crypto-selftests-pk.c: Fix PK_KNOWN_TEST and PK_TEST

Previously, when multiple tests where declared in sequence using one of
the macros, only the first test would be executed.  This happened
because a check for the GNUTLS_SELF_TEST_FLAG_ALL was embedded in the
macro.  To allow more than one test to be executed in sequence, the
check for the flag was removed from both macros.

To keep the previous behaviour (execute only the first test) the check
for the flag was moved to be after the first test, except for RSA since
the RSA encryption test must be executed in FIPS mode.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

diff --git a/lib/crypto-selftests-pk.c b/lib/crypto-selftests-pk.c
index 4106005bfb6d8b58dc1448a18aec7749cfcc0b93..aa3a6a8878ce4e7cf7eff99a83e2811fed9a0da2 100644 (file)
--- a/lib/crypto-selftests-pk.c
+++ b/lib/crypto-selftests-pk.c
@@ -546,18 +546,14 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits,
                        if (ret < 0) { \
                                gnutls_assert(); \
                                goto cleanup; \
-                       } \
-                       if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) \
-                               return 0
+                       }
 
 #define PK_KNOWN_TEST(pk, det, bits, dig, pkey, sig) \
                        ret = test_known_sig(pk, bits, dig, pkey, sizeof(pkey)-1, sig, sizeof(sig)-1, det); \
                        if (ret < 0) { \
                                gnutls_assert(); \
                                goto cleanup; \
-                       } \
-                       if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) \
-                               return 0
+                       }
 
 
 /* Known answer tests for DH */
@@ -784,11 +780,12 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk)
                PK_KNOWN_TEST(GNUTLS_PK_RSA, 1, 2048, GNUTLS_DIG_SHA256,
                              rsa_key2048, rsa_sig);
                PK_TEST(GNUTLS_PK_RSA, test_rsa_enc, 2048, 0);
-               PK_TEST(GNUTLS_PK_RSA, test_sig, 3072, GNUTLS_SIGN_RSA_SHA256);
 
                if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL))
                        return 0;
 
+               PK_TEST(GNUTLS_PK_RSA, test_sig, 3072, GNUTLS_SIGN_RSA_SHA256);
+
                FALLTHROUGH;
        case GNUTLS_PK_RSA_PSS:
                PK_TEST(GNUTLS_PK_RSA_PSS, test_sig, 2048, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256);
@@ -800,11 +797,12 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk)
        case GNUTLS_PK_DSA:
                PK_KNOWN_TEST(GNUTLS_PK_DSA, 0, 2048, GNUTLS_DIG_SHA256,
                              dsa_privkey, dsa_sig);
-               PK_TEST(GNUTLS_PK_DSA, test_sig, 3072, GNUTLS_SIGN_DSA_SHA256);
 
                if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL))
                        return 0;
 
+               PK_TEST(GNUTLS_PK_DSA, test_sig, 3072, GNUTLS_SIGN_DSA_SHA256);
+
                FALLTHROUGH;
        case GNUTLS_PK_EC:
                /* Test ECDH and ECDSA */
@@ -820,13 +818,14 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk)
                              (GNUTLS_ECC_CURVE_SECP256R1),
                              GNUTLS_DIG_SHA256, ecdsa_secp256r1_privkey,
                              ecdsa_secp256r1_sig);
-               PK_TEST(GNUTLS_PK_EC, test_sig,
-                       GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP256R1),
-                       GNUTLS_SIGN_ECDSA_SHA256);
 
                if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL))
                        return 0;
 
+               PK_TEST(GNUTLS_PK_EC, test_sig,
+                       GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP256R1),
+                       GNUTLS_SIGN_ECDSA_SHA256);
+
                PK_KNOWN_TEST(GNUTLS_PK_EC, 0,
                              GNUTLS_CURVE_TO_BITS
                              (GNUTLS_ECC_CURVE_SECP384R1),
@@ -870,31 +869,35 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk)
        case GNUTLS_PK_GOST_01:
                PK_KNOWN_TEST(GNUTLS_PK_GOST_01, 0, GNUTLS_ECC_CURVE_GOST256CPA, GNUTLS_DIG_GOSTR_94,
                              gost01_privkey, gost01_sig);
-               PK_TEST(GNUTLS_PK_GOST_01, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPA),
-                       GNUTLS_SIGN_GOST_94);
 
                if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL))
                        return 0;
 
+               PK_TEST(GNUTLS_PK_GOST_01, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPA),
+                       GNUTLS_SIGN_GOST_94);
+
                FALLTHROUGH;
        case GNUTLS_PK_GOST_12_256:
                PK_KNOWN_TEST(GNUTLS_PK_GOST_12_256, 0, GNUTLS_ECC_CURVE_GOST256CPA, GNUTLS_DIG_STREEBOG_256,
                              gost12_256_privkey, gost12_256_sig);
-               PK_TEST(GNUTLS_PK_GOST_12_256, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPA),
-                       GNUTLS_SIGN_GOST_256);
 
                if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL))
                        return 0;
 
+               PK_TEST(GNUTLS_PK_GOST_12_256, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPA),
+                       GNUTLS_SIGN_GOST_256);
+
                FALLTHROUGH;
        case GNUTLS_PK_GOST_12_512:
                PK_KNOWN_TEST(GNUTLS_PK_GOST_12_512, 0, GNUTLS_ECC_CURVE_GOST512A, GNUTLS_DIG_STREEBOG_512,
                              gost12_512_privkey, gost12_512_sig);
-               PK_TEST(GNUTLS_PK_GOST_12_512, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST512A),
-                       GNUTLS_SIGN_GOST_512);
 
                if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL))
                        return 0;
+
+               PK_TEST(GNUTLS_PK_GOST_12_512, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST512A),
+                       GNUTLS_SIGN_GOST_512);
+
 #endif
 
                break;