Merge "Skip no-longer-supported signature/padding combinations." am: 340b1bc382
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2469824
Change-Id: Icae6c9fca06742af27b7f2775eca99d2e8334a95
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/keystore2/src/crypto/tests/certificate_utils_test.cpp b/keystore2/src/crypto/tests/certificate_utils_test.cpp
index bd94928..a851798 100644
--- a/keystore2/src/crypto/tests/certificate_utils_test.cpp
+++ b/keystore2/src/crypto/tests/certificate_utils_test.cpp
@@ -313,7 +313,15 @@
const uint8_t* p = encCert.data();
X509_Ptr decoded_cert(d2i_X509(nullptr, &p, (long)encCert.size()));
EVP_PKEY_Ptr decoded_pkey(X509_get_pubkey(decoded_cert.get()));
- ASSERT_TRUE(X509_verify(decoded_cert.get(), decoded_pkey.get()));
+ if ((padding == Padding::PSS) && (digest == Digest::SHA1 || digest == Digest::SHA224)) {
+ // BoringSSL after https://boringssl-review.googlesource.com/c/boringssl/+/53865
+ // does not support these PSS combinations, so skip certificate verification for them
+ // and just check _something_ was returned.
+ EXPECT_NE(decoded_cert.get(), nullptr);
+ EXPECT_NE(decoded_pkey.get(), nullptr);
+ } else {
+ ASSERT_TRUE(X509_verify(decoded_cert.get(), decoded_pkey.get()));
+ }
}
TEST(TimeStringTests, toTimeStringTest) {