rpms / gnutls

Clone
Source Code
GIT

Blame SOURCES/gnutls-3.7.3-fix-tests-in-fips.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   5dccd14767c95fefbfbdc1e1732405453f7709a4
  2.   SOURCES
  3.   gnutls-3.7.3-fix-tests-in-fips.patch
Blob History Raw
118cf7 
From 2c33761787f6530cf3984310a5f3b7dd05a7b375 Mon Sep 17 00:00:00 2001
118cf7 
From: Zoltan Fridrich <zfridric@redhat.com>
118cf7 
Date: Thu, 17 Feb 2022 11:46:29 +0100
118cf7 
Subject: [PATCH] Disable some tests in fips mode
118cf7
118cf7 
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
118cf7 
---
118cf7 
 tests/pkcs11/pkcs11-eddsa-privkey-test.c | 5 +++++
118cf7 
 tests/pkcs11/tls-neg-pkcs11-key.c        | 8 +++++++-
118cf7 
 2 files changed, 12 insertions(+), 1 deletion(-)
118cf7
118cf7 
diff --git a/tests/pkcs11/pkcs11-eddsa-privkey-test.c b/tests/pkcs11/pkcs11-eddsa-privkey-test.c
118cf7 
index 44515da3f..ebbfe5278 100644
118cf7 
--- a/tests/pkcs11/pkcs11-eddsa-privkey-test.c
118cf7 
+++ b/tests/pkcs11/pkcs11-eddsa-privkey-test.c
118cf7 
@@ -107,6 +107,11 @@ void doit(void)
118cf7 
 		fail("%d: %s\n", ret, gnutls_strerror(ret));
118cf7 
 	}
118cf7
118cf7 
+	if (gnutls_fips140_mode_enabled()) {
118cf7 
+		gnutls_global_deinit();
118cf7 
+		return;
118cf7 
+	}
118cf7 
+
118cf7 
 	gnutls_pkcs11_set_pin_function(pin_func, NULL);
118cf7 
 	gnutls_global_set_log_function(tls_log_func);
118cf7 
 	if (debug)
118cf7 
diff --git a/tests/pkcs11/tls-neg-pkcs11-key.c b/tests/pkcs11/tls-neg-pkcs11-key.c
118cf7 
index fc7c3dc4e..5cc1ae6e2 100644
118cf7 
--- a/tests/pkcs11/tls-neg-pkcs11-key.c
118cf7 
+++ b/tests/pkcs11/tls-neg-pkcs11-key.c
118cf7 
@@ -268,6 +268,7 @@ typedef struct test_st {
118cf7 
 	int exp_serv_err;
118cf7 
 	int needs_eddsa;
118cf7 
 	int needs_decryption;
118cf7 
+	int nofips;
118cf7 
 	unsigned requires_pkcs11_pss;
118cf7 
 } test_st;
118cf7
118cf7 
@@ -340,6 +341,7 @@ static const test_st tests[] = {
118cf7 
 	 .cert = &server_ca3_eddsa_cert,
118cf7 
 	 .key = &server_ca3_eddsa_key,
118cf7 
 	 .exp_kx = GNUTLS_KX_ECDHE_RSA,
118cf7 
+	 .nofips = 1
118cf7 
 	},
118cf7 
 	{.name = "tls1.3: ecc key",
118cf7 
 	 .pk = GNUTLS_PK_ECDSA,
118cf7 
@@ -392,7 +394,8 @@ static const test_st tests[] = {
118cf7 
 	 .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA",
118cf7 
 	 .cert = &server_ca3_eddsa_cert,
118cf7 
 	 .key = &server_ca3_eddsa_key,
118cf7 
-	 .exp_kx = GNUTLS_KX_ECDHE_RSA
118cf7 
+	 .exp_kx = GNUTLS_KX_ECDHE_RSA,
118cf7 
+	 .nofips = 1
118cf7 
 	}
118cf7 
 };
118cf7
118cf7 
@@ -448,6 +451,9 @@ void doit(void)
118cf7 
 	have_eddsa = verify_eddsa_presence();
118cf7
118cf7 
 	for (i=0;i
118cf7 
+		if (tests[i].nofips && gnutls_fips140_mode_enabled())
118cf7 
+			continue;
118cf7 
+
118cf7 
 		if (tests[i].needs_eddsa && !have_eddsa)
118cf7 
 			continue;
118cf7
118cf7 
--
118cf7 
2.35.1
118cf7

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation