Add 'fips-securitychecks' option and plumb this into the actual fips checks

[openssl.git] / test / recipes / 30-test_evp_data / evppkey_dsa.txt

diff --git a/test/recipes/30-test_evp_data/evppkey_dsa.txt b/test/recipes/30-test_evp_data/evppkey_dsa.txt
index 5ec5d57b8dcc8365e1bfe64bc057da0859ba22bb..8e3743b9fd7bf9cc14c806580bfa37b34a0be9f8 100644 (file)
--- a/test/recipes/30-test_evp_data/evppkey_dsa.txt
+++ b/test/recipes/30-test_evp_data/evppkey_dsa.txt
@@ -294,6 +294,7 @@ Title = Fips Negative Tests (using different key sizes and digests)
 # Test sign with a 1024 bit key is not allowed in fips mode
 Availablein = fips
 DigestSign = SHA256
+Securitycheck = 1
 Key = DSA-1024-FIPS186-2
 Input = "Hello"
 Result = DIGESTSIGNINIT_ERROR
@@ -301,6 +302,7 @@ Result = DIGESTSIGNINIT_ERROR
 # Test sign with SHA1 is not allowed in fips mode
 Availablein = fips
 DigestSign = SHA1
+Securitycheck = 1
 Key = DSA-2048
 Input = "Hello"
 Result = DIGESTSIGNINIT_ERROR
@@ -308,6 +310,7 @@ Result = DIGESTSIGNINIT_ERROR
 # Test sign with a 3072 bit key with N == 224 is not allowed in fips mode
 Availablein = fips
 DigestSign = SHA256
+Securitycheck = 1
 Key = DSA-3072-224
 Input = "Hello"
 Result = DIGESTSIGNINIT_ERROR
@@ -315,6 +318,7 @@ Result = DIGESTSIGNINIT_ERROR
 # Test sign with a 4096 bit key is not allowed in fips mode
 Availablein = fips
 DigestSign = SHA256
+Securitycheck = 1
 Key = DSA-4096-256
 Input = "Hello"
 Result = DIGESTSIGNINIT_ERROR