isaacpittman-hitachi / rpms / openssl

Forked from rpms/openssl 2 years ago
Clone

Blame SOURCES/0013-FIPS-provider-explicit-ec.patch

22d461
diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c
22d461
index 78dc69082fab..8a86c9108d0d 100644
22d461
--- a/providers/implementations/keymgmt/ec_kmgmt.c
22d461
+++ b/providers/implementations/keymgmt/ec_kmgmt.c
22d461
@@ -470,9 +470,6 @@ int ec_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
22d461
     if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0
22d461
             && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) == 0)
22d461
         return 0;
22d461
-    if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0
22d461
-            && (selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
22d461
-        return 0;
22d461
 
22d461
     tmpl = OSSL_PARAM_BLD_new();
22d461
     if (tmpl == NULL)
22d461
diff --git a/test/recipes/15-test_ecparam.t b/test/recipes/15-test_ecparam.t
22d461
index 766524e8cfa9..80bac6741290 100644
22d461
--- a/test/recipes/15-test_ecparam.t
22d461
+++ b/test/recipes/15-test_ecparam.t
22d461
@@ -13,7 +13,7 @@ use warnings;
22d461
 use File::Spec;
22d461
 use File::Compare qw/compare_text/;
22d461
 use OpenSSL::Glob;
22d461
-use OpenSSL::Test qw/:DEFAULT data_file/;
22d461
+use OpenSSL::Test qw/:DEFAULT data_file srctop_file bldtop_dir/;
22d461
 use OpenSSL::Test::Utils;
22d461
 
22d461
 setup("test_ecparam");
22d461
@@ -25,7 +25,7 @@ my @valid = glob(data_file("valid", "*.pem"));
22d461
 my @noncanon = glob(data_file("noncanon", "*.pem"));
22d461
 my @invalid = glob(data_file("invalid", "*.pem"));
22d461
 
22d461
-plan tests => 11;
22d461
+plan tests => 12;
22d461
 
22d461
 sub checkload {
22d461
     my $files = shift; # List of files
22d461
@@ -59,6 +59,8 @@ sub checkcompare {
22d461
     }
22d461
 }
22d461
 
22d461
+my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
22d461
+
22d461
 subtest "Check loading valid parameters by ecparam with -check" => sub {
22d461
     plan tests => scalar(@valid);
22d461
     checkload(\@valid, 1, "ecparam", "-check");
22d461
@@ -113,3 +115,31 @@ subtest "Check pkeyparam does not change the parameter file on output" => sub {
22d461
     plan tests => 2 * scalar(@valid);
22d461
     checkcompare(\@valid, "pkeyparam");
22d461
 };
22d461
+
22d461
+subtest "Check loading of fips and non-fips params" => sub {
22d461
+    plan skip_all => "FIPS is disabled"
22d461
+        if $no_fips;
22d461
+    plan tests => 3;
22d461
+
22d461
+    my $fipsconf = srctop_file("test", "fips-and-base.cnf");
22d461
+    my $defaultconf = srctop_file("test", "default.cnf");
22d461
+
22d461
+    $ENV{OPENSSL_CONF} = $fipsconf;
22d461
+
22d461
+    ok(run(app(['openssl', 'ecparam',
22d461
+                '-in', data_file('valid', 'secp384r1-explicit.pem'),
22d461
+                '-check'])),
22d461
+       "Loading explicitly encoded valid curve");
22d461
+
22d461
+    ok(run(app(['openssl', 'ecparam',
22d461
+                '-in', data_file('valid', 'secp384r1-named.pem'),
22d461
+                '-check'])),
22d461
+       "Loading named valid curve");
22d461
+
22d461
+    ok(!run(app(['openssl', 'ecparam',
22d461
+                '-in', data_file('valid', 'secp112r1-named.pem'),
22d461
+                '-check'])),
22d461
+       "Fail loading named non-fips curve");
22d461
+
22d461
+    $ENV{OPENSSL_CONF} = $defaultconf;
22d461
+};