From: Tomas Mraz Date: Thu, 18 Jul 2024 15:21:51 +0000 (+0200) Subject: Fix the provider compatibility CI X-Git-Tag: openssl-3.4.0-alpha1~311 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d357e5476a08d1eb5fe5461eb9b60d6b366dc6ba;p=thirdparty%2Fopenssl.git Fix the provider compatibility CI Added missing fips version checks in rand_test.c and evprand.txt Reviewed-by: Paul Dale Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/24933) --- diff --git a/test/rand_test.c b/test/rand_test.c index cc0622cec6c..6d738cb242b 100644 --- a/test/rand_test.c +++ b/test/rand_test.c @@ -45,6 +45,10 @@ static int test_rand(void) || !TEST_mem_eq(outbuf, sizeof(outbuf), entropy2, sizeof(outbuf))) return 0; + if (fips_provider_version_lt(NULL, 3, 4, 0)) { + /* Skip the rest and pass the test */ + return 1; + } /* Verify that the FIPS indicator can be read and is false */ prov = EVP_RAND_get0_provider(EVP_RAND_CTX_get0_rand(privctx)); if (prov != NULL @@ -96,7 +100,8 @@ int setup_tests(void) if (!TEST_ptr(configfile = test_get_argument(0)) || !TEST_true(RAND_set_DRBG_type(NULL, "TEST-RAND", "fips=no", NULL, NULL)) - || !TEST_true(OSSL_LIB_CTX_load_config(NULL, configfile))) + || (fips_provider_version_ge(NULL, 3, 0, 8) + && !TEST_true(OSSL_LIB_CTX_load_config(NULL, configfile)))) return 0; ADD_TEST(test_rand); diff --git a/test/recipes/30-test_evp_data/evprand.txt b/test/recipes/30-test_evp_data/evprand.txt index b4516f5e611..3f00caf31f8 100644 --- a/test/recipes/30-test_evp_data/evprand.txt +++ b/test/recipes/30-test_evp_data/evprand.txt @@ -79779,12 +79779,14 @@ Output.14 = ee191dc6bef025e36302bb8ce0e6a949f7b0d2944b246fc52d68a20c3b2b787595ca Title = Test truncated Digests are not allowed in FIPS +FIPSversion = >=3.1.0 Availablein = fips RAND = HASH-DRBG Digest = SHA2-224 GenerateBits = 16 Result = EVP_RAND_CTX_set_params +FIPSversion = >=3.1.0 Availablein = fips RAND = HMAC-DRBG Digest = SHA2-384