From 7048efb5fa26f8c1607d466c5f3e7f9b85e78256 Mon Sep 17 00:00:00 2001
From: kaleb-himes <kaleb@wolfssl.com>
Date: Thu, 6 Dec 2018 12:51:29 -0700
Subject: [PATCH] Test adjustments for testing with nginx in FIPS mode

---
 tests/api.c | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/tests/api.c b/tests/api.c
index 1b3a835ac..66b9ba44a 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -3315,6 +3315,10 @@ static void test_wolfSSL_X509_NAME_get_entry(void)
 static void test_wolfSSL_PKCS12(void)
 {
     /* .p12 file is encrypted with DES3 */
+#ifndef HAVE_FIPS /* Password used in cert "wolfSSL test" is only 12-bytes
+                   * (96-bit) FIPS mode requires Minimum of 14-byte (112-bit)
+                   * Password Key
+                   */
 #if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && !defined(NO_FILESYSTEM) && \
     !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_RSA)
     byte buffer[5300];
@@ -3531,6 +3535,7 @@ static void test_wolfSSL_PKCS12(void)
 
     printf(resultFmt, passed);
 #endif /* OPENSSL_EXTRA */
+#endif /* HAVE_FIPS */
 }
 
 
@@ -3654,7 +3659,11 @@ static void test_wolfSSL_PKCS8(void)
 static void test_wolfSSL_PKCS5(void)
 {
 #if defined(OPENSSL_EXTRA) && !defined(NO_SHA) && !defined(NO_PWDBASED)
+#ifdef HAVE_FIPS /* Password minimum length is 14 (112-bit) in FIPS MODE */
+    const char* passwd = "myfipsPa$$W0rd";
+#else
     const char *passwd = "pass1234";
+#endif
     const unsigned char *salt = (unsigned char *)"salt1234";
     unsigned char *out = (unsigned char *)XMALLOC(WC_SHA_DIGEST_SIZE, NULL,
                                                   DYNAMIC_TYPE_TMP_BUFFER);
@@ -19189,7 +19198,11 @@ static void test_wolfSSL_HMAC(void)
 
 static void test_wolfSSL_OBJ(void)
 {
-#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && !defined(NO_ASN)
+/* Password "wolfSSL test" is only 12 (96-bit) too short for testing in FIPS
+ * mode
+ */
+#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && !defined(NO_ASN) && \
+    !defined(HAVE_FIPS)
     ASN1_OBJECT *obj = NULL;
     char buf[50];
 
@@ -20237,7 +20250,11 @@ static void test_wolfSSL_SHA(void)
         unsigned char out[WC_SHA256_DIGEST_SIZE];
 
         XMEMSET(out, 0, WC_SHA256_DIGEST_SIZE);
+#if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
         AssertNotNull(SHA256(in, XSTRLEN((char*)in), out));
+#else
+        AssertNotNull(wolfSSL_SHA256(in, XSTRLEN((char*)in), out));
+#endif
         AssertIntEQ(XMEMCMP(out, expected, WC_SHA256_DIGEST_SIZE), 0);
     }
     #endif
@@ -20252,7 +20269,11 @@ static void test_wolfSSL_SHA(void)
         unsigned char out[WC_SHA384_DIGEST_SIZE];
 
         XMEMSET(out, 0, WC_SHA384_DIGEST_SIZE);
+#if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
         AssertNotNull(SHA384(in, XSTRLEN((char*)in), out));
+#else
+        AssertNotNull(wolfSSL_SHA384(in, XSTRLEN((char*)in), out));
+#endif
         AssertIntEQ(XMEMCMP(out, expected, WC_SHA384_DIGEST_SIZE), 0);
     }
     #endif
@@ -20268,7 +20289,11 @@ static void test_wolfSSL_SHA(void)
         unsigned char out[WC_SHA512_DIGEST_SIZE];
 
         XMEMSET(out, 0, WC_SHA512_DIGEST_SIZE);
+#if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
         AssertNotNull(SHA512(in, XSTRLEN((char*)in), out));
+#else
+        AssertNotNull(wolfSSL_SHA512(in, XSTRLEN((char*)in), out));
+#endif
         AssertIntEQ(XMEMCMP(out, expected, WC_SHA512_DIGEST_SIZE), 0);
     }
     #endif