From 3f699197ac0ccf7e3dda6ff3cddaa33803285299 Mon Sep 17 00:00:00 2001
From: Shane Lontis <shane.lontis@oracle.com>
Date: Sat, 29 Aug 2020 12:25:54 +1000
Subject: Add fips checks for rsa signatures.

In fips mode SHA1 should not be allowed for signing, but may be present for verifying.
Add keysize check.
Add missing 'ossl_unused' to gettable and settable methods.
Update fips related tests that have these restrictions.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)
---
 test/recipes/80-test_cms.t | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'test/recipes/80-test_cms.t')

diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
index 65a8e14574..0d086344e7 100644
--- a/test/recipes/80-test_cms.t
+++ b/test/recipes/80-test_cms.t
@@ -161,7 +161,7 @@ my @smime_pkcs7_tests = (
     ],
 
     [ "signed content S/MIME format, RSA key SHA1",
-      [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-md", "sha1",
+      [ "{cmd1}", @defaultprov, "-sign", "-in", $smcont, "-md", "sha1",
         "-certfile", catfile($smdir, "smroot.pem"),
         "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ],
       [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms",
-- 
cgit v1.2.3