diff options
| author | Pauli <pauli@openssl.org> | 2023-04-18 14:41:17 +1000 |
|---|---|---|
| committer | Hugo Landau <hlandau@openssl.org> | 2023-04-21 17:04:11 +0100 |
| commit | 3375ae41847c133d1ce731bc8fd367d12b0049fd (patch) | |
| tree | 6708e30812a61144050f01bfa5326a3c507e88da /test/helpers/ssl_test_ctx.c | |
| parent | 313849eeb71e49a80b912cc79ae0a78f83d6fefb (diff) | |
test: update ssl_new tests in line with pedantic FIPS policy
Add a new option to the `test' section of SSL test data structure.
This contains a space separated list of version checks, all of which must
pass.
Note that the version checks are as they as because:
- 3.1.0 doesn't have mandatory EMS support, so it can run the old tests.
- 3.1.1 (& later) will have mandatory EMS support, so they can't run them.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20762)
(cherry picked from commit 4454c20f026bb47f158ea05c207f143c81d674d8)
Diffstat (limited to 'test/helpers/ssl_test_ctx.c')
| -rw-r--r-- | test/helpers/ssl_test_ctx.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/test/helpers/ssl_test_ctx.c b/test/helpers/ssl_test_ctx.c index a0e2e794c6..e66aac8591 100644 --- a/test/helpers/ssl_test_ctx.c +++ b/test/helpers/ssl_test_ctx.c @@ -639,6 +639,9 @@ IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CLIENT_CONF, client, enable_pha) IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_SERVER_CONF, server, force_pha) IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CLIENT_CONF, client, no_extms_on_reneg) +/* FIPS provider version limiting */ +IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, fips_version) + /* Known test options and their corresponding parse methods. */ /* Top-level options. */ @@ -678,6 +681,7 @@ static const ssl_test_ctx_option ssl_test_ctx_options[] = { { "EnableServerSCTPLabelBug", &parse_test_enable_server_sctp_label_bug }, { "ExpectedCipher", &parse_test_expected_cipher }, { "ExpectedSessionTicketAppData", &parse_test_expected_session_ticket_app_data }, + { "FIPSversion", &parse_test_fips_version }, }; /* Nested client options. */ @@ -767,6 +771,7 @@ void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx) sk_X509_NAME_pop_free(ctx->expected_server_ca_names, X509_NAME_free); sk_X509_NAME_pop_free(ctx->expected_client_ca_names, X509_NAME_free); OPENSSL_free(ctx->expected_cipher); + OPENSSL_free(ctx->fips_version); OPENSSL_free(ctx); } |