Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Ledest:erlang:25
erlang
0389-crypto_SUITE-Skip-sha-1-sign-for-FIPS.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0389-crypto_SUITE-Skip-sha-1-sign-for-FIPS.patch of Package erlang
From 2b60b76e37828a2ecabaab6c42b813da6c8546f7 Mon Sep 17 00:00:00 2001 From: Sverker Eriksson <sverker@erlang.org> Date: Thu, 15 Jun 2023 19:53:14 +0200 Subject: [PATCH 09/14] crypto_SUITE: Skip sha-1 sign for FIPS --- lib/crypto/test/crypto_SUITE.erl | 29 ++++++++++++++++++++--------- 1 file changed, 20 insertions(+), 9 deletions(-) diff --git a/lib/crypto/test/crypto_SUITE.erl b/lib/crypto/test/crypto_SUITE.erl index f59aa277ca..1b1120c922 100644 --- a/lib/crypto/test/crypto_SUITE.erl +++ b/lib/crypto/test/crypto_SUITE.erl @@ -1254,6 +1254,12 @@ use_all_ec_sign_verify(_Config) -> crypto:info_fips(), Curves, Hashs]), + SkipHashs0 = [md4, md5, ripemd160, sha3_224, sha3_256, sha3_384, sha3_512, + blake2b, blake2s], + SkipHashs = case crypto:info_fips() of + enabled -> [sha | SkipHashs0]; + _ -> SkipHashs0 + end, Results = [{{Curve,Hash}, try @@ -1268,7 +1274,7 @@ use_all_ec_sign_verify(_Config) -> {C,E} end} || Curve <- Curves -- [ed25519, ed448, x25519, x448, ipsec3, ipsec4], - Hash <- Hashs -- [md4, md5, ripemd160, sha3_224, sha3_256, sha3_384, sha3_512, blake2b, blake2s] + Hash <- Hashs -- SkipHashs ], Fails = lists:filter(fun({_,true}) -> false; @@ -1706,14 +1712,19 @@ do_sign_verify({Type, undefined=Hash, Private, Public, Msg, Signature}) -> end; do_sign_verify({Type, Hash, Public, Private, Msg}) -> - Signature = crypto:sign(Type, Hash, Msg, Private), - case crypto:verify(Type, Hash, Msg, Signature, Public) of - true -> - ct:log("OK crypto:sign(~p, ~p, ..., ..., ...)", [Type,Hash]), - negative_verify(Type, Hash, Msg, <<10,20>>, Public); - false -> - ct:log("ERROR crypto:sign(~p, ~p, ..., ..., ...)", [Type,Hash]), - ct:fail({{crypto, verify, [Type, Hash, Msg, Signature, Public]}}) + case {Hash, crypto:info_fips()} of + {sha, enabled} -> + io:format("Skip sign with SHA for FIPS\n"); + _ -> + Signature = crypto:sign(Type, Hash, Msg, Private), + case crypto:verify(Type, Hash, Msg, Signature, Public) of + true -> + ct:log("OK crypto:sign(~p, ~p, ..., ..., ...)", [Type,Hash]), + negative_verify(Type, Hash, Msg, <<10,20>>, Public); + false -> + ct:log("ERROR crypto:sign(~p, ~p, ..., ..., ...)", [Type,Hash]), + ct:fail({{crypto, verify, [Type, Hash, Msg, Signature, Public]}}) + end end; do_sign_verify({Type, Hash, Public, Private, Msg, Options}) -> LibVer = -- 2.35.3
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor