diff options
| author | Pauli <pauli@openssl.org> | 2022-10-26 13:51:02 +1100 |
|---|---|---|
| committer | Pauli <pauli@openssl.org> | 2022-11-02 08:41:05 +1100 |
| commit | dad5676c1a7ad669aac8d83f8ad1d5c4e4d74863 (patch) | |
| tree | 36937442ff685a404baeae6cd87700460d0ca8f8 /test | |
| parent | 18477977496bbb183e0ccb71b71b1a8a87321729 (diff) | |
fipsinstall: add -self_test_oninstall option.
This option runs the self tests at installation time. It fails for the 3.1
module.
Also changed the default behaviour to that set by the -self_test_onload
option.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19486)
Diffstat (limited to 'test')
| -rw-r--r-- | test/recipes/03-test_fipsinstall.t | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/test/recipes/03-test_fipsinstall.t b/test/recipes/03-test_fipsinstall.t index 29a6ccfe59..b5f91ed621 100644 --- a/test/recipes/03-test_fipsinstall.t +++ b/test/recipes/03-test_fipsinstall.t @@ -24,7 +24,7 @@ use platform; plan skip_all => "Test only supported in a fips build" if disabled("fips"); -plan tests => 30; +plan tests => 31; my $infile = bldtop_file('providers', platform->dso('fips')); my $fipskey = $ENV{FIPSKEY} // config('FIPSKEY') // '00'; @@ -239,7 +239,7 @@ SKIP: { ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, '-provider_name', 'fips', '-mac_name', 'HMAC', '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", - '-section_name', 'fips_sect', + '-section_name', 'fips_sect', '-self_test_oninstall', '-corrupt_desc', 'DSA', '-corrupt_type', 'KAT_Signature'])), "fipsinstall fails when the signature result is corrupted"); @@ -338,3 +338,15 @@ SKIP: { '-module', $infile, '-self_test_onload', '-verify'])), "fipsinstall config verify passes when self test indicator is not present"); } + +SKIP: { + run(test(["fips_version_test", "-config", $provconf, ">=3.1.0"]), + capture => 1, statusvar => \my $exit); + skip "FIPS provider version can run self tests on install", 1 + if !$exit; + ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", + '-section_name', 'fips_sect', '-self_test_oninstall'])), + "fipsinstall fails when attempting to run self tests on install"); +} |