From: slontis Date: Mon, 5 Aug 2024 22:40:38 +0000 (+1000) Subject: Fix evp_test HKDF failure in crosstest 3.1.2 FIPS provider with master X-Git-Tag: openssl-3.4.0-alpha1~238 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7f8ff7ab140549a768a531d15189e54d56e52822;p=thirdparty%2Fopenssl.git Fix evp_test HKDF failure in crosstest 3.1.2 FIPS provider with master Fixes #25089 The test to check if the FIPS indicator was correct failed in 3.1.2 since EVP_PKEY_CTX_get_params() returns 0 if there is no gettable/getter. The code has been modified to return 1 if there is no gettable. Manually reproduced and tested by copying the 3.1.2 FIPS provider to master. Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/25093) --- diff --git a/test/evp_test.c b/test/evp_test.c index 36f6ddcb24d..b817f72b008 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -135,6 +135,9 @@ static int mac_check_fips_approved(EVP_MAC_CTX *ctx, EVP_TEST *t) */ int approved = 1; + if (EVP_MAC_CTX_gettable_params(ctx) == NULL) + return 1; + params[0] = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_FIPS_APPROVED_INDICATOR, &approved); if (!EVP_MAC_CTX_get_params(ctx, params)) @@ -151,6 +154,10 @@ static int pkey_check_fips_approved(EVP_PKEY_CTX *ctx, EVP_TEST *t) */ int approved = 1; + /* Older providers dont have a gettable */ + if (EVP_PKEY_CTX_gettable_params(ctx) == NULL) + return 1; + params[0] = OSSL_PARAM_construct_int(OSSL_ALG_PARAM_FIPS_APPROVED_INDICATOR, &approved); if (!EVP_PKEY_CTX_get_params(ctx, params)) @@ -167,6 +174,9 @@ static int rand_check_fips_approved(EVP_RAND_CTX *ctx, EVP_TEST *t) */ int approved = 1; + if (EVP_RAND_CTX_gettable_params(ctx) == NULL) + return 1; + params[0] = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_FIPS_APPROVED_INDICATOR, &approved); if (!EVP_RAND_CTX_get_params(ctx, params))