Update new FIPS indicator evp_tests to use FIPSversion + Availablein options.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25267)

diff --git a/test/recipes/30-test_evp_data/evpciph_des3_common.txt b/test/recipes/30-test_evp_data/evpciph_des3_common.txt
index fa4c4f06a69113071c4769cd08cbd23da9363e68..326f9a2c9f5c6bf3483da51a6023689c4a317302 100644 (file)
--- a/test/recipes/30-test_evp_data/evpciph_des3_common.txt
+++ b/test/recipes/30-test_evp_data/evpciph_des3_common.txt
@@ -41,6 +41,7 @@ Ciphertext = 4d1332e49f380e23d80a0d8b2bae5e4e6a0094171abcfc27df2bfd40da9f4e4d
 # DES EDE3 CBC tests (from destest)
 
 # Test that DES3 CBC mode encryption fails because it is not FIPS approved
+Availablein = fips
 FIPSversion = >=3.4.0
 Cipher = DES-EDE3-CBC
 Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210
@@ -50,6 +51,7 @@ Ciphertext = 3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675
 Result = CIPHERINIT_ERROR
 
 # Test that DES3 EBC mode encryption fails because it is not FIPS approved
+Availablein = fips
 FIPSversion = >=3.4.0
 Cipher = DES-EDE3-ECB
 Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210
@@ -60,6 +62,7 @@ Result = CIPHERINIT_ERROR
 Title = DES3 FIPS Indicator Tests
 
 # Test that DES3 CBC mode encryption is not FIPS approved
+Availablein = fips
 FIPSversion = >=3.4.0
 Cipher = DES-EDE3-CBC
 Unapproved = 1
@@ -71,6 +74,7 @@ Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000
 Ciphertext = 3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675
 
 # Test that DES3 ECB mode encryption is not FIPS approved
+Availablein = fipss
 FIPSversion = >=3.4.0
 Cipher = DES-EDE3-ECB
 Operation = ENCRYPT

diff --git a/test/recipes/30-test_evp_data/evpkdf_hkdf.txt b/test/recipes/30-test_evp_data/evpkdf_hkdf.txt
index 44f7cece044fc585d95e3076a267967f5106d52b..34ca26993444b23582ca507ee84b95b06295eb57 100644 (file)
--- a/test/recipes/30-test_evp_data/evpkdf_hkdf.txt
+++ b/test/recipes/30-test_evp_data/evpkdf_hkdf.txt
@@ -237,6 +237,7 @@ Reason = xof digests not allowed
 Title = FIPS indicator tests
 
 # Test that the key whose length is shorter than 112 bits is rejected
+Availablein = fips
 FIPSversion = >=3.4.0
 KDF = HKDF
 Ctrl.digest = digest:SHA1
@@ -248,6 +249,7 @@ Reason = invalid key length
 
 # Test that the key whose length is shorter than 112 bits is reported as
 # unapproved
+Availablein = fips
 FIPSversion = >=3.4.0
 KDF = HKDF
 Unapproved = 1

diff --git a/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt b/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt
index cc01454c8b530a9b42ee82f09e52b21c2f73335a..e41c3ca9435385cd4c2fdab8501b8adea8650fe8 100644 (file)
--- a/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt
+++ b/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt
@@ -1858,6 +1858,7 @@ Output = 6db880daac98b078ee389a2164252ded61322d661e2b49247ea921e544675d8f17af2bf
 
 Title = Negative tests for FIPS minimum key length
 
+Availablein = fips
 FIPSversion = >=3.4.0
 KDF = KBKDF
 Ctrl.mode = mode:COUNTER
@@ -1871,6 +1872,7 @@ Ctrl.hexinfo = hexinfo:56ec
 Result = KDF_CTRL_ERROR
 Reason = invalid key length
 
+Availablein = fips
 FIPSversion = >=3.4.0
 KDF = KBKDF
 Ctrl.mode = mode:COUNTER

diff --git a/test/recipes/30-test_evp_data/evpkdf_pbkdf2.txt b/test/recipes/30-test_evp_data/evpkdf_pbkdf2.txt
index e01b47fbaaf8f61a121caa8974bdf661cc8c8c35..bc7d869c84b7cbb6d46c80dec2de60674265b576 100644 (file)
--- a/test/recipes/30-test_evp_data/evpkdf_pbkdf2.txt
+++ b/test/recipes/30-test_evp_data/evpkdf_pbkdf2.txt
@@ -207,6 +207,7 @@ Ctrl.iter = iter:1
 Ctrl.digest = digest:sha512
 Output = 00ef42cdbfc98d29db20976608e455567fdddf14
 
+Availablein = fips
 FIPSversion = <3.4.0
 KDF = PBKDF2
 Ctrl.pkcs5 = pkcs5:1
@@ -216,6 +217,7 @@ Ctrl.iter = iter:1
 Ctrl.digest = digest:shake-128
 Result = KDF_DERIVE_ERROR
 
+Availablein = fips
 FIPSversion = >=3.4.0
 KDF = PBKDF2
 Ctrl.pkcs5 = pkcs5:1
@@ -229,6 +231,7 @@ Reason = xof digests not allowed
 Title = FIPS indicator tests
 
 # Test that operations with unapproved parameters are rejected
+Availablein = fips
 FIPSversion = >=3.4.0
 KDF = PBKDF2
 Ctrl.pass = pass:password
@@ -239,6 +242,7 @@ Result = KDF_CTRL_ERROR
 Reason = invalid salt length
 
 # Test that operations with unapproved parameters are reported as unapproved
+Availablein = fips
 FIPSversion = >=3.4.0
 KDF = PBKDF2
 Unapproved = 1
@@ -251,6 +255,7 @@ Output = 4b007901b765489abead49d926f721d065a429c1
 
 # Test that the operation with approved parameters and unapproved pkcs5 value is
 # reposted as approved
+Availablein = fips
 FIPSversion = >=3.4.0
 KDF = PBKDF2
 Ctrl.pkcs5 = pkcs5:1

diff --git a/test/recipes/30-test_evp_data/evpkdf_ss.txt b/test/recipes/30-test_evp_data/evpkdf_ss.txt
index eb94707a8a2be5228447bf1cf9efe2c89f872755..1a87f37ad9352ac0f3f71bb7618202c38f80de02 100644 (file)
--- a/test/recipes/30-test_evp_data/evpkdf_ss.txt
+++ b/test/recipes/30-test_evp_data/evpkdf_ss.txt
@@ -1182,6 +1182,7 @@ Title = Secret length < 112 bits is not allowed in FIPS
 Title = FIPS indicator tests
 
 # Test that the key whose length is shorter than 112 bits is rejected
+Availablein = fips
 FIPSversion = >=3.4.0
 KDF = SSKDF
 Ctrl.digest = digest:SHA1
@@ -1214,6 +1215,7 @@ Title = Secret length < 112 is not approved in FIPS
 
 # Test that the key whose length is shorter than 112 bits is reported as
 # unapproved
+Availablein = fips
 FIPSversion = >=3.4.0
 KDF = SSKDF
 Unapproved = 1

diff --git a/test/recipes/30-test_evp_data/evpkdf_ssh.txt b/test/recipes/30-test_evp_data/evpkdf_ssh.txt
index 71a000df6fa2a07d5c125832761085ad995d6c83..e4bfefc2bf695ab90c227997b7a2ca49aec8741a 100644 (file)
--- a/test/recipes/30-test_evp_data/evpkdf_ssh.txt
+++ b/test/recipes/30-test_evp_data/evpkdf_ssh.txt
@@ -4878,6 +4878,7 @@ Ctrl.type = type:A
 Result = KDF_CTRL_ERROR
 Reason = xof digests not allowed
 
+Availablein = fips
 FIPSversion = <3.4.0
 KDF = SSHKDF
 Ctrl.digest = digest:SHAKE-256
@@ -4890,6 +4891,7 @@ Result = KDF_MISMATCH
 Title = FIPS indicator tests
 
 # Test that the operation with unapproved digest function is rejected
+Availablein = fips
 FIPSversion = >=3.4.0
 KDF = SSHKDF
 Ctrl.digest = digest:SHA512-256
@@ -4902,6 +4904,7 @@ Reason = digest not allowed
 
 # Test that the operation with unapproved digest function is is reported as
 # unapproved
+Availablein = fips
 FIPSversion = >=3.4.0
 KDF = SSHKDF
 Unapproved = 1
@@ -4914,6 +4917,7 @@ Ctrl.type = type:A
 Output = d37ea221cbcc026d95e8c10b7d28a1b41e4ec1b497bae0e4cdbc1446e5bd59e2
 
 # Test that the key whose length is shorter than 112 bits is rejected
+Availablein = fips
 FIPSversion = >=3.4.0
 KDF = SSHKDF
 Ctrl.digest = digest:SHA1
@@ -4926,6 +4930,7 @@ Reason = invalid key length
 
 # Test that the key whose length is shorter than 112 bits is reported as
 # unapproved
+Availablein = fips
 FIPSversion = >=3.4.0
 KDF = SSHKDF
 Unapproved = 1

diff --git a/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt b/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
index fa452ee394955df48b256ac225612dae5c080cbd..5ddd0e15aae92be70a2be4d0d2dc6e69a3f5ff39 100644 (file)
--- a/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
+++ b/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
@@ -61,6 +61,7 @@ Result = KDF_DERIVE_ERROR
 Reason = invalid key length
 
 # FIPS indicator callback test
+Availablein = fips
 FIPSversion = >=3.4.0
 KDF = TLS1-PRF
 Unapproved = 1
@@ -85,6 +86,7 @@ Result = KDF_CTRL_ERROR
 Title = FIPS indicator tests
 
 # Test that the operation with unapproved digest function is rejected
+Availablein = fips
 FIPSversion = >=3.4.0
 KDF = TLS1-PRF
 Ctrl.digest = digest:SHA512-256
@@ -97,6 +99,7 @@ Reason = digest not allowed
 
 # Test that the operation with unapproved digest function is is reported as
 # unapproved
+Availablein = fips
 FIPSversion = >=3.4.0
 KDF = TLS1-PRF
 Unapproved = 1
@@ -110,6 +113,7 @@ Output = 17be20a3b4cc05524d7de353b2f125537c23372144111b0367bda166fcfc09cf1c94909
 
 
 # Test that the key whose length is shorter than 112 bits is rejected
+Availablein = fips
 FIPSversion = >=3.4.0
 KDF = TLS1-PRF
 Ctrl.digest = digest:SHA256
@@ -122,6 +126,7 @@ Reason = invalid key length
 
 # Test that the key whose length is shorter than 112 bits is reported as
 # unapproved
+Availablein = fips
 FIPSversion = >=3.4.0
 KDF = TLS1-PRF
 Unapproved = 1

diff --git a/test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt b/test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt
index e27e478c09941aea8ed9ca2231eba0f5830248ab..1f144ad549329642c648de2daf25a4391fa23cb2 100644 (file)
--- a/test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt
+++ b/test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt
@@ -4937,6 +4937,7 @@ Result = KDF_CTRL_ERROR
 
 Title = TLS13-KDF unsupported XOF test
 
+Availablein = fips
 FIPSversion = <3.4.0
 KDF = TLS13-KDF
 Ctrl.mode = mode:EXTRACT_ONLY
@@ -4944,6 +4945,7 @@ Ctrl.digest = digest:SHAKE-256
 Ctrl.key = hexkey:f8af6aea2d397baf2948a25b2834200692cff17eee9165e4e27babee9edefd05
 Result = KDF_DERIVE_ERROR
 
+Availablein = fips
 FIPSversion = >=3.4.0
 KDF = TLS13-KDF
 Ctrl.mode = mode:EXTRACT_ONLY
@@ -4955,6 +4957,7 @@ Reason = xof digests not allowed
 Title = FIPS indicator tests
 
 # Test that the operation with unapproved digest function is rejected
+Availablein = fips
 FIPSversion = >=3.4.0
 KDF = TLS13-KDF
 Ctrl.mode = mode:EXTRACT_ONLY
@@ -4964,6 +4967,7 @@ Result = KDF_CTRL_ERROR
 
 # Test that the operation with unapproved digest function is is reported as
 # unapproved
+Availablein = fips
 FIPSversion = >=3.4.0
 KDF = TLS13-KDF
 Unapproved = 1
@@ -4975,6 +4979,7 @@ Output = c8240b43113bb8bd211ee97c5145d389e8074f76eeeaac74eb55691062a436e4
 Reason = digest not allowed
 
 # Test that the key whose length is shorter than 112 bits is rejected
+Availablein = fips
 FIPSversion = >=3.4.0
 KDF = TLS13-KDF
 Ctrl.mode = mode:EXTRACT_ONLY
@@ -4983,6 +4988,7 @@ Ctrl.key = hexkey:0102030405060708090a0b
 Result = KDF_CTRL_ERROR
 Reason = invalid key length
 
+Availablein = fips
 FIPSversion = >=3.4.0
 KDF = TLS13-KDF
 Ctrl.mode = mode:EXPAND_ONLY
@@ -4996,6 +5002,7 @@ Reason = invalid key length
 
 # Test that the key whose length is shorter than 112 bits is reported as
 # unapproved
+Availablein = fips
 FIPSversion = >=3.4.0
 KDF = TLS13-KDF
 Unapproved = 1
@@ -5005,6 +5012,7 @@ Ctrl.digest = digest:SHA2-256
 Ctrl.key = hexkey:0102030405060708090a0b
 Output = ac5ae06e0f6bff82f6256f0fc9fb943554752ba0c93f42ee6499b99c9e5c24a8
 
+Availablein = fips
 FIPSversion = >=3.4.0
 KDF = TLS13-KDF
 Unapproved = 1

diff --git a/test/recipes/30-test_evp_data/evpkdf_x942.txt b/test/recipes/30-test_evp_data/evpkdf_x942.txt
index aaba52f19f0d1b4ed0f2b537ca5ffe8dc45b1330..0d7a34403c47a60988687a75d8db554e7406d5e7 100644 (file)
--- a/test/recipes/30-test_evp_data/evpkdf_x942.txt
+++ b/test/recipes/30-test_evp_data/evpkdf_x942.txt
@@ -98,6 +98,7 @@ Ctrl.hexukm = hexukm:012345
 Output = C2E6A0978C24AF3932F478583ADBFB5F57D491822592EAD3C538875F46EB057A
 Result = KDF_DERIVE_ERROR
 
+Availablein = fips
 FIPSversion = <3.4.0
 KDF = X942KDF-ASN1
 Ctrl.digest = digest:SHAKE-128
@@ -107,6 +108,7 @@ Ctrl.cekalg = cekalg:id-aes128-wrap
 Ctrl.hexacvp-info = hexacvp-info:a020299D468D60BC6A257E0B6523D691A3FC1602453B35F308C762FBBAC6069A88BCa12080D49BFE5BE01C7D56489AB017663C22B8CBB34C3174D1D71F00CB7505AC759Aa2203C21A5EA5988562C007986E0503D039E7231D9F152FE72A231A1FD98C59BCA6Aa320FD47477542989B51E4A0845DFABD6EEAA465F69B3D75349B2520051782C7F3FC
 Result = KDF_DERIVE_ERROR
 
+Availablein = fips
 FIPSversion = >=3.4.0
 KDF = X942KDF-ASN1
 Ctrl.digest = digest:SHAKE-128

diff --git a/test/recipes/30-test_evp_data/evpkdf_x963.txt b/test/recipes/30-test_evp_data/evpkdf_x963.txt
index c6e76f3a3e6f4676b716d4612863a256d7526f9f..8ed70e712ef1a0fcb2507473503163055f47b434 100644 (file)
--- a/test/recipes/30-test_evp_data/evpkdf_x963.txt
+++ b/test/recipes/30-test_evp_data/evpkdf_x963.txt
@@ -122,6 +122,7 @@ Ctrl.hexinfo = hexinfo:af42f1ae85477ead645583
 Output = 995d1ab8557dfeafcb347f8182583fa0ac5e6cb3912393592590989f38a0214f6cf7d6fbe23917b0966c6a870876de2a2c13a45fa7aa1715be137ed332e1ffc204ce4dcce33ece6dec7f3da61fa049780040e44142cc8a1e5121cf56b386f65b7c261a192f05e5fefae4221a602bc51c41ef175dc45fb7eab8642421b4f7e3e7
 
 # Test that unsupported XOF is rejected
+Availablein = fips
 FIPSversion = <3.4.0
 KDF = X963KDF
 Ctrl.digest = digest:SHAKE-256
@@ -129,6 +130,7 @@ Ctrl.hexsecret = hexsecret:fd17198b89ab39c4ab5d7cca363b82f9fd7e23c3984dc8a2
 Ctrl.hexinfo = hexinfo:856a53f3e36a26bbc5792879f307cce2
 Result = KDF_DERIVE_ERROR
 
+Availablein = fips
 FIPSversion = >=3.4.0
 KDF = X963KDF
 Ctrl.digest = digest:SHAKE-256
@@ -140,6 +142,7 @@ Reason = xof digests not allowed
 Title = FIPS indicator tests
 
 # Test that the operation with unapproved digest function is rejected
+Availablein = fips
 FIPSversion = >=3.4.0
 KDF = X963KDF
 Ctrl.digest = digest:SHA1
@@ -150,6 +153,7 @@ Reason = digest not allowed
 
 # Test that the operation with unapproved digest function is is reported as
 # unapproved
+Availablein = fips
 FIPSversion = >=3.4.0
 KDF = X963KDF
 Unapproved = 1
@@ -160,6 +164,7 @@ Ctrl.hexinfo = hexinfo:856a53f3e36a26bbc5792879f307cce2
 Output = 6e5fad865cb4a51c95209b16df0cc490bc2c9064405c5bccd4ee4832a531fbe7f10cb79e2eab6ab1149fbd5a23cfdabc41242269c9df22f628c4424333855b64e95e2d4fb8469c669f17176c07d103376b10b384ec5763d8b8c610409f19aca8eb31f9d85cc61a8d6d4a03d03e5a506b78d6847e93d295ee548c65afedd2efec
 
 # Test that the key whose length is shorter than 112 bits is rejected
+Availablein = fips
 FIPSversion = >=3.4.0
 KDF = X963KDF
 Ctrl.digest = digest:SHA224
@@ -170,6 +175,7 @@ Reason = invalid key length
 
 # Test that the key whose length is shorter than 112 bits is reported as
 # unapproved
+Availablein = fips
 FIPSversion = >=3.4.0
 KDF = X963KDF
 Unapproved = 1

diff --git a/test/recipes/30-test_evp_data/evpmac_cmac_des.txt b/test/recipes/30-test_evp_data/evpmac_cmac_des.txt
index 14169c45b449e93ca6fa507c15a83cc4d657a3d4..e8b5aaab6bd45bd8cc56f4f5a427cb56e729ea8d 100644 (file)
--- a/test/recipes/30-test_evp_data/evpmac_cmac_des.txt
+++ b/test/recipes/30-test_evp_data/evpmac_cmac_des.txt
@@ -28,6 +28,7 @@ Key = 89BCD952A8C8AB371AF48AC7D07085D5EFF702E6D62CDC23
 Input = FA620C1BBE97319E9A0CF0492121F7A20EB08A6A709DCBD00AAF38E4F99E754E
 Output = 8F49A1B7D6AA2258
 
+Availablein = fips
 FIPSversion = >=3.4.0
 MAC = CMAC
 Algorithm = DES-EDE3-CBC
@@ -35,6 +36,7 @@ Key = 89BCD952A8C8AB371AF48AC7D07085D5EFF702E6D62CDC23
 Input = FA620C1BBE97319E9A0CF0492121F7A20EB08A6A709DCBD00AAF38E4F99E754E
 Result = MAC_INIT_ERROR
 
+Availablein = fips
 FIPSversion = >=3.4.0
 MAC = CMAC
 Unapproved = 1

diff --git a/test/recipes/30-test_evp_data/evpmac_common.txt b/test/recipes/30-test_evp_data/evpmac_common.txt
index ff18d2e033da8e570045b78c7bc9575bb3cd6a52..8cd03aa6b51641f338cd4e6327564df6cc18edba 100644 (file)
--- a/test/recipes/30-test_evp_data/evpmac_common.txt
+++ b/test/recipes/30-test_evp_data/evpmac_common.txt
@@ -574,6 +574,7 @@ Reason = invalid output length
 
 Title = KMAC output is too small in FIPS
 
+Availablein = fips
 FIPSversion = >=3.4.0
 MAC = KMAC256
 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
@@ -584,6 +585,7 @@ Unapproved = 1
 Ctrl = size:3
 Ctrl = no-short-mac:0
 
+Availablein = fips
 FIPSversion = >=3.4.0
 MAC = KMAC256
 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
@@ -594,6 +596,7 @@ Ctrl = size:3
 Result = MAC_INIT_ERROR
 Reason = invalid output length
 
+Availablein = fips
 FIPSversion = >=3.4.0
 MAC = KMAC256
 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F

diff --git a/test/recipes/30-test_evp_data/evppkey_ecc.txt b/test/recipes/30-test_evp_data/evppkey_ecc.txt
index b450a974e5b1efcff9f69eb1402329e44ae1ed8a..16b9a1b0225c9d024fdcdaac3603fe022747db48 100644 (file)
--- a/test/recipes/30-test_evp_data/evppkey_ecc.txt
+++ b/test/recipes/30-test_evp_data/evppkey_ecc.txt
@@ -4546,6 +4546,7 @@ KeyName = ec1
 Ctrl = group:P-256
 
 # Test KeyGen with a curve with < 112 bits of security fails.
+Availablein = fips
 FIPSversion = >=3.4.0
 KeyGen = ec
 KeyName = ec2
@@ -4553,6 +4554,7 @@ Ctrl = group:P-192
 Result = KEYGEN_GENERATE_ERROR
 
 # Test KeyGen with a curve with < 112 bits of security is not approved
+Availablein = fips
 FIPSversion = >=3.4.0
 KeyGen = ec
 KeyName = ec3

diff --git a/test/recipes/30-test_evp_data/evppkey_kdf_hkdf.txt b/test/recipes/30-test_evp_data/evppkey_kdf_hkdf.txt
index 2f573c3708b3498b2dccf10fc0e95a69138924f5..d9d4884515dd0cb53f3ad04a85eb4a8b31356ba4 100644 (file)
--- a/test/recipes/30-test_evp_data/evppkey_kdf_hkdf.txt
+++ b/test/recipes/30-test_evp_data/evppkey_kdf_hkdf.txt
@@ -209,6 +209,7 @@ Reason = xof digests not allowed
 Title = FIPS indicator tests
 
 # Test that the key whose length is shorter than 112 bits is rejected
+Availablein = fips
 FIPSversion = >=3.4.0
 PKEYKDF = HKDF
 Ctrl.digest = digest:SHA1
@@ -220,6 +221,7 @@ Reason = invalid key length
 
 # Test that the key whose length is shorter than 112 bits is reported as
 # unapproved
+Availablein = fips
 FIPSversion = >=3.4.0
 PKEYKDF = HKDF
 Unapproved = 1

diff --git a/test/recipes/30-test_evp_data/evppkey_kdf_tls1_prf.txt b/test/recipes/30-test_evp_data/evppkey_kdf_tls1_prf.txt
index 4483bb79b0e094064fbd2c922b6136419a62170a..958742ec9c85b59d29858faa0c593a1a688316e6 100644 (file)
--- a/test/recipes/30-test_evp_data/evppkey_kdf_tls1_prf.txt
+++ b/test/recipes/30-test_evp_data/evppkey_kdf_tls1_prf.txt
@@ -82,6 +82,7 @@ Result = KDF_CTRL_ERROR
 Title = FIPS indicator tests
 
 # Test that the operation with unapproved digest function is rejected
+Availablein = fips
 FIPSversion = >=3.4.0
 PKEYKDF = TLS1-PRF
 Ctrl.digest = digest:SHA512-256
@@ -94,6 +95,7 @@ Reason = digest not allowed
 
 # Test that the operation with unapproved digest function is is reported as
 # unapproved
+Availablein = fips
 FIPSversion = >=3.4.0
 PKEYKDF = TLS1-PRF
 Unapproved = 1
@@ -106,6 +108,7 @@ Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae04
 Output = 17be20a3b4cc05524d7de353b2f125537c23372144111b0367bda166fcfc09cf1c94909a408b986f53afbdc41d93ae09
 
 # Test that the key whose length is shorter than 112 bits is rejected
+Availablein = fips
 FIPSversion = >=3.4.0
 PKEYKDF = TLS1-PRF
 Ctrl.digest = digest:SHA256
@@ -118,6 +121,7 @@ Reason = invalid key length
 
 # Test that the key whose length is shorter than 112 bits is reported as
 # unapproved
+Availablein = fips
 FIPSversion = >=3.4.0
 PKEYKDF = TLS1-PRF
 Unapproved = 1

diff --git a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
index 10a305dd02cefb9f7fa88badceef57217026e5bb..bd11517161cd0bd9d705daf8f9d1ccc57562f7e3 100644 (file)
--- a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
+++ b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
@@ -1938,6 +1938,7 @@ Input = "Hello"
 Output = 80382819f51b197c42f9fc02a85198683d918059afc013ae155992442563dd2897008297fecb3a8d8cf9421d493a99bd427a628f17cc4a7c76d23dfad0619f4068403fa7351f6d5a92a631d670c04407f305a4b5cb492295754e73e9b7ad41459826d3619a61e90d4744bdaf0f24f2393ea9241e973600c2ed62b1a0a37c504e
 
 # Signing with SHA1 is not allowed in fips mode
+Availablein = fips
 FIPSversion = >=3.4.0
 DigestSign = SHA1
 Securitycheck = 1
@@ -1947,6 +1948,7 @@ Result = DIGESTSIGNINIT_ERROR
 Reason = invalid digest
 
 # Signing with a 1024 bit key is not allowed in fips mode
+Availablein = fips
 FIPSversion = >=3.4.0
 DigestSign = SHA256
 Securitycheck = 1
@@ -1956,6 +1958,7 @@ Result = DIGESTSIGNINIT_ERROR
 Reason = invalid key length
 
 # Verifying with a legacy digest in fips mode is not allowed
+Availablein = fips
 FIPSversion = >=3.4.0
 DigestVerify = MD5
 Securitycheck = 1
@@ -1965,6 +1968,7 @@ Result = DIGESTVERIFYINIT_ERROR
 Reason = unsupported
 
 # Verifying with a key smaller than 1024 bits in fips mode is not allowed
+Availablein = fips
 FIPSversion = >=3.4.0
 DigestVerify = SHA256
 Securitycheck = 1
@@ -1974,6 +1978,7 @@ Result = DIGESTVERIFYINIT_ERROR
 Reason = invalid key length
 
 # RSA Signing with X931 is not approved in FIPS 140-3
+Availablein = fips
 FIPSversion = >=3.4.0
 Sign = RSA-2048
 Ctrl = rsa_padding_mode:x931
@@ -1988,6 +1993,7 @@ Reason = illegal or unsupported padding mode
 Title = RSA FIPS Indicator tests
 
 # Decrypt with small RSA key is not permitted in FIPS mode
+Availablein = fips
 FIPSversion = >=3.4.0
 Decrypt = RSA-512
 Securitycheck = 1
@@ -1997,6 +2003,7 @@ Input = 550AF55A2904E7B9762352F8FB7FA235
 Result = KEYOP_MISMATCH
 
 # Signing with SHA1 is not allowed in fips mode
+Availablein = fips
 FIPSversion = >=3.4.0
 DigestSign = SHA1
 Securitycheck = 1
@@ -2006,6 +2013,7 @@ Key = RSA-2048
 Input = "Hello"
 Result = SIGNATURE_MISMATCH
 
+Availablein = fips
 FIPSversion = >=3.4.0
 DigestSign = SHA256
 Securitycheck = 1
@@ -2016,6 +2024,7 @@ Input = "Hello"
 Result = SIGNATURE_MISMATCH
 
 # Verifying with a key smaller than 1024 bits in fips mode is not allowed
+Availablein = fips
 FIPSversion = >=3.4.0
 DigestVerify = SHA256
 Securitycheck = 1
@@ -2026,6 +2035,7 @@ Input = "Hello"
 Result = VERIFY_ERROR
 
 # RSA Signing with X931 is not approved in FIPS 140-3
+Availablein = fips
 FIPSversion = >=3.4.0
 Sign = RSA-2048
 Unapproved = 1
@@ -2036,6 +2046,7 @@ Input = "0123456789ABCDEF123456789ABCDEFG"
 Output = 4b75f521e2e6eeda3f2dcb84ebdacbadeab8ffc1ecdf06c7c4e38727e082a8f5e71be66cdee6d14da1d3a0f18ff20914f71b5308363c81e7471688f4f201e82603ea6a7f31da89cd846b30e2893fd956e76b3d23d40f733e0358e3883526158c74577ba43cc664eaeb909818e75b89fc764cf4575517f87251f8d3cf29b1532f33e6183d454bddd6f255d0ca4415d957eb90dbc55d047f48a01c6e68d5ab46327a158ff7a3383b5b0446b8cd4a91b8859abd3285020a1613ef17d3f8562147828bb36be65505eeec77e968d04e172e2851ff1d7ef523b4022deb72d5fbf78db6738d170098586b904d1c369cedb5e3fe1b909a8dd8ac3beb521af2510d044580
 
 # RSA signing with PSS salt length >= digest length is unapproved
+Availablein = fips
 FIPSversion = >= 3.4.0
 Sign = RSA-PSS
 Ctrl = digest:SHA384
@@ -2046,6 +2057,7 @@ Result = KEYOP_ERROR
 Reason = invalid salt length
 
 # RSA verifying with PSS salt length >= digest length is unapproved
+Availablein = fips
 FIPSversion = >= 3.4.0
 Verify = RSA-PSS
 Ctrl = digest:SHA384
@@ -2056,6 +2068,7 @@ Output = 49BA0CA65076271C0FEB69EB5D03E6989238B8F116FEC934F5A1299762E6FE0B6AA8C2B
 Result = VERIFY_ERROR
 Reason = invalid salt length
 
+Availablein = fips
 FIPSversion = >= 3.4.0
 Verify = RSA-PSS
 Unapproved = 1
@@ -2067,6 +2080,7 @@ Input = "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF"
 Output = 49BA0CA65076271C0FEB69EB5D03E6989238B8F116FEC934F5A1299762E6FE0B6AA8C2B433CA3B11E36D2844265C6B52CD7393FC62A7C6706747BD9454ADE78DE35417D6F6FCE32F1C1D8F40CEF5715BC981AE4B1C94BF8C11E30BC3F19C71BE0FBDED06ECA5FCAC372688A9E821785B9ABA9705D76A1F74A092ACFEF30B018387771031554C43D3C49317C289EC570C603A6356E2FC1FB824F0505029750BC9028B342C27CD8F01C811C0172EFA807218C4657ACA5AA81A2BB1B0C4D63BE32C08BEF11C6E19C565D03246EE021B9293AB3FE33A8946F8EAAAE353E66FA3BB170FDADB7431FFAD4C92623148395FC6F6601495D6FF83E67B20BDDAD082C149E8
 
 # RSA verifying with PSS salt length "digest" is approved
+Availablein = fips
 FIPSversion = >= 3.4.0
 Verify = RSA-PSS
 Ctrl = digest:SHA384
@@ -2076,6 +2090,7 @@ Input = "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF"
 Output = C7280C47D9E2E7468157776CA84F52485F771D961674BF88B64FE3476A193494BCCD7139C204C557EA2FD69BC986EA2AA0416B7CA0C95C442EEAEA1AD5E8F8CE8B248AACDBEDAAA0FF2486F2B10F7F310D63969258BDC6E4D1EAEA5F45E5EB00A328BE70424DC2676EE3679D65F5AEA7A7057FDDE1EE24DFF2BEF63206466D9B6BB440C818683797EAF26D9273CC1A9CDCEDB9A90023BCB35A1DA66288741C5728EEFA681AA8384521B6067E9C7502A005814979BAA71074FAF7D08F61B38F2812B4F5DB889BE2CA19B9D9B32E3463544D35F36F5116527A573AE245878F42E3E7AACC99AA5B18A3E89002779DCD3CF15B5942D31D0E0FF2753C58D046F864F5
 
 # RSA signing with PSS salt length "max" is unapproved
+Availablein = fips
 FIPSversion = >= 3.4.0
 Sign = RSA-PSS
 Ctrl = digest:SHA384
@@ -2086,6 +2101,7 @@ Result = KEYOP_ERROR
 Reason = invalid salt length
 
 # RSA verifying with PSS salt length "max" is unapproved
+Availablein = fips
 FIPSversion = >= 3.4.0
 Verify = RSA-PSS
 Ctrl = digest:SHA384
@@ -2097,6 +2113,7 @@ Result = VERIFY_ERROR
 Reason = invalid salt length
 
 FIPSversion = >= 3.4.0
+Availablein = fips
 Verify = RSA-PSS
 Unapproved = 1
 CtrlInit = rsa-pss-saltlen-check:0
@@ -2107,6 +2124,7 @@ Input = "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF"
 Output = 8424963AB8323443EC617FCB698B583A831303EB97C24C35EFAD6800D32BF74E2E1ACDA367FAD902EE852B1408602A8903E6D90C08F841215C130421E634BCDC798DD12A3E444B4237DE9497D2DD43794D7D04727B4E11C48E6F6BDA03A0117893ABBF3B00EC954AED35904AECA4B6E6020F860C8AE40B17FBBA7E2AB7BFC62E04AC9FBD8CABB03EEA68A12EDB417F13F24084AA5440C206886B86EDA4ADD29CE5DA07701FCC53CE5D77F03E711C8B1DD38763414022A88887813F7F31BA733CCAB124CFA03455C4850514231C9294BC68AD04E917E0F7675B53457A30EC1793D3D117A94D3B9DD60346EEB7027F79BF93AE62A297C261F36969CE2F797BB9B9
 
 # RSA signing with PSS salt length "auto" is unapproved
+Availablein = fips
 FIPSversion = >= 3.4.0
 Sign = RSA-PSS
 Ctrl = digest:SHA384
@@ -2117,6 +2135,7 @@ Result = KEYOP_ERROR
 Reason = invalid salt length
 
 # RSA verifying with PSS salt length "auto" is unapproved
+Availablein = fips
 FIPSversion = >= 3.4.0
 Verify = RSA-PSS
 Ctrl = digest:SHA384
@@ -2127,6 +2146,7 @@ Output = 4B3602F5E515B82573F0A19E244E8D2B6ED6A7E3066891B65E13D1EDAE535ECD0E59830
 Result = VERIFY_ERROR
 Reason = invalid salt length
 
+Availablein = fips
 FIPSversion = >= 3.4.0
 Verify = RSA-PSS
 Unapproved = 1
@@ -2138,6 +2158,7 @@ Input = "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF"
 Output = 4B3602F5E515B82573F0A19E244E8D2B6ED6A7E3066891B65E13D1EDAE535ECD0E59830B190322D357D6199E29C94DB6FFF2EEDB3B8BA57E81062AF963C9C392DC17343873EE7D572C059BAD5B6E4AD09EE50FC69C6FFE22353B95EA80B420E5C85BA86423ECF610F61887D2F02839B28B271B3FA98420D8630EF94E36015A1383C45EB4CA2CA7FCDCDBCF7722DB84AA303F333DF38ED1C92466CB139F8C7D5D7D7B393574951F2DB071579F7170A72934F29AD3EFB403A57AC8A6449742E240DB32C3505293942CAAF1785F886B561075DACB546BBA76FC4C1D8DD8241BC452A3A8B2510D136A2563B242FBF15D7ED3BA08A2C3F45CDE795C94B891F98A8E4F
 
 # RSA verifying with PSS salt length "auto-digestmax" and a signature whose salt length is compliant to FIPS standard is approved
+Availablein = fips
 FIPSversion = >= 3.4.0
 Verify = RSA-PSS
 Ctrl = digest:SHA384
@@ -2147,6 +2168,7 @@ Input = "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF"
 Output = A3D8F40E767B72EED6B9DEA1D717F6A2792001B6BFAD28B54989C668FD65010BD07C90CBFDE139AEE41731A58BF2E895754AA61D3BD9AEF3D6307316EE5792075C22E4DC1DF1377242C258557281C089DF6996148342F3D259DF67A7D67D47EE222F0D14AD6292A6C8D4461AB9E24D27D8BDD35CE9CCC755B7BBCD8D3BEE779C97745A577B6B5634DBCB68A573423089BA93407A96CA07A235C90DA233AC76B290B0475812999531A90BC08F6947F15894232125F1EA35070FADCAB94AF11B149A7B76B0D74C0799DABBA027069DFA8AB56BDC1247F25016C631A18322F9F2B071405991A3618B42EBB05CE215DF93ADC3C14DB87466ED9A6B61605B32686DBB
 
 # RSA verifying with PSS salt length "auto-digestmax" and a signature whose salt length is not compliant to FIPS standard is unapproved
+Availablein = fips
 FIPSversion = >= 3.4.0
 Verify = RSA-PSS
 Ctrl = digest:SHA384
@@ -2157,6 +2179,7 @@ Output = 49BA0CA65076271C0FEB69EB5D03E6989238B8F116FEC934F5A1299762E6FE0B6AA8C2B
 Result = VERIFY_ERROR
 Reason = invalid salt length
 
+Availablein = fips
 FIPSversion = >= 3.4.0
 Verify = RSA-PSS
 Unapproved = 1

diff --git a/test/recipes/30-test_evp_data/evprand.txt b/test/recipes/30-test_evp_data/evprand.txt
index 0d09899a7c90a4bdc955535d3a26f21938ea3d36..439b5a2cdfc0ec1cffe3ef2fae11830b4edd7e73 100644 (file)
--- a/test/recipes/30-test_evp_data/evprand.txt
+++ b/test/recipes/30-test_evp_data/evprand.txt
@@ -79807,6 +79807,7 @@ Output.0 = 5af6
 Result = EVP_RAND_CTX_set_params
 Reason = digest not allowed
 
+Availablein = fips
 FIPSversion = >=3.4.0
 RAND = HASH-DRBG
 Unapproved = 1
@@ -79830,6 +79831,7 @@ Output.0 = ee9f
 Result = EVP_RAND_CTX_set_params
 Reason = digest not allowed
 
+Availablein = fips
 FIPSversion = >=3.4.0
 RAND = HMAC-DRBG
 Unapproved = 1