diff options
| author | Jakub Jelen <jjelen@redhat.com> | 2022-10-05 17:02:00 +0200 |
|---|---|---|
| committer | NIIBE Yutaka <gniibe@fsij.org> | 2022-10-19 10:37:01 +0900 |
| commit | 7468cdfc8b6aa0c6e17c41218d5c5f2b575b16e4 (patch) | |
| tree | 98ada1815ec3dd047841fc37da78b308f1715b21 /tests | |
| parent | e83280b36be3be3775427c5842f4274d01992763 (diff) | |
| download | libgcrypt-7468cdfc8b6aa0c6e17c41218d5c5f2b575b16e4.tar.gz | |
Revert "tests: Expect the RSA PKCS #1.5 encryption to fail in FIPS mode"
This reverts commit f736f3c70182d9c948f9105eb769c47c5578df35. The pubkey
encryption has already separate explicit FIPS service indicator.
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/basic.c | 11 | ||||
| -rw-r--r-- | tests/pkcs1v2.c | 14 |
2 files changed, 5 insertions, 20 deletions
diff --git a/tests/basic.c b/tests/basic.c index 26980e15..77e2fd93 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -16876,16 +16876,14 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo, NULL, 0, 0, - 0, - FLAG_NOFIPS }, + 0 }, { GCRY_PK_RSA, "(data\n (flags pkcs1)\n" " (value #11223344556677889900AA#))\n", "(flags pkcs1)", 1, 0, - 0, - FLAG_NOFIPS }, + 0 }, { GCRY_PK_RSA, "(data\n (flags oaep)\n" " (value #11223344556677889900AA#))\n", @@ -16987,8 +16985,7 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo, die ("converting data failed: %s\n", gpg_strerror (rc)); rc = gcry_pk_encrypt (&ciph, data, pkey); - if (in_fips_mode && ((flags & FLAG_NOFIPS) || - (datas[dataidx].flags & FLAG_NOFIPS))) + if (in_fips_mode && (flags & FLAG_NOFIPS)) { if (!rc) fail ("gcry_pk_encrypt did not fail as expected in FIPS mode\n"); @@ -17037,7 +17034,7 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo, ciph = list; } rc = gcry_pk_decrypt (&plain, ciph, skey); - if ((!rc || in_fips_mode) && (datas[dataidx].flags & FLAG_SPECIAL)) + if (!rc && (datas[dataidx].flags & FLAG_SPECIAL)) { /* It may happen that OAEP formatted data which is decrypted as pkcs#1 data returns a valid pkcs#1 diff --git a/tests/pkcs1v2.c b/tests/pkcs1v2.c index 6c7f3d81..f26e779b 100644 --- a/tests/pkcs1v2.c +++ b/tests/pkcs1v2.c @@ -454,19 +454,7 @@ check_v15crypt (void) gcry_free (seed); err = gcry_pk_encrypt (&ciph, plain, pub_key); - if (in_fips_mode) - { - if (!err) - { - fail ("gcry_pk_encrypt should have failed in FIPS mode:\n"); - } - gcry_sexp_release (plain); - plain = NULL; - gcry_sexp_release (ciph); - ciph = NULL; - continue; - } - else if (err) + if (err) { show_sexp ("plain:\n", ciph); fail ("gcry_pk_encrypt failed: %s\n", gpg_strerror (err)); |