From 7468cdfc8b6aa0c6e17c41218d5c5f2b575b16e4 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 5 Oct 2022 17:02:00 +0200
Subject: Revert "tests: Expect the RSA PKCS #1.5 encryption to fail in FIPS
 mode"

This reverts commit f736f3c70182d9c948f9105eb769c47c5578df35. The pubkey
encryption has already separate explicit FIPS service indicator.
---
 tests/basic.c   | 11 ++++-------
 tests/pkcs1v2.c | 14 +-------------
 2 files changed, 5 insertions(+), 20 deletions(-)

(limited to 'tests')

diff --git a/tests/basic.c b/tests/basic.c
index 26980e15..77e2fd93 100644
--- a/tests/basic.c
+++ b/tests/basic.c
@@ -16876,16 +16876,14 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
 	NULL,
 	0,
 	0,
-	0,
-	FLAG_NOFIPS },
+	0 },
       {	GCRY_PK_RSA,
         "(data\n (flags pkcs1)\n"
 	" (value #11223344556677889900AA#))\n",
 	"(flags pkcs1)",
 	1,
 	0,
-	0,
-	FLAG_NOFIPS },
+	0 },
       { GCRY_PK_RSA,
         "(data\n (flags oaep)\n"
 	" (value #11223344556677889900AA#))\n",
@@ -16987,8 +16985,7 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
 	die ("converting data failed: %s\n", gpg_strerror (rc));
 
       rc = gcry_pk_encrypt (&ciph, data, pkey);
-      if (in_fips_mode && ((flags & FLAG_NOFIPS) ||
-                           (datas[dataidx].flags & FLAG_NOFIPS)))
+      if (in_fips_mode && (flags & FLAG_NOFIPS))
         {
           if (!rc)
             fail ("gcry_pk_encrypt did not fail as expected in FIPS mode\n");
@@ -17037,7 +17034,7 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
 	      ciph = list;
 	    }
 	  rc = gcry_pk_decrypt (&plain, ciph, skey);
-          if ((!rc || in_fips_mode) && (datas[dataidx].flags & FLAG_SPECIAL))
+          if (!rc && (datas[dataidx].flags & FLAG_SPECIAL))
             {
               /* It may happen that OAEP formatted data which is
                  decrypted as pkcs#1 data returns a valid pkcs#1
diff --git a/tests/pkcs1v2.c b/tests/pkcs1v2.c
index 6c7f3d81..f26e779b 100644
--- a/tests/pkcs1v2.c
+++ b/tests/pkcs1v2.c
@@ -454,19 +454,7 @@ check_v15crypt (void)
           gcry_free (seed);
 
           err = gcry_pk_encrypt (&ciph, plain, pub_key);
-          if (in_fips_mode)
-            {
-              if (!err)
-                {
-                  fail ("gcry_pk_encrypt should have failed in FIPS mode:\n");
-                }
-              gcry_sexp_release (plain);
-              plain = NULL;
-              gcry_sexp_release (ciph);
-              ciph = NULL;
-              continue;
-            }
-          else if (err)
+          if (err)
             {
               show_sexp ("plain:\n", ciph);
               fail ("gcry_pk_encrypt failed: %s\n", gpg_strerror (err));
-- 
cgit v1.2.1