From 6a2ab4a9c81c676570e849e474ce64f8c2dee2a9 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Mon, 10 May 2021 16:51:39 +0200
Subject: Allow arbitrary digests with ECDSA and DSA

Unless the FIPS security check is enabled we allow arbitrary digests
with ECDSA and DSA.

Fixes #14696

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15220)
---
 test/recipes/30-test_evp_data/evppkey_ecdsa.txt | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'test')

diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
index 9297bb2d21..f36982845d 100644
--- a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
+++ b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
@@ -97,11 +97,6 @@ Key = P-256-PUBLIC
 Input = "Hello World"
 Output = 3046022100e7515177ec3817b77a4a94066ab3070817b7aa9d44a8a09f040da250116e8972022100ba59b0f631258e59a9026be5d84f60685f4cf22b9165a0c2736d5c21c8ec1862
 
-# Invalid digest
-DigestVerify = MD5
-Key = P-256-PUBLIC
-Result = DIGESTVERIFYINIT_ERROR
-
 # Oneshot tests
 OneShotDigestVerify = SHA256
 Key = P-256-PUBLIC
@@ -214,3 +209,10 @@ Securitycheck = 1
 Ctrl = digest:SHA1
 Input = "0123456789ABCDEF1234"
 Result = PKEY_CTRL_ERROR
+
+# Invalid non-approved digest
+Availablein = fips
+DigestVerify = MD5
+Securitycheck = 1
+Key = P-256-PUBLIC
+Result = DIGESTVERIFYINIT_ERROR
-- 
cgit v1.2.3