mirror of https://github.com/openssl/openssl
APPS: genrsa: Support setting properties
The -provider and -propquery options did not work on genrsa. Fix this
and add a test that checks that operations that would usually fail with
the FIPS provider work when run with
| -provider default -propquery '?fips!=yes'
See also 30b2c3592e
, which previously
fixed the same problem in dsaparam and gendsa. See also the initial
report in https://bugzilla.redhat.com/show_bug.cgi?id=2094956.
Signed-off-by: Clemens Lang <cllang@redhat.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18717)
This commit is contained in:
parent
653a770678
commit
b2ccfd8102
|
@ -179,7 +179,8 @@ opthelp:
|
|||
if (out == NULL)
|
||||
goto end;
|
||||
|
||||
if (!init_gen_str(&ctx, "RSA", eng, 0, NULL, NULL))
|
||||
if (!init_gen_str(&ctx, "RSA", eng, 0, app_get0_libctx(),
|
||||
app_get0_propq()))
|
||||
goto end;
|
||||
|
||||
if (verbose)
|
||||
|
|
|
@ -24,7 +24,7 @@ use lib bldtop_dir('.');
|
|||
my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
|
||||
|
||||
plan tests =>
|
||||
($no_fips ? 0 : 3) # Extra FIPS related tests
|
||||
($no_fips ? 0 : 5) # Extra FIPS related tests
|
||||
+ 15;
|
||||
|
||||
# We want to know that an absurdly small number of bits isn't support
|
||||
|
@ -129,6 +129,17 @@ unless ($no_fips) {
|
|||
'-out', 'genrsatest3072.pem'])),
|
||||
"Generating RSA key with 3072 bits");
|
||||
|
||||
ok(!run(app(['openssl', 'genrsa', @prov, '512'])),
|
||||
"Generating RSA key with 512 bits should fail in FIPS provider");
|
||||
|
||||
ok(!run(app(['openssl', 'genrsa',
|
||||
@prov,
|
||||
'-provider', 'default',
|
||||
'-propquery', '?fips!=yes',
|
||||
'512'])),
|
||||
"Generating RSA key with 512 bits should succeed with FIPS provider as".
|
||||
" default with a non-FIPS property query");
|
||||
|
||||
# We want to know that an absurdly large number of bits fails the RNG check
|
||||
is(run(app([ 'openssl', 'genpkey',
|
||||
@prov,
|
||||
|
|
Loading…
Reference in New Issue