From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 13 Mar 2024 14:34:48 +0000 (+0100)
Subject: unit-tests: Point out if ECDSA public key was rejected after private keys was not
X-Git-Tag: 5.9.14rc1~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6628c523c276faa3b43394b29dad16e168081b2b;p=thirdparty%2Fstrongswan.git

unit-tests: Point out if ECDSA public key was rejected after private keys was not

AWS-LC rejects public keys with explicitly encoded parameters but allows
private keys that use explicit encodings of the NIST curves.  Since the
more important aspect is that public keys are rejected, this addition to
the warning message points that out.

References strongswan/strongswan#1907
---

diff --git a/src/libstrongswan/tests/suites/test_ecdsa.c b/src/libstrongswan/tests/suites/test_ecdsa.c
index 599a64083f..0cb16f68f1 100644
--- a/src/libstrongswan/tests/suites/test_ecdsa.c
+++ b/src/libstrongswan/tests/suites/test_ecdsa.c
@@ -413,7 +413,8 @@ START_TEST(test_load_reject_explicit_params)
 	if (privkey)
 	{
 		privkey->destroy(privkey);
-		warn("ECDSA private key with explicit parameters not rejected");
+		warn("ECDSA private key with explicit parameters not rejected%s",
+			 pubkey ? "" : ", but at least the public key was");
 	}
 }
 END_TEST