Add 'fips-securitychecks' option and plumb this into the actual fips checks

[openssl.git] / test / evp_test.c

diff --git a/test/evp_test.c b/test/evp_test.c
index 238bbaf3d5c6b4b68fd3e7236db860f5919b748a..14ea4a84966d2f912d9b021dfdb05ff4eac6fee9 100644 (file)
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -27,8 +27,6 @@
 #include "testutil.h"
 #include "evp_test.h"
 
-DEFINE_STACK_OF_STRING()
-
 #define AAD_NUM 4
 
 typedef struct evp_test_method_st EVP_TEST_METHOD;
@@ -1629,8 +1627,11 @@ static int pderive_test_parse(EVP_TEST *t,
         EVP_PKEY *peer;
         if (find_key(&peer, value, public_keys) == 0)
             return -1;
-        if (EVP_PKEY_derive_set_peer(kdata->ctx, peer) <= 0)
-            return -1;
+        if (EVP_PKEY_derive_set_peer(kdata->ctx, peer) <= 0) {
+            t->err = "DERIVE_SET_PEER_ERROR";
+            return 1;
+        }
+        t->err = NULL;
         return 1;
     }
     if (strcmp(keyword, "SharedSecret") == 0)
@@ -3253,11 +3254,10 @@ static void free_key_list(KEY_LIST *lst)
  */
 static int key_unsupported(void)
 {
-    long err = ERR_peek_error();
+    long err = ERR_peek_last_error();
 
     if (ERR_GET_LIB(err) == ERR_LIB_EVP
-            && (ERR_GET_REASON(err) == EVP_R_UNSUPPORTED_ALGORITHM
-                || ERR_GET_REASON(err) == EVP_R_FETCH_FAILED)) {
+            && (ERR_GET_REASON(err) == EVP_R_UNSUPPORTED_ALGORITHM)) {
         ERR_clear_error();
         return 1;
     }
@@ -3268,7 +3268,8 @@ static int key_unsupported(void)
      * disabled).
      */
     if (ERR_GET_LIB(err) == ERR_LIB_EC
-        && ERR_GET_REASON(err) == EC_R_UNKNOWN_GROUP) {
+        && (ERR_GET_REASON(err) == EC_R_UNKNOWN_GROUP
+            || ERR_GET_REASON(err) == EC_R_INVALID_CURVE)) {
         ERR_clear_error();
         return 1;
     }
@@ -3442,7 +3443,14 @@ start:
     }
 
     for (pp++, i = 1; i < (t->s.numpairs - skip_availablein); pp++, i++) {
-        if (strcmp(pp->key, "Availablein") == 0) {
+        if (strcmp(pp->key, "Securitycheck") == 0) {
+#if defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
+            TEST_info("skipping, securitycheck is not available: %s:%d",
+                      t->s.test_file, t->s.start);
+            t->skip = 1;
+            return 0;
+#endif
+        } else if (strcmp(pp->key, "Availablein") == 0) {
             TEST_info("Line %d: 'Availablein' should be the first option",
                       t->s.curr);
             return 0;