libica/libica-01-fips-update-remove-sigVer-from-fips-ECDSA-kat.patch
Nikolay Gueorguiev 4af0aa7796 - Applied patches (bsc#1231302, bsc#1231303, bsc#1231304, bsc#1231305)
* libica-01-fips-update-remove-sigVer-from-fips-ECDSA-kat.patch
  * libica-02-fips-update-Change-service-indicator-implementation.patch

OBS-URL: https://build.opensuse.org/package/show/security:tls/libica?expand=0&rev=24
2024-11-05 12:33:33 +00:00

29 lines
1.0 KiB
Diff

From 0a7e4c34a0cc58e1242d4b131e9c224736eadef2 Mon Sep 17 00:00:00 2001
From: Joerg Schmidbauer <jschmidb@de.ibm.com>
Date: Mon, 28 Oct 2024 13:04:19 +0100
Subject: [PATCH] fips update: remove sigVer from fips ECDSA kat
From https://github.com/usnistgov/ACVP/blob/master/src/ecdsa/sections/05-capabilities.adoc
"The 'componentTest' property is only valid for detECDSA / sigGen / FIPS186-5 and
ECDSA / sigGen / * registrations." i.e., only ECDSA sigGen component can be tested.
Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
---
src/fips.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/src/fips.c b/src/fips.c
index 4d1db07..3c26043 100644
--- a/src/fips.c
+++ b/src/fips.c
@@ -1240,9 +1240,6 @@ ecdsa_kat(void)
/* adapter handle not needed here, just CPACF */
rc = ica_ecdsa_sign_ex_internal(0, eckey, tv->hash, tv->hashlen,
sigbuf, tv->siglen, tv->k);
- if (rc)
- goto _err_;
- rc = ica_ecdsa_verify(0, eckey, tv->hash, tv->hashlen, sigbuf, tv->siglen);
if (rc)
goto _err_;
if (memcmp(sigbuf, tv->sig, tv->siglen) != 0) {