generate keys in the acceptable sizes in FIPS140 mode

author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2014-02-13 14:32:53 +0100
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2014-02-13 15:11:54 +0100
commit: 5e35f051130d9199f482b9a9c07c8badf5e232ac (patch)
tree: e6b23f4a8bd293be54a1062d3bb801bed5033c60 /tests/slow
parent: 87d4d2dc94e738392e4cc9650c6c967666d49e85 (diff)
download: gnutls-5e35f051130d9199f482b9a9c07c8badf5e232ac.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/tests/slow/keygen.c b/tests/slow/keygen.c
index 78f70b1ded..46c2f1921f 100644
--- a/tests/slow/keygen.c
+++ b/tests/slow/keygen.c
@@ -36,7 +36,11 @@
 #define MAX_TRIES 2
 
 static int sec_param[MAX_TRIES] =
+#ifdef ENABLE_FIPS140
+    { GNUTLS_SEC_PARAM_MEDIUM, GNUTLS_SEC_PARAM_HIGH };
+#else
     { GNUTLS_SEC_PARAM_LOW, GNUTLS_SEC_PARAM_MEDIUM };
+#endif
 
 static void tls_log_func(int level, const char *str)
 {
@@ -75,7 +79,8 @@ void doit(void)
 							  sec_param[i]),
 							 0);
 			if (ret < 0) {
-				fail("gnutls_x509_privkey_generate (%s): %s (%d)\n", gnutls_pk_algorithm_get_name(algorithm), gnutls_strerror(ret), ret);
+				fail("gnutls_x509_privkey_generate (%s-%d): %s (%d)\n", gnutls_pk_algorithm_get_name(algorithm),
+					gnutls_sec_param_to_pk_bits(algorithm,sec_param[i]), gnutls_strerror(ret), ret);
 			} else if (debug) {
 				success("Key[%s] generation ok: %d\n",
 					gnutls_pk_algorithm_get_name
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2014-02-13 14:32:53 +0100
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2014-02-13 15:11:54 +0100
commit	5e35f051130d9199f482b9a9c07c8badf5e232ac (patch)
tree	e6b23f4a8bd293be54a1062d3bb801bed5033c60 /tests/slow
parent	87d4d2dc94e738392e4cc9650c6c967666d49e85 (diff)
download	gnutls-5e35f051130d9199f482b9a9c07c8badf5e232ac.tar.gz