diff --git a/src/crypto/rsa/pkcs1v15_test.go b/src/crypto/rsa/pkcs1v15_test.go index a4f2e2dbbe..76701d2e2b 100644 --- a/src/crypto/rsa/pkcs1v15_test.go +++ b/src/crypto/rsa/pkcs1v15_test.go @@ -52,6 +52,7 @@ var decryptPKCS1v15Tests = []DecryptPKCS1v15Test{ } func TestDecryptPKCS1v15(t *testing.T) { + t.Skip("not supported in FIPS mode") decryptionFuncs := []func([]byte) ([]byte, error){ func(ciphertext []byte) (plaintext []byte, err error) { return DecryptPKCS1v15(nil, testRSA2048PrivateKey, ciphertext) @@ -76,6 +77,7 @@ func TestDecryptPKCS1v15(t *testing.T) { } func TestEncryptPKCS1v15(t *testing.T) { + t.Skip("not supported in FIPS mode") random := rand.Reader k := (testRSA2048PrivateKey.N.BitLen() + 7) / 8 @@ -137,6 +139,7 @@ var decryptPKCS1v15SessionKeyTests = []DecryptPKCS1v15Test{ } func TestEncryptPKCS1v15SessionKey(t *testing.T) { + t.Skip("not supported in FIPS mode") for i, test := range decryptPKCS1v15SessionKeyTests { key := []byte("FAIL") err := DecryptPKCS1v15SessionKey(nil, testRSA2048PrivateKey, decodeBase64(test.in), key) @@ -151,6 +154,7 @@ func TestEncryptPKCS1v15SessionKey(t *testing.T) { } func TestEncryptPKCS1v15DecrypterSessionKey(t *testing.T) { + t.Skip("not supported in FIPS mode") for i, test := range decryptPKCS1v15SessionKeyTests { plaintext, err := testRSA2048PrivateKey.Decrypt(rand.Reader, decodeBase64(test.in), &PKCS1v15DecryptOptions{SessionKeyLen: 4}) if err != nil { @@ -270,6 +274,7 @@ func TestUnpaddedSignature(t *testing.T) { } func TestShortSessionKey(t *testing.T) { + t.Skip("not supported in FIPS mode") // This tests that attempting to decrypt a session key where the // ciphertext is too small doesn't run outside the array bounds. ciphertext, err := EncryptPKCS1v15(rand.Reader, &testRSA2048PrivateKey.PublicKey, []byte{1}) diff --git a/src/crypto/rsa/pss_test.go b/src/crypto/rsa/pss_test.go index b547a87c71..99e7882866 100644 --- a/src/crypto/rsa/pss_test.go +++ b/src/crypto/rsa/pss_test.go @@ -77,6 +77,7 @@ func TestEMSAPSS(t *testing.T) { // TestPSSGolden tests all the test vectors in pss-vect.txt from // ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip func TestPSSGolden(t *testing.T) { + t.Skip("SHA1 not supported in boring mode") inFile, err := os.Open("testdata/pss-vect.txt.bz2") if err != nil { t.Fatalf("Failed to open input file: %s", err) diff --git a/src/crypto/rsa/rsa_test.go b/src/crypto/rsa/rsa_test.go index 9aa67655ab..2f4e666abb 100644 --- a/src/crypto/rsa/rsa_test.go +++ b/src/crypto/rsa/rsa_test.go @@ -123,28 +123,29 @@ func testKeyBasics(t *testing.T, priv *PrivateKey) { t.Errorf("private exponent too large") } - if boring.Enabled() { - // Cannot call encrypt/decrypt directly. Test via PKCS1v15. - msg := []byte("hi!") - if priv.Size() >= 256 { - enc, err := EncryptPKCS1v15(rand.Reader, &priv.PublicKey, msg) - if err != nil { - t.Errorf("EncryptPKCS1v15: %v", err) - return - } - dec, err := DecryptPKCS1v15(rand.Reader, priv, enc) - if err != nil { - t.Errorf("DecryptPKCS1v15: %v", err) - return - } - if !bytes.Equal(dec, msg) { - t.Errorf("got:%x want:%x (%+v)", dec, msg, priv) - } - } else { - t.Logf("skipping check for unsupported key less than 2048 bits") - } - return - } + if boring.Enabled() { + // Cannot call encrypt/decrypt directly. Test via EncryptOAEP. + sha256 := sha256.New() + msg := []byte("hi!") + if priv.Size() >= 256 { + enc, err := EncryptOAEP(sha256, rand.Reader, &priv.PublicKey, msg, nil) + if err != nil { + t.Errorf("EncryptOAEP: %v", err) + return + } + dec, err := DecryptOAEP(sha256, rand.Reader, priv, enc, nil) + if err != nil { + t.Errorf("DecryptOAEP: %v", err) + return + } + if !bytes.Equal(dec, msg) { + t.Errorf("got:%x want:%x (%+v)", dec, msg, priv) + } + } else { + t.Logf("skipping check for unsupported key less than 2048 bits") + } + return + } pub := &priv.PublicKey m := big.NewInt(42)