unit-tests: Remove RSA/ECDSA schemes with weak hash algorithms (MD5/SHA-1)

These have been discouraged for a long time and there are now more and
more crypto libraries that have them disabled by default.  However, for
some we only can detect this at runtime, in particular in FIPS mode, so
tests would fail as the plugins would still announce them.  So instead
we just remove the schemes from these tests for now (at least for RSA,
removing signatures with SHA-1 completely isn't an option yet as that's
still the default with some clients).

Closes strongswan/strongswan#2523

diff --git a/src/libstrongswan/tests/suites/test_ecdsa.c b/src/libstrongswan/tests/suites/test_ecdsa.c
index 0cb16f68f198f139c4b81a7b5f49374fea91ca3c..058508f188a8d7b05826a5e22c17d036d99eb64a 100644 (file)
--- a/src/libstrongswan/tests/suites/test_ecdsa.c
+++ b/src/libstrongswan/tests/suites/test_ecdsa.c
@@ -26,7 +26,6 @@ static struct {
        int key_size;
        signature_scheme_t scheme;
 } schemes[] = {
-       { 0, SIGN_ECDSA_WITH_SHA1_DER },
        { 0, SIGN_ECDSA_WITH_SHA256_DER },
        { 0, SIGN_ECDSA_WITH_SHA384_DER },
        { 0, SIGN_ECDSA_WITH_SHA512_DER },

diff --git a/src/libstrongswan/tests/suites/test_rsa.c b/src/libstrongswan/tests/suites/test_rsa.c
index 7bc02f3d664e607fed9acc5c231e5dff46b2b182..738f8e7f39955e48f759c5bf197540a1161c1ba7 100644 (file)
--- a/src/libstrongswan/tests/suites/test_rsa.c
+++ b/src/libstrongswan/tests/suites/test_rsa.c
@@ -25,8 +25,6 @@
  */
 static signature_scheme_t schemes[] = {
        SIGN_RSA_EMSA_PKCS1_NULL,
-       SIGN_RSA_EMSA_PKCS1_MD5,
-       SIGN_RSA_EMSA_PKCS1_SHA1,
        SIGN_RSA_EMSA_PKCS1_SHA2_224,
        SIGN_RSA_EMSA_PKCS1_SHA2_256,
        SIGN_RSA_EMSA_PKCS1_SHA2_384,