diff options
| author | Jakub Jelen <jjelen@redhat.com> | 2022-04-01 18:34:42 +0200 |
|---|---|---|
| committer | NIIBE Yutaka <gniibe@fsij.org> | 2022-04-21 10:23:55 +0900 |
| commit | f736f3c70182d9c948f9105eb769c47c5578df35 (patch) | |
| tree | dd42701e82ead307bbd08884ef20e66e68b3b6ee /tests | |
| parent | 299e2f93415984919181e0ee651719bbf83bdd2f (diff) | |
| download | libgcrypt-f736f3c70182d9c948f9105eb769c47c5578df35.tar.gz | |
tests: Expect the RSA PKCS #1.5 encryption to fail in FIPS mode
* tests/basic.c (check_pubkey_crypt): Expect RSA PKCS #1.5 encryption to
fail in FIPS mode. Expect failure when wrong padding is selected
* tests/pkcs1v2.c (check_v15crypt): Expect RSA PKCS #1.5 encryption to
fail in FIPS mode
--
GnuPG-bug-id: 5918
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/basic.c | 11 | ||||
| -rw-r--r-- | tests/pkcs1v2.c | 14 |
2 files changed, 20 insertions, 5 deletions
diff --git a/tests/basic.c b/tests/basic.c index 1c6cb40b..85764591 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -15568,14 +15568,16 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo, NULL, 0, 0, - 0 }, + 0, + FLAG_NOFIPS }, { GCRY_PK_RSA, "(data\n (flags pkcs1)\n" " (value #11223344556677889900AA#))\n", "(flags pkcs1)", 1, 0, - 0 }, + 0, + FLAG_NOFIPS }, { GCRY_PK_RSA, "(data\n (flags oaep)\n" " (value #11223344556677889900AA#))\n", @@ -15677,7 +15679,8 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo, die ("converting data failed: %s\n", gpg_strerror (rc)); rc = gcry_pk_encrypt (&ciph, data, pkey); - if (in_fips_mode && (flags & FLAG_NOFIPS)) + if (in_fips_mode && ((flags & FLAG_NOFIPS) || + (datas[dataidx].flags & FLAG_NOFIPS))) { if (!rc) fail ("gcry_pk_encrypt did not fail as expected in FIPS mode\n"); @@ -15726,7 +15729,7 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo, ciph = list; } rc = gcry_pk_decrypt (&plain, ciph, skey); - if (!rc && (datas[dataidx].flags & FLAG_SPECIAL)) + if ((!rc || in_fips_mode) && (datas[dataidx].flags & FLAG_SPECIAL)) { /* It may happen that OAEP formatted data which is decrypted as pkcs#1 data returns a valid pkcs#1 diff --git a/tests/pkcs1v2.c b/tests/pkcs1v2.c index f26e779b..6c7f3d81 100644 --- a/tests/pkcs1v2.c +++ b/tests/pkcs1v2.c @@ -454,7 +454,19 @@ check_v15crypt (void) gcry_free (seed); err = gcry_pk_encrypt (&ciph, plain, pub_key); - if (err) + if (in_fips_mode) + { + if (!err) + { + fail ("gcry_pk_encrypt should have failed in FIPS mode:\n"); + } + gcry_sexp_release (plain); + plain = NULL; + gcry_sexp_release (ciph); + ciph = NULL; + continue; + } + else if (err) { show_sexp ("plain:\n", ciph); fail ("gcry_pk_encrypt failed: %s\n", gpg_strerror (err)); |