Blame SOURCES/gnutls-3.6.8-fips-aes-cbc-kat.patch

8dd812
From facea2b7659e11efce7014bda8800574d35dd05d Mon Sep 17 00:00:00 2001
8dd812
From: Daiki Ueno <dueno@redhat.com>
8dd812
Date: Wed, 12 Jun 2019 14:02:05 +0200
8dd812
Subject: [PATCH] fips: run selftests over overridden AES-CBC algorithm
8dd812
8dd812
Previously, we only tested nettle's AES-CBC in
8dd812
_gnutls_fips_perform_self_checks1(), which is called before the
8dd812
implementation is overridden.  This adds an AES-CBC self-test in
8dd812
_gnutls_fips_perform_self_checks2() so it can test the actual
8dd812
implementation.
8dd812
8dd812
Signed-off-by: Daiki Ueno <dueno@redhat.com>
8dd812
---
8dd812
 lib/fips.c | 6 ++++++
8dd812
 1 file changed, 6 insertions(+)
8dd812
8dd812
diff --git a/lib/fips.c b/lib/fips.c
8dd812
index b92edbbd7..902af5674 100644
8dd812
--- a/lib/fips.c
8dd812
+++ b/lib/fips.c
8dd812
@@ -317,6 +317,12 @@ int _gnutls_fips_perform_self_checks2(void)
8dd812
 		goto error;
8dd812
 	}
8dd812
 
8dd812
+	ret = gnutls_cipher_self_test(0, GNUTLS_CIPHER_AES_256_CBC);
8dd812
+	if (ret < 0) {
8dd812
+		gnutls_assert();
8dd812
+		goto error;
8dd812
+	}
8dd812
+
8dd812
 	ret = gnutls_cipher_self_test(0, GNUTLS_CIPHER_AES_256_GCM);
8dd812
 	if (ret < 0) {
8dd812
 		gnutls_assert();
8dd812
-- 
8dd812
2.20.1
8dd812