fips: run CMAC self-tests

FIPS140-2 IG D.8 mandates self-tests on CMAC.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

diff --git a/lib/fips.c b/lib/fips.c
index 30d396b2c55d7ced3973976568cd16660211661a..51567953df9437324d52ea80bbb3070fecdfb94f 100644 (file)
--- a/lib/fips.c
+++ b/lib/fips.c
@@ -398,6 +398,12 @@ int _gnutls_fips_perform_self_checks2(void)
                goto error;
        }
 
+       ret = gnutls_mac_self_test(0, GNUTLS_MAC_AES_CMAC_256);
+       if (ret < 0) {
+               gnutls_assert();
+               goto error;
+       }
+
        /* PK */
        ret = gnutls_pk_self_test(0, GNUTLS_PK_RSA);
        if (ret < 0) {