FIPS and KTLS may interfere

New Linux kernels (>= 5.11) enable KTLS CHACHA which is not FIPS-suitable. Fixes #16657 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16658) (cherry picked from commit a5d8a2f8f10b83e5afb297698fe72cee77b1837f)
author: Dmitry Belyavskiy <beldmit@gmail.com> 2021-09-22 16:40:13 +0200
committer: Dmitry Belyavskiy <beldmit@gmail.com> 2021-09-24 11:08:19 +0200
commit: 5b896265e7305f85f3b14283869393c255ab401e (patch)
tree: 4c40b8990668fbee35642a31663bb8e4ec4a1d14 /test
parent: f8543a08ffe18485b2e1361d4f496d33d6e6f35e (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/test/sslapitest.c b/test/sslapitest.c
index e95d2657f4..7af0eab3fc 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -1158,6 +1158,11 @@ static int execute_test_ktls(int cis_ktls, int sis_ktls,
         goto end;
     }
 
+    if (is_fips && strstr(cipher, "CHACHA") != NULL) {
+        testresult = TEST_skip("CHACHA is not supported in FIPS");
+        goto end;
+    }
+
     /* Create a session based on SHA-256 */
     if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
                                        TLS_client_method(),
@@ -1292,6 +1297,11 @@ static int execute_test_ktls_sendfile(int tls_version, const char *cipher)
         goto end;
     }
 
+    if (is_fips && strstr(cipher, "CHACHA") != NULL) {
+        testresult = TEST_skip("CHACHA is not supported in FIPS");
+        goto end;
+    }
+
     /* Create a session based on SHA-256 */
     if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
                                        TLS_client_method(),
author	Dmitry Belyavskiy <beldmit@gmail.com>	2021-09-22 16:40:13 +0200
committer	Dmitry Belyavskiy <beldmit@gmail.com>	2021-09-24 11:08:19 +0200
commit	5b896265e7305f85f3b14283869393c255ab401e (patch)
tree	4c40b8990668fbee35642a31663bb8e4ec4a1d14 /test
parent	f8543a08ffe18485b2e1361d4f496d33d6e6f35e (diff)