diff options
author | Tomas Mraz <tomas@openssl.org> | 2022-03-30 17:00:01 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2022-04-14 08:52:04 +0200 |
commit | 1364813a4f8a2ad048508a74153a4906f09402be (patch) | |
tree | a7586fe10593d3e9cd437e3edcfcba1946946ed3 /test | |
parent | 35738363a81ec53ae45baf7dd17e7a598494f7dd (diff) |
endecode_test: Handle expected failures for non-fips ec keys
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17998)
(cherry picked from commit e8a4145968eea576788761f39c5e4cb68b7c4a42)
Diffstat (limited to 'test')
-rw-r--r-- | test/endecode_test.c | 84 |
1 files changed, 49 insertions, 35 deletions
diff --git a/test/endecode_test.c b/test/endecode_test.c index 1698867b40..f23569c07d 100644 --- a/test/endecode_test.c +++ b/test/endecode_test.c @@ -143,6 +143,7 @@ typedef int (checker)(const char *file, const int line, typedef void (dumper)(const char *label, const void *data, size_t data_len); #define FLAG_DECODE_WITH_TYPE 0x0001 +#define FLAG_FAIL_IF_FIPS 0x0002 static int test_encode_decode(const char *file, const int line, const char *type, EVP_PKEY *pkey, @@ -166,8 +167,19 @@ static int test_encode_decode(const char *file, const int line, * dumping purposes. */ if (!TEST_true(encode_cb(file, line, &encoded, &encoded_len, pkey, selection, - output_type, output_structure, pass, pcipher)) - || !TEST_true(check_cb(file, line, type, encoded, encoded_len)) + output_type, output_structure, pass, pcipher))) + goto end; + + if ((flags & FLAG_FAIL_IF_FIPS) != 0 && is_fips) { + if (TEST_false(decode_cb(file, line, (void **)&pkey2, encoded, + encoded_len, output_type, output_structure, + (flags & FLAG_DECODE_WITH_TYPE ? type : NULL), + selection, pass))) + ok = 1; + goto end; + } + + if (!TEST_true(check_cb(file, line, type, encoded, encoded_len)) || !TEST_true(decode_cb(file, line, (void **)&pkey2, encoded, encoded_len, output_type, output_structure, (flags & FLAG_DECODE_WITH_TYPE ? type : NULL), @@ -521,7 +533,7 @@ static int check_unprotected_PKCS8_DER(const char *file, const int line, return ok; } -static int test_unprotected_via_DER(const char *type, EVP_PKEY *key) +static int test_unprotected_via_DER(const char *type, EVP_PKEY *key, int fips) { return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_KEYPAIR @@ -529,7 +541,7 @@ static int test_unprotected_via_DER(const char *type, EVP_PKEY *key) "DER", "PrivateKeyInfo", NULL, NULL, encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, test_mem, check_unprotected_PKCS8_DER, - dump_der, 0); + dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS); } static int check_unprotected_PKCS8_PEM(const char *file, const int line, @@ -543,7 +555,7 @@ static int check_unprotected_PKCS8_PEM(const char *file, const int line, sizeof(expected_pem_header) - 1); } -static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key) +static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key, int fips) { return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_KEYPAIR @@ -551,7 +563,7 @@ static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key) "PEM", "PrivateKeyInfo", NULL, NULL, encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, test_text, check_unprotected_PKCS8_PEM, - dump_pem, 0); + dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS); } #ifndef OPENSSL_NO_KEYPARAMS @@ -698,7 +710,7 @@ static int check_protected_PKCS8_DER(const char *file, const int line, return ok; } -static int test_protected_via_DER(const char *type, EVP_PKEY *key) +static int test_protected_via_DER(const char *type, EVP_PKEY *key, int fips) { return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_KEYPAIR @@ -707,7 +719,7 @@ static int test_protected_via_DER(const char *type, EVP_PKEY *key) pass, pass_cipher, encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, test_mem, check_protected_PKCS8_DER, - dump_der, 0); + dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS); } static int check_protected_PKCS8_PEM(const char *file, const int line, @@ -721,7 +733,7 @@ static int check_protected_PKCS8_PEM(const char *file, const int line, sizeof(expected_pem_header) - 1); } -static int test_protected_via_PEM(const char *type, EVP_PKEY *key) +static int test_protected_via_PEM(const char *type, EVP_PKEY *key, int fips) { return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_KEYPAIR @@ -730,7 +742,7 @@ static int test_protected_via_PEM(const char *type, EVP_PKEY *key) pass, pass_cipher, encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, test_text, check_protected_PKCS8_PEM, - dump_pem, 0); + dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS); } static int check_protected_legacy_PEM(const char *file, const int line, @@ -791,14 +803,15 @@ static int check_public_DER(const char *file, const int line, return ok; } -static int test_public_via_DER(const char *type, EVP_PKEY *key) +static int test_public_via_DER(const char *type, EVP_PKEY *key, int fips) { return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_PUBLIC_KEY | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, "DER", "SubjectPublicKeyInfo", NULL, NULL, encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, - test_mem, check_public_DER, dump_der, 0); + test_mem, check_public_DER, dump_der, + fips ? 0 : FLAG_FAIL_IF_FIPS); } static int check_public_PEM(const char *file, const int line, @@ -812,14 +825,15 @@ static int check_public_PEM(const char *file, const int line, sizeof(expected_pem_header) - 1); } -static int test_public_via_PEM(const char *type, EVP_PKEY *key) +static int test_public_via_PEM(const char *type, EVP_PKEY *key, int fips) { return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_PUBLIC_KEY | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, "PEM", "SubjectPublicKeyInfo", NULL, NULL, encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, - test_text, check_public_PEM, dump_pem, 0); + test_text, check_public_PEM, dump_pem, + fips ? 0 : FLAG_FAIL_IF_FIPS); } static int check_public_MSBLOB(const char *file, const int line, @@ -864,30 +878,30 @@ static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key) EVP_PKEY_free(template_##KEYTYPE); \ EVP_PKEY_free(key_##KEYTYPE) -#define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr) \ +#define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr, fips) \ static int test_unprotected_##KEYTYPE##_via_DER(void) \ { \ - return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE); \ + return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \ } \ static int test_unprotected_##KEYTYPE##_via_PEM(void) \ { \ - return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE); \ + return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \ } \ static int test_protected_##KEYTYPE##_via_DER(void) \ { \ - return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE); \ + return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \ } \ static int test_protected_##KEYTYPE##_via_PEM(void) \ { \ - return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE); \ + return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \ } \ static int test_public_##KEYTYPE##_via_DER(void) \ { \ - return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE); \ + return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \ } \ static int test_public_##KEYTYPE##_via_PEM(void) \ { \ - return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE); \ + return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \ } #define ADD_TEST_SUITE(KEYTYPE) \ @@ -961,10 +975,10 @@ static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key) #ifndef OPENSSL_NO_DH DOMAIN_KEYS(DH); -IMPLEMENT_TEST_SUITE(DH, "DH") +IMPLEMENT_TEST_SUITE(DH, "DH", 1) IMPLEMENT_TEST_SUITE_PARAMS(DH, "DH") DOMAIN_KEYS(DHX); -IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH") +IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH", 1) IMPLEMENT_TEST_SUITE_PARAMS(DHX, "X9.42 DH") /* * DH has no support for PEM_write_bio_PrivateKey_traditional(), @@ -973,7 +987,7 @@ IMPLEMENT_TEST_SUITE_PARAMS(DHX, "X9.42 DH") #endif #ifndef OPENSSL_NO_DSA DOMAIN_KEYS(DSA); -IMPLEMENT_TEST_SUITE(DSA, "DSA") +IMPLEMENT_TEST_SUITE(DSA, "DSA", 1) IMPLEMENT_TEST_SUITE_PARAMS(DSA, "DSA") IMPLEMENT_TEST_SUITE_LEGACY(DSA, "DSA") IMPLEMENT_TEST_SUITE_MSBLOB(DSA, "DSA") @@ -984,41 +998,41 @@ IMPLEMENT_TEST_SUITE_PROTECTED_PVK(DSA, "DSA") #endif #ifndef OPENSSL_NO_EC DOMAIN_KEYS(EC); -IMPLEMENT_TEST_SUITE(EC, "EC") +IMPLEMENT_TEST_SUITE(EC, "EC", 1) IMPLEMENT_TEST_SUITE_PARAMS(EC, "EC") IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC") DOMAIN_KEYS(ECExplicitPrimeNamedCurve); -IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC") +IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1) IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC") DOMAIN_KEYS(ECExplicitPrime2G); -IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC") +IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0) IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC") # ifndef OPENSSL_NO_EC2M DOMAIN_KEYS(ECExplicitTriNamedCurve); -IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC") +IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1) IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve, "EC") DOMAIN_KEYS(ECExplicitTri2G); -IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC") +IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC", 0) IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTri2G, "EC") # endif KEYS(ED25519); -IMPLEMENT_TEST_SUITE(ED25519, "ED25519") +IMPLEMENT_TEST_SUITE(ED25519, "ED25519", 1) KEYS(ED448); -IMPLEMENT_TEST_SUITE(ED448, "ED448") +IMPLEMENT_TEST_SUITE(ED448, "ED448", 1) KEYS(X25519); -IMPLEMENT_TEST_SUITE(X25519, "X25519") +IMPLEMENT_TEST_SUITE(X25519, "X25519", 1) KEYS(X448); -IMPLEMENT_TEST_SUITE(X448, "X448") +IMPLEMENT_TEST_SUITE(X448, "X448", 1) /* * ED25519, ED448, X25519 and X448 have no support for * PEM_write_bio_PrivateKey_traditional(), so no legacy tests. */ #endif KEYS(RSA); -IMPLEMENT_TEST_SUITE(RSA, "RSA") +IMPLEMENT_TEST_SUITE(RSA, "RSA", 1) IMPLEMENT_TEST_SUITE_LEGACY(RSA, "RSA") KEYS(RSA_PSS); -IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS") +IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS", 1) /* * RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(), * so no legacy tests. |