diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-03-01 14:05:31 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-03-01 14:34:56 +0100 |
commit | c3ec3cbf313580a7c7c0fce5c8c5618979a5e957 (patch) | |
tree | 229e3cd1ee2ceb4cf8b6e13298ef66b358c9ab2a | |
parent | b9ea72f9bbb0ef21b61e10f3e26b34129be1d85b (diff) | |
download | gnutls-c3ec3cbf313580a7c7c0fce5c8c5618979a5e957.tar.gz |
tests: priorities: enhanced for test to work under FIPS140-2 mode
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | tests/priorities.c | 40 |
1 files changed, 27 insertions, 13 deletions
diff --git a/tests/priorities.c b/tests/priorities.c index 38738e3773..b1b5d40428 100644 --- a/tests/priorities.c +++ b/tests/priorities.c @@ -91,29 +91,43 @@ try_prio(const char *prio, unsigned expected_cs, unsigned expected_ciphers, unsi } } + void doit(void) { - const int normal = 53; const int null = 5; - const int sec128 = 53; + int sec128_cs = 53; + int sec256_cs = 22; + int normal_cs = 53; + int normal_ciphers = 11; + int pfs_cs = 39; + +#ifdef ENABLE_FIPS140 + if (gnutls_fips140_mode_enabled()) { + normal_cs = 30; + normal_ciphers = 6; + pfs_cs = 22; + sec256_cs = 11; + sec128_cs = 30; + } +#endif - try_prio("PFS", 39, 11, __LINE__); - try_prio("NORMAL", normal, 11, __LINE__); - try_prio("NORMAL:-MAC-ALL:+MD5:+MAC-ALL", normal, 11, __LINE__); + try_prio("NORMAL", normal_cs, normal_ciphers, __LINE__); + try_prio("NORMAL:-MAC-ALL:+MD5:+MAC-ALL", normal_cs, normal_ciphers, __LINE__); #ifndef ENABLE_FIPS140 - try_prio("NORMAL:+CIPHER-ALL", normal, 11, __LINE__); /* all (except null) */ + try_prio("PFS", pfs_cs, normal_ciphers, __LINE__); + try_prio("NORMAL:+CIPHER-ALL", normal_cs, 11, __LINE__); /* all (except null) */ try_prio("NORMAL:-CIPHER-ALL:+NULL", null, 1, __LINE__); /* null */ - try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL", normal + null, 12, __LINE__); /* should be null + all */ + try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL", normal_cs + null, 12, __LINE__); /* should be null + all */ try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL:-CIPHER-ALL:+AES-128-CBC", 8, 1, __LINE__); /* should be null + all */ #endif - try_prio("PERFORMANCE", normal, 11, __LINE__); - try_prio("SECURE256", 22, 6, __LINE__); - try_prio("SECURE128", sec128, 11, __LINE__); - try_prio("SECURE128:+SECURE256", sec128, 11, __LINE__); /* should be the same as SECURE128 */ - try_prio("SECURE128:+SECURE256:+NORMAL", normal, 11, __LINE__); /* should be the same as NORMAL */ + try_prio("PERFORMANCE", normal_cs, normal_ciphers, __LINE__); + try_prio("SECURE256", sec256_cs, 6, __LINE__); + try_prio("SECURE128", sec128_cs, 11, __LINE__); + try_prio("SECURE128:+SECURE256", sec128_cs, 11, __LINE__); /* should be the same as SECURE128 */ + try_prio("SECURE128:+SECURE256:+NORMAL", normal_cs, 11, __LINE__); /* should be the same as NORMAL */ try_prio("SUITEB192", 1, 1, __LINE__); try_prio("SUITEB128", 2, 2, __LINE__); /* check legacy strings */ - try_prio("NORMAL:+RSA-EXPORT:+ARCFOUR-40", normal, 11, __LINE__); + try_prio("NORMAL:+RSA-EXPORT:+ARCFOUR-40", normal_cs, normal_ciphers, __LINE__); } |