generate keys in the acceptable sizes in FIPS140 mode

author Nikos Mavrogiannopoulos <nmav@redhat.com>

Thu, 13 Feb 2014 13:32:53 +0000 (14:32 +0100)

committer Nikos Mavrogiannopoulos <nmav@redhat.com>

Thu, 13 Feb 2014 14:11:54 +0000 (15:11 +0100)
author Nikos Mavrogiannopoulos <nmav@redhat.com>
Thu, 13 Feb 2014 13:32:53 +0000 (14:32 +0100)
committer Nikos Mavrogiannopoulos <nmav@redhat.com>
Thu, 13 Feb 2014 14:11:54 +0000 (15:11 +0100)
diff --git a/tests/slow/keygen.c b/tests/slow/keygen.c

index 78f70b1ded363469aff789d9750403609469fafc..46c2f1921f0aac58c9576b1623731d6637caa171 100644 (file)
--- a/tests/slow/keygen.c
+++ b/tests/slow/keygen.c
@@ -36,7 +36,11 @@
  #define MAX_TRIES 2
  
  static int sec_param[MAX_TRIES] =
+#ifdef ENABLE_FIPS140
+    { GNUTLS_SEC_PARAM_MEDIUM, GNUTLS_SEC_PARAM_HIGH };
+#else
      { GNUTLS_SEC_PARAM_LOW, GNUTLS_SEC_PARAM_MEDIUM };
+#endif
  
  static void tls_log_func(int level, const char *str)
  {
@@ -75,7 +79,8 @@ void doit(void)
                                                           sec_param[i]),
                                                          0);
                         if (ret < 0) {
-                               fail("gnutls_x509_privkey_generate (%s): %s (%d)\n", gnutls_pk_algorithm_get_name(algorithm), gnutls_strerror(ret), ret);
+                               fail("gnutls_x509_privkey_generate (%s-%d): %s (%d)\n", gnutls_pk_algorithm_get_name(algorithm),
+                                       gnutls_sec_param_to_pk_bits(algorithm,sec_param[i]), gnutls_strerror(ret), ret);
                         } else if (debug) {
                                 success("Key[%s] generation ok: %d\n",
                                         gnutls_pk_algorithm_get_name
author	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Thu, 13 Feb 2014 13:32:53 +0000 (14:32 +0100)
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Thu, 13 Feb 2014 14:11:54 +0000 (15:11 +0100)