diff options
author | Tomas Mraz <tomas@openssl.org> | 2022-03-30 17:00:01 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2022-04-14 08:51:18 +0200 |
commit | e8a4145968eea576788761f39c5e4cb68b7c4a42 (patch) | |
tree | 6df8f68fc69e6fe71d962978a19b88578a4fe6e4 /test/endecode_test.c | |
parent | 638c3a28af45bd81a1c90b81efd8e10449eace1b (diff) |
endecode_test: Handle expected failures for non-fips ec keys
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17998)
Diffstat (limited to 'test/endecode_test.c')
-rw-r--r-- | test/endecode_test.c | 84 |
1 files changed, 49 insertions, 35 deletions
diff --git a/test/endecode_test.c b/test/endecode_test.c index 0c33dff0ee..3d78bea50e 100644 --- a/test/endecode_test.c +++ b/test/endecode_test.c @@ -147,6 +147,7 @@ typedef int (checker)(const char *file, const int line, typedef void (dumper)(const char *label, const void *data, size_t data_len); #define FLAG_DECODE_WITH_TYPE 0x0001 +#define FLAG_FAIL_IF_FIPS 0x0002 static int test_encode_decode(const char *file, const int line, const char *type, EVP_PKEY *pkey, @@ -170,8 +171,19 @@ static int test_encode_decode(const char *file, const int line, * dumping purposes. */ if (!TEST_true(encode_cb(file, line, &encoded, &encoded_len, pkey, selection, - output_type, output_structure, pass, pcipher)) - || !TEST_true(check_cb(file, line, type, encoded, encoded_len)) + output_type, output_structure, pass, pcipher))) + goto end; + + if ((flags & FLAG_FAIL_IF_FIPS) != 0 && is_fips) { + if (TEST_false(decode_cb(file, line, (void **)&pkey2, encoded, + encoded_len, output_type, output_structure, + (flags & FLAG_DECODE_WITH_TYPE ? type : NULL), + selection, pass))) + ok = 1; + goto end; + } + + if (!TEST_true(check_cb(file, line, type, encoded, encoded_len)) || !TEST_true(decode_cb(file, line, (void **)&pkey2, encoded, encoded_len, output_type, output_structure, (flags & FLAG_DECODE_WITH_TYPE ? type : NULL), @@ -525,7 +537,7 @@ static int check_unprotected_PKCS8_DER(const char *file, const int line, return ok; } -static int test_unprotected_via_DER(const char *type, EVP_PKEY *key) +static int test_unprotected_via_DER(const char *type, EVP_PKEY *key, int fips) { return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_KEYPAIR @@ -533,7 +545,7 @@ static int test_unprotected_via_DER(const char *type, EVP_PKEY *key) "DER", "PrivateKeyInfo", NULL, NULL, encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, test_mem, check_unprotected_PKCS8_DER, - dump_der, 0); + dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS); } static int check_unprotected_PKCS8_PEM(const char *file, const int line, @@ -547,7 +559,7 @@ static int check_unprotected_PKCS8_PEM(const char *file, const int line, sizeof(expected_pem_header) - 1); } -static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key) +static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key, int fips) { return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_KEYPAIR @@ -555,7 +567,7 @@ static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key) "PEM", "PrivateKeyInfo", NULL, NULL, encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, test_text, check_unprotected_PKCS8_PEM, - dump_pem, 0); + dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS); } #ifndef OPENSSL_NO_KEYPARAMS @@ -702,7 +714,7 @@ static int check_protected_PKCS8_DER(const char *file, const int line, return ok; } -static int test_protected_via_DER(const char *type, EVP_PKEY *key) +static int test_protected_via_DER(const char *type, EVP_PKEY *key, int fips) { return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_KEYPAIR @@ -711,7 +723,7 @@ static int test_protected_via_DER(const char *type, EVP_PKEY *key) pass, pass_cipher, encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, test_mem, check_protected_PKCS8_DER, - dump_der, 0); + dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS); } static int check_protected_PKCS8_PEM(const char *file, const int line, @@ -725,7 +737,7 @@ static int check_protected_PKCS8_PEM(const char *file, const int line, sizeof(expected_pem_header) - 1); } -static int test_protected_via_PEM(const char *type, EVP_PKEY *key) +static int test_protected_via_PEM(const char *type, EVP_PKEY *key, int fips) { return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_KEYPAIR @@ -734,7 +746,7 @@ static int test_protected_via_PEM(const char *type, EVP_PKEY *key) pass, pass_cipher, encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, test_text, check_protected_PKCS8_PEM, - dump_pem, 0); + dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS); } static int check_protected_legacy_PEM(const char *file, const int line, @@ -795,14 +807,15 @@ static int check_public_DER(const char *file, const int line, return ok; } -static int test_public_via_DER(const char *type, EVP_PKEY *key) +static int test_public_via_DER(const char *type, EVP_PKEY *key, int fips) { return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_PUBLIC_KEY | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, "DER", "SubjectPublicKeyInfo", NULL, NULL, encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, - test_mem, check_public_DER, dump_der, 0); + test_mem, check_public_DER, dump_der, + fips ? 0 : FLAG_FAIL_IF_FIPS); } static int check_public_PEM(const char *file, const int line, @@ -816,14 +829,15 @@ static int check_public_PEM(const char *file, const int line, sizeof(expected_pem_header) - 1); } -static int test_public_via_PEM(const char *type, EVP_PKEY *key) +static int test_public_via_PEM(const char *type, EVP_PKEY *key, int fips) { return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_PUBLIC_KEY | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, "PEM", "SubjectPublicKeyInfo", NULL, NULL, encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, - test_text, check_public_PEM, dump_pem, 0); + test_text, check_public_PEM, dump_pem, + fips ? 0 : FLAG_FAIL_IF_FIPS); } static int check_public_MSBLOB(const char *file, const int line, @@ -868,30 +882,30 @@ static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key) EVP_PKEY_free(template_##KEYTYPE); \ EVP_PKEY_free(key_##KEYTYPE) -#define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr) \ +#define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr, fips) \ static int test_unprotected_##KEYTYPE##_via_DER(void) \ { \ - return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE); \ + return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \ } \ static int test_unprotected_##KEYTYPE##_via_PEM(void) \ { \ - return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE); \ + return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \ } \ static int test_protected_##KEYTYPE##_via_DER(void) \ { \ - return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE); \ + return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \ } \ static int test_protected_##KEYTYPE##_via_PEM(void) \ { \ - return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE); \ + return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \ } \ static int test_public_##KEYTYPE##_via_DER(void) \ { \ - return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE); \ + return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \ } \ static int test_public_##KEYTYPE##_via_PEM(void) \ { \ - return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE); \ + return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \ } #define ADD_TEST_SUITE(KEYTYPE) \ @@ -965,10 +979,10 @@ static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key) #ifndef OPENSSL_NO_DH DOMAIN_KEYS(DH); -IMPLEMENT_TEST_SUITE(DH, "DH") +IMPLEMENT_TEST_SUITE(DH, "DH", 1) IMPLEMENT_TEST_SUITE_PARAMS(DH, "DH") DOMAIN_KEYS(DHX); -IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH") +IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH", 1) IMPLEMENT_TEST_SUITE_PARAMS(DHX, "X9.42 DH") /* * DH has no support for PEM_write_bio_PrivateKey_traditional(), @@ -977,7 +991,7 @@ IMPLEMENT_TEST_SUITE_PARAMS(DHX, "X9.42 DH") #endif #ifndef OPENSSL_NO_DSA DOMAIN_KEYS(DSA); -IMPLEMENT_TEST_SUITE(DSA, "DSA") +IMPLEMENT_TEST_SUITE(DSA, "DSA", 1) IMPLEMENT_TEST_SUITE_PARAMS(DSA, "DSA") IMPLEMENT_TEST_SUITE_LEGACY(DSA, "DSA") IMPLEMENT_TEST_SUITE_MSBLOB(DSA, "DSA") @@ -988,41 +1002,41 @@ IMPLEMENT_TEST_SUITE_PROTECTED_PVK(DSA, "DSA") #endif #ifndef OPENSSL_NO_EC DOMAIN_KEYS(EC); -IMPLEMENT_TEST_SUITE(EC, "EC") +IMPLEMENT_TEST_SUITE(EC, "EC", 1) IMPLEMENT_TEST_SUITE_PARAMS(EC, "EC") IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC") DOMAIN_KEYS(ECExplicitPrimeNamedCurve); -IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC") +IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1) IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC") DOMAIN_KEYS(ECExplicitPrime2G); -IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC") +IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0) IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC") # ifndef OPENSSL_NO_EC2M DOMAIN_KEYS(ECExplicitTriNamedCurve); -IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC") +IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1) IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve, "EC") DOMAIN_KEYS(ECExplicitTri2G); -IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC") +IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC", 0) IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTri2G, "EC") # endif KEYS(ED25519); -IMPLEMENT_TEST_SUITE(ED25519, "ED25519") +IMPLEMENT_TEST_SUITE(ED25519, "ED25519", 1) KEYS(ED448); -IMPLEMENT_TEST_SUITE(ED448, "ED448") +IMPLEMENT_TEST_SUITE(ED448, "ED448", 1) KEYS(X25519); -IMPLEMENT_TEST_SUITE(X25519, "X25519") +IMPLEMENT_TEST_SUITE(X25519, "X25519", 1) KEYS(X448); -IMPLEMENT_TEST_SUITE(X448, "X448") +IMPLEMENT_TEST_SUITE(X448, "X448", 1) /* * ED25519, ED448, X25519 and X448 have no support for * PEM_write_bio_PrivateKey_traditional(), so no legacy tests. */ #endif KEYS(RSA); -IMPLEMENT_TEST_SUITE(RSA, "RSA") +IMPLEMENT_TEST_SUITE(RSA, "RSA", 1) IMPLEMENT_TEST_SUITE_LEGACY(RSA, "RSA") KEYS(RSA_PSS); -IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS") +IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS", 1) /* * RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(), * so no legacy tests. |