|
|
727bdf |
diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c
|
|
|
727bdf |
index 9dc143c2ac69..4d6f2a76ad20 100644
|
|
|
727bdf |
--- a/crypto/ec/ec_err.c
|
|
|
727bdf |
+++ b/crypto/ec/ec_err.c
|
|
|
727bdf |
@@ -1,6 +1,6 @@
|
|
|
727bdf |
/*
|
|
|
727bdf |
* Generated by util/mkerr.pl DO NOT EDIT
|
|
|
727bdf |
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
|
|
727bdf |
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
|
|
727bdf |
*
|
|
|
727bdf |
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
|
727bdf |
* this file except in compliance with the License. You can obtain a copy
|
|
|
727bdf |
@@ -35,6 +35,8 @@ static const ERR_STRING_DATA EC_str_reasons[] = {
|
|
|
727bdf |
"discriminant is zero"},
|
|
|
727bdf |
{ERR_PACK(ERR_LIB_EC, 0, EC_R_EC_GROUP_NEW_BY_NAME_FAILURE),
|
|
|
727bdf |
"ec group new by name failure"},
|
|
|
727bdf |
+ {ERR_PACK(ERR_LIB_EC, 0, EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED),
|
|
|
727bdf |
+ "explicit params not supported"},
|
|
|
727bdf |
{ERR_PACK(ERR_LIB_EC, 0, EC_R_FAILED_MAKING_PUBLIC_KEY),
|
|
|
727bdf |
"failed making public key"},
|
|
|
727bdf |
{ERR_PACK(ERR_LIB_EC, 0, EC_R_FIELD_TOO_LARGE), "field too large"},
|
|
|
727bdf |
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
|
|
|
727bdf |
index 2aeab7e3b6b5..f686e45f899d 100644
|
|
|
727bdf |
--- a/crypto/ec/ec_lib.c
|
|
|
727bdf |
+++ b/crypto/ec/ec_lib.c
|
|
|
727bdf |
@@ -1387,6 +1387,7 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1,
|
|
|
727bdf |
}
|
|
|
727bdf |
#endif
|
|
|
727bdf |
|
|
|
727bdf |
+#ifndef FIPS_MODULE
|
|
|
727bdf |
/*
|
|
|
727bdf |
* Check if the explicit parameters group matches any built-in curves.
|
|
|
727bdf |
*
|
|
|
727bdf |
@@ -1424,7 +1425,7 @@ static EC_GROUP *ec_group_explicit_to_named(const EC_GROUP *group,
|
|
|
727bdf |
* parameters with one created from a named group.
|
|
|
727bdf |
*/
|
|
|
727bdf |
|
|
|
727bdf |
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
|
|
|
727bdf |
+# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
|
|
|
727bdf |
/*
|
|
|
727bdf |
* NID_wap_wsg_idm_ecid_wtls12 and NID_secp224r1 are both aliases for
|
|
|
727bdf |
* the same curve, we prefer the SECP nid when matching explicit
|
|
|
727bdf |
@@ -1432,7 +1433,7 @@ static EC_GROUP *ec_group_explicit_to_named(const EC_GROUP *group,
|
|
|
727bdf |
*/
|
|
|
727bdf |
if (curve_name_nid == NID_wap_wsg_idm_ecid_wtls12)
|
|
|
727bdf |
curve_name_nid = NID_secp224r1;
|
|
|
727bdf |
-#endif /* !def(OPENSSL_NO_EC_NISTP_64_GCC_128) */
|
|
|
727bdf |
+# endif /* !def(OPENSSL_NO_EC_NISTP_64_GCC_128) */
|
|
|
727bdf |
|
|
|
727bdf |
ret_group = EC_GROUP_new_by_curve_name_ex(libctx, propq, curve_name_nid);
|
|
|
727bdf |
if (ret_group == NULL)
|
|
|
727bdf |
@@ -1467,6 +1468,7 @@ static EC_GROUP *ec_group_explicit_to_named(const EC_GROUP *group,
|
|
|
727bdf |
EC_GROUP_free(ret_group);
|
|
|
727bdf |
return NULL;
|
|
|
727bdf |
}
|
|
|
727bdf |
+#endif /* FIPS_MODULE */
|
|
|
727bdf |
|
|
|
727bdf |
static EC_GROUP *group_new_from_name(const OSSL_PARAM *p,
|
|
|
727bdf |
OSSL_LIB_CTX *libctx, const char *propq)
|
|
|
727bdf |
@@ -1536,9 +1538,13 @@ int ossl_ec_group_set_params(EC_GROUP *group, const OSSL_PARAM params[])
|
|
|
727bdf |
EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
|
|
|
727bdf |
OSSL_LIB_CTX *libctx, const char *propq)
|
|
|
727bdf |
{
|
|
|
727bdf |
- const OSSL_PARAM *ptmp, *pa, *pb;
|
|
|
727bdf |
+ const OSSL_PARAM *ptmp;
|
|
|
727bdf |
+ EC_GROUP *group = NULL;
|
|
|
727bdf |
+
|
|
|
727bdf |
+#ifndef FIPS_MODULE
|
|
|
727bdf |
+ const OSSL_PARAM *pa, *pb;
|
|
|
727bdf |
int ok = 0;
|
|
|
727bdf |
- EC_GROUP *group = NULL, *named_group = NULL;
|
|
|
727bdf |
+ EC_GROUP *named_group = NULL;
|
|
|
727bdf |
BIGNUM *p = NULL, *a = NULL, *b = NULL, *order = NULL, *cofactor = NULL;
|
|
|
727bdf |
EC_POINT *point = NULL;
|
|
|
727bdf |
int field_bits = 0;
|
|
|
727bdf |
@@ -1546,6 +1552,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
|
|
|
727bdf |
BN_CTX *bnctx = NULL;
|
|
|
727bdf |
const unsigned char *buf = NULL;
|
|
|
727bdf |
int encoding_flag = -1;
|
|
|
727bdf |
+#endif
|
|
|
727bdf |
|
|
|
727bdf |
/* This is the simple named group case */
|
|
|
727bdf |
ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME);
|
|
|
727bdf |
@@ -1559,6 +1566,10 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
|
|
|
727bdf |
}
|
|
|
727bdf |
return group;
|
|
|
727bdf |
}
|
|
|
727bdf |
+#ifdef FIPS_MODULE
|
|
|
727bdf |
+ ERR_raise(ERR_LIB_EC, EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED);
|
|
|
727bdf |
+ return NULL;
|
|
|
727bdf |
+#else
|
|
|
727bdf |
/* If it gets here then we are trying explicit parameters */
|
|
|
727bdf |
bnctx = BN_CTX_new_ex(libctx);
|
|
|
727bdf |
if (bnctx == NULL) {
|
|
|
727bdf |
@@ -1623,10 +1634,10 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
|
|
|
727bdf |
/* create the EC_GROUP structure */
|
|
|
727bdf |
group = EC_GROUP_new_curve_GFp(p, a, b, bnctx);
|
|
|
727bdf |
} else {
|
|
|
727bdf |
-#ifdef OPENSSL_NO_EC2M
|
|
|
727bdf |
+# ifdef OPENSSL_NO_EC2M
|
|
|
727bdf |
ERR_raise(ERR_LIB_EC, EC_R_GF2M_NOT_SUPPORTED);
|
|
|
727bdf |
goto err;
|
|
|
727bdf |
-#else
|
|
|
727bdf |
+# else
|
|
|
727bdf |
/* create the EC_GROUP structure */
|
|
|
727bdf |
group = EC_GROUP_new_curve_GF2m(p, a, b, NULL);
|
|
|
727bdf |
if (group != NULL) {
|
|
|
727bdf |
@@ -1636,7 +1647,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
|
|
|
727bdf |
goto err;
|
|
|
727bdf |
}
|
|
|
727bdf |
}
|
|
|
727bdf |
-#endif /* OPENSSL_NO_EC2M */
|
|
|
727bdf |
+# endif /* OPENSSL_NO_EC2M */
|
|
|
727bdf |
}
|
|
|
727bdf |
|
|
|
727bdf |
if (group == NULL) {
|
|
|
727bdf |
@@ -1733,4 +1744,5 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
|
|
|
727bdf |
BN_CTX_free(bnctx);
|
|
|
727bdf |
|
|
|
727bdf |
return group;
|
|
|
727bdf |
+#endif /* FIPS_MODULE */
|
|
|
727bdf |
}
|
|
|
727bdf |
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
|
|
|
727bdf |
index c4a94f955905..41df7127403c 100644
|
|
|
727bdf |
--- a/crypto/err/openssl.txt
|
|
|
727bdf |
+++ b/crypto/err/openssl.txt
|
|
|
727bdf |
@@ -553,6 +553,7 @@ EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING:159:curve does not support signing
|
|
|
727bdf |
EC_R_DECODE_ERROR:142:decode error
|
|
|
727bdf |
EC_R_DISCRIMINANT_IS_ZERO:118:discriminant is zero
|
|
|
727bdf |
EC_R_EC_GROUP_NEW_BY_NAME_FAILURE:119:ec group new by name failure
|
|
|
727bdf |
+EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED:127:explicit params not supported
|
|
|
727bdf |
EC_R_FAILED_MAKING_PUBLIC_KEY:166:failed making public key
|
|
|
727bdf |
EC_R_FIELD_TOO_LARGE:143:field too large
|
|
|
727bdf |
EC_R_GF2M_NOT_SUPPORTED:147:gf2m not supported
|
|
|
727bdf |
diff --git a/include/crypto/ecerr.h b/include/crypto/ecerr.h
|
|
|
727bdf |
index 07b6c7aa62dd..4658ae8fb2cd 100644
|
|
|
727bdf |
--- a/include/crypto/ecerr.h
|
|
|
727bdf |
+++ b/include/crypto/ecerr.h
|
|
|
727bdf |
@@ -1,6 +1,6 @@
|
|
|
727bdf |
/*
|
|
|
727bdf |
* Generated by util/mkerr.pl DO NOT EDIT
|
|
|
727bdf |
- * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
|
|
|
727bdf |
+ * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
|
|
|
727bdf |
*
|
|
|
727bdf |
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
|
727bdf |
* this file except in compliance with the License. You can obtain a copy
|
|
|
727bdf |
diff --git a/include/openssl/ecerr.h b/include/openssl/ecerr.h
|
|
|
727bdf |
index 49088d208b2c..46405ac62d91 100644
|
|
|
727bdf |
--- a/include/openssl/ecerr.h
|
|
|
727bdf |
+++ b/include/openssl/ecerr.h
|
|
|
727bdf |
@@ -1,6 +1,6 @@
|
|
|
727bdf |
/*
|
|
|
727bdf |
* Generated by util/mkerr.pl DO NOT EDIT
|
|
|
727bdf |
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
|
|
727bdf |
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
|
|
727bdf |
*
|
|
|
727bdf |
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
|
727bdf |
* this file except in compliance with the License. You can obtain a copy
|
|
|
727bdf |
@@ -35,6 +35,7 @@
|
|
|
727bdf |
# define EC_R_DECODE_ERROR 142
|
|
|
727bdf |
# define EC_R_DISCRIMINANT_IS_ZERO 118
|
|
|
727bdf |
# define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119
|
|
|
727bdf |
+# define EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED 127
|
|
|
727bdf |
# define EC_R_FAILED_MAKING_PUBLIC_KEY 166
|
|
|
727bdf |
# define EC_R_FIELD_TOO_LARGE 143
|
|
|
727bdf |
# define EC_R_GF2M_NOT_SUPPORTED 147
|
|
|
727bdf |
diff --git a/test/endecode_test.c b/test/endecode_test.c
|
|
|
727bdf |
index 0c33dff0ee2b..3d78bea50ea3 100644
|
|
|
727bdf |
--- a/test/endecode_test.c
|
|
|
727bdf |
+++ b/test/endecode_test.c
|
|
|
727bdf |
@@ -147,6 +147,7 @@ typedef int (checker)(const char *file, const int line,
|
|
|
727bdf |
typedef void (dumper)(const char *label, const void *data, size_t data_len);
|
|
|
727bdf |
|
|
|
727bdf |
#define FLAG_DECODE_WITH_TYPE 0x0001
|
|
|
727bdf |
+#define FLAG_FAIL_IF_FIPS 0x0002
|
|
|
727bdf |
|
|
|
727bdf |
static int test_encode_decode(const char *file, const int line,
|
|
|
727bdf |
const char *type, EVP_PKEY *pkey,
|
|
|
727bdf |
@@ -170,8 +171,19 @@ static int test_encode_decode(const char *file, const int line,
|
|
|
727bdf |
* dumping purposes.
|
|
|
727bdf |
*/
|
|
|
727bdf |
if (!TEST_true(encode_cb(file, line, &encoded, &encoded_len, pkey, selection,
|
|
|
727bdf |
- output_type, output_structure, pass, pcipher))
|
|
|
727bdf |
- || !TEST_true(check_cb(file, line, type, encoded, encoded_len))
|
|
|
727bdf |
+ output_type, output_structure, pass, pcipher)))
|
|
|
727bdf |
+ goto end;
|
|
|
727bdf |
+
|
|
|
727bdf |
+ if ((flags & FLAG_FAIL_IF_FIPS) != 0 && is_fips) {
|
|
|
727bdf |
+ if (TEST_false(decode_cb(file, line, (void **)&pkey2, encoded,
|
|
|
727bdf |
+ encoded_len, output_type, output_structure,
|
|
|
727bdf |
+ (flags & FLAG_DECODE_WITH_TYPE ? type : NULL),
|
|
|
727bdf |
+ selection, pass)))
|
|
|
727bdf |
+ ok = 1;
|
|
|
727bdf |
+ goto end;
|
|
|
727bdf |
+ }
|
|
|
727bdf |
+
|
|
|
727bdf |
+ if (!TEST_true(check_cb(file, line, type, encoded, encoded_len))
|
|
|
727bdf |
|| !TEST_true(decode_cb(file, line, (void **)&pkey2, encoded, encoded_len,
|
|
|
727bdf |
output_type, output_structure,
|
|
|
727bdf |
(flags & FLAG_DECODE_WITH_TYPE ? type : NULL),
|
|
|
727bdf |
@@ -525,7 +537,7 @@ static int check_unprotected_PKCS8_DER(const char *file, const int line,
|
|
|
727bdf |
return ok;
|
|
|
727bdf |
}
|
|
|
727bdf |
|
|
|
727bdf |
-static int test_unprotected_via_DER(const char *type, EVP_PKEY *key)
|
|
|
727bdf |
+static int test_unprotected_via_DER(const char *type, EVP_PKEY *key, int fips)
|
|
|
727bdf |
{
|
|
|
727bdf |
return test_encode_decode(__FILE__, __LINE__, type, key,
|
|
|
727bdf |
OSSL_KEYMGMT_SELECT_KEYPAIR
|
|
|
727bdf |
@@ -533,7 +545,7 @@ static int test_unprotected_via_DER(const char *type, EVP_PKEY *key)
|
|
|
727bdf |
"DER", "PrivateKeyInfo", NULL, NULL,
|
|
|
727bdf |
encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
|
|
|
727bdf |
test_mem, check_unprotected_PKCS8_DER,
|
|
|
727bdf |
- dump_der, 0);
|
|
|
727bdf |
+ dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS);
|
|
|
727bdf |
}
|
|
|
727bdf |
|
|
|
727bdf |
static int check_unprotected_PKCS8_PEM(const char *file, const int line,
|
|
|
727bdf |
@@ -547,7 +559,7 @@ static int check_unprotected_PKCS8_PEM(const char *file, const int line,
|
|
|
727bdf |
sizeof(expected_pem_header) - 1);
|
|
|
727bdf |
}
|
|
|
727bdf |
|
|
|
727bdf |
-static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key)
|
|
|
727bdf |
+static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key, int fips)
|
|
|
727bdf |
{
|
|
|
727bdf |
return test_encode_decode(__FILE__, __LINE__, type, key,
|
|
|
727bdf |
OSSL_KEYMGMT_SELECT_KEYPAIR
|
|
|
727bdf |
@@ -555,7 +567,7 @@ static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key)
|
|
|
727bdf |
"PEM", "PrivateKeyInfo", NULL, NULL,
|
|
|
727bdf |
encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
|
|
|
727bdf |
test_text, check_unprotected_PKCS8_PEM,
|
|
|
727bdf |
- dump_pem, 0);
|
|
|
727bdf |
+ dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS);
|
|
|
727bdf |
}
|
|
|
727bdf |
|
|
|
727bdf |
#ifndef OPENSSL_NO_KEYPARAMS
|
|
|
727bdf |
@@ -702,7 +714,7 @@ static int check_protected_PKCS8_DER(const char *file, const int line,
|
|
|
727bdf |
return ok;
|
|
|
727bdf |
}
|
|
|
727bdf |
|
|
|
727bdf |
-static int test_protected_via_DER(const char *type, EVP_PKEY *key)
|
|
|
727bdf |
+static int test_protected_via_DER(const char *type, EVP_PKEY *key, int fips)
|
|
|
727bdf |
{
|
|
|
727bdf |
return test_encode_decode(__FILE__, __LINE__, type, key,
|
|
|
727bdf |
OSSL_KEYMGMT_SELECT_KEYPAIR
|
|
|
727bdf |
@@ -711,7 +723,7 @@ static int test_protected_via_DER(const char *type, EVP_PKEY *key)
|
|
|
727bdf |
pass, pass_cipher,
|
|
|
727bdf |
encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
|
|
|
727bdf |
test_mem, check_protected_PKCS8_DER,
|
|
|
727bdf |
- dump_der, 0);
|
|
|
727bdf |
+ dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS);
|
|
|
727bdf |
}
|
|
|
727bdf |
|
|
|
727bdf |
static int check_protected_PKCS8_PEM(const char *file, const int line,
|
|
|
727bdf |
@@ -725,7 +737,7 @@ static int check_protected_PKCS8_PEM(const char *file, const int line,
|
|
|
727bdf |
sizeof(expected_pem_header) - 1);
|
|
|
727bdf |
}
|
|
|
727bdf |
|
|
|
727bdf |
-static int test_protected_via_PEM(const char *type, EVP_PKEY *key)
|
|
|
727bdf |
+static int test_protected_via_PEM(const char *type, EVP_PKEY *key, int fips)
|
|
|
727bdf |
{
|
|
|
727bdf |
return test_encode_decode(__FILE__, __LINE__, type, key,
|
|
|
727bdf |
OSSL_KEYMGMT_SELECT_KEYPAIR
|
|
|
727bdf |
@@ -734,7 +746,7 @@ static int test_protected_via_PEM(const char *type, EVP_PKEY *key)
|
|
|
727bdf |
pass, pass_cipher,
|
|
|
727bdf |
encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
|
|
|
727bdf |
test_text, check_protected_PKCS8_PEM,
|
|
|
727bdf |
- dump_pem, 0);
|
|
|
727bdf |
+ dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS);
|
|
|
727bdf |
}
|
|
|
727bdf |
|
|
|
727bdf |
static int check_protected_legacy_PEM(const char *file, const int line,
|
|
|
727bdf |
@@ -795,14 +807,15 @@ static int check_public_DER(const char *file, const int line,
|
|
|
727bdf |
return ok;
|
|
|
727bdf |
}
|
|
|
727bdf |
|
|
|
727bdf |
-static int test_public_via_DER(const char *type, EVP_PKEY *key)
|
|
|
727bdf |
+static int test_public_via_DER(const char *type, EVP_PKEY *key, int fips)
|
|
|
727bdf |
{
|
|
|
727bdf |
return test_encode_decode(__FILE__, __LINE__, type, key,
|
|
|
727bdf |
OSSL_KEYMGMT_SELECT_PUBLIC_KEY
|
|
|
727bdf |
| OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
|
|
|
727bdf |
"DER", "SubjectPublicKeyInfo", NULL, NULL,
|
|
|
727bdf |
encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
|
|
|
727bdf |
- test_mem, check_public_DER, dump_der, 0);
|
|
|
727bdf |
+ test_mem, check_public_DER, dump_der,
|
|
|
727bdf |
+ fips ? 0 : FLAG_FAIL_IF_FIPS);
|
|
|
727bdf |
}
|
|
|
727bdf |
|
|
|
727bdf |
static int check_public_PEM(const char *file, const int line,
|
|
|
727bdf |
@@ -816,14 +829,15 @@ static int check_public_PEM(const char *file, const int line,
|
|
|
727bdf |
sizeof(expected_pem_header) - 1);
|
|
|
727bdf |
}
|
|
|
727bdf |
|
|
|
727bdf |
-static int test_public_via_PEM(const char *type, EVP_PKEY *key)
|
|
|
727bdf |
+static int test_public_via_PEM(const char *type, EVP_PKEY *key, int fips)
|
|
|
727bdf |
{
|
|
|
727bdf |
return test_encode_decode(__FILE__, __LINE__, type, key,
|
|
|
727bdf |
OSSL_KEYMGMT_SELECT_PUBLIC_KEY
|
|
|
727bdf |
| OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
|
|
|
727bdf |
"PEM", "SubjectPublicKeyInfo", NULL, NULL,
|
|
|
727bdf |
encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
|
|
|
727bdf |
- test_text, check_public_PEM, dump_pem, 0);
|
|
|
727bdf |
+ test_text, check_public_PEM, dump_pem,
|
|
|
727bdf |
+ fips ? 0 : FLAG_FAIL_IF_FIPS);
|
|
|
727bdf |
}
|
|
|
727bdf |
|
|
|
727bdf |
static int check_public_MSBLOB(const char *file, const int line,
|
|
|
727bdf |
@@ -868,30 +882,30 @@ static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key)
|
|
|
727bdf |
EVP_PKEY_free(template_##KEYTYPE); \
|
|
|
727bdf |
EVP_PKEY_free(key_##KEYTYPE)
|
|
|
727bdf |
|
|
|
727bdf |
-#define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr) \
|
|
|
727bdf |
+#define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr, fips) \
|
|
|
727bdf |
static int test_unprotected_##KEYTYPE##_via_DER(void) \
|
|
|
727bdf |
{ \
|
|
|
727bdf |
- return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE); \
|
|
|
727bdf |
+ return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \
|
|
|
727bdf |
} \
|
|
|
727bdf |
static int test_unprotected_##KEYTYPE##_via_PEM(void) \
|
|
|
727bdf |
{ \
|
|
|
727bdf |
- return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE); \
|
|
|
727bdf |
+ return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \
|
|
|
727bdf |
} \
|
|
|
727bdf |
static int test_protected_##KEYTYPE##_via_DER(void) \
|
|
|
727bdf |
{ \
|
|
|
727bdf |
- return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE); \
|
|
|
727bdf |
+ return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \
|
|
|
727bdf |
} \
|
|
|
727bdf |
static int test_protected_##KEYTYPE##_via_PEM(void) \
|
|
|
727bdf |
{ \
|
|
|
727bdf |
- return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE); \
|
|
|
727bdf |
+ return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \
|
|
|
727bdf |
} \
|
|
|
727bdf |
static int test_public_##KEYTYPE##_via_DER(void) \
|
|
|
727bdf |
{ \
|
|
|
727bdf |
- return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE); \
|
|
|
727bdf |
+ return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \
|
|
|
727bdf |
} \
|
|
|
727bdf |
static int test_public_##KEYTYPE##_via_PEM(void) \
|
|
|
727bdf |
{ \
|
|
|
727bdf |
- return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE); \
|
|
|
727bdf |
+ return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \
|
|
|
727bdf |
}
|
|
|
727bdf |
|
|
|
727bdf |
#define ADD_TEST_SUITE(KEYTYPE) \
|
|
|
727bdf |
@@ -965,10 +979,10 @@ static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key)
|
|
|
727bdf |
|
|
|
727bdf |
#ifndef OPENSSL_NO_DH
|
|
|
727bdf |
DOMAIN_KEYS(DH);
|
|
|
727bdf |
-IMPLEMENT_TEST_SUITE(DH, "DH")
|
|
|
727bdf |
+IMPLEMENT_TEST_SUITE(DH, "DH", 1)
|
|
|
727bdf |
IMPLEMENT_TEST_SUITE_PARAMS(DH, "DH")
|
|
|
727bdf |
DOMAIN_KEYS(DHX);
|
|
|
727bdf |
-IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH")
|
|
|
727bdf |
+IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH", 1)
|
|
|
727bdf |
IMPLEMENT_TEST_SUITE_PARAMS(DHX, "X9.42 DH")
|
|
|
727bdf |
/*
|
|
|
727bdf |
* DH has no support for PEM_write_bio_PrivateKey_traditional(),
|
|
|
727bdf |
@@ -977,7 +991,7 @@ IMPLEMENT_TEST_SUITE_PARAMS(DHX, "X9.42 DH")
|
|
|
727bdf |
#endif
|
|
|
727bdf |
#ifndef OPENSSL_NO_DSA
|
|
|
727bdf |
DOMAIN_KEYS(DSA);
|
|
|
727bdf |
-IMPLEMENT_TEST_SUITE(DSA, "DSA")
|
|
|
727bdf |
+IMPLEMENT_TEST_SUITE(DSA, "DSA", 1)
|
|
|
727bdf |
IMPLEMENT_TEST_SUITE_PARAMS(DSA, "DSA")
|
|
|
727bdf |
IMPLEMENT_TEST_SUITE_LEGACY(DSA, "DSA")
|
|
|
727bdf |
IMPLEMENT_TEST_SUITE_MSBLOB(DSA, "DSA")
|
|
|
727bdf |
@@ -988,41 +1002,41 @@ IMPLEMENT_TEST_SUITE_PROTECTED_PVK(DSA, "DSA")
|
|
|
727bdf |
#endif
|
|
|
727bdf |
#ifndef OPENSSL_NO_EC
|
|
|
727bdf |
DOMAIN_KEYS(EC);
|
|
|
727bdf |
-IMPLEMENT_TEST_SUITE(EC, "EC")
|
|
|
727bdf |
+IMPLEMENT_TEST_SUITE(EC, "EC", 1)
|
|
|
727bdf |
IMPLEMENT_TEST_SUITE_PARAMS(EC, "EC")
|
|
|
727bdf |
IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC")
|
|
|
727bdf |
DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
|
|
|
727bdf |
-IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC")
|
|
|
727bdf |
+IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1)
|
|
|
727bdf |
IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC")
|
|
|
727bdf |
/*DOMAIN_KEYS(ECExplicitPrime2G);*/
|
|
|
727bdf |
-/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC")*/
|
|
|
727bdf |
+/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)*/
|
|
|
727bdf |
/*IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")*/
|
|
|
727bdf |
# ifndef OPENSSL_NO_EC2M
|
|
|
727bdf |
DOMAIN_KEYS(ECExplicitTriNamedCurve);
|
|
|
727bdf |
-IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC")
|
|
|
727bdf |
+IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1)
|
|
|
727bdf |
IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve, "EC")
|
|
|
727bdf |
DOMAIN_KEYS(ECExplicitTri2G);
|
|
|
727bdf |
-IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC")
|
|
|
727bdf |
+IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC", 0)
|
|
|
727bdf |
IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTri2G, "EC")
|
|
|
727bdf |
# endif
|
|
|
727bdf |
KEYS(ED25519);
|
|
|
727bdf |
-IMPLEMENT_TEST_SUITE(ED25519, "ED25519")
|
|
|
727bdf |
+IMPLEMENT_TEST_SUITE(ED25519, "ED25519", 1)
|
|
|
727bdf |
KEYS(ED448);
|
|
|
727bdf |
-IMPLEMENT_TEST_SUITE(ED448, "ED448")
|
|
|
727bdf |
+IMPLEMENT_TEST_SUITE(ED448, "ED448", 1)
|
|
|
727bdf |
KEYS(X25519);
|
|
|
727bdf |
-IMPLEMENT_TEST_SUITE(X25519, "X25519")
|
|
|
727bdf |
+IMPLEMENT_TEST_SUITE(X25519, "X25519", 1)
|
|
|
727bdf |
KEYS(X448);
|
|
|
727bdf |
-IMPLEMENT_TEST_SUITE(X448, "X448")
|
|
|
727bdf |
+IMPLEMENT_TEST_SUITE(X448, "X448", 1)
|
|
|
727bdf |
/*
|
|
|
727bdf |
* ED25519, ED448, X25519 and X448 have no support for
|
|
|
727bdf |
* PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
|
|
|
727bdf |
*/
|
|
|
727bdf |
#endif
|
|
|
727bdf |
KEYS(RSA);
|
|
|
727bdf |
-IMPLEMENT_TEST_SUITE(RSA, "RSA")
|
|
|
727bdf |
+IMPLEMENT_TEST_SUITE(RSA, "RSA", 1)
|
|
|
727bdf |
IMPLEMENT_TEST_SUITE_LEGACY(RSA, "RSA")
|
|
|
727bdf |
KEYS(RSA_PSS);
|
|
|
727bdf |
-IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS")
|
|
|
727bdf |
+IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS", 1)
|
|
|
727bdf |
/*
|
|
|
727bdf |
* RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(),
|
|
|
727bdf |
* so no legacy tests.
|