endecode_test: Handle expected failures for non-fips ec keys

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl#17998)
Lamoracke1 · Apr 14, 2022 · e8a4145 · e8a4145
1 parent 638c3a2
commit e8a4145
Showing 1 changed file with 49 additions and 35 deletions.
diff --git a/test/endecode_test.c b/test/endecode_test.c
@@ -147,6 +147,7 @@ typedef int (checker)(const char *file, const int line,
 typedef void (dumper)(const char *label, const void *data, size_t data_len);
 
 #define FLAG_DECODE_WITH_TYPE   0x0001
+#define FLAG_FAIL_IF_FIPS       0x0002
 
 static int test_encode_decode(const char *file, const int line,
                               const char *type, EVP_PKEY *pkey,
@@ -170,8 +171,19 @@ static int test_encode_decode(const char *file, const int line,
      * dumping purposes.
      */
     if (!TEST_true(encode_cb(file, line, &encoded, &encoded_len, pkey, selection,
-                             output_type, output_structure, pass, pcipher))
-        || !TEST_true(check_cb(file, line, type, encoded, encoded_len))
+                             output_type, output_structure, pass, pcipher)))
+        goto end;
+
+    if ((flags & FLAG_FAIL_IF_FIPS) != 0 && is_fips) {
+        if (TEST_false(decode_cb(file, line, (void **)&pkey2, encoded,
+                                  encoded_len, output_type, output_structure,
+                                  (flags & FLAG_DECODE_WITH_TYPE ? type : NULL),
+                                  selection, pass)))
+            ok = 1;
+        goto end;
+    }
+
+    if (!TEST_true(check_cb(file, line, type, encoded, encoded_len))
         || !TEST_true(decode_cb(file, line, (void **)&pkey2, encoded, encoded_len,
                                 output_type, output_structure,
                                 (flags & FLAG_DECODE_WITH_TYPE ? type : NULL),
@@ -525,15 +537,15 @@ static int check_unprotected_PKCS8_DER(const char *file, const int line,
     return ok;
 }
 
-static int test_unprotected_via_DER(const char *type, EVP_PKEY *key)
+static int test_unprotected_via_DER(const char *type, EVP_PKEY *key, int fips)
 {
     return test_encode_decode(__FILE__, __LINE__, type, key,
                               OSSL_KEYMGMT_SELECT_KEYPAIR
                               | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
                               "DER", "PrivateKeyInfo", NULL, NULL,
                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
                               test_mem, check_unprotected_PKCS8_DER,
-                              dump_der, 0);
+                              dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS);
 }
 
 static int check_unprotected_PKCS8_PEM(const char *file, const int line,
@@ -547,15 +559,15 @@ static int check_unprotected_PKCS8_PEM(const char *file, const int line,
                         sizeof(expected_pem_header) - 1);
 }
 
-static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key)
+static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key, int fips)
 {
     return test_encode_decode(__FILE__, __LINE__, type, key,
                               OSSL_KEYMGMT_SELECT_KEYPAIR
                               | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
                               "PEM", "PrivateKeyInfo", NULL, NULL,
                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
                               test_text, check_unprotected_PKCS8_PEM,
-                              dump_pem, 0);
+                              dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS);
 }
 
 #ifndef OPENSSL_NO_KEYPARAMS
@@ -702,7 +714,7 @@ static int check_protected_PKCS8_DER(const char *file, const int line,
     return ok;
 }
 
-static int test_protected_via_DER(const char *type, EVP_PKEY *key)
+static int test_protected_via_DER(const char *type, EVP_PKEY *key, int fips)
 {
     return test_encode_decode(__FILE__, __LINE__, type, key,
                               OSSL_KEYMGMT_SELECT_KEYPAIR
@@ -711,7 +723,7 @@ static int test_protected_via_DER(const char *type, EVP_PKEY *key)
                               pass, pass_cipher,
                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
                               test_mem, check_protected_PKCS8_DER,
-                              dump_der, 0);
+                              dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS);
 }
 
 static int check_protected_PKCS8_PEM(const char *file, const int line,
@@ -725,7 +737,7 @@ static int check_protected_PKCS8_PEM(const char *file, const int line,
                         sizeof(expected_pem_header) - 1);
 }
 
-static int test_protected_via_PEM(const char *type, EVP_PKEY *key)
+static int test_protected_via_PEM(const char *type, EVP_PKEY *key, int fips)
 {
     return test_encode_decode(__FILE__, __LINE__, type, key,
                               OSSL_KEYMGMT_SELECT_KEYPAIR
@@ -734,7 +746,7 @@ static int test_protected_via_PEM(const char *type, EVP_PKEY *key)
                               pass, pass_cipher,
                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
                               test_text, check_protected_PKCS8_PEM,
-                              dump_pem, 0);
+                              dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS);
 }
 
 static int check_protected_legacy_PEM(const char *file, const int line,
@@ -795,14 +807,15 @@ static int check_public_DER(const char *file, const int line,
     return ok;
 }
 
-static int test_public_via_DER(const char *type, EVP_PKEY *key)
+static int test_public_via_DER(const char *type, EVP_PKEY *key, int fips)
 {
     return test_encode_decode(__FILE__, __LINE__, type, key,
                               OSSL_KEYMGMT_SELECT_PUBLIC_KEY
                               | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
                               "DER", "SubjectPublicKeyInfo", NULL, NULL,
                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
-                              test_mem, check_public_DER, dump_der, 0);
+                              test_mem, check_public_DER, dump_der,
+                              fips ? 0 : FLAG_FAIL_IF_FIPS);
 }
 
 static int check_public_PEM(const char *file, const int line,
@@ -816,14 +829,15 @@ static int check_public_PEM(const char *file, const int line,
                      sizeof(expected_pem_header) - 1);
 }
 
-static int test_public_via_PEM(const char *type, EVP_PKEY *key)
+static int test_public_via_PEM(const char *type, EVP_PKEY *key, int fips)
 {
     return test_encode_decode(__FILE__, __LINE__, type, key,
                               OSSL_KEYMGMT_SELECT_PUBLIC_KEY
                               | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
                               "PEM", "SubjectPublicKeyInfo", NULL, NULL,
                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
-                              test_text, check_public_PEM, dump_pem, 0);
+                              test_text, check_public_PEM, dump_pem,
+                              fips ? 0 : FLAG_FAIL_IF_FIPS);
 }
 
 static int check_public_MSBLOB(const char *file, const int line,
@@ -868,30 +882,30 @@ static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key)
     EVP_PKEY_free(template_##KEYTYPE);                                  \
     EVP_PKEY_free(key_##KEYTYPE)
 
-#define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr)                       \
+#define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr, fips)                 \
     static int test_unprotected_##KEYTYPE##_via_DER(void)               \
     {                                                                   \
-        return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE);     \
+        return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \
     }                                                                   \
     static int test_unprotected_##KEYTYPE##_via_PEM(void)               \
     {                                                                   \
-        return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE);     \
+        return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \
     }                                                                   \
     static int test_protected_##KEYTYPE##_via_DER(void)                 \
     {                                                                   \
-        return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE);       \
+        return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \
     }                                                                   \
     static int test_protected_##KEYTYPE##_via_PEM(void)                 \
     {                                                                   \
-        return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE);       \
+        return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \
     }                                                                   \
     static int test_public_##KEYTYPE##_via_DER(void)                    \
     {                                                                   \
-        return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE);          \
+        return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE, fips);    \
     }                                                                   \
     static int test_public_##KEYTYPE##_via_PEM(void)                    \
     {                                                                   \
-        return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE);          \
+        return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips);    \
     }
 
 #define ADD_TEST_SUITE(KEYTYPE)                                 \
@@ -965,10 +979,10 @@ static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key)
 
 #ifndef OPENSSL_NO_DH
 DOMAIN_KEYS(DH);
-IMPLEMENT_TEST_SUITE(DH, "DH")
+IMPLEMENT_TEST_SUITE(DH, "DH", 1)
 IMPLEMENT_TEST_SUITE_PARAMS(DH, "DH")
 DOMAIN_KEYS(DHX);
-IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH")
+IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH", 1)
 IMPLEMENT_TEST_SUITE_PARAMS(DHX, "X9.42 DH")
 /*
  * DH has no support for PEM_write_bio_PrivateKey_traditional(),
@@ -977,7 +991,7 @@ IMPLEMENT_TEST_SUITE_PARAMS(DHX, "X9.42 DH")
 #endif
 #ifndef OPENSSL_NO_DSA
 DOMAIN_KEYS(DSA);
-IMPLEMENT_TEST_SUITE(DSA, "DSA")
+IMPLEMENT_TEST_SUITE(DSA, "DSA", 1)
 IMPLEMENT_TEST_SUITE_PARAMS(DSA, "DSA")
 IMPLEMENT_TEST_SUITE_LEGACY(DSA, "DSA")
 IMPLEMENT_TEST_SUITE_MSBLOB(DSA, "DSA")
@@ -988,41 +1002,41 @@ IMPLEMENT_TEST_SUITE_PROTECTED_PVK(DSA, "DSA")
 #endif
 #ifndef OPENSSL_NO_EC
 DOMAIN_KEYS(EC);
-IMPLEMENT_TEST_SUITE(EC, "EC")
+IMPLEMENT_TEST_SUITE(EC, "EC", 1)
 IMPLEMENT_TEST_SUITE_PARAMS(EC, "EC")
 IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC")
 DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
-IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC")
+IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1)
 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC")
 DOMAIN_KEYS(ECExplicitPrime2G);
-IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC")
+IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)
 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")
 # ifndef OPENSSL_NO_EC2M
 DOMAIN_KEYS(ECExplicitTriNamedCurve);
-IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC")
+IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1)
 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve, "EC")
 DOMAIN_KEYS(ECExplicitTri2G);
-IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC")
+IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC", 0)
 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTri2G, "EC")
 # endif
 KEYS(ED25519);
-IMPLEMENT_TEST_SUITE(ED25519, "ED25519")
+IMPLEMENT_TEST_SUITE(ED25519, "ED25519", 1)
 KEYS(ED448);
-IMPLEMENT_TEST_SUITE(ED448, "ED448")
+IMPLEMENT_TEST_SUITE(ED448, "ED448", 1)
 KEYS(X25519);
-IMPLEMENT_TEST_SUITE(X25519, "X25519")
+IMPLEMENT_TEST_SUITE(X25519, "X25519", 1)
 KEYS(X448);
-IMPLEMENT_TEST_SUITE(X448, "X448")
+IMPLEMENT_TEST_SUITE(X448, "X448", 1)
 /*
  * ED25519, ED448, X25519 and X448 have no support for
  * PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
  */
 #endif
 KEYS(RSA);
-IMPLEMENT_TEST_SUITE(RSA, "RSA")
+IMPLEMENT_TEST_SUITE(RSA, "RSA", 1)
 IMPLEMENT_TEST_SUITE_LEGACY(RSA, "RSA")
 KEYS(RSA_PSS);
-IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS")
+IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS", 1)
 /*
  * RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(),
  * so no legacy tests.