diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2019-06-05 08:24:16 +1000 |
---|---|---|
committer | Shane Lontis <shane.lontis@oracle.com> | 2019-06-25 12:00:25 +1000 |
commit | 10c25644e362381844e0089504f0db42f029d855 (patch) | |
tree | fd1342f8f753b944e76adc1f5ceb53ef72c4d794 /test/ecdsatest.c | |
parent | be1dc984e1a5938170188cbdb6e536f1e7ac1656 (diff) |
EC only uses approved curves in FIPS mode.
Once there are buildable fips tests, some tests that are data driven
from files will need to be modified to exclude non approved curves in
fips mode.
These changes were tested by temporarily adding #define FIPS_MODE 1 to
all the modified source files.
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9081)
Diffstat (limited to 'test/ecdsatest.c')
-rw-r--r-- | test/ecdsatest.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/test/ecdsatest.c b/test/ecdsatest.c index 761832ff81..a62efad1cf 100644 --- a/test/ecdsatest.c +++ b/test/ecdsatest.c @@ -118,6 +118,11 @@ static int x9_62_tests(int n) TEST_info("ECDSA KATs for curve %s", OBJ_nid2sn(nid)); +#ifdef FIPS_MODE + if (EC_curve_nid2nist(nid) == NULL) + return TEST_skip("skip non approved curves"); +#endif /* FIPS_MODE */ + if (!TEST_ptr(mctx = EVP_MD_CTX_new()) /* get the message digest */ || !TEST_ptr(message = OPENSSL_hexstr2buf(tbs, &msg_len)) |