diff options
author | Jakub Jelen <jjelen@redhat.com> | 2021-07-12 21:36:34 +0200 |
---|---|---|
committer | NIIBE Yutaka <gniibe@fsij.org> | 2021-07-29 14:37:23 +0900 |
commit | f56a33df60dcce78c2b1aa5aeeee64549a26a0ce (patch) | |
tree | 65b97e965b92e7ce95e50945f60a38ff7708bc66 /tests/basic.c | |
parent | aa1e9ebf8bdbe6ed27c8667dbe4e1a69713210a5 (diff) | |
download | libgcrypt-f56a33df60dcce78c2b1aa5aeeee64549a26a0ce.tar.gz |
tests: Do not expect GCM work in FIPS
* tests/basic.c (check_one_cipher_core): Expect GCM ciphers to fail in
FIPS mode
(check_cipher_modes): Skip GCM ciphers tests as they fail quite late
in gcry_cipher_gettag().
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Diffstat (limited to 'tests/basic.c')
-rw-r--r-- | tests/basic.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/tests/basic.c b/tests/basic.c index b382a22d..8d29c14e 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -9369,6 +9369,13 @@ check_one_cipher_core (int algo, int mode, int flags, clutter_vector_registers(); err = gcry_cipher_encrypt (hd, out, nplain, plain, nplain); + if (in_fips_mode && mode == GCRY_CIPHER_MODE_GCM) + { + if (!err) + fail ("pass %d, algo %d, mode %d, gcry_cipher_encrypt is expected to " + "fail in FIPS mode: %s\n", pass, algo, mode, gpg_strerror (err)); + goto err_out_free; + } if (err) { fail ("pass %d, algo %d, mode %d, gcry_cipher_encrypt failed: %s\n", @@ -10116,7 +10123,12 @@ check_cipher_modes(void) check_cfb_cipher (); check_ofb_cipher (); check_ccm_cipher (); - check_gcm_cipher (); + if (!in_fips_mode) + { + /* This will have to go through modifications as the GCM fails in fips + * as late as in gcry_cipher_gettag, but we want to allow it in the end */ + check_gcm_cipher (); + } check_poly1305_cipher (); check_ocb_cipher (); check_xts_cipher (); |