KTLS and FIPS may interfere, so tests need to be tuned

Resolves: rhbz#1961643
epel8
Dmitry Belyavskiy 3 years ago
parent 3edf474b5d
commit b76c2316a3

@ -0,0 +1,40 @@
diff -up openssl-3.0.0/test/recipes/90-test_sslapi.t.beldmit openssl-3.0.0/test/recipes/90-test_sslapi.t
--- openssl-3.0.0/test/recipes/90-test_sslapi.t.beldmit 2021-09-22 11:56:49.452507975 +0200
+++ openssl-3.0.0/test/recipes/90-test_sslapi.t 2021-09-22 11:57:19.371764742 +0200
@@ -40,7 +40,7 @@ unless ($no_fips) {
srctop_file("test", "recipes", "90-test_sslapi_data",
"passwd.txt"), $tmpfilename, "fips",
srctop_file("test", "fips-and-base.cnf")])),
- "running sslapitest");
+ "running sslapitest - FIPS");
}
unlink $tmpfilename;
diff --git a/test/sslapitest.c b/test/sslapitest.c
index e95d2657f46c..7af0eab3fce0 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -1158,6 +1158,11 @@ static int execute_test_ktls(int cis_ktls, int sis_ktls,
goto end;
}
+ if (is_fips && strstr(cipher, "CHACHA") != NULL) {
+ testresult = TEST_skip("CHACHA is not supported in FIPS");
+ goto end;
+ }
+
/* Create a session based on SHA-256 */
if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
TLS_client_method(),
@@ -1292,6 +1297,11 @@ static int execute_test_ktls_sendfile(int tls_version, const char *cipher)
goto end;
}
+ if (is_fips && strstr(cipher, "CHACHA") != NULL) {
+ testresult = TEST_skip("CHACHA is not supported in FIPS");
+ goto end;
+ }
+
/* Create a session based on SHA-256 */
if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
TLS_client_method(),

@ -56,6 +56,8 @@ Patch11: 0011-Remove-EC-curves.patch
Patch24: 0024-load-legacy-prov.patch Patch24: 0024-load-legacy-prov.patch
# Tmp: Upstream #16636 # Tmp: Upstream #16636
Patch30: 0030-tmp-Fix-rng-seed-double-free.patch Patch30: 0030-tmp-Fix-rng-seed-double-free.patch
# Tmp: test name change
Patch31: 0031-tmp-Fix-test-names.patch
License: ASL 2.0 License: ASL 2.0
URL: http://www.openssl.org/ URL: http://www.openssl.org/
@ -380,7 +382,8 @@ install -m644 %{SOURCE9} \
%changelog %changelog
* Mon Sep 20 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-2 * Mon Sep 20 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-2
- Avoid double-free on error seeding the RNG. - Avoid double-free on error seeding the RNG.
- Resolves: rhbz#1952844 - KTLS and FIPS may interfere, so tests need to be tuned
- Resolves: rhbz#1952844, rhbz#1961643
* Thu Sep 09 2021 Sahana Prasad <sahana@redhat.com> - 1:3.0.0-1 * Thu Sep 09 2021 Sahana Prasad <sahana@redhat.com> - 1:3.0.0-1
- Rebase to upstream version 3.0.0 - Rebase to upstream version 3.0.0

Loading…
Cancel
Save