crypto-selftests-pk: skip negative tests by default

author Daiki Ueno <ueno@gnu.org>

Tue, 17 Dec 2024 08:55:22 +0000 (17:55 +0900)

committer Daiki Ueno <ueno@gnu.org>

Tue, 19 Aug 2025 11:53:41 +0000 (20:53 +0900)
author Daiki Ueno <ueno@gnu.org>
Tue, 17 Dec 2024 08:55:22 +0000 (17:55 +0900)
committer Daiki Ueno <ueno@gnu.org>
Tue, 19 Aug 2025 11:53:41 +0000 (20:53 +0900)
diff --git a/lib/crypto-selftests-pk.c b/lib/crypto-selftests-pk.c

index 42f6004030549f6dc2196a116bdb44f2e5eca110..bd1725cf0b3ce56fbd618799b666581498781328 100644 (file)
--- a/lib/crypto-selftests-pk.c
+++ b/lib/crypto-selftests-pk.c
@@ -650,15 +650,19 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits,
                 goto cleanup;
         }
  
-       /* Test if a broken signature will cause verification error */
-
-       ret = gnutls_pubkey_verify_data2(pub, gnutls_pk_to_sign(pk, dig), 0,
-                                        &bad_data, &sig);
-
-       if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED) {
-               ret = GNUTLS_E_SELF_TEST_ERROR;
-               gnutls_assert();
-               goto cleanup;
+       /* Test if a broken signature will cause verification
+        * error. As this is not part of known-answer test, only
+        * exercised when GNUTLS_SELF_TEST_FLAG_ALL is set. */
+       if (flags & GNUTLS_SELF_TEST_FLAG_ALL) {
+               ret = gnutls_pubkey_verify_data2(pub,
+                                                gnutls_pk_to_sign(pk, dig),
+                                                vflags, &bad_data, &sig);
+
+               if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED) {
+                       ret = GNUTLS_E_SELF_TEST_ERROR;
+                       gnutls_assert();
+                       goto cleanup;
+               }
         }
  
         ret = 0;
author	Daiki Ueno <ueno@gnu.org>
	Tue, 17 Dec 2024 08:55:22 +0000 (17:55 +0900)
committer	Daiki Ueno <ueno@gnu.org>
	Tue, 19 Aug 2025 11:53:41 +0000 (20:53 +0900)