File 0389-crypto_SUITE-Skip-sha-1-sign-for-FIPS.patch of Package erlang
From 2b60b76e37828a2ecabaab6c42b813da6c8546f7 Mon Sep 17 00:00:00 2001
From: Sverker Eriksson <sverker@erlang.org>
Date: Thu, 15 Jun 2023 19:53:14 +0200
Subject: [PATCH 09/14] crypto_SUITE: Skip sha-1 sign for FIPS
---
lib/crypto/test/crypto_SUITE.erl | 29 ++++++++++++++++++++---------
1 file changed, 20 insertions(+), 9 deletions(-)
diff --git a/lib/crypto/test/crypto_SUITE.erl b/lib/crypto/test/crypto_SUITE.erl
index f59aa277ca..1b1120c922 100644
--- a/lib/crypto/test/crypto_SUITE.erl
+++ b/lib/crypto/test/crypto_SUITE.erl
@@ -1254,6 +1254,12 @@ use_all_ec_sign_verify(_Config) ->
crypto:info_fips(),
Curves,
Hashs]),
+ SkipHashs0 = [md4, md5, ripemd160, sha3_224, sha3_256, sha3_384, sha3_512,
+ blake2b, blake2s],
+ SkipHashs = case crypto:info_fips() of
+ enabled -> [sha | SkipHashs0];
+ _ -> SkipHashs0
+ end,
Results =
[{{Curve,Hash},
try
@@ -1268,7 +1274,7 @@ use_all_ec_sign_verify(_Config) ->
{C,E}
end}
|| Curve <- Curves -- [ed25519, ed448, x25519, x448, ipsec3, ipsec4],
- Hash <- Hashs -- [md4, md5, ripemd160, sha3_224, sha3_256, sha3_384, sha3_512, blake2b, blake2s]
+ Hash <- Hashs -- SkipHashs
],
Fails =
lists:filter(fun({_,true}) -> false;
@@ -1706,14 +1712,19 @@ do_sign_verify({Type, undefined=Hash, Private, Public, Msg, Signature}) ->
end;
do_sign_verify({Type, Hash, Public, Private, Msg}) ->
- Signature = crypto:sign(Type, Hash, Msg, Private),
- case crypto:verify(Type, Hash, Msg, Signature, Public) of
- true ->
- ct:log("OK crypto:sign(~p, ~p, ..., ..., ...)", [Type,Hash]),
- negative_verify(Type, Hash, Msg, <<10,20>>, Public);
- false ->
- ct:log("ERROR crypto:sign(~p, ~p, ..., ..., ...)", [Type,Hash]),
- ct:fail({{crypto, verify, [Type, Hash, Msg, Signature, Public]}})
+ case {Hash, crypto:info_fips()} of
+ {sha, enabled} ->
+ io:format("Skip sign with SHA for FIPS\n");
+ _ ->
+ Signature = crypto:sign(Type, Hash, Msg, Private),
+ case crypto:verify(Type, Hash, Msg, Signature, Public) of
+ true ->
+ ct:log("OK crypto:sign(~p, ~p, ..., ..., ...)", [Type,Hash]),
+ negative_verify(Type, Hash, Msg, <<10,20>>, Public);
+ false ->
+ ct:log("ERROR crypto:sign(~p, ~p, ..., ..., ...)", [Type,Hash]),
+ ct:fail({{crypto, verify, [Type, Hash, Msg, Signature, Public]}})
+ end
end;
do_sign_verify({Type, Hash, Public, Private, Msg, Options}) ->
LibVer =
--
2.35.3