]> git.ipfire.org Git - thirdparty/strongswan.git/commitdiff
unit-tests: Point out if ECDSA public key was rejected after private keys was not
authorTobias Brunner <tobias@strongswan.org>
Wed, 13 Mar 2024 14:34:48 +0000 (15:34 +0100)
committerTobias Brunner <tobias@strongswan.org>
Wed, 13 Mar 2024 15:47:20 +0000 (16:47 +0100)
AWS-LC rejects public keys with explicitly encoded parameters but allows
private keys that use explicit encodings of the NIST curves.  Since the
more important aspect is that public keys are rejected, this addition to
the warning message points that out.

References strongswan/strongswan#1907

src/libstrongswan/tests/suites/test_ecdsa.c

index 599a64083f71e7030c322b166e16284a1079743d..0cb16f68f198f139c4b81a7b5f49374fea91ca3c 100644 (file)
@@ -413,7 +413,8 @@ START_TEST(test_load_reject_explicit_params)
        if (privkey)
        {
                privkey->destroy(privkey);
-               warn("ECDSA private key with explicit parameters not rejected");
+               warn("ECDSA private key with explicit parameters not rejected%s",
+                        pubkey ? "" : ", but at least the public key was");
        }
 }
 END_TEST