Blame SOURCES/0014-FIPS-disable-explicit-ec.patch

727bdf
diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c
727bdf
index 9dc143c2ac69..4d6f2a76ad20 100644
727bdf
--- a/crypto/ec/ec_err.c
727bdf
+++ b/crypto/ec/ec_err.c
727bdf
@@ -1,6 +1,6 @@
727bdf
 /*
727bdf
  * Generated by util/mkerr.pl DO NOT EDIT
727bdf
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
727bdf
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
727bdf
  *
727bdf
  * Licensed under the Apache License 2.0 (the "License").  You may not use
727bdf
  * this file except in compliance with the License.  You can obtain a copy
727bdf
@@ -35,6 +35,8 @@ static const ERR_STRING_DATA EC_str_reasons[] = {
727bdf
     "discriminant is zero"},
727bdf
     {ERR_PACK(ERR_LIB_EC, 0, EC_R_EC_GROUP_NEW_BY_NAME_FAILURE),
727bdf
     "ec group new by name failure"},
727bdf
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED),
727bdf
+    "explicit params not supported"},
727bdf
     {ERR_PACK(ERR_LIB_EC, 0, EC_R_FAILED_MAKING_PUBLIC_KEY),
727bdf
     "failed making public key"},
727bdf
     {ERR_PACK(ERR_LIB_EC, 0, EC_R_FIELD_TOO_LARGE), "field too large"},
727bdf
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
727bdf
index 2aeab7e3b6b5..f686e45f899d 100644
727bdf
--- a/crypto/ec/ec_lib.c
727bdf
+++ b/crypto/ec/ec_lib.c
727bdf
@@ -1387,6 +1387,7 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1,
727bdf
 }
727bdf
 #endif
727bdf
 
727bdf
+#ifndef FIPS_MODULE
727bdf
 /*
727bdf
  * Check if the explicit parameters group matches any built-in curves.
727bdf
  *
727bdf
@@ -1424,7 +1425,7 @@ static EC_GROUP *ec_group_explicit_to_named(const EC_GROUP *group,
727bdf
          * parameters with one created from a named group.
727bdf
          */
727bdf
 
727bdf
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
727bdf
+# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
727bdf
         /*
727bdf
          * NID_wap_wsg_idm_ecid_wtls12 and NID_secp224r1 are both aliases for
727bdf
          * the same curve, we prefer the SECP nid when matching explicit
727bdf
@@ -1432,7 +1433,7 @@ static EC_GROUP *ec_group_explicit_to_named(const EC_GROUP *group,
727bdf
          */
727bdf
         if (curve_name_nid == NID_wap_wsg_idm_ecid_wtls12)
727bdf
             curve_name_nid = NID_secp224r1;
727bdf
-#endif /* !def(OPENSSL_NO_EC_NISTP_64_GCC_128) */
727bdf
+# endif /* !def(OPENSSL_NO_EC_NISTP_64_GCC_128) */
727bdf
 
727bdf
         ret_group = EC_GROUP_new_by_curve_name_ex(libctx, propq, curve_name_nid);
727bdf
         if (ret_group == NULL)
727bdf
@@ -1467,6 +1468,7 @@ static EC_GROUP *ec_group_explicit_to_named(const EC_GROUP *group,
727bdf
     EC_GROUP_free(ret_group);
727bdf
     return NULL;
727bdf
 }
727bdf
+#endif /* FIPS_MODULE */
727bdf
 
727bdf
 static EC_GROUP *group_new_from_name(const OSSL_PARAM *p,
727bdf
                                      OSSL_LIB_CTX *libctx, const char *propq)
727bdf
@@ -1536,9 +1538,13 @@ int ossl_ec_group_set_params(EC_GROUP *group, const OSSL_PARAM params[])
727bdf
 EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
727bdf
                                    OSSL_LIB_CTX *libctx, const char *propq)
727bdf
 {
727bdf
-    const OSSL_PARAM *ptmp, *pa, *pb;
727bdf
+    const OSSL_PARAM *ptmp;
727bdf
+    EC_GROUP *group = NULL;
727bdf
+
727bdf
+#ifndef FIPS_MODULE
727bdf
+    const OSSL_PARAM *pa, *pb;
727bdf
     int ok = 0;
727bdf
-    EC_GROUP *group = NULL, *named_group = NULL;
727bdf
+    EC_GROUP *named_group = NULL;
727bdf
     BIGNUM *p = NULL, *a = NULL, *b = NULL, *order = NULL, *cofactor = NULL;
727bdf
     EC_POINT *point = NULL;
727bdf
     int field_bits = 0;
727bdf
@@ -1546,6 +1552,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
727bdf
     BN_CTX *bnctx = NULL;
727bdf
     const unsigned char *buf = NULL;
727bdf
     int encoding_flag = -1;
727bdf
+#endif
727bdf
 
727bdf
     /* This is the simple named group case */
727bdf
     ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME);
727bdf
@@ -1559,6 +1566,10 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
727bdf
         }
727bdf
         return group;
727bdf
     }
727bdf
+#ifdef FIPS_MODULE
727bdf
+    ERR_raise(ERR_LIB_EC, EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED);
727bdf
+    return NULL;
727bdf
+#else
727bdf
     /* If it gets here then we are trying explicit parameters */
727bdf
     bnctx = BN_CTX_new_ex(libctx);
727bdf
     if (bnctx == NULL) {
727bdf
@@ -1623,10 +1634,10 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
727bdf
         /* create the EC_GROUP structure */
727bdf
         group = EC_GROUP_new_curve_GFp(p, a, b, bnctx);
727bdf
     } else {
727bdf
-#ifdef OPENSSL_NO_EC2M
727bdf
+# ifdef OPENSSL_NO_EC2M
727bdf
         ERR_raise(ERR_LIB_EC, EC_R_GF2M_NOT_SUPPORTED);
727bdf
         goto err;
727bdf
-#else
727bdf
+# else
727bdf
         /* create the EC_GROUP structure */
727bdf
         group = EC_GROUP_new_curve_GF2m(p, a, b, NULL);
727bdf
         if (group != NULL) {
727bdf
@@ -1636,7 +1647,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
727bdf
                 goto err;
727bdf
             }
727bdf
         }
727bdf
-#endif /* OPENSSL_NO_EC2M */
727bdf
+# endif /* OPENSSL_NO_EC2M */
727bdf
     }
727bdf
 
727bdf
     if (group == NULL) {
727bdf
@@ -1733,4 +1744,5 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
727bdf
     BN_CTX_free(bnctx);
727bdf
 
727bdf
     return group;
727bdf
+#endif /* FIPS_MODULE */
727bdf
 }
727bdf
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
727bdf
index c4a94f955905..41df7127403c 100644
727bdf
--- a/crypto/err/openssl.txt
727bdf
+++ b/crypto/err/openssl.txt
727bdf
@@ -553,6 +553,7 @@ EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING:159:curve does not support signing
727bdf
 EC_R_DECODE_ERROR:142:decode error
727bdf
 EC_R_DISCRIMINANT_IS_ZERO:118:discriminant is zero
727bdf
 EC_R_EC_GROUP_NEW_BY_NAME_FAILURE:119:ec group new by name failure
727bdf
+EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED:127:explicit params not supported
727bdf
 EC_R_FAILED_MAKING_PUBLIC_KEY:166:failed making public key
727bdf
 EC_R_FIELD_TOO_LARGE:143:field too large
727bdf
 EC_R_GF2M_NOT_SUPPORTED:147:gf2m not supported
727bdf
diff --git a/include/crypto/ecerr.h b/include/crypto/ecerr.h
727bdf
index 07b6c7aa62dd..4658ae8fb2cd 100644
727bdf
--- a/include/crypto/ecerr.h
727bdf
+++ b/include/crypto/ecerr.h
727bdf
@@ -1,6 +1,6 @@
727bdf
 /*
727bdf
  * Generated by util/mkerr.pl DO NOT EDIT
727bdf
- * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
727bdf
+ * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
727bdf
  *
727bdf
  * Licensed under the Apache License 2.0 (the "License").  You may not use
727bdf
  * this file except in compliance with the License.  You can obtain a copy
727bdf
diff --git a/include/openssl/ecerr.h b/include/openssl/ecerr.h
727bdf
index 49088d208b2c..46405ac62d91 100644
727bdf
--- a/include/openssl/ecerr.h
727bdf
+++ b/include/openssl/ecerr.h
727bdf
@@ -1,6 +1,6 @@
727bdf
 /*
727bdf
  * Generated by util/mkerr.pl DO NOT EDIT
727bdf
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
727bdf
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
727bdf
  *
727bdf
  * Licensed under the Apache License 2.0 (the "License").  You may not use
727bdf
  * this file except in compliance with the License.  You can obtain a copy
727bdf
@@ -35,6 +35,7 @@
727bdf
 #  define EC_R_DECODE_ERROR                                142
727bdf
 #  define EC_R_DISCRIMINANT_IS_ZERO                        118
727bdf
 #  define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE                119
727bdf
+#  define EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED               127
727bdf
 #  define EC_R_FAILED_MAKING_PUBLIC_KEY                    166
727bdf
 #  define EC_R_FIELD_TOO_LARGE                             143
727bdf
 #  define EC_R_GF2M_NOT_SUPPORTED                          147
727bdf
diff --git a/test/endecode_test.c b/test/endecode_test.c
727bdf
index 0c33dff0ee2b..3d78bea50ea3 100644
727bdf
--- a/test/endecode_test.c
727bdf
+++ b/test/endecode_test.c
727bdf
@@ -147,6 +147,7 @@ typedef int (checker)(const char *file, const int line,
727bdf
 typedef void (dumper)(const char *label, const void *data, size_t data_len);
727bdf
 
727bdf
 #define FLAG_DECODE_WITH_TYPE   0x0001
727bdf
+#define FLAG_FAIL_IF_FIPS       0x0002
727bdf
 
727bdf
 static int test_encode_decode(const char *file, const int line,
727bdf
                               const char *type, EVP_PKEY *pkey,
727bdf
@@ -170,8 +171,19 @@ static int test_encode_decode(const char *file, const int line,
727bdf
      * dumping purposes.
727bdf
      */
727bdf
     if (!TEST_true(encode_cb(file, line, &encoded, &encoded_len, pkey, selection,
727bdf
-                             output_type, output_structure, pass, pcipher))
727bdf
-        || !TEST_true(check_cb(file, line, type, encoded, encoded_len))
727bdf
+                             output_type, output_structure, pass, pcipher)))
727bdf
+        goto end;
727bdf
+
727bdf
+    if ((flags & FLAG_FAIL_IF_FIPS) != 0 && is_fips) {
727bdf
+        if (TEST_false(decode_cb(file, line, (void **)&pkey2, encoded,
727bdf
+                                  encoded_len, output_type, output_structure,
727bdf
+                                  (flags & FLAG_DECODE_WITH_TYPE ? type : NULL),
727bdf
+                                  selection, pass)))
727bdf
+            ok = 1;
727bdf
+        goto end;
727bdf
+    }
727bdf
+
727bdf
+    if (!TEST_true(check_cb(file, line, type, encoded, encoded_len))
727bdf
         || !TEST_true(decode_cb(file, line, (void **)&pkey2, encoded, encoded_len,
727bdf
                                 output_type, output_structure,
727bdf
                                 (flags & FLAG_DECODE_WITH_TYPE ? type : NULL),
727bdf
@@ -525,7 +537,7 @@ static int check_unprotected_PKCS8_DER(const char *file, const int line,
727bdf
     return ok;
727bdf
 }
727bdf
 
727bdf
-static int test_unprotected_via_DER(const char *type, EVP_PKEY *key)
727bdf
+static int test_unprotected_via_DER(const char *type, EVP_PKEY *key, int fips)
727bdf
 {
727bdf
     return test_encode_decode(__FILE__, __LINE__, type, key,
727bdf
                               OSSL_KEYMGMT_SELECT_KEYPAIR
727bdf
@@ -533,7 +545,7 @@ static int test_unprotected_via_DER(const char *type, EVP_PKEY *key)
727bdf
                               "DER", "PrivateKeyInfo", NULL, NULL,
727bdf
                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
727bdf
                               test_mem, check_unprotected_PKCS8_DER,
727bdf
-                              dump_der, 0);
727bdf
+                              dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS);
727bdf
 }
727bdf
 
727bdf
 static int check_unprotected_PKCS8_PEM(const char *file, const int line,
727bdf
@@ -547,7 +559,7 @@ static int check_unprotected_PKCS8_PEM(const char *file, const int line,
727bdf
                         sizeof(expected_pem_header) - 1);
727bdf
 }
727bdf
 
727bdf
-static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key)
727bdf
+static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key, int fips)
727bdf
 {
727bdf
     return test_encode_decode(__FILE__, __LINE__, type, key,
727bdf
                               OSSL_KEYMGMT_SELECT_KEYPAIR
727bdf
@@ -555,7 +567,7 @@ static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key)
727bdf
                               "PEM", "PrivateKeyInfo", NULL, NULL,
727bdf
                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
727bdf
                               test_text, check_unprotected_PKCS8_PEM,
727bdf
-                              dump_pem, 0);
727bdf
+                              dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS);
727bdf
 }
727bdf
 
727bdf
 #ifndef OPENSSL_NO_KEYPARAMS
727bdf
@@ -702,7 +714,7 @@ static int check_protected_PKCS8_DER(const char *file, const int line,
727bdf
     return ok;
727bdf
 }
727bdf
 
727bdf
-static int test_protected_via_DER(const char *type, EVP_PKEY *key)
727bdf
+static int test_protected_via_DER(const char *type, EVP_PKEY *key, int fips)
727bdf
 {
727bdf
     return test_encode_decode(__FILE__, __LINE__, type, key,
727bdf
                               OSSL_KEYMGMT_SELECT_KEYPAIR
727bdf
@@ -711,7 +723,7 @@ static int test_protected_via_DER(const char *type, EVP_PKEY *key)
727bdf
                               pass, pass_cipher,
727bdf
                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
727bdf
                               test_mem, check_protected_PKCS8_DER,
727bdf
-                              dump_der, 0);
727bdf
+                              dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS);
727bdf
 }
727bdf
 
727bdf
 static int check_protected_PKCS8_PEM(const char *file, const int line,
727bdf
@@ -725,7 +737,7 @@ static int check_protected_PKCS8_PEM(const char *file, const int line,
727bdf
                         sizeof(expected_pem_header) - 1);
727bdf
 }
727bdf
 
727bdf
-static int test_protected_via_PEM(const char *type, EVP_PKEY *key)
727bdf
+static int test_protected_via_PEM(const char *type, EVP_PKEY *key, int fips)
727bdf
 {
727bdf
     return test_encode_decode(__FILE__, __LINE__, type, key,
727bdf
                               OSSL_KEYMGMT_SELECT_KEYPAIR
727bdf
@@ -734,7 +746,7 @@ static int test_protected_via_PEM(const char *type, EVP_PKEY *key)
727bdf
                               pass, pass_cipher,
727bdf
                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
727bdf
                               test_text, check_protected_PKCS8_PEM,
727bdf
-                              dump_pem, 0);
727bdf
+                              dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS);
727bdf
 }
727bdf
 
727bdf
 static int check_protected_legacy_PEM(const char *file, const int line,
727bdf
@@ -795,14 +807,15 @@ static int check_public_DER(const char *file, const int line,
727bdf
     return ok;
727bdf
 }
727bdf
 
727bdf
-static int test_public_via_DER(const char *type, EVP_PKEY *key)
727bdf
+static int test_public_via_DER(const char *type, EVP_PKEY *key, int fips)
727bdf
 {
727bdf
     return test_encode_decode(__FILE__, __LINE__, type, key,
727bdf
                               OSSL_KEYMGMT_SELECT_PUBLIC_KEY
727bdf
                               | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
727bdf
                               "DER", "SubjectPublicKeyInfo", NULL, NULL,
727bdf
                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
727bdf
-                              test_mem, check_public_DER, dump_der, 0);
727bdf
+                              test_mem, check_public_DER, dump_der,
727bdf
+                              fips ? 0 : FLAG_FAIL_IF_FIPS);
727bdf
 }
727bdf
 
727bdf
 static int check_public_PEM(const char *file, const int line,
727bdf
@@ -816,14 +829,15 @@ static int check_public_PEM(const char *file, const int line,
727bdf
                      sizeof(expected_pem_header) - 1);
727bdf
 }
727bdf
 
727bdf
-static int test_public_via_PEM(const char *type, EVP_PKEY *key)
727bdf
+static int test_public_via_PEM(const char *type, EVP_PKEY *key, int fips)
727bdf
 {
727bdf
     return test_encode_decode(__FILE__, __LINE__, type, key,
727bdf
                               OSSL_KEYMGMT_SELECT_PUBLIC_KEY
727bdf
                               | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
727bdf
                               "PEM", "SubjectPublicKeyInfo", NULL, NULL,
727bdf
                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
727bdf
-                              test_text, check_public_PEM, dump_pem, 0);
727bdf
+                              test_text, check_public_PEM, dump_pem,
727bdf
+                              fips ? 0 : FLAG_FAIL_IF_FIPS);
727bdf
 }
727bdf
 
727bdf
 static int check_public_MSBLOB(const char *file, const int line,
727bdf
@@ -868,30 +882,30 @@ static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key)
727bdf
     EVP_PKEY_free(template_##KEYTYPE);                                  \
727bdf
     EVP_PKEY_free(key_##KEYTYPE)
727bdf
 
727bdf
-#define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr)                       \
727bdf
+#define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr, fips)                 \
727bdf
     static int test_unprotected_##KEYTYPE##_via_DER(void)               \
727bdf
     {                                                                   \
727bdf
-        return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE);     \
727bdf
+        return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \
727bdf
     }                                                                   \
727bdf
     static int test_unprotected_##KEYTYPE##_via_PEM(void)               \
727bdf
     {                                                                   \
727bdf
-        return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE);     \
727bdf
+        return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \
727bdf
     }                                                                   \
727bdf
     static int test_protected_##KEYTYPE##_via_DER(void)                 \
727bdf
     {                                                                   \
727bdf
-        return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE);       \
727bdf
+        return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \
727bdf
     }                                                                   \
727bdf
     static int test_protected_##KEYTYPE##_via_PEM(void)                 \
727bdf
     {                                                                   \
727bdf
-        return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE);       \
727bdf
+        return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \
727bdf
     }                                                                   \
727bdf
     static int test_public_##KEYTYPE##_via_DER(void)                    \
727bdf
     {                                                                   \
727bdf
-        return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE);          \
727bdf
+        return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE, fips);    \
727bdf
     }                                                                   \
727bdf
     static int test_public_##KEYTYPE##_via_PEM(void)                    \
727bdf
     {                                                                   \
727bdf
-        return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE);          \
727bdf
+        return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips);    \
727bdf
     }
727bdf
 
727bdf
 #define ADD_TEST_SUITE(KEYTYPE)                                 \
727bdf
@@ -965,10 +979,10 @@ static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key)
727bdf
 
727bdf
 #ifndef OPENSSL_NO_DH
727bdf
 DOMAIN_KEYS(DH);
727bdf
-IMPLEMENT_TEST_SUITE(DH, "DH")
727bdf
+IMPLEMENT_TEST_SUITE(DH, "DH", 1)
727bdf
 IMPLEMENT_TEST_SUITE_PARAMS(DH, "DH")
727bdf
 DOMAIN_KEYS(DHX);
727bdf
-IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH")
727bdf
+IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH", 1)
727bdf
 IMPLEMENT_TEST_SUITE_PARAMS(DHX, "X9.42 DH")
727bdf
 /*
727bdf
  * DH has no support for PEM_write_bio_PrivateKey_traditional(),
727bdf
@@ -977,7 +991,7 @@ IMPLEMENT_TEST_SUITE_PARAMS(DHX, "X9.42 DH")
727bdf
 #endif
727bdf
 #ifndef OPENSSL_NO_DSA
727bdf
 DOMAIN_KEYS(DSA);
727bdf
-IMPLEMENT_TEST_SUITE(DSA, "DSA")
727bdf
+IMPLEMENT_TEST_SUITE(DSA, "DSA", 1)
727bdf
 IMPLEMENT_TEST_SUITE_PARAMS(DSA, "DSA")
727bdf
 IMPLEMENT_TEST_SUITE_LEGACY(DSA, "DSA")
727bdf
 IMPLEMENT_TEST_SUITE_MSBLOB(DSA, "DSA")
727bdf
@@ -988,41 +1002,41 @@ IMPLEMENT_TEST_SUITE_PROTECTED_PVK(DSA, "DSA")
727bdf
 #endif
727bdf
 #ifndef OPENSSL_NO_EC
727bdf
 DOMAIN_KEYS(EC);
727bdf
-IMPLEMENT_TEST_SUITE(EC, "EC")
727bdf
+IMPLEMENT_TEST_SUITE(EC, "EC", 1)
727bdf
 IMPLEMENT_TEST_SUITE_PARAMS(EC, "EC")
727bdf
 IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC")
727bdf
 DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
727bdf
-IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC")
727bdf
+IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1)
727bdf
 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC")
727bdf
 /*DOMAIN_KEYS(ECExplicitPrime2G);*/
727bdf
-/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC")*/
727bdf
+/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)*/
727bdf
 /*IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")*/
727bdf
 # ifndef OPENSSL_NO_EC2M
727bdf
 DOMAIN_KEYS(ECExplicitTriNamedCurve);
727bdf
-IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC")
727bdf
+IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1)
727bdf
 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve, "EC")
727bdf
 DOMAIN_KEYS(ECExplicitTri2G);
727bdf
-IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC")
727bdf
+IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC", 0)
727bdf
 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTri2G, "EC")
727bdf
 # endif
727bdf
 KEYS(ED25519);
727bdf
-IMPLEMENT_TEST_SUITE(ED25519, "ED25519")
727bdf
+IMPLEMENT_TEST_SUITE(ED25519, "ED25519", 1)
727bdf
 KEYS(ED448);
727bdf
-IMPLEMENT_TEST_SUITE(ED448, "ED448")
727bdf
+IMPLEMENT_TEST_SUITE(ED448, "ED448", 1)
727bdf
 KEYS(X25519);
727bdf
-IMPLEMENT_TEST_SUITE(X25519, "X25519")
727bdf
+IMPLEMENT_TEST_SUITE(X25519, "X25519", 1)
727bdf
 KEYS(X448);
727bdf
-IMPLEMENT_TEST_SUITE(X448, "X448")
727bdf
+IMPLEMENT_TEST_SUITE(X448, "X448", 1)
727bdf
 /*
727bdf
  * ED25519, ED448, X25519 and X448 have no support for
727bdf
  * PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
727bdf
  */
727bdf
 #endif
727bdf
 KEYS(RSA);
727bdf
-IMPLEMENT_TEST_SUITE(RSA, "RSA")
727bdf
+IMPLEMENT_TEST_SUITE(RSA, "RSA", 1)
727bdf
 IMPLEMENT_TEST_SUITE_LEGACY(RSA, "RSA")
727bdf
 KEYS(RSA_PSS);
727bdf
-IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS")
727bdf
+IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS", 1)
727bdf
 /*
727bdf
  * RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(),
727bdf
  * so no legacy tests.