diff --git a/tests/api.c b/tests/api.c index 3d651b185d..38282d2d51 100644 --- a/tests/api.c +++ b/tests/api.c @@ -4282,8 +4282,16 @@ static int test_wolfSSL_CTX_SetTmpDH_file(void) ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dhParamFile, CERT_FILETYPE)); #if defined(WOLFSSL_WPAS) && !defined(NO_DSA) - ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dsaParamFile, - CERT_FILETYPE)); + if (EXPECT_SUCCESS()) { + if (ctx->minDhKeySz <= 128 /* bytes */) { + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dsaParamFile, + CERT_FILETYPE)); + } + else { + ExpectIntEQ(DH_KEY_SIZE_E, wolfSSL_CTX_SetTmpDH_file(ctx, dsaParamFile, + CERT_FILETYPE)); + } + } #endif wolfSSL_CTX_free(ctx); @@ -4791,8 +4799,16 @@ static int test_wolfSSL_SetTmpDH_file(void) ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl, dhX942ParamFile, CERT_FILETYPE)); #if defined(WOLFSSL_WPAS) && !defined(NO_DSA) - ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dsaParamFile, - CERT_FILETYPE)); + if (EXPECT_SUCCESS()) { + if (ctx->minDhKeySz <= 128 /* bytes */) { + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dsaParamFile, + CERT_FILETYPE)); + } + else { + ExpectIntEQ(DH_KEY_SIZE_E, wolfSSL_CTX_SetTmpDH_file(ctx, dsaParamFile, + CERT_FILETYPE)); + } + } #endif wolfSSL_free(ssl); diff --git a/tests/api/test_evp_pkey.c b/tests/api/test_evp_pkey.c index 9bdd5b9339..3dc2a51373 100644 --- a/tests/api/test_evp_pkey.c +++ b/tests/api/test_evp_pkey.c @@ -1526,7 +1526,11 @@ static int test_wolfSSL_EVP_PKEY_sign_verify(int keyType) !defined(HAVE_SELFTEST) #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) { +#ifdef HAVE_FIPS + ExpectNotNull(rsa = RSA_generate_key(2048, WC_RSA_EXPONENT, NULL, NULL)); +#else ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL)); +#endif ExpectIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS); } #endif @@ -2159,7 +2163,11 @@ int test_wolfSSL_EVP_PKEY_encrypt(void) XMEMSET(outDec, 0, rsaKeySz); } +#ifdef HAVE_FIPS + ExpectNotNull(rsa = RSA_generate_key(2048, WC_RSA_EXPONENT, NULL, NULL)); +#else ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL)); +#endif ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); ExpectIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS); if (EXPECT_FAIL()) { diff --git a/tests/api/test_ossl_rsa.c b/tests/api/test_ossl_rsa.c index dc0cee665b..b4ee4a22e5 100644 --- a/tests/api/test_ossl_rsa.c +++ b/tests/api/test_ossl_rsa.c @@ -65,7 +65,11 @@ int test_wolfSSL_RSA(void) RSA_free(rsa); rsa = NULL; +#ifdef HAVE_FIPS + ExpectNotNull(rsa = RSA_generate_key(2048, WC_RSA_EXPONENT, NULL, NULL)); +#else ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL)); +#endif ExpectIntEQ(RSA_size(rsa), 256); #if (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(6,0,0)) && !defined(HAVE_SELFTEST) @@ -306,7 +310,11 @@ int test_wolfSSL_RSA(void) rsa = NULL; #if !defined(USE_FAST_MATH) || (FP_MAX_BITS >= (3072*2)) +#ifdef HAVE_FIPS + ExpectNotNull(rsa = RSA_generate_key(3072, WC_RSA_EXPONENT, NULL, NULL)); +#else ExpectNotNull(rsa = RSA_generate_key(3072, 17, NULL, NULL)); +#endif ExpectIntEQ(RSA_size(rsa), 384); ExpectIntEQ(RSA_bits(rsa), 3072); RSA_free(rsa); @@ -461,7 +469,11 @@ int test_wolfSSL_RSA_print(void) RSA_free(rsa); rsa = NULL; +#ifdef HAVE_FIPS + ExpectNotNull(rsa = RSA_generate_key(2048, WC_RSA_EXPONENT, NULL, NULL)); +#else ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL)); +#endif ExpectIntEQ(RSA_print(bio, rsa, 0), 1); ExpectIntEQ(RSA_print(bio, rsa, 4), 1); @@ -644,7 +656,11 @@ int test_wolfSSL_RSA_meth(void) RSA_METHOD *rsa_meth = NULL; #ifdef WOLFSSL_KEY_GEN +#ifdef HAVE_FIPS + ExpectNotNull(rsa = RSA_generate_key(2048, WC_RSA_EXPONENT, NULL, NULL)); +#else ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL)); +#endif RSA_free(rsa); rsa = NULL; #else