erlang/otp-0023-crypto_SUITE-Skip-ec-curves-with-224-bits-if-FIPS.patch

From: Sverker Eriksson <sverker@erlang.org>
Date: Fri, 16 Jun 2023 19:31:34 +0200
Subject: [PATCH] crypto_SUITE: Skip ec curves with < 224 bits if FIPS


diff --git a/lib/crypto/test/crypto_SUITE.erl b/lib/crypto/test/crypto_SUITE.erl
index 8a2dfef234..e3835b4d8b 100644
--- a/lib/crypto/test/crypto_SUITE.erl
+++ b/lib/crypto/test/crypto_SUITE.erl
@@ -1245,8 +1245,19 @@ no_generate_compute(Config) when is_list(Config) ->
 compute() ->
      [{doc, " Test crypto:compute_key"}].
 compute(Config) when is_list(Config) ->
-    Gen = proplists:get_value(compute, Config),
+    Gen0 = proplists:get_value(compute, Config),
+    Gen = case crypto:info_fips() of
+              enabled ->
+                  SkipCurves = [secp192r1],
+                  lists:filter(fun({_,_,_,Curve,_}) ->
+                                       not lists:member(Curve,SkipCurves)
+                               end,
+                               Gen0);
+              _ ->
+                  Gen0
+    end,
     lists:foreach(fun do_compute/1, Gen).
+
 %%--------------------------------------------------------------------
 use_all_ec_sign_verify(_Config) ->
     Msg = <<"hello world!">>,
@@ -1259,10 +1270,17 @@ use_all_ec_sign_verify(_Config) ->
                                                          Hashs]),
     SkipHashs0 = [md4, md5, ripemd160, sha3_224, sha3_256, sha3_384, sha3_512,
                   blake2b, blake2s],
-    SkipHashs = case crypto:info_fips() of
-                    enabled -> [sha | SkipHashs0];
-                    _ -> SkipHashs0
-                end,
+    SkipCurves0 = [ed25519, ed448, x25519, x448, ipsec3, ipsec4],
+
+    {SkipHashs, SkipCurves}
+        = case crypto:info_fips() of
+              enabled ->
+                  {[sha | SkipHashs0],
+                   [secp192r1, prime192v1, sect163k1, sect163r2]};
+              _ ->
+                  {SkipHashs0, SkipCurves0}
+          end,
+
     Results =
         [{{Curve,Hash},
           try
@@ -1276,7 +1294,7 @@ use_all_ec_sign_verify(_Config) ->
               C:E ->
                   {C,E}
           end}
-         || Curve <- Curves -- [ed25519, ed448, x25519, x448, ipsec3, ipsec4],
+         || Curve <- Curves -- SkipCurves,
             Hash <- Hashs -- SkipHashs
         ],
     Fails =
@@ -1305,7 +1323,15 @@ use_all_ec_sign_verify(_Config) ->
 
 %%--------------------------------------------------------------------
 use_all_ecdh_generate_compute(Config) ->
-    Curves = crypto:supports(curves) -- [ed25519, ed448, x25519, x448],
+    SkipCurves0 = [ed25519, ed448, x25519, x448],
+    SkipCurves =
+        case crypto:info_fips() of
+            enabled ->
+                [secp192r1, prime192v1, sect163k1, sect163r2 | SkipCurves0];
+            _ ->
+                SkipCurves0
+        end,
+    Curves = crypto:supports(curves) -- SkipCurves,
     do_dh_curves(Config, Curves).
 
 use_all_eddh_generate_compute(Config) ->