test: add positive FIPS indicator failure tests for DRBGs

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/25135)

diff --git a/test/recipes/30-test_evp_data/evprand.txt b/test/recipes/30-test_evp_data/evprand.txt
index 3f00caf31f842ebdf30064dbbbe0023103c1c838..0d09899a7c90a4bdc955535d3a26f21938ea3d36 100644 (file)
--- a/test/recipes/30-test_evp_data/evprand.txt
+++ b/test/recipes/30-test_evp_data/evprand.txt
@@ -79779,15 +79779,15 @@ Output.14 = ee191dc6bef025e36302bb8ce0e6a949f7b0d2944b246fc52d68a20c3b2b787595ca
 
 Title = Test truncated Digests are not allowed in FIPS
 
-FIPSversion = >=3.1.0
 Availablein = fips
+FIPSversion = >=3.1.0
 RAND = HASH-DRBG
 Digest = SHA2-224
 GenerateBits = 16
 Result = EVP_RAND_CTX_set_params
 
-FIPSversion = >=3.1.0
 Availablein = fips
+FIPSversion = >=3.1.0
 RAND = HMAC-DRBG
 Digest = SHA2-384
 GenerateBits = 16
@@ -79795,6 +79795,18 @@ Result = EVP_RAND_CTX_set_params
 
 Title = Test FIPS indicator callbacks for truncated digests
 
+Availablein = fips
+FIPSversion = >=3.4.0
+RAND = HASH-DRBG
+Digest = SHA2-224
+PredictionResistance = 0
+GenerateBits = 16
+Entropy.0 = c3ef82ce241f02e4298b118ca4f1622515e32abbae6b7433
+Nonce.0 = 15e32abbae6b7433
+Output.0 = 5af6
+Result = EVP_RAND_CTX_set_params
+Reason = digest not allowed
+
 FIPSversion = >=3.4.0
 RAND = HASH-DRBG
 Unapproved = 1
@@ -79806,6 +79818,18 @@ Entropy.0 = c3ef82ce241f02e4298b118ca4f1622515e32abbae6b7433
 Nonce.0 = 15e32abbae6b7433
 Output.0 = 5af6
 
+Availablein = fips
+FIPSversion = >=3.4.0
+RAND = HMAC-DRBG
+Digest = SHA2-384
+PredictionResistance = 0
+GenerateBits = 16
+Entropy.0 = 32c1ca125223de8de569697f92a37c6732c1ca125223de8de569697f92a37c67
+Nonce.0 = 15e32abbae6b7433
+Output.0 = ee9f
+Result = EVP_RAND_CTX_set_params
+Reason = digest not allowed
+
 FIPSversion = >=3.4.0
 RAND = HMAC-DRBG
 Unapproved = 1