Overview

File 2636-crypto_SUITE-Remove-sha-1-as-hash-for-dss-if-FIPS.patch of Package erlang

From 7f1480837b535d541e916af083e63d4cdab83360 Mon Sep 17 00:00:00 2001
From: Sverker Eriksson <sverker@erlang.org>
Date: Tue, 13 Jun 2023 19:00:31 +0200
Subject: [PATCH 06/14] crypto_SUITE: Remove sha-1 as hash for dss if FIPS

---
 lib/crypto/test/crypto_SUITE.erl | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/lib/crypto/test/crypto_SUITE.erl b/lib/crypto/test/crypto_SUITE.erl
index 526909d4d5..968c8ce145 100644
--- a/lib/crypto/test/crypto_SUITE.erl
+++ b/lib/crypto/test/crypto_SUITE.erl
@@ -2227,15 +2227,19 @@ group_config(dss = Type, Config) ->
     Public = dss_params() ++ [dss_public()], 
     Private = dss_params() ++ [dss_private()], 
     SupportedHashs = proplists:get_value(hashs, crypto:supports(), []),
-    DssHashs = 
+    DssHashs0 =
         case crypto:info_lib() of
             [{<<"OpenSSL">>,LibVer,_}] when is_integer(LibVer), LibVer > 16#10001000 ->
-                [sha, sha224, sha256, sha384, sha512];
+                [sha224, sha256, sha384, sha512];
             [{<<"OpenSSL">>,LibVer,_}] when is_integer(LibVer), LibVer > 16#10000000 ->
-                [sha, sha224, sha256];
+                [sha224, sha256];
             _Else ->
-                [sha]
+                []
         end,
+    DssHashs = case crypto:info_fips() of
+                   enabled -> DssHashs0;
+                   _ -> [sha | DssHashs0]
+               end,
     SignVerify = [{Type, Hash, Public, Private, Msg} 
                   || Hash <- DssHashs,
                      lists:member(Hash, SupportedHashs)],
-- 
2.35.3
openSUSE Build Service is sponsored by
Places