Overview

File libica-05-fips-update-handle-new-rc-behavior-in-fips-powerup-tests.patch of Package libica.37333

From 797d467bfde36732b9d32064f4a2b6726d5dd3d7 Mon Sep 17 00:00:00 2001
From: Joerg Schmidbauer <jschmidb@de.ibm.com>
Date: Mon, 2 Dec 2024 13:41:20 +0100
Subject: [PATCH] fips update: handle new rc behavior in fips powerup tests

With the new API behavior the rc's of the intermediate/last routines
are different on whether an external iv is allowed or not.

Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
---
 src/fips.c | 3 +++
 1 file changed, 3 insertions(+)

Index: libica-4.3.1/src/fips.c
===================================================================
--- libica-4.3.1.orig/src/fips.c
+++ libica-4.3.1/src/fips.c
@@ -996,6 +996,7 @@ aes_gcm_kat(void) {
 		memset(icb, 0, sizeof(icb));
 		memset(icb, 0, sizeof(ucb));
 		memset(subkey, 0, sizeof(subkey));
+		ica_allow_external_gcm_iv_in_fips_mode(1);
 		if ((tv->rv == 0) && (ica_aes_gcm_initialize_internal(tv->iv, tv->ivlen,
 		    tv->key, tv->keylen, icb, ucb, subkey, ICA_ENCRYPT)
 		    || ica_aes_gcm_intermediate(tv->plaintext,
@@ -1010,6 +1011,7 @@ aes_gcm_kat(void) {
 		    || memcmp(tv->tag, tag, tv->taglen)))
 			goto _err_;
 
+		ica_allow_external_gcm_iv_in_fips_mode(0);
 		free(tag);
 		free(out);
 	}
@@ -1018,6 +1020,7 @@ aes_gcm_kat(void) {
 _err_:
 	free(tag);
 	free(out);
+	ica_allow_external_gcm_iv_in_fips_mode(0);
 #ifndef NO_CPACF
 	syslog(LOG_ERR, "Libica AES-GCM test failed.");
 #endif
openSUSE Build Service is sponsored by
Places