diff options
author | Jakub Jelen <jjelen@redhat.com> | 2022-04-01 18:34:42 +0200 |
---|---|---|
committer | NIIBE Yutaka <gniibe@fsij.org> | 2022-04-21 10:23:55 +0900 |
commit | f736f3c70182d9c948f9105eb769c47c5578df35 (patch) | |
tree | dd42701e82ead307bbd08884ef20e66e68b3b6ee /tests/basic.c | |
parent | 299e2f93415984919181e0ee651719bbf83bdd2f (diff) | |
download | libgcrypt-f736f3c70182d9c948f9105eb769c47c5578df35.tar.gz |
tests: Expect the RSA PKCS #1.5 encryption to fail in FIPS mode
* tests/basic.c (check_pubkey_crypt): Expect RSA PKCS #1.5 encryption to
fail in FIPS mode. Expect failure when wrong padding is selected
* tests/pkcs1v2.c (check_v15crypt): Expect RSA PKCS #1.5 encryption to
fail in FIPS mode
--
GnuPG-bug-id: 5918
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Diffstat (limited to 'tests/basic.c')
-rw-r--r-- | tests/basic.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/tests/basic.c b/tests/basic.c index 1c6cb40b..85764591 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -15568,14 +15568,16 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo, NULL, 0, 0, - 0 }, + 0, + FLAG_NOFIPS }, { GCRY_PK_RSA, "(data\n (flags pkcs1)\n" " (value #11223344556677889900AA#))\n", "(flags pkcs1)", 1, 0, - 0 }, + 0, + FLAG_NOFIPS }, { GCRY_PK_RSA, "(data\n (flags oaep)\n" " (value #11223344556677889900AA#))\n", @@ -15677,7 +15679,8 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo, die ("converting data failed: %s\n", gpg_strerror (rc)); rc = gcry_pk_encrypt (&ciph, data, pkey); - if (in_fips_mode && (flags & FLAG_NOFIPS)) + if (in_fips_mode && ((flags & FLAG_NOFIPS) || + (datas[dataidx].flags & FLAG_NOFIPS))) { if (!rc) fail ("gcry_pk_encrypt did not fail as expected in FIPS mode\n"); @@ -15726,7 +15729,7 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo, ciph = list; } rc = gcry_pk_decrypt (&plain, ciph, skey); - if (!rc && (datas[dataidx].flags & FLAG_SPECIAL)) + if ((!rc || in_fips_mode) && (datas[dataidx].flags & FLAG_SPECIAL)) { /* It may happen that OAEP formatted data which is decrypted as pkcs#1 data returns a valid pkcs#1 |