From: Sverker Eriksson <sverker@erlang.org>
Date: Thu, 15 Jun 2023 19:53:14 +0200
Subject: [PATCH] crypto_SUITE: Skip sha-1 sign for FIPS
diff --git a/lib/crypto/test/crypto_SUITE.erl b/lib/crypto/test/crypto_SUITE.erl
index cf6ef5dde3..8a2dfef234 100644
--- a/lib/crypto/test/crypto_SUITE.erl
+++ b/lib/crypto/test/crypto_SUITE.erl
@@ -1257,6 +1257,12 @@ use_all_ec_sign_verify(_Config) ->
crypto:info_fips(),
Curves,
Hashs]),
+ SkipHashs0 = [md4, md5, ripemd160, sha3_224, sha3_256, sha3_384, sha3_512,
+ blake2b, blake2s],
+ SkipHashs = case crypto:info_fips() of
+ enabled -> [sha | SkipHashs0];
+ _ -> SkipHashs0
+ end,
Results =
[{{Curve,Hash},
try
@@ -1271,7 +1277,7 @@ use_all_ec_sign_verify(_Config) ->
{C,E}
end}
|| Curve <- Curves -- [ed25519, ed448, x25519, x448, ipsec3, ipsec4],
- Hash <- Hashs -- [md4, md5, ripemd160, sha3_224, sha3_256, sha3_384, sha3_512, blake2b, blake2s]
+ Hash <- Hashs -- SkipHashs
],
Fails =
lists:filter(fun({_,true}) -> false;
@@ -1709,14 +1715,19 @@ do_sign_verify({Type, undefined=Hash, Private, Public, Msg, Signature}) ->
end;
do_sign_verify({Type, Hash, Public, Private, Msg}) ->
- Signature = crypto:sign(Type, Hash, Msg, Private),
- case crypto:verify(Type, Hash, Msg, Signature, Public) of
- true ->
- ct:log("OK crypto:sign(~p, ~p, ..., ..., ...)", [Type,Hash]),
- negative_verify(Type, Hash, Msg, <<10,20>>, Public);
- false ->
- ct:log("ERROR crypto:sign(~p, ~p, ..., ..., ...)", [Type,Hash]),
- ct:fail({{crypto, verify, [Type, Hash, Msg, Signature, Public]}})
+ case {Hash, crypto:info_fips()} of
+ {sha, enabled} ->
+ io:format("Skip sign with SHA for FIPS\n");
+ _ ->
+ Signature = crypto:sign(Type, Hash, Msg, Private),
+ case crypto:verify(Type, Hash, Msg, Signature, Public) of
+ true ->
+ ct:log("OK crypto:sign(~p, ~p, ..., ..., ...)", [Type,Hash]),
+ negative_verify(Type, Hash, Msg, <<10,20>>, Public);
+ false ->
+ ct:log("ERROR crypto:sign(~p, ~p, ..., ..., ...)", [Type,Hash]),
+ ct:fail({{crypto, verify, [Type, Hash, Msg, Signature, Public]}})
+ end
end;
do_sign_verify({Type, Hash, Public, Private, Msg, Options}) ->
LibVer =