mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 05:21:51 +08:00
Code Issues Packages Projects Releases Wiki Activity
81777339e9
openssl/test/ssl-tests/14-curves.cnf.in
Shane Lontis 341c3e7f28 Add fips checks for ecdh key agreement 
For key agreement only NIST curves that have a security strength of 112 bits or more are allowed.
Fixed tests so they obey these restrictions when testing in fips mode.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)
2020-09-18 14:20:38 +01:00

55 lines
1.5 KiB
Perl
Raw Blame History

# -*- mode: perl; -*-
## SSL test configurations
package ssltests;
use strict;
use warnings;
use OpenSSL::Test;
use OpenSSL::Test::Utils qw(anydisabled);
our $fips_mode;
my @curves = ("sect233k1", "sect233r1",
"sect283k1", "sect283r1", "sect409k1", "sect409r1",
"sect571k1", "sect571r1", "secp224r1",
"prime256v1", "secp384r1", "secp521r1", "X25519",
"X448");
my @curves_non_fips = ("sect163k1", "sect163r2", "prime192v1",
"sect163r1", "sect193r1", "sect193r2", "sect239k1",
"secp160k1", "secp160r1", "secp160r2", "secp192k1",
"secp224k1", "secp256k1", "brainpoolP256r1",
"brainpoolP384r1", "brainpoolP512r1");
push @curves, @curves_non_fips if !$fips_mode;
our @tests = ();
sub generate_tests() {
foreach (0..$#curves) {
my $curve = $curves[$_];
push @tests, {
name => "curve-${curve}",
server => {
"Curves" => $curve,
# TODO(TLS1.3): Can we get this to work for TLSv1.3?
"MaxProtocol" => "TLSv1.2"
},
client => {
"CipherString" => "ECDHE",
"MaxProtocol" => "TLSv1.2",
"Curves" => $curve
},
test => {
"ExpectedTmpKeyType" => $curve,
"ExpectedResult" => "Success"
},
};
}
}
generate_tests();
Reference in New Issue View Git Blame Copy Permalink