tests/api.c: appropriately pivot expected result code on minDhKeySz in test_wolfSSL_CTX_SetTmpDH_file() and test_wolfSSL_SetTmpDH_file().

tests/api/test_evp_pkey.c and tests/api/test_ossl_rsa.c: for FIPS, use WC_RSA_EXPONENT as the exponent for RSA_generate_key(), not 3.
This commit is contained in:
Daniel Pouzzner
2026-07-07 00:08:09 -05:00
parent 675d5df2cd
commit 42a9983e05
3 changed files with 44 additions and 4 deletions
+20 -4
View File
@@ -4282,8 +4282,16 @@ static int test_wolfSSL_CTX_SetTmpDH_file(void)
ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dhParamFile,
CERT_FILETYPE));
#if defined(WOLFSSL_WPAS) && !defined(NO_DSA)
ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dsaParamFile,
CERT_FILETYPE));
if (EXPECT_SUCCESS()) {
if (ctx->minDhKeySz <= 128 /* bytes */) {
ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dsaParamFile,
CERT_FILETYPE));
}
else {
ExpectIntEQ(DH_KEY_SIZE_E, wolfSSL_CTX_SetTmpDH_file(ctx, dsaParamFile,
CERT_FILETYPE));
}
}
#endif
wolfSSL_CTX_free(ctx);
@@ -4791,8 +4799,16 @@ static int test_wolfSSL_SetTmpDH_file(void)
ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl, dhX942ParamFile,
CERT_FILETYPE));
#if defined(WOLFSSL_WPAS) && !defined(NO_DSA)
ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dsaParamFile,
CERT_FILETYPE));
if (EXPECT_SUCCESS()) {
if (ctx->minDhKeySz <= 128 /* bytes */) {
ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dsaParamFile,
CERT_FILETYPE));
}
else {
ExpectIntEQ(DH_KEY_SIZE_E, wolfSSL_CTX_SetTmpDH_file(ctx, dsaParamFile,
CERT_FILETYPE));
}
}
#endif
wolfSSL_free(ssl);
+8
View File
@@ -1526,7 +1526,11 @@ static int test_wolfSSL_EVP_PKEY_sign_verify(int keyType)
!defined(HAVE_SELFTEST)
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
{
#ifdef HAVE_FIPS
ExpectNotNull(rsa = RSA_generate_key(2048, WC_RSA_EXPONENT, NULL, NULL));
#else
ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
#endif
ExpectIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS);
}
#endif
@@ -2159,7 +2163,11 @@ int test_wolfSSL_EVP_PKEY_encrypt(void)
XMEMSET(outDec, 0, rsaKeySz);
}
#ifdef HAVE_FIPS
ExpectNotNull(rsa = RSA_generate_key(2048, WC_RSA_EXPONENT, NULL, NULL));
#else
ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
#endif
ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new());
ExpectIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS);
if (EXPECT_FAIL()) {
+16
View File
@@ -65,7 +65,11 @@ int test_wolfSSL_RSA(void)
RSA_free(rsa);
rsa = NULL;
#ifdef HAVE_FIPS
ExpectNotNull(rsa = RSA_generate_key(2048, WC_RSA_EXPONENT, NULL, NULL));
#else
ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
#endif
ExpectIntEQ(RSA_size(rsa), 256);
#if (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(6,0,0)) && !defined(HAVE_SELFTEST)
@@ -306,7 +310,11 @@ int test_wolfSSL_RSA(void)
rsa = NULL;
#if !defined(USE_FAST_MATH) || (FP_MAX_BITS >= (3072*2))
#ifdef HAVE_FIPS
ExpectNotNull(rsa = RSA_generate_key(3072, WC_RSA_EXPONENT, NULL, NULL));
#else
ExpectNotNull(rsa = RSA_generate_key(3072, 17, NULL, NULL));
#endif
ExpectIntEQ(RSA_size(rsa), 384);
ExpectIntEQ(RSA_bits(rsa), 3072);
RSA_free(rsa);
@@ -461,7 +469,11 @@ int test_wolfSSL_RSA_print(void)
RSA_free(rsa);
rsa = NULL;
#ifdef HAVE_FIPS
ExpectNotNull(rsa = RSA_generate_key(2048, WC_RSA_EXPONENT, NULL, NULL));
#else
ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
#endif
ExpectIntEQ(RSA_print(bio, rsa, 0), 1);
ExpectIntEQ(RSA_print(bio, rsa, 4), 1);
@@ -644,7 +656,11 @@ int test_wolfSSL_RSA_meth(void)
RSA_METHOD *rsa_meth = NULL;
#ifdef WOLFSSL_KEY_GEN
#ifdef HAVE_FIPS
ExpectNotNull(rsa = RSA_generate_key(2048, WC_RSA_EXPONENT, NULL, NULL));
#else
ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
#endif
RSA_free(rsa);
rsa = NULL;
#else