Merge pull request #1961 from kaleb-himes/ZD4553-MAINTENANCE

Test adjustments for testing with nginx in FIPS mode
2018-12-07 09:29:47 +10:00 · 2018-12-07 09:29:47 +10:00 · 0259178033
commit 0259178033
parent 6dfc723961 7048efb5fa
1 changed files with 26 additions and 1 deletions
--- a/tests/api.c
+++ b/tests/api.c
@ -3315,6 +3315,10 @@ static void test_wolfSSL_X509_NAME_get_entry(void)
 static void test_wolfSSL_PKCS12(void)
 {
    /* .p12 file is encrypted with DES3 */
+#ifndef HAVE_FIPS /* Password used in cert "wolfSSL test" is only 12-bytes
+                   * (96-bit) FIPS mode requires Minimum of 14-byte (112-bit)
+                   * Password Key
+                   */
 #if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && !defined(NO_FILESYSTEM) && \
    !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_RSA)
    byte buffer[5300];
@ -3531,6 +3535,7 @@ static void test_wolfSSL_PKCS12(void)

    printf(resultFmt, passed);
 #endif /* OPENSSL_EXTRA */
+#endif /* HAVE_FIPS */
 }


@ -3654,7 +3659,11 @@ static void test_wolfSSL_PKCS8(void)
 static void test_wolfSSL_PKCS5(void)
 {
 #if defined(OPENSSL_EXTRA) && !defined(NO_SHA) && !defined(NO_PWDBASED)
+#ifdef HAVE_FIPS /* Password minimum length is 14 (112-bit) in FIPS MODE */
+    const char* passwd = "myfipsPa$$W0rd";
+#else
    const char *passwd = "pass1234";
+#endif
    const unsigned char *salt = (unsigned char *)"salt1234";
    unsigned char *out = (unsigned char *)XMALLOC(WC_SHA_DIGEST_SIZE, NULL,
                                                  DYNAMIC_TYPE_TMP_BUFFER);
@ -19189,7 +19198,11 @@ static void test_wolfSSL_HMAC(void)

 static void test_wolfSSL_OBJ(void)
 {
-#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && !defined(NO_ASN)
+/* Password "wolfSSL test" is only 12 (96-bit) too short for testing in FIPS
+ * mode
+ */
+#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && !defined(NO_ASN) && \
+    !defined(HAVE_FIPS)
    ASN1_OBJECT *obj = NULL;
    char buf[50];

@ -20237,7 +20250,11 @@ static void test_wolfSSL_SHA(void)
        unsigned char out[WC_SHA256_DIGEST_SIZE];

        XMEMSET(out, 0, WC_SHA256_DIGEST_SIZE);
+#if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
        AssertNotNull(SHA256(in, XSTRLEN((char*)in), out));
+#else
+        AssertNotNull(wolfSSL_SHA256(in, XSTRLEN((char*)in), out));
+#endif
        AssertIntEQ(XMEMCMP(out, expected, WC_SHA256_DIGEST_SIZE), 0);
    }
    #endif
@ -20252,7 +20269,11 @@ static void test_wolfSSL_SHA(void)
        unsigned char out[WC_SHA384_DIGEST_SIZE];

        XMEMSET(out, 0, WC_SHA384_DIGEST_SIZE);
+#if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
        AssertNotNull(SHA384(in, XSTRLEN((char*)in), out));
+#else
+        AssertNotNull(wolfSSL_SHA384(in, XSTRLEN((char*)in), out));
+#endif
        AssertIntEQ(XMEMCMP(out, expected, WC_SHA384_DIGEST_SIZE), 0);
    }
    #endif
@ -20268,7 +20289,11 @@ static void test_wolfSSL_SHA(void)
        unsigned char out[WC_SHA512_DIGEST_SIZE];

        XMEMSET(out, 0, WC_SHA512_DIGEST_SIZE);
+#if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
        AssertNotNull(SHA512(in, XSTRLEN((char*)in), out));
+#else
+        AssertNotNull(wolfSSL_SHA512(in, XSTRLEN((char*)in), out));
+#endif
        AssertIntEQ(XMEMCMP(out, expected, WC_SHA512_DIGEST_SIZE), 0);
    }
    #endif