From: Tomas Mraz <tomas@openssl.org>
Date: Wed, 30 Mar 2022 14:04:55 +0000 (+0200)
Subject: Add test for openssl ecparam with fips and base providers
X-Git-Tag: openssl-3.2.0-alpha1~2772
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=269c349a7688daae48d95e582e62ff181888c854;p=thirdparty%2Fopenssl.git

Add test for openssl ecparam with fips and base providers

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17981)
---

diff --git a/test/recipes/15-test_ecparam.t b/test/recipes/15-test_ecparam.t
index 766524e8cfa..80bac674129 100644
--- a/test/recipes/15-test_ecparam.t
+++ b/test/recipes/15-test_ecparam.t
@@ -13,7 +13,7 @@ use warnings;
 use File::Spec;
 use File::Compare qw/compare_text/;
 use OpenSSL::Glob;
-use OpenSSL::Test qw/:DEFAULT data_file/;
+use OpenSSL::Test qw/:DEFAULT data_file srctop_file bldtop_dir/;
 use OpenSSL::Test::Utils;
 
 setup("test_ecparam");
@@ -25,7 +25,7 @@ my @valid = glob(data_file("valid", "*.pem"));
 my @noncanon = glob(data_file("noncanon", "*.pem"));
 my @invalid = glob(data_file("invalid", "*.pem"));
 
-plan tests => 11;
+plan tests => 12;
 
 sub checkload {
     my $files = shift; # List of files
@@ -59,6 +59,8 @@ sub checkcompare {
     }
 }
 
+my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
+
 subtest "Check loading valid parameters by ecparam with -check" => sub {
     plan tests => scalar(@valid);
     checkload(\@valid, 1, "ecparam", "-check");
@@ -113,3 +115,31 @@ subtest "Check pkeyparam does not change the parameter file on output" => sub {
     plan tests => 2 * scalar(@valid);
     checkcompare(\@valid, "pkeyparam");
 };
+
+subtest "Check loading of fips and non-fips params" => sub {
+    plan skip_all => "FIPS is disabled"
+        if $no_fips;
+    plan tests => 3;
+
+    my $fipsconf = srctop_file("test", "fips-and-base.cnf");
+    my $defaultconf = srctop_file("test", "default.cnf");
+
+    $ENV{OPENSSL_CONF} = $fipsconf;
+
+    ok(run(app(['openssl', 'ecparam',
+                '-in', data_file('valid', 'secp384r1-explicit.pem'),
+                '-check'])),
+       "Loading explicitly encoded valid curve");
+
+    ok(run(app(['openssl', 'ecparam',
+                '-in', data_file('valid', 'secp384r1-named.pem'),
+                '-check'])),
+       "Loading named valid curve");
+
+    ok(!run(app(['openssl', 'ecparam',
+                '-in', data_file('valid', 'secp112r1-named.pem'),
+                '-check'])),
+       "Fail loading named non-fips curve");
+
+    $ENV{OPENSSL_CONF} = $defaultconf;
+};