diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-03-01 15:52:13 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-03-02 13:14:31 +0100 |
| commit | c05555765275957df35a407663cd2a1bcf852b51 (patch) | |
| tree | f7a29533120c76b37f483648253a577537adbd05 /tests | |
| parent | b59a3c5e6ff1df7a900b92814f186f21b24833b0 (diff) | |
| download | gnutls-c05555765275957df35a407663cd2a1bcf852b51.tar.gz | |
tests: skip tests which cannot be run in FIPS140-2 mode
This allows the test suite to be run in FIPS140-2 mode.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/dtls1-2-mtu-check.c | 3 | ||||
| -rw-r--r-- | tests/key-tests/Makefile.am | 6 | ||||
| -rw-r--r-- | tests/set_x509_pkcs12_key.c | 4 | ||||
| -rw-r--r-- | tests/x509sign-verify2.c | 13 |
4 files changed, 22 insertions, 4 deletions
diff --git a/tests/dtls1-2-mtu-check.c b/tests/dtls1-2-mtu-check.c index b2bb739474..b47f11ea57 100644 --- a/tests/dtls1-2-mtu-check.c +++ b/tests/dtls1-2-mtu-check.c @@ -181,7 +181,8 @@ void doit(void) /* check non-CBC ciphers */ dtls_mtu_try("DTLS 1.2 with AES-128-GCM", "NORMAL:-VERS-ALL:+VERS-DTLS1.2:-CIPHER-ALL:+AES-128-GCM", 1500, 1463); - dtls_mtu_try("DTLS 1.2 with CHACHA20-POLY1305", "NORMAL:-VERS-ALL:+VERS-DTLS1.2:-CIPHER-ALL:+CHACHA20-POLY1305", 1500, 1471); + if (!gnutls_fips140_mode_enabled()) + dtls_mtu_try("DTLS 1.2 with CHACHA20-POLY1305", "NORMAL:-VERS-ALL:+VERS-DTLS1.2:-CIPHER-ALL:+CHACHA20-POLY1305", 1500, 1471); /* check EtM CBC */ dtls_mtu_try("DTLS 1.2/EtM with AES-128-CBC-HMAC-SHA1", "NORMAL:-VERS-ALL:+VERS-DTLS1.2:-CIPHER-ALL:+AES-128-CBC:-MAC-ALL:+SHA1", 1500, 1439); diff --git a/tests/key-tests/Makefile.am b/tests/key-tests/Makefile.am index 3714ce526c..5600f7bb0f 100644 --- a/tests/key-tests/Makefile.am +++ b/tests/key-tests/Makefile.am @@ -33,7 +33,11 @@ EXTRA_DIST = data/key-ca.pem data/key-user.pem \ dist_check_SCRIPTS = key-id pkcs8 pkcs8-decode dsa ecdsa illegal-rsa pkcs8-invalid key-invalid -TESTS = key-id pkcs8 pkcs8-decode ecdsa pkcs8-invalid key-invalid +TESTS = key-id ecdsa pkcs8-invalid key-invalid + +if !ENABLE_FIPS140 +TESTS += pkcs8-decode pkcs8 +endif if !WITH_OLD_NETTLE TESTS += illegal-rsa diff --git a/tests/set_x509_pkcs12_key.c b/tests/set_x509_pkcs12_key.c index 852b57ce4b..486ed592cd 100644 --- a/tests/set_x509_pkcs12_key.c +++ b/tests/set_x509_pkcs12_key.c @@ -62,6 +62,10 @@ void doit(void) gnutls_datum_t tcert; FILE *fp; + if (gnutls_fips140_mode_enabled()) { + exit(77); + } + global_init(); assert(gnutls_certificate_allocate_credentials(&xcred) >= 0); diff --git a/tests/x509sign-verify2.c b/tests/x509sign-verify2.c index dd54cfed18..15025ce213 100644 --- a/tests/x509sign-verify2.c +++ b/tests/x509sign-verify2.c @@ -195,13 +195,22 @@ void test_sig(gnutls_pk_algorithm_t pk, unsigned hash, unsigned bits) void doit(void) { + unsigned rsa_size1, rsa_size2; global_init(); gnutls_global_set_log_function(tls_log_func); if (debug) gnutls_global_set_log_level(6); - test_sig(GNUTLS_PK_RSA, GNUTLS_DIG_SHA1, 512); - test_sig(GNUTLS_PK_RSA, GNUTLS_DIG_SHA256, 1024); + if (gnutls_fips140_mode_enabled()) { + rsa_size1 = 2048; /* minimum allowed */ + rsa_size2 = 2048; /* minimum allowed */ + } else { + rsa_size1 = 512; + rsa_size2 = 1024; + } + + test_sig(GNUTLS_PK_RSA, GNUTLS_DIG_SHA1, rsa_size1); + test_sig(GNUTLS_PK_RSA, GNUTLS_DIG_SHA256, rsa_size2); test_sig(GNUTLS_PK_EC, GNUTLS_DIG_SHA1, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP256R1)); test_sig(GNUTLS_PK_EC, GNUTLS_DIG_SHA256, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP256R1)); test_sig(GNUTLS_PK_EC, GNUTLS_DIG_SHA256, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP384R1)); |