diff options
| author | Shane Lontis <shane.lontis@oracle.com> | 2020-11-12 17:57:12 +1000 |
|---|---|---|
| committer | Shane Lontis <shane.lontis@oracle.com> | 2020-11-16 17:21:57 +1000 |
| commit | 4605c5ab4796e99a207ab54d31bb8d2b5e42f1ca (patch) | |
| tree | ec87263a3d718096b3538b77665c60aca48e9e37 /test | |
| parent | e557d463331861c740867f069e1cb8029b46c94a (diff) | |
Fix dsa securitycheck for fips.
Fixes #12627
Changed security check for DSA verification to match SP800-131Ar2 when
the security strength is < 112.
Fixed compilation error when using config opt 'no-fips-securitychecks'
Removed TODO's from 20-test_cli_fips.t - there is no longer an TODO error.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13387)
Diffstat (limited to 'test')
| -rw-r--r-- | test/evp_test.c | 2 | ||||
| -rw-r--r-- | test/recipes/20-test_cli_fips.t | 14 |
2 files changed, 7 insertions, 9 deletions
diff --git a/test/evp_test.c b/test/evp_test.c index fc9121edac..9361845450 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -3284,6 +3284,7 @@ static char *take_value(PAIR *pp) return p; } +#if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS) static int securitycheck_enabled(void) { static int enabled = -1; @@ -3310,6 +3311,7 @@ static int securitycheck_enabled(void) } return enabled; } +#endif /* * Return 1 if one of the providers named in the string is available. diff --git a/test/recipes/20-test_cli_fips.t b/test/recipes/20-test_cli_fips.t index 2bd19722de..364c9d2bde 100644 --- a/test/recipes/20-test_cli_fips.t +++ b/test/recipes/20-test_cli_fips.t @@ -23,7 +23,9 @@ use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); use platform; -plan skip_all => "Test only supported in a fips build" if disabled("fips"); +my $no_check = disabled('fips-securitychecks'); +plan skip_all => "Test only supported in a fips build with security checks" + if disabled("fips") || disabled("fips-securitychecks"); plan tests => 13; my $fipsmodule = bldtop_file('providers', platform->dso('fips')); @@ -235,10 +237,7 @@ SKIP: { '-out', $testtext_prefix.'.fail.priv.pem'])), $testtext); - TODO : { - local $TODO = "see issue #12629"; - tsignverify($testtext_prefix, $fips_key, $nonfips_key); - } + tsignverify($testtext_prefix, $fips_key, $nonfips_key); }; } @@ -315,9 +314,6 @@ SKIP : { '-out', $testtext_prefix.'.fail.priv.pem'])), $testtext); - TODO : { - local $TODO = "see issues #12626, #12627"; - tsignverify($testtext_prefix, $fips_key, $nonfips_key); - } + tsignverify($testtext_prefix, $fips_key, $nonfips_key); }; } |