You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
70 lines
2.0 KiB
70 lines
2.0 KiB
From 2c33761787f6530cf3984310a5f3b7dd05a7b375 Mon Sep 17 00:00:00 2001 |
|
From: Zoltan Fridrich <zfridric@redhat.com> |
|
Date: Thu, 17 Feb 2022 11:46:29 +0100 |
|
Subject: [PATCH] Disable some tests in fips mode |
|
|
|
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com> |
|
--- |
|
tests/pkcs11/pkcs11-eddsa-privkey-test.c | 5 +++++ |
|
tests/pkcs11/tls-neg-pkcs11-key.c | 8 +++++++- |
|
2 files changed, 12 insertions(+), 1 deletion(-) |
|
|
|
diff --git a/tests/pkcs11/pkcs11-eddsa-privkey-test.c b/tests/pkcs11/pkcs11-eddsa-privkey-test.c |
|
index 44515da3f..ebbfe5278 100644 |
|
--- a/tests/pkcs11/pkcs11-eddsa-privkey-test.c |
|
+++ b/tests/pkcs11/pkcs11-eddsa-privkey-test.c |
|
@@ -107,6 +107,11 @@ void doit(void) |
|
fail("%d: %s\n", ret, gnutls_strerror(ret)); |
|
} |
|
|
|
+ if (gnutls_fips140_mode_enabled()) { |
|
+ gnutls_global_deinit(); |
|
+ return; |
|
+ } |
|
+ |
|
gnutls_pkcs11_set_pin_function(pin_func, NULL); |
|
gnutls_global_set_log_function(tls_log_func); |
|
if (debug) |
|
diff --git a/tests/pkcs11/tls-neg-pkcs11-key.c b/tests/pkcs11/tls-neg-pkcs11-key.c |
|
index fc7c3dc4e..5cc1ae6e2 100644 |
|
--- a/tests/pkcs11/tls-neg-pkcs11-key.c |
|
+++ b/tests/pkcs11/tls-neg-pkcs11-key.c |
|
@@ -268,6 +268,7 @@ typedef struct test_st { |
|
int exp_serv_err; |
|
int needs_eddsa; |
|
int needs_decryption; |
|
+ int nofips; |
|
unsigned requires_pkcs11_pss; |
|
} test_st; |
|
|
|
@@ -340,6 +341,7 @@ static const test_st tests[] = { |
|
.cert = &server_ca3_eddsa_cert, |
|
.key = &server_ca3_eddsa_key, |
|
.exp_kx = GNUTLS_KX_ECDHE_RSA, |
|
+ .nofips = 1 |
|
}, |
|
{.name = "tls1.3: ecc key", |
|
.pk = GNUTLS_PK_ECDSA, |
|
@@ -392,7 +394,8 @@ static const test_st tests[] = { |
|
.prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA", |
|
.cert = &server_ca3_eddsa_cert, |
|
.key = &server_ca3_eddsa_key, |
|
- .exp_kx = GNUTLS_KX_ECDHE_RSA |
|
+ .exp_kx = GNUTLS_KX_ECDHE_RSA, |
|
+ .nofips = 1 |
|
} |
|
}; |
|
|
|
@@ -448,6 +451,9 @@ void doit(void) |
|
have_eddsa = verify_eddsa_presence(); |
|
|
|
for (i=0;i<sizeof(tests)/sizeof(tests[0]);i++) { |
|
+ if (tests[i].nofips && gnutls_fips140_mode_enabled()) |
|
+ continue; |
|
+ |
|
if (tests[i].needs_eddsa && !have_eddsa) |
|
continue; |
|
|
|
-- |
|
2.35.1 |
|
|
|
|