FIPS140-2 mode: test whether RSA encrypted data differ from plaintext

author Nikos Mavrogiannopoulos <nmav@redhat.com>

Tue, 8 Jul 2014 08:46:56 +0000 (10:46 +0200)

committer Nikos Mavrogiannopoulos <nmav@redhat.com>

Tue, 8 Jul 2014 08:47:25 +0000 (10:47 +0200)
author Nikos Mavrogiannopoulos <nmav@redhat.com>
Tue, 8 Jul 2014 08:46:56 +0000 (10:46 +0200)
committer Nikos Mavrogiannopoulos <nmav@redhat.com>
Tue, 8 Jul 2014 08:47:25 +0000 (10:47 +0200)
diff --git a/lib/crypto-selftests-pk.c b/lib/crypto-selftests-pk.c

index 69633098c6ef85f7ca727a5f178cbb19e9fe4788..519d70beaa2be186cb95b387a97018a6a437a84e 100644 (file)
--- a/lib/crypto-selftests-pk.c
+++ b/lib/crypto-selftests-pk.c
@@ -109,6 +109,13 @@ static int test_rsa_enc(gnutls_pk_algorithm_t pk,
                 goto cleanup;
         }
  
+       if (enc.size == signed_data.size && memcmp(signed_data.data, enc.data,
+               enc.size) == 0) {
+               gnutls_assert();
+               ret = GNUTLS_E_SELF_TEST_ERROR;
+               goto cleanup;
+       }
+
         ret = gnutls_privkey_decrypt_data(key, 0, &enc, &dec);
         if (ret < 0) {
                 gnutls_assert();
author	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Tue, 8 Jul 2014 08:46:56 +0000 (10:46 +0200)
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Tue, 8 Jul 2014 08:47:25 +0000 (10:47 +0200)