diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2013-11-22 16:42:55 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2013-11-27 11:41:44 +0100 |
| commit | 20afbbbfbdc41f491450949fd2568a66dbf21077 (patch) | |
| tree | 7508ee45b37558bde31df42615e3917eab45b361 /tests/fips-test.c | |
| parent | 3ce6bda62210c4a9efa4ff92d7a869bb17116893 (diff) | |
| download | gnutls-20afbbbfbdc41f491450949fd2568a66dbf21077.tar.gz | |
separate zombie mode from operational fips mode
Diffstat (limited to 'tests/fips-test.c')
| -rw-r--r-- | tests/fips-test.c | 83 |
1 files changed, 39 insertions, 44 deletions
diff --git a/tests/fips-test.c b/tests/fips-test.c index b8d227680b..f46a3beae2 100644 --- a/tests/fips-test.c +++ b/tests/fips-test.c @@ -46,7 +46,8 @@ void doit(void) mode = gnutls_fips140_mode_enabled(); if (mode == 0) { - fail("We are not in FIPS140 mode\n"); + success("We are not in FIPS140 mode\n"); + exit(77); } ret = global_init(); @@ -98,50 +99,44 @@ void doit(void) gnutls_deinit(session); /* Test when FIPS140 is set to error state */ - if (mode == 1) { /* this works in full fips140 mode */ - _gnutls_fips140_simulate_error(); - - - /* Try crypto.h functionality */ - ret = - gnutls_cipher_init(&ch, GNUTLS_CIPHER_AES_128_CBC, - &key, &iv); - if (ret >= 0) { - fail("gnutls_cipher_init succeeded when in FIPS140 error state\n"); - } - - ret = - gnutls_hmac_init(&mh, GNUTLS_MAC_SHA1, key.data, - key.size); - if (ret >= 0) { - fail("gnutls_hmac_init succeeded when in FIPS140 error state\n"); - } - - ret = gnutls_rnd(GNUTLS_RND_NONCE, key16, sizeof(key16)); - if (ret >= 0) { - fail("gnutls_rnd succeeded when in FIPS140 error state\n"); - } - - ret = gnutls_pubkey_init(&pubkey); - if (ret >= 0) { - fail("gnutls_pubkey_init succeeded when in FIPS140 error state\n"); - } - - ret = gnutls_privkey_init(&privkey); - if (ret >= 0) { - fail("gnutls_privkey_init succeeded when in FIPS140 error state\n"); - } - - ret = gnutls_x509_privkey_init(&xprivkey); - if (ret >= 0) { - fail("gnutls_x509_privkey_init succeeded when in FIPS140 error state\n"); - } - - ret = gnutls_init(&session, 0); - if (ret >= 0) { - fail("gnutls_init succeeded when in FIPS140 error state\n"); - } + _gnutls_fips140_simulate_error(); + + /* Try crypto.h functionality */ + ret = + gnutls_cipher_init(&ch, GNUTLS_CIPHER_AES_128_CBC, &key, &iv); + if (ret >= 0) { + fail("gnutls_cipher_init succeeded when in FIPS140 error state\n"); + } + + ret = gnutls_hmac_init(&mh, GNUTLS_MAC_SHA1, key.data, key.size); + if (ret >= 0) { + fail("gnutls_hmac_init succeeded when in FIPS140 error state\n"); + } + + ret = gnutls_rnd(GNUTLS_RND_NONCE, key16, sizeof(key16)); + if (ret >= 0) { + fail("gnutls_rnd succeeded when in FIPS140 error state\n"); + } + + ret = gnutls_pubkey_init(&pubkey); + if (ret >= 0) { + fail("gnutls_pubkey_init succeeded when in FIPS140 error state\n"); + } + + ret = gnutls_privkey_init(&privkey); + if (ret >= 0) { + fail("gnutls_privkey_init succeeded when in FIPS140 error state\n"); + } + + ret = gnutls_x509_privkey_init(&xprivkey); + if (ret >= 0) { + fail("gnutls_x509_privkey_init succeeded when in FIPS140 error state\n"); + } + + ret = gnutls_init(&session, 0); + if (ret >= 0) { + fail("gnutls_init succeeded when in FIPS140 error state\n"); } gnutls_global_deinit(); |