Skip no-longer-supported signature/padding combinations. Bug: 270297780 Test: atest keystore2_crypto_test Change-Id: Ia47569e3ca1d78365b5e8f85c46e6e9da4b4fb18

commit: 1f59474e6240ddc15d5c3221c44b9a106c29f833 [log] [tgz]
author: Pete Bentley <prb@google.com> Mon Mar 06 18:33:46 2023 +0000
committer: Pete Bentley <prb@google.com> Tue Mar 07 14:36:41 2023 +0000
tree: b2015a492a4595bc595e325247469129b9a34166
parent: ee8042e346907c8c9cb0ad4b0a34faae724354eb [diff]
diff --git a/keystore2/src/crypto/tests/certificate_utils_test.cpp b/keystore2/src/crypto/tests/certificate_utils_test.cpp
index bd94928..a851798 100644
--- a/keystore2/src/crypto/tests/certificate_utils_test.cpp
+++ b/keystore2/src/crypto/tests/certificate_utils_test.cpp

@@ -313,7 +313,15 @@
     const uint8_t* p = encCert.data();
     X509_Ptr decoded_cert(d2i_X509(nullptr, &p, (long)encCert.size()));
     EVP_PKEY_Ptr decoded_pkey(X509_get_pubkey(decoded_cert.get()));
-    ASSERT_TRUE(X509_verify(decoded_cert.get(), decoded_pkey.get()));
+    if ((padding == Padding::PSS) && (digest == Digest::SHA1 || digest == Digest::SHA224)) {
+        // BoringSSL after https://boringssl-review.googlesource.com/c/boringssl/+/53865
+        // does not support these PSS combinations, so skip certificate verification for them
+        // and just check _something_ was returned.
+        EXPECT_NE(decoded_cert.get(), nullptr);
+        EXPECT_NE(decoded_pkey.get(), nullptr);
+    } else {
+        ASSERT_TRUE(X509_verify(decoded_cert.get(), decoded_pkey.get()));
+    }
 }
 
 TEST(TimeStringTests, toTimeStringTest) {
commit	1f59474e6240ddc15d5c3221c44b9a106c29f833	[log] [tgz]
author	Pete Bentley <prb@google.com>	Mon Mar 06 18:33:46 2023 +0000
committer	Pete Bentley <prb@google.com>	Tue Mar 07 14:36:41 2023 +0000
tree	b2015a492a4595bc595e325247469129b9a34166
parent	ee8042e346907c8c9cb0ad4b0a34faae724354eb [diff]