From 12ab4f725d605130a7719a687981d9d1d3e6337f Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Tue, 7 Mar 2017 07:55:10 +0100 Subject: tests: converted compile-time checks for FIPS140 mode to run-time This allows running the complete test suite even when the library is compiled in FIPS140-2 mode, as long as the run-time is not at this mode. Signed-off-by: Nikos Mavrogiannopoulos --- tests/suite/testcompat-openssl.sh | 5 +++++ tests/suite/testcompat-polarssl.sh | 5 +++++ tests/suite/testpkcs11.sh | 5 +++++ 3 files changed, 15 insertions(+) (limited to 'tests/suite') diff --git a/tests/suite/testcompat-openssl.sh b/tests/suite/testcompat-openssl.sh index 096d3da7ee..cec0c7161e 100755 --- a/tests/suite/testcompat-openssl.sh +++ b/tests/suite/testcompat-openssl.sh @@ -32,6 +32,11 @@ srcdir="${srcdir:-.}" +if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then + echo "Cannot run in FIPS140-2 mode" + exit 77 +fi + if ! test -x /usr/bin/openssl; then echo "You need openssl to run this test" exit 77 diff --git a/tests/suite/testcompat-polarssl.sh b/tests/suite/testcompat-polarssl.sh index 32e04f753b..4c7a493d17 100755 --- a/tests/suite/testcompat-polarssl.sh +++ b/tests/suite/testcompat-polarssl.sh @@ -34,6 +34,11 @@ srcdir="${srcdir:-.}" export TZ="UTC" +if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then + echo "Cannot run in FIPS140-2 mode" + exit 77 +fi + # Check for datefudge TSTAMP=`datefudge "2006-09-23 00:00 UTC" date -u +%s 2>/dev/null` if test "${TSTAMP}" != "1158969600"; then diff --git a/tests/suite/testpkcs11.sh b/tests/suite/testpkcs11.sh index c49624870c..b3001ca1e6 100755 --- a/tests/suite/testpkcs11.sh +++ b/tests/suite/testpkcs11.sh @@ -26,6 +26,11 @@ SERV="${SERV:-../../src/gnutls-serv${EXEEXT}}" CLI="${CLI:-../../src/gnutls-cli${EXEEXT}}" RETCODE=0 +if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then + echo "Cannot run in FIPS140-2 mode" + exit 77 +fi + if ! test -x "${P11TOOL}"; then exit 77 fi -- cgit v1.2.1