From cffe25b1097a4695c984c45996d62fcfeef8c51b Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Tue, 7 Mar 2017 23:10:43 +0100 Subject: tests: converted FIPS140-2 mode checks in Makefiles to run-time in scripts Signed-off-by: Nikos Mavrogiannopoulos --- tests/cert-tests/Makefile.am | 7 ++----- tests/cert-tests/pkcs12 | 5 +++++ tests/key-tests/Makefile.am | 6 +----- tests/key-tests/pkcs8 | 5 +++++ tests/key-tests/pkcs8-decode | 5 +++++ 5 files changed, 18 insertions(+), 10 deletions(-) diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am index 4eaa0002a9..0bea3b89bf 100644 --- a/tests/cert-tests/Makefile.am +++ b/tests/cert-tests/Makefile.am @@ -74,16 +74,13 @@ dist_check_SCRIPTS = pathlen aki certtool invalid-sig email \ pkcs7 pkcs7-broken-sigs privkey-import name-constraints certtool-long-cn crl provable-privkey \ provable-dh userid sha2-test sha2-dsa-test provable-privkey-dsa2048 \ provable-privkey-rsa2048 provable-privkey-gen-default pkcs7-constraints \ - pkcs7-constraints2 certtool-long-oids pkcs7-cat cert-sanity cert-critical + pkcs7-constraints2 certtool-long-oids pkcs7-cat cert-sanity cert-critical \ + pkcs12 if WANT_TEST_SUITE dist_check_SCRIPTS += provable-dh-default endif -if !ENABLE_FIPS140 -dist_check_SCRIPTS += pkcs12 -endif - if ENABLE_OPENPGP # The selftest is disabled until we can make it work under Wine and # under Debian buildds (problem with 127.0.0.2?). diff --git a/tests/cert-tests/pkcs12 b/tests/cert-tests/pkcs12 index f28bd8008d..4a2067e818 100755 --- a/tests/cert-tests/pkcs12 +++ b/tests/cert-tests/pkcs12 @@ -28,6 +28,11 @@ if ! test -x "${CERTTOOL}"; then exit 77 fi +if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then + echo "Cannot run in FIPS140-2 mode" + exit 77 +fi + if ! test -z "${VALGRIND}"; then VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=1" fi diff --git a/tests/key-tests/Makefile.am b/tests/key-tests/Makefile.am index 98a627dfbf..1ff28b5863 100644 --- a/tests/key-tests/Makefile.am +++ b/tests/key-tests/Makefile.am @@ -35,11 +35,7 @@ EXTRA_DIST = data/key-ca.pem data/key-user.pem \ dist_check_SCRIPTS = key-id pkcs8 pkcs8-decode dsa ecdsa illegal-rsa pkcs8-invalid key-invalid -TESTS = key-id ecdsa pkcs8-invalid key-invalid - -if !ENABLE_FIPS140 -TESTS += pkcs8-decode pkcs8 -endif +TESTS = key-id ecdsa pkcs8-invalid key-invalid pkcs8-decode pkcs8 if !WITH_OLD_NETTLE TESTS += illegal-rsa diff --git a/tests/key-tests/pkcs8 b/tests/key-tests/pkcs8 index 7fee476e66..d23aad94b4 100755 --- a/tests/key-tests/pkcs8 +++ b/tests/key-tests/pkcs8 @@ -28,6 +28,11 @@ if ! test -x "${CERTTOOL}"; then exit 77 fi +if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then + echo "Cannot run in FIPS140-2 mode" + exit 77 +fi + if ! test -z "${VALGRIND}"; then VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=1" fi diff --git a/tests/key-tests/pkcs8-decode b/tests/key-tests/pkcs8-decode index 9159d20f20..2fb8696626 100755 --- a/tests/key-tests/pkcs8-decode +++ b/tests/key-tests/pkcs8-decode @@ -29,6 +29,11 @@ if ! test -x "${CERTTOOL}"; then exit 77 fi +if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then + echo "Cannot run in FIPS140-2 mode" + exit 77 +fi + if ! test -z "${VALGRIND}"; then VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" fi -- cgit v1.2.1