diff options
| author | Clemens Lang <cllang@redhat.com> | 2022-07-01 15:22:34 +0200 |
|---|---|---|
| committer | Dmitry Belyavskiy <beldmit@gmail.com> | 2022-08-17 09:20:41 +0200 |
| commit | 2b8f687d7627a4b15bba6a820825944185980376 (patch) | |
| tree | 16f50f0d928259e5242164fbfca9d1563b754903 /test | |
| parent | ae3c30acac17271693e91dcae42c804cd96e8f93 (diff) | |
APPS: ecparam: Support setting properties
The -provider and -propquery options did not work on ecparam. Fix this
and add tests that check that operations that would usually fail with
the FIPS provider work when run with
| -provider default -propquery '?fips!=yes'
See also 30b2c3592e8511b60d44f93eb657a1ecb3662c08, which previously
fixed the same problem in dsaparam and gendsa. See also the initial
report in https://bugzilla.redhat.com/show_bug.cgi?id=2094956.
Signed-off-by: Clemens Lang <cllang@redhat.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18717)
Diffstat (limited to 'test')
| -rw-r--r-- | test/recipes/15-test_ecparam.t | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/test/recipes/15-test_ecparam.t b/test/recipes/15-test_ecparam.t index 34efe7adb0..17ee9e2d98 100644 --- a/test/recipes/15-test_ecparam.t +++ b/test/recipes/15-test_ecparam.t @@ -119,7 +119,7 @@ subtest "Check pkeyparam does not change the parameter file on output" => sub { subtest "Check loading of fips and non-fips params" => sub { plan skip_all => "FIPS is disabled" if $no_fips; - plan tests => 3; + plan tests => 6; my $fipsconf = srctop_file("test", "fips-and-base.cnf"); my $defaultconf = srctop_file("test", "default.cnf"); @@ -141,5 +141,23 @@ subtest "Check loading of fips and non-fips params" => sub { '-check'])), "Fail loading named non-fips curve"); + ok(run(app(['openssl', 'ecparam', + '-provider', 'default', + '-propquery', '?fips!=yes', + '-in', data_file('valid', 'secp112r1-named.pem'), + '-check'])), + "Loading named non-fips curve in FIPS mode with non-FIPS property". + " query"); + + ok(!run(app(['openssl', 'ecparam', + '-genkey', '-name', 'secp112r1'])), + "Fail generating key for named non-fips curve"); + + ok(run(app(['openssl', 'ecparam', + '-provider', 'default', + '-propquery', '?fips!=yes', + '-genkey', '-name', 'secp112r1'])), + "Generating key for named non-fips curve with non-FIPS property query"); + $ENV{OPENSSL_CONF} = $defaultconf; }; |