diff options
author | Tomas Mraz <tomas@openssl.org> | 2023-10-09 17:32:53 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-10-10 16:46:13 +0200 |
commit | d0bf0106a5d25f4b9f13ff4e7187c4babe7694e1 (patch) | |
tree | c5f19ad28fa50921f6dcfd2b5990bdaddf9f611b | |
parent | 29890415487b04b965e47aee21f00a7f6a2e7268 (diff) |
ECDSA with SHA3 verification does not depend on FIPS provider version
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22322)
-rw-r--r-- | test/recipes/25-test_verify.t | 22 |
1 files changed, 13 insertions, 9 deletions
diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t index 48af75ab2e..1c8fce86fd 100644 --- a/test/recipes/25-test_verify.t +++ b/test/recipes/25-test_verify.t @@ -369,6 +369,19 @@ SKIP: { skip "EC is not supported or FIPS is disabled", 7 if disabled("ec") || $no_fips; + $ENV{OPENSSL_CONF} = $provconf; + + ok(verify("ee-cert-ec-sha3-224", "", ["root-cert"], ["ca-cert-ec-named"], @prov), + "accept cert generated with EC and SHA3-224 w/fips"); + ok(verify("ee-cert-ec-sha3-256", "", ["root-cert"], ["ca-cert-ec-named"], @prov), + "accept cert generated with EC and SHA3-256 w/fips"); + ok(verify("ee-cert-ec-sha3-384", "", ["root-cert"], ["ca-cert-ec-named"], @prov), + "accept cert generated with EC and SHA3-384 w/fips"); + ok(verify("ee-cert-ec-sha3-512", "", ["root-cert"], ["ca-cert-ec-named"], @prov), + "accept cert generated with EC and SHA3-512 w/fips"); + + delete $ENV{OPENSSL_CONF}; + run(test(["fips_version_test", "-config", $provconf, ">3.0.0"]), capture => 1, statusvar => \my $exit); skip "FIPS provider version is too old", 3 @@ -385,15 +398,6 @@ SKIP: { ok(verify("ee-cert-ec-named-named", "", ["root-cert"], ["ca-cert-ec-named"], @prov), "accept named curve leaf with named curve intermediate w/fips"); - ok(verify("ee-cert-ec-sha3-224", "", ["root-cert"], ["ca-cert-ec-named"], @prov), - "accept cert generated with EC and SHA3-224 w/fips"); - ok(verify("ee-cert-ec-sha3-256", "", ["root-cert"], ["ca-cert-ec-named"], @prov), - "accept cert generated with EC and SHA3-256 w/fips"); - ok(verify("ee-cert-ec-sha3-384", "", ["root-cert"], ["ca-cert-ec-named"], @prov), - "accept cert generated with EC and SHA3-384 w/fips"); - ok(verify("ee-cert-ec-sha3-512", "", ["root-cert"], ["ca-cert-ec-named"], @prov), - "accept cert generated with EC and SHA3-512 w/fips"); - delete $ENV{OPENSSL_CONF}; } |