Fix evp_test HKDF failure in crosstest 3.1.2 FIPS provider with master

Fixes #25089
The test to check if the FIPS indicator was correct failed in 3.1.2
since EVP_PKEY_CTX_get_params() returns 0 if there is no
gettable/getter.

The code has been modified to return 1 if there is no gettable.
Manually reproduced and tested by copying the 3.1.2 FIPS provider to master.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25093)

diff --git a/test/evp_test.c b/test/evp_test.c
index 36f6ddcb24db96f364d5be913f5bfa55ba2e9c46..b817f72b00824704ea40a85af9c3e549b4e4555f 100644 (file)
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -135,6 +135,9 @@ static int mac_check_fips_approved(EVP_MAC_CTX *ctx, EVP_TEST *t)
      */
     int approved = 1;
 
+    if (EVP_MAC_CTX_gettable_params(ctx) == NULL)
+        return 1;
+
     params[0] = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_FIPS_APPROVED_INDICATOR,
                                          &approved);
     if (!EVP_MAC_CTX_get_params(ctx, params))
@@ -151,6 +154,10 @@ static int pkey_check_fips_approved(EVP_PKEY_CTX *ctx, EVP_TEST *t)
      */
     int approved = 1;
 
+    /* Older providers dont have a gettable */
+    if (EVP_PKEY_CTX_gettable_params(ctx) == NULL)
+        return 1;
+
     params[0] = OSSL_PARAM_construct_int(OSSL_ALG_PARAM_FIPS_APPROVED_INDICATOR,
                                          &approved);
     if (!EVP_PKEY_CTX_get_params(ctx, params))
@@ -167,6 +174,9 @@ static int rand_check_fips_approved(EVP_RAND_CTX *ctx, EVP_TEST *t)
      */
     int approved = 1;
 
+    if (EVP_RAND_CTX_gettable_params(ctx) == NULL)
+        return 1;
+
     params[0] = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_FIPS_APPROVED_INDICATOR,
                                          &approved);
     if (!EVP_RAND_CTX_get_params(ctx, params))