From: Tomas Mraz <tomas@openssl.org>
Date: Mon, 9 Oct 2023 15:32:53 +0000 (+0200)
Subject: ECDSA with SHA3 verification does not depend on FIPS provider version
X-Git-Tag: openssl-3.2.0-beta1~105
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d0bf0106a5d25f4b9f13ff4e7187c4babe7694e1;p=thirdparty%2Fopenssl.git

ECDSA with SHA3 verification does not depend on FIPS provider version

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22322)
---

diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
index 48af75ab2eb..1c8fce86fd8 100644
--- a/test/recipes/25-test_verify.t
+++ b/test/recipes/25-test_verify.t
@@ -369,6 +369,19 @@ SKIP: {
     skip "EC is not supported or FIPS is disabled", 7
         if disabled("ec") || $no_fips;
 
+    $ENV{OPENSSL_CONF} = $provconf;
+
+    ok(verify("ee-cert-ec-sha3-224", "", ["root-cert"], ["ca-cert-ec-named"], @prov),
+        "accept cert generated with EC and SHA3-224 w/fips");
+    ok(verify("ee-cert-ec-sha3-256", "", ["root-cert"], ["ca-cert-ec-named"], @prov),
+        "accept cert generated with EC and SHA3-256 w/fips");
+    ok(verify("ee-cert-ec-sha3-384", "", ["root-cert"], ["ca-cert-ec-named"], @prov),
+        "accept cert generated with EC and SHA3-384 w/fips");
+    ok(verify("ee-cert-ec-sha3-512", "", ["root-cert"], ["ca-cert-ec-named"], @prov),
+        "accept cert generated with EC and SHA3-512 w/fips");
+
+    delete $ENV{OPENSSL_CONF};
+
     run(test(["fips_version_test", "-config", $provconf, ">3.0.0"]),
              capture => 1, statusvar => \my $exit);
     skip "FIPS provider version is too old", 3
@@ -385,15 +398,6 @@ SKIP: {
     ok(verify("ee-cert-ec-named-named", "", ["root-cert"],
               ["ca-cert-ec-named"], @prov),
         "accept named curve leaf with named curve intermediate w/fips");
-    ok(verify("ee-cert-ec-sha3-224", "", ["root-cert"], ["ca-cert-ec-named"], @prov),
-        "accept cert generated with EC and SHA3-224 w/fips");
-    ok(verify("ee-cert-ec-sha3-256", "", ["root-cert"], ["ca-cert-ec-named"], @prov),
-        "accept cert generated with EC and SHA3-256 w/fips");
-    ok(verify("ee-cert-ec-sha3-384", "", ["root-cert"], ["ca-cert-ec-named"], @prov),
-        "accept cert generated with EC and SHA3-384 w/fips");
-    ok(verify("ee-cert-ec-sha3-512", "", ["root-cert"], ["ca-cert-ec-named"], @prov),
-        "accept cert generated with EC and SHA3-512 w/fips");
-
     delete $ENV{OPENSSL_CONF};
 }