diff options
| author | Jakub Jelen <jjelen@redhat.com> | 2021-07-13 16:58:54 +0200 |
|---|---|---|
| committer | NIIBE Yutaka <gniibe@fsij.org> | 2021-07-29 14:37:23 +0900 |
| commit | 0ab4e8063729147fb9abd463055785aac831bf5c (patch) | |
| tree | 8402778adaf90ac7b9dcd471f759b1b49c371beb | |
| parent | 0f118c2dfb8e1236893c30a9b86e7e231c8e5758 (diff) | |
| download | libgcrypt-0ab4e8063729147fb9abd463055785aac831bf5c.tar.gz | |
tests: Verify unsupported KDF tests fail in FIPS mode
* tests/t-kdf.c (check_pbkdf2): Verify tests based on algorithms
unsupported in FIPS mode fail.
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
| -rw-r--r-- | tests/t-kdf.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/tests/t-kdf.c b/tests/t-kdf.c index 7a48e98a..48309b9a 100644 --- a/tests/t-kdf.c +++ b/tests/t-kdf.c @@ -1104,6 +1104,13 @@ check_pbkdf2 (void) GCRY_KDF_PBKDF2, tv[tvidx].hashalgo, tv[tvidx].salt, tv[tvidx].saltlen, tv[tvidx].c, tv[tvidx].dklen, outbuf); + if (gcry_fips_mode_active() && tvidx > 6) + { + if (!err) + fail ("pbkdf2 test %d unexpectedly passed in FIPS mode: %s\n", + tvidx, gpg_strerror (err)); + continue; + } if (err) fail ("pbkdf2 test %d failed: %s\n", tvidx, gpg_strerror (err)); else if (memcmp (outbuf, tv[tvidx].dk, tv[tvidx].dklen)) |