diff options
Diffstat (limited to 'tests')
-rw-r--r-- | tests/Makefile.am | 2 | ||||
-rw-r--r-- | tests/cve-2009-1416.c | 10 | ||||
-rw-r--r-- | tests/mini-record-2.c | 16 | ||||
-rw-r--r-- | tests/mini-record-failure.c | 24 | ||||
-rw-r--r-- | tests/mini-record-retvals.c | 12 | ||||
-rw-r--r-- | tests/mini-record.c | 6 | ||||
-rw-r--r-- | tests/openssl.c | 4 | ||||
-rw-r--r-- | tests/pkcs12_encode.c | 11 | ||||
-rw-r--r-- | tests/priorities.c | 18 | ||||
-rw-r--r-- | tests/record-sizes.c | 12 | ||||
-rw-r--r-- | tests/rng-no-onload.c | 6 | ||||
-rw-r--r-- | tests/set_pkcs12_cred.c | 6 | ||||
-rwxr-xr-x | tests/suite/testcompat-openssl.sh | 5 | ||||
-rwxr-xr-x | tests/suite/testcompat-polarssl.sh | 5 | ||||
-rwxr-xr-x | tests/suite/testpkcs11.sh | 5 |
15 files changed, 81 insertions, 61 deletions
diff --git a/tests/Makefile.am b/tests/Makefile.am index 490aa5162d..b1d25421eb 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -231,11 +231,9 @@ mini_alignment_CPPFLAGS = $(AM_CPPFLAGS) $(NETTLE_CFLAGS) mini_alignment_LDADD = $(LDADD) $(NETTLE_LIBS) if ENABLE_OPENSSL -if !ENABLE_FIPS140 ctests += openssl openssl_LDADD = ../extra/libgnutls-openssl.la $(LDADD) endif -endif if ENABLE_OPENPGP ctests += openpgp-auth openpgp-auth2 openpgp-keyring pgps2kgnu diff --git a/tests/cve-2009-1416.c b/tests/cve-2009-1416.c index 128d4abd91..56904f6b4a 100644 --- a/tests/cve-2009-1416.c +++ b/tests/cve-2009-1416.c @@ -48,14 +48,15 @@ int main(void) { -#ifdef ENABLE_FIPS140 - /* Cannot generate a 512-bit DSA key */ - return 77; -#else gnutls_x509_privkey_t key; gnutls_datum_t p, q, g, y, x; int ret; + if (gnutls_fips140_mode_enabled()) { + /* Cannot generate a 512-bit DSA key */ + return 77; + } + global_init(); ret = gnutls_x509_privkey_init(&key); @@ -85,5 +86,4 @@ int main(void) gnutls_global_deinit(); return 0; -#endif } diff --git a/tests/mini-record-2.c b/tests/mini-record-2.c index c6abe0951e..c4a22c1836 100644 --- a/tests/mini-record-2.c +++ b/tests/mini-record-2.c @@ -446,17 +446,17 @@ void doit(void) start(AES_CCM, 0); start(AES_CCM_8, 0); -#ifndef ENABLE_FIPS140 - start(NULL_SHA1, 0); + if (!gnutls_fips140_mode_enabled()) { + start(NULL_SHA1, 0); - start(ARCFOUR_SHA1, 0); - start(ARCFOUR_MD5, 0); - start(CHACHA_POLY1305, 0); + start(ARCFOUR_SHA1, 0); + start(ARCFOUR_MD5, 0); + start(CHACHA_POLY1305, 0); -# ifdef HAVE_LIBZ - start(ARCFOUR_SHA1_ZLIB, 0); -# endif +#ifdef HAVE_LIBZ + start(ARCFOUR_SHA1_ZLIB, 0); #endif + } #ifdef HAVE_LIBZ start(AES_GCM_ZLIB, 0); diff --git a/tests/mini-record-failure.c b/tests/mini-record-failure.c index 9f70ce3055..ba62449a6d 100644 --- a/tests/mini-record-failure.c +++ b/tests/mini-record-failure.c @@ -380,16 +380,16 @@ void doit(void) start(AES_CCM, 0); start(AES_CCM_8, 0); -#ifndef ENABLE_FIPS140 - start(NULL_SHA1, 0); + if (!gnutls_fips140_mode_enabled()) { + start(NULL_SHA1, 0); - start(ARCFOUR_SHA1, 0); - start(ARCFOUR_MD5, 0); + start(ARCFOUR_SHA1, 0); + start(ARCFOUR_MD5, 0); # ifdef HAVE_LIBZ - start(ARCFOUR_SHA1_ZLIB, 0); + start(ARCFOUR_SHA1_ZLIB, 0); # endif -#endif + } #ifdef HAVE_LIBZ start(AES_GCM_ZLIB, 0); @@ -399,16 +399,16 @@ void doit(void) start(AES_CBC_SHA256 NO_ETM, 1); start(AES_GCM NO_ETM, 0); -#ifndef ENABLE_FIPS140 - start(NULL_SHA1 NO_ETM, 0); + if (!gnutls_fips140_mode_enabled()) { + start(NULL_SHA1 NO_ETM, 0); - start(ARCFOUR_SHA1 NO_ETM, 0); - start(ARCFOUR_MD5 NO_ETM, 0); + start(ARCFOUR_SHA1 NO_ETM, 0); + start(ARCFOUR_MD5 NO_ETM, 0); # ifdef HAVE_LIBZ - start(ARCFOUR_SHA1_ZLIB NO_ETM, 0); + start(ARCFOUR_SHA1_ZLIB NO_ETM, 0); # endif -#endif + } #ifdef HAVE_LIBZ start(AES_GCM_ZLIB NO_ETM, 0); diff --git a/tests/mini-record-retvals.c b/tests/mini-record-retvals.c index 6355de0e49..9e8b4c1869 100644 --- a/tests/mini-record-retvals.c +++ b/tests/mini-record-retvals.c @@ -449,16 +449,16 @@ void doit(void) start(AES_CBC_SHA256, 0); start(AES_GCM, 0); -#ifndef ENABLE_FIPS140 - start(NULL_SHA1, 0); + if (!gnutls_fips140_mode_enabled()) { + start(NULL_SHA1, 0); - start(ARCFOUR_SHA1, 0); - start(ARCFOUR_MD5, 0); + start(ARCFOUR_SHA1, 0); + start(ARCFOUR_MD5, 0); # ifdef HAVE_LIBZ - start(ARCFOUR_SHA1_ZLIB, 0); + start(ARCFOUR_SHA1_ZLIB, 0); # endif -#endif + } #ifdef HAVE_LIBZ start(AES_GCM_ZLIB, 0); diff --git a/tests/mini-record.c b/tests/mini-record.c index f6d9c61a5d..6e8c0ffb42 100644 --- a/tests/mini-record.c +++ b/tests/mini-record.c @@ -413,9 +413,9 @@ void doit(void) start(AES_GCM); start(AES_CCM); start(AES_CCM_8); -#ifndef ENABLE_FIPS140 - start(CHACHA_POLY1305); -#endif + if (!gnutls_fips140_mode_enabled()) { + start(CHACHA_POLY1305); + } } #endif /* _WIN32 */ diff --git a/tests/openssl.c b/tests/openssl.c index aee870a707..483611cfc0 100644 --- a/tests/openssl.c +++ b/tests/openssl.c @@ -35,6 +35,10 @@ void doit(void) MD5_CTX c; unsigned char md[MD5_DIGEST_LENGTH]; + if (gnutls_fips140_mode_enabled()) { + exit(77); + } + if (global_init() != 0) fail("global_init\n"); diff --git a/tests/pkcs12_encode.c b/tests/pkcs12_encode.c index 46c5092e49..3b0e84ef13 100644 --- a/tests/pkcs12_encode.c +++ b/tests/pkcs12_encode.c @@ -128,11 +128,12 @@ void doit(void) } /* Generate and add PKCS#12 cert bags. */ -#ifndef ENABLE_FIPS140 - tests = 2; /* include RC2 */ -#else - tests = 1; -#endif + if (!gnutls_fips140_mode_enabled()) { + tests = 2; /* include RC2 */ + } else { + tests = 1; + } + for (i = 0; i < tests; i++) { ret = gnutls_pkcs12_bag_init(&bag); if (ret < 0) { diff --git a/tests/priorities.c b/tests/priorities.c index b1b5d40428..f0eb7b7570 100644 --- a/tests/priorities.c +++ b/tests/priorities.c @@ -101,7 +101,6 @@ void doit(void) int normal_ciphers = 11; int pfs_cs = 39; -#ifdef ENABLE_FIPS140 if (gnutls_fips140_mode_enabled()) { normal_cs = 30; normal_ciphers = 6; @@ -109,17 +108,18 @@ void doit(void) sec256_cs = 11; sec128_cs = 30; } -#endif try_prio("NORMAL", normal_cs, normal_ciphers, __LINE__); try_prio("NORMAL:-MAC-ALL:+MD5:+MAC-ALL", normal_cs, normal_ciphers, __LINE__); -#ifndef ENABLE_FIPS140 - try_prio("PFS", pfs_cs, normal_ciphers, __LINE__); - try_prio("NORMAL:+CIPHER-ALL", normal_cs, 11, __LINE__); /* all (except null) */ - try_prio("NORMAL:-CIPHER-ALL:+NULL", null, 1, __LINE__); /* null */ - try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL", normal_cs + null, 12, __LINE__); /* should be null + all */ - try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL:-CIPHER-ALL:+AES-128-CBC", 8, 1, __LINE__); /* should be null + all */ -#endif + + if (!gnutls_fips140_mode_enabled()) { + try_prio("PFS", pfs_cs, normal_ciphers, __LINE__); + try_prio("NORMAL:+CIPHER-ALL", normal_cs, 11, __LINE__); /* all (except null) */ + try_prio("NORMAL:-CIPHER-ALL:+NULL", null, 1, __LINE__); /* null */ + try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL", normal_cs + null, 12, __LINE__); /* should be null + all */ + try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL:-CIPHER-ALL:+AES-128-CBC", 8, 1, __LINE__); /* should be null + all */ + } + try_prio("PERFORMANCE", normal_cs, normal_ciphers, __LINE__); try_prio("SECURE256", sec256_cs, 6, __LINE__); try_prio("SECURE128", sec128_cs, 11, __LINE__); diff --git a/tests/record-sizes.c b/tests/record-sizes.c index 1683da14f2..47cd5920b2 100644 --- a/tests/record-sizes.c +++ b/tests/record-sizes.c @@ -43,8 +43,6 @@ static void tls_log_func(int level, const char *str) /* This test attempts to transfer various sizes using ARCFOUR-128. */ -#ifndef ENABLE_FIPS140 - #define MAX_BUF 16384 static char b1[MAX_BUF + 1]; static char buffer[MAX_BUF + 1]; @@ -66,6 +64,10 @@ void doit(void) ssize_t ns; int ret, transferred = 0; + if (gnutls_fips140_mode_enabled()) { + exit(77); + } + /* General init. */ global_init(); gnutls_global_set_log_function(tls_log_func); @@ -159,9 +161,3 @@ void doit(void) gnutls_global_deinit(); } -#else -void doit(void) -{ - exit(77); -} -#endif diff --git a/tests/rng-no-onload.c b/tests/rng-no-onload.c index 726b5fddf4..ac01be2144 100644 --- a/tests/rng-no-onload.c +++ b/tests/rng-no-onload.c @@ -32,7 +32,7 @@ #include <gnutls/crypto.h> #include "utils.h" -#if defined(ENABLE_FIPS140) || !defined(__linux__) || !defined(__GNUC__) +#if !defined(__linux__) || !defined(__GNUC__) void doit(void) { @@ -58,6 +58,10 @@ gnutls_rnd(gnutls_rnd_level_t level, void *data, size_t len) void doit(void) { + if (gnutls_fips140_mode_enabled()) { + exit(77); + } + global_init(); if (_rnd_called != 0) diff --git a/tests/set_pkcs12_cred.c b/tests/set_pkcs12_cred.c index 8e45047467..7f324bb41e 100644 --- a/tests/set_pkcs12_cred.c +++ b/tests/set_pkcs12_cred.c @@ -40,11 +40,9 @@ typedef struct { } files_st; files_st files[] = { -#ifndef ENABLE_FIPS140 {"client.p12", "foobar"}, {"cert-ca.p12", "1234"}, /* 2 certs, one is a CA */ {"pkcs12_2certs.p12", ""}, /* 2 certs, on is unrelated */ -#endif {NULL, NULL} }; @@ -56,6 +54,10 @@ void doit(void) char file[512]; int ret; + if (gnutls_fips140_mode_enabled()) { + exit(77); + } + ret = global_init(); if (ret < 0) fail("global_init failed %d\n", ret); diff --git a/tests/suite/testcompat-openssl.sh b/tests/suite/testcompat-openssl.sh index 096d3da7ee..cec0c7161e 100755 --- a/tests/suite/testcompat-openssl.sh +++ b/tests/suite/testcompat-openssl.sh @@ -32,6 +32,11 @@ srcdir="${srcdir:-.}" +if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then + echo "Cannot run in FIPS140-2 mode" + exit 77 +fi + if ! test -x /usr/bin/openssl; then echo "You need openssl to run this test" exit 77 diff --git a/tests/suite/testcompat-polarssl.sh b/tests/suite/testcompat-polarssl.sh index 32e04f753b..4c7a493d17 100755 --- a/tests/suite/testcompat-polarssl.sh +++ b/tests/suite/testcompat-polarssl.sh @@ -34,6 +34,11 @@ srcdir="${srcdir:-.}" export TZ="UTC" +if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then + echo "Cannot run in FIPS140-2 mode" + exit 77 +fi + # Check for datefudge TSTAMP=`datefudge "2006-09-23 00:00 UTC" date -u +%s 2>/dev/null` if test "${TSTAMP}" != "1158969600"; then diff --git a/tests/suite/testpkcs11.sh b/tests/suite/testpkcs11.sh index c49624870c..b3001ca1e6 100755 --- a/tests/suite/testpkcs11.sh +++ b/tests/suite/testpkcs11.sh @@ -26,6 +26,11 @@ SERV="${SERV:-../../src/gnutls-serv${EXEEXT}}" CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}" RETCODE=0 +if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then + echo "Cannot run in FIPS140-2 mode" + exit 77 +fi + if ! test -x "${P11TOOL}"; then exit 77 fi |