c @@ -731,30 +731,9 @@ int gnutls_pk_self_test(unsigned all, gnutls_pk_algorithm_t pk) goto cleanup; } - if (all == 0) - return 0; #endif /* Test ECDSA */ -#ifdef ENABLE_NON_SUITEB_CURVES - PK_KNOWN_TEST(GNUTLS_PK_EC, 0, - GNUTLS_CURVE_TO_BITS - (GNUTLS_ECC_CURVE_SECP192R1), - GNUTLS_DIG_SHA256, ecdsa_secp192r1_privkey, - ecdsa_secp192r1_sig); - PK_TEST(GNUTLS_PK_EC, test_sig, - GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP192R1), - GNUTLS_DIG_SHA256); - - PK_KNOWN_TEST(GNUTLS_PK_EC, 0, - GNUTLS_CURVE_TO_BITS - (GNUTLS_ECC_CURVE_SECP224R1), - GNUTLS_DIG_SHA256, ecdsa_secp224r1_privkey, - ecdsa_secp224r1_sig); - PK_TEST(GNUTLS_PK_EC, test_sig, - GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP224R1), - GNUTLS_DIG_SHA256); -#endif PK_KNOWN_TEST(GNUTLS_PK_EC, 0, GNUTLS_CURVE_TO_BITS (GNUTLS_ECC_CURVE_SECP256R1), @@ -764,6 +743,9 @@ int gnutls_pk_self_test(unsigned all, gnutls_pk_algorithm_t pk) GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP256R1), GNUTLS_DIG_SHA256); + if (all == 0) + return 0; + PK_KNOWN_TEST(GNUTLS_PK_EC, 0, GNUTLS_CURVE_TO_BITS (GNUTLS_ECC_CURVE_SECP384R1), @@ -782,6 +764,26 @@ int gnutls_pk_self_test(unsigned all, gnutls_pk_algorithm_t pk) GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP521R1), GNUTLS_DIG_SHA512); +#ifdef ENABLE_NON_SUITEB_CURVES + PK_KNOWN_TEST(GNUTLS_PK_EC, 0, + GNUTLS_CURVE_TO_BITS + (GNUTLS_ECC_CURVE_SECP192R1), + GNUTLS_DIG_SHA256, ecdsa_secp192r1_privkey, + ecdsa_secp192r1_sig); + PK_TEST(GNUTLS_PK_EC, test_sig, + GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP192R1), + GNUTLS_DIG_SHA256); + + PK_KNOWN_TEST(GNUTLS_PK_EC, 0, + GNUTLS_CURVE_TO_BITS + (GNUTLS_ECC_CURVE_SECP224R1), + GNUTLS_DIG_SHA256, ecdsa_secp224r1_privkey, + ecdsa_secp224r1_sig); + PK_TEST(GNUTLS_PK_EC, test_sig, + GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP224R1), + GNUTLS_DIG_SHA256); +#endif + break; default: |