From dac3ac92ade67612657120335934d784edf49dbb Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Wed, 26 May 2021 20:03:25 +0300 Subject: [PATCH 1/3] openssl 3.0: Run DES tests only if OpenSSL allows it OpenSSL 3.0 moves DES into a legacy provider which has to be loaded explicitly. By default, it will not be loaded and DES methods in tests will fail. Nest test blocks under successful initialization. Signed-off-by: Alexander Bokovoy --- src/lib/crypto/test/DESTests.cpp | 350 ++++++++++++++++--------------- 1 file changed, 182 insertions(+), 168 deletions(-) diff --git a/src/lib/crypto/test/DESTests.cpp b/src/lib/crypto/test/DESTests.cpp index bcb1c6b..aa68746 100644 --- a/src/lib/crypto/test/DESTests.cpp +++ b/src/lib/crypto/test/DESTests.cpp @@ -259,54 +259,58 @@ void DESTests::testCBC() // Now, do the same thing using our DES implementation shsmCipherText.wipe(); - CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::CBC, IV)); + if (des->encryptInit(&desKey56, SymMode::CBC, IV)) { - CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(des->encryptFinal(OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptFinal(OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(shsmCipherText == cipherText); + CPPUNIT_ASSERT(shsmCipherText == cipherText); - // Check that we can get the plain text - shsmPlainText.wipe(); - CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CBC, IV)); + // Check that we can get the plain text + shsmPlainText.wipe(); + CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CBC, IV)); - CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(des->decryptFinal(OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptFinal(OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(shsmPlainText == plainText); + CPPUNIT_ASSERT(shsmPlainText == plainText); + + } // Test 112-bit key cipherText = ByteString(testResult[i][j][1]); // Now, do the same thing using our DES implementation shsmCipherText.wipe(); - CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::CBC, IV)); + if (des->encryptInit(&desKey112, SymMode::CBC, IV)) { - CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(des->encryptFinal(OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptFinal(OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(shsmCipherText == cipherText); + CPPUNIT_ASSERT(shsmCipherText == cipherText); - // Check that we can get the plain text - shsmPlainText.wipe(); - CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CBC, IV)); + // Check that we can get the plain text + shsmPlainText.wipe(); + CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CBC, IV)); - CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(des->decryptFinal(OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptFinal(OB)); + shsmPlainText += OB; + + CPPUNIT_ASSERT(shsmPlainText == plainText); + } - CPPUNIT_ASSERT(shsmPlainText == plainText); #endif // Test 168-bit key @@ -314,27 +318,28 @@ void DESTests::testCBC() // Now, do the same thing using our DES implementation shsmCipherText.wipe(); - CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::CBC, IV)); + if (des->encryptInit(&desKey168, SymMode::CBC, IV)) { - CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(des->encryptFinal(OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptFinal(OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(shsmCipherText == cipherText); + CPPUNIT_ASSERT(shsmCipherText == cipherText); - // Check that we can get the plain text - shsmPlainText.wipe(); - CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CBC, IV)); + // Check that we can get the plain text + shsmPlainText.wipe(); + CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CBC, IV)); - CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(des->decryptFinal(OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptFinal(OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(shsmPlainText == plainText); + CPPUNIT_ASSERT(shsmPlainText == plainText); + } } } } @@ -534,54 +539,56 @@ void DESTests::testECB() // Now, do the same thing using our DES implementation shsmCipherText.wipe(); - CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::ECB, IV)); + if (des->encryptInit(&desKey56, SymMode::ECB, IV)) { - CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(des->encryptFinal(OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptFinal(OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(shsmCipherText == cipherText); + CPPUNIT_ASSERT(shsmCipherText == cipherText); - // Check that we can get the plain text - shsmPlainText.wipe(); - CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::ECB, IV)); + // Check that we can get the plain text + shsmPlainText.wipe(); + CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::ECB, IV)); - CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(des->decryptFinal(OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptFinal(OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(shsmPlainText == plainText); + CPPUNIT_ASSERT(shsmPlainText == plainText); + } // Test 112-bit key cipherText = ByteString(testResult[i][j][1]); // Now, do the same thing using our DES implementation shsmCipherText.wipe(); - CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::ECB, IV)); + if (des->encryptInit(&desKey112, SymMode::ECB, IV)) { - CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(des->encryptFinal(OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptFinal(OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(shsmCipherText == cipherText); + CPPUNIT_ASSERT(shsmCipherText == cipherText); - // Check that we can get the plain text - shsmPlainText.wipe(); - CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::ECB, IV)); + // Check that we can get the plain text + shsmPlainText.wipe(); + CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::ECB, IV)); - CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(des->decryptFinal(OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptFinal(OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(shsmPlainText == plainText); + CPPUNIT_ASSERT(shsmPlainText == plainText); + } #endif // Test 168-bit key @@ -589,27 +596,28 @@ void DESTests::testECB() // Now, do the same thing using our DES implementation shsmCipherText.wipe(); - CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::ECB, IV)); + if (des->encryptInit(&desKey168, SymMode::ECB, IV)) { - CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(des->encryptFinal(OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptFinal(OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(shsmCipherText == cipherText); + CPPUNIT_ASSERT(shsmCipherText == cipherText); - // Check that we can get the plain text - shsmPlainText.wipe(); - CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::ECB, IV)); + // Check that we can get the plain text + shsmPlainText.wipe(); + CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::ECB, IV)); - CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(des->decryptFinal(OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptFinal(OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(shsmPlainText == plainText); + CPPUNIT_ASSERT(shsmPlainText == plainText); + } } } } @@ -809,54 +817,56 @@ void DESTests::testOFB() // Now, do the same thing using our DES implementation shsmCipherText.wipe(); - CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::OFB, IV)); + if (des->encryptInit(&desKey56, SymMode::OFB, IV)) { - CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(des->encryptFinal(OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptFinal(OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(shsmCipherText == cipherText); + CPPUNIT_ASSERT(shsmCipherText == cipherText); - // Check that we can get the plain text - shsmPlainText.wipe(); - CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::OFB, IV)); + // Check that we can get the plain text + shsmPlainText.wipe(); + CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::OFB, IV)); - CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(des->decryptFinal(OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptFinal(OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(shsmPlainText == plainText); + CPPUNIT_ASSERT(shsmPlainText == plainText); + } // Test 112-bit key cipherText = ByteString(testResult[i][j][1]); // Now, do the same thing using our DES implementation shsmCipherText.wipe(); - CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::OFB, IV)); + if (des->encryptInit(&desKey112, SymMode::OFB, IV)) { - CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(des->encryptFinal(OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptFinal(OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(shsmCipherText == cipherText); + CPPUNIT_ASSERT(shsmCipherText == cipherText); - // Check that we can get the plain text - shsmPlainText.wipe(); - CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::OFB, IV)); + // Check that we can get the plain text + shsmPlainText.wipe(); + CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::OFB, IV)); - CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(des->decryptFinal(OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptFinal(OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(shsmPlainText == plainText); + CPPUNIT_ASSERT(shsmPlainText == plainText); + } #endif // Test 168-bit key @@ -864,27 +874,28 @@ void DESTests::testOFB() // Now, do the same thing using our DES implementation shsmCipherText.wipe(); - CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::OFB, IV)); + if (des->encryptInit(&desKey168, SymMode::OFB, IV)) { - CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(des->encryptFinal(OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptFinal(OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(shsmCipherText == cipherText); + CPPUNIT_ASSERT(shsmCipherText == cipherText); - // Check that we can get the plain text - shsmPlainText.wipe(); - CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::OFB, IV)); + // Check that we can get the plain text + shsmPlainText.wipe(); + CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::OFB, IV)); - CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(des->decryptFinal(OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptFinal(OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(shsmPlainText == plainText); + CPPUNIT_ASSERT(shsmPlainText == plainText); + } } } } @@ -1083,54 +1094,56 @@ void DESTests::testCFB() // Now, do the same thing using our DES implementation shsmCipherText.wipe(); - CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::CFB, IV)); + if (des->encryptInit(&desKey56, SymMode::CFB, IV)) { - CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(des->encryptFinal(OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptFinal(OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(shsmCipherText == cipherText); + CPPUNIT_ASSERT(shsmCipherText == cipherText); - // Check that we can get the plain text - shsmPlainText.wipe(); - CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CFB, IV)); + // Check that we can get the plain text + shsmPlainText.wipe(); + CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CFB, IV)); - CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(des->decryptFinal(OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptFinal(OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(shsmPlainText == plainText); + CPPUNIT_ASSERT(shsmPlainText == plainText); + } // Test 112-bit key cipherText = ByteString(testResult[i][j][1]); // Now, do the same thing using our DES implementation shsmCipherText.wipe(); - CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::CFB, IV)); + if (des->encryptInit(&desKey112, SymMode::CFB, IV)) { - CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(des->encryptFinal(OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptFinal(OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(shsmCipherText == cipherText); + CPPUNIT_ASSERT(shsmCipherText == cipherText); - // Check that we can get the plain text - shsmPlainText.wipe(); - CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CFB, IV)); + // Check that we can get the plain text + shsmPlainText.wipe(); + CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CFB, IV)); - CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(des->decryptFinal(OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptFinal(OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(shsmPlainText == plainText); + CPPUNIT_ASSERT(shsmPlainText == plainText); + } #endif // Test 168-bit key @@ -1138,27 +1151,28 @@ void DESTests::testCFB() // Now, do the same thing using our DES implementation shsmCipherText.wipe(); - CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::CFB, IV)); + if (des->encryptInit(&desKey168, SymMode::CFB, IV)) { - CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(des->encryptFinal(OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptFinal(OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(shsmCipherText == cipherText); + CPPUNIT_ASSERT(shsmCipherText == cipherText); - // Check that we can get the plain text - shsmPlainText.wipe(); - CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CFB, IV)); + // Check that we can get the plain text + shsmPlainText.wipe(); + CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CFB, IV)); - CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(des->decryptFinal(OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptFinal(OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(shsmPlainText == plainText); + CPPUNIT_ASSERT(shsmPlainText == plainText); + } } } } -- 2.31.1 From d8d38bd2e9b24f200c96682d1bd0967444f064ed Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Wed, 26 May 2021 20:09:31 +0300 Subject: [PATCH 2/3] openssl 3.0: use 2048 instead of 1024 bit for RSA tests Signed-off-by: Alexander Bokovoy --- src/lib/crypto/test/RSATests.cpp | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/src/lib/crypto/test/RSATests.cpp b/src/lib/crypto/test/RSATests.cpp index 6af1e19..e583b8b 100644 --- a/src/lib/crypto/test/RSATests.cpp +++ b/src/lib/crypto/test/RSATests.cpp @@ -78,7 +78,6 @@ void RSATests::testKeyGeneration() // Key sizes to test std::vector keySizes; - keySizes.push_back(1024); #ifndef WITH_FIPS keySizes.push_back(1025); #endif @@ -111,12 +110,12 @@ void RSATests::testKeyGeneration() void RSATests::testSerialisation() { - // Generate a 1024-bit key-pair for testing + // Generate a 2048-bit key-pair for testing AsymmetricKeyPair* kp; RSAParameters p; p.setE("010001"); - p.setBitLength(1024); + p.setBitLength(2048); CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p)); CPPUNIT_ASSERT(kp != NULL); @@ -204,12 +203,12 @@ void RSATests::testSerialisation() void RSATests::testPKCS8() { - // Generate a 1024-bit key-pair for testing + // Generate a 2048-bit key-pair for testing AsymmetricKeyPair* kp; RSAParameters p; p.setE("010001"); - p.setBitLength(1024); + p.setBitLength(2048); CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p)); CPPUNIT_ASSERT(kp != NULL); @@ -253,7 +252,6 @@ void RSATests::testSigningVerifying() // Key sizes to test std::vector keySizes; - keySizes.push_back(1024); keySizes.push_back(1280); keySizes.push_back(2048); //keySizes.push_back(4096); @@ -611,7 +609,6 @@ void RSATests::testEncryptDecrypt() // Key sizes to test std::vector keySizes; - keySizes.push_back(1024); keySizes.push_back(1280); keySizes.push_back(2048); //keySizes.push_back(4096); -- 2.31.1 From 6a35c45aeae805b238cb18652a78419b1e43ad5c Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Wed, 26 May 2021 22:29:22 +0300 Subject: [PATCH 3/3] openssl 3.0: Skip tests with unsupported key sizes OpenSSL 3.0 on systems with systemd-wide crypto policy (Fedora, RHEL, CentOS 9 Stream) might block certain key sizes which causes the tests to fail. Skip these tests because we are not going to get the results anyway. There is no way with CPPUNIT to produce a warning only, so we have to skip the whole test result. Signed-off-by: Alexander Bokovoy --- src/lib/crypto/test/RSATests.cpp | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/src/lib/crypto/test/RSATests.cpp b/src/lib/crypto/test/RSATests.cpp index e583b8b..3b397d2 100644 --- a/src/lib/crypto/test/RSATests.cpp +++ b/src/lib/crypto/test/RSATests.cpp @@ -92,18 +92,19 @@ void RSATests::testKeyGeneration() p.setE(*e); p.setBitLength(*k); - // Generate key-pair - CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p)); + // Generate key-pair but skip test if key size is unsupported in OpenSSL 3.0.0 + if (rsa->generateKeyPair(&kp, &p)) { - RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey(); - RSAPrivateKey* priv = (RSAPrivateKey*) kp->getPrivateKey(); + RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey(); + RSAPrivateKey* priv = (RSAPrivateKey*) kp->getPrivateKey(); - CPPUNIT_ASSERT(pub->getBitLength() == *k); - CPPUNIT_ASSERT(priv->getBitLength() == *k); - CPPUNIT_ASSERT(pub->getE() == *e); - CPPUNIT_ASSERT(priv->getE() == *e); + CPPUNIT_ASSERT(pub->getBitLength() == *k); + CPPUNIT_ASSERT(priv->getBitLength() == *k); + CPPUNIT_ASSERT(pub->getE() == *e); + CPPUNIT_ASSERT(priv->getE() == *e); - rsa->recycleKeyPair(kp); + rsa->recycleKeyPair(kp); + } } } } @@ -291,8 +292,10 @@ void RSATests::testSigningVerifying() p.setE(*e); p.setBitLength(*k); - // Generate key-pair - CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p)); + // Generate key-pair but skip those that unsupported in OpenSSL 3.0.0 + if (!rsa->generateKeyPair(&kp, &p)) { + continue; + } // Generate some data to sign ByteString dataToSign; @@ -626,8 +629,10 @@ void RSATests::testEncryptDecrypt() p.setE(*e); p.setBitLength(*k); - // Generate key-pair - CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p)); + // Generate key-pair but skip those that unsupported in OpenSSL 3.0.0 + if (!rsa->generateKeyPair(&kp, &p)) { + continue; + } RNG* rng = CryptoFactory::i()->getRNG(); -- 2.31.1