From 7192e4dfa104f83e54c37e6acfa49fb6a3e1a5dd Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sun, 30 Aug 2020 09:53:22 +0200 Subject: TEST: Ensure that the base provider i activated when needed The fips providers can't be activated alone if encoding, decoding or STORE are going to be used. To enable this, we selectively use test/fips-and-base.cnf instead of test/fips.cnf in our test recipes. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12587) --- test/recipes/15-test_genrsa.t | 3 +-- test/recipes/15-test_rsaoaep.t | 2 +- test/recipes/30-test_evp.t | 2 +- test/recipes/65-test_cmp_client.t | 2 +- test/recipes/65-test_cmp_msg.t | 3 ++- test/recipes/65-test_cmp_protect.t | 3 ++- test/recipes/80-test_cms.t | 2 +- test/recipes/80-test_ssl_new.t | 2 +- test/recipes/80-test_ssl_old.t | 3 ++- test/recipes/90-test_sslapi.t | 2 +- 10 files changed, 13 insertions(+), 11 deletions(-) (limited to 'test') diff --git a/test/recipes/15-test_genrsa.t b/test/recipes/15-test_genrsa.t index 90880be9fc..ffa334f15e 100644 --- a/test/recipes/15-test_genrsa.t +++ b/test/recipes/15-test_genrsa.t @@ -117,10 +117,9 @@ ok(!run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA', } unless ($no_fips) { - my $provconf = srctop_file("test", "fips.cnf"); + my $provconf = srctop_file("test", "fips-and-base.cnf"); my $provpath = bldtop_dir("providers"); my @prov = ( "-provider-path", $provpath, - "-provider", "base", "-config", $provconf); my $infile = bldtop_file('providers', platform->dso('fips')); diff --git a/test/recipes/15-test_rsaoaep.t b/test/recipes/15-test_rsaoaep.t index 60d9b44f4f..59646bd223 100644 --- a/test/recipes/15-test_rsaoaep.t +++ b/test/recipes/15-test_rsaoaep.t @@ -27,7 +27,7 @@ plan tests => + 9; my @prov = ( ); -my $provconf = srctop_file("test", "fips.cnf"); +my $provconf = srctop_file("test", "fips-and-base.cnf"); my $provpath = bldtop_dir("providers"); my $msg_file = data_file("plain_text"); my $enc1_file = "enc1.bin"; diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t index a49f4b50aa..c80fdd9a87 100644 --- a/test/recipes/30-test_evp.t +++ b/test/recipes/30-test_evp.t @@ -29,7 +29,7 @@ my $defaultcnf = $no_legacy ? 'default.cnf' : 'default-and-legacy.cnf'; my @configs = ( $defaultcnf ); # Only add the FIPS config if the FIPS module has been built -push @configs, 'fips.cnf' unless $no_fips; +push @configs, 'fips-and-base.cnf' unless $no_fips; # A list of tests that run with both the default and fips provider. my @files = qw( diff --git a/test/recipes/65-test_cmp_client.t b/test/recipes/65-test_cmp_client.t index de60599cf0..a25be81996 100644 --- a/test/recipes/65-test_cmp_client.t +++ b/test/recipes/65-test_cmp_client.t @@ -44,5 +44,5 @@ unless ($no_fips) { '-module', bldtop_file('providers', platform->dso('fips'))])), "fipsinstall"); - ok(run(test([@basic_cmd, "fips", srctop_file("test", "fips.cnf")]))); + ok(run(test([@basic_cmd, "fips", srctop_file("test", "fips-and-base.cnf")]))); } diff --git a/test/recipes/65-test_cmp_msg.t b/test/recipes/65-test_cmp_msg.t index 0347c1a2a9..b74b2dc2ed 100644 --- a/test/recipes/65-test_cmp_msg.t +++ b/test/recipes/65-test_cmp_msg.t @@ -42,5 +42,6 @@ unless ($no_fips) { '-module', bldtop_file('providers', platform->dso('fips'))])), "fipsinstall"); - ok(run(test([@basic_cmd, "fips", srctop_file("test", "fips.cnf")]))); + ok(run(test([@basic_cmd, + "fips", srctop_file("test", "fips-and-base.cnf")]))); } diff --git a/test/recipes/65-test_cmp_protect.t b/test/recipes/65-test_cmp_protect.t index 19185e112b..eb8e75d485 100644 --- a/test/recipes/65-test_cmp_protect.t +++ b/test/recipes/65-test_cmp_protect.t @@ -52,5 +52,6 @@ unless ($no_fips) { '-module', bldtop_file('providers', platform->dso('fips'))])), "fipsinstall"); - ok(run(test([@basic_cmd, "fips", srctop_file("test", "fips.cnf")]))); + ok(run(test([@basic_cmd, + "fips", srctop_file("test", "fips-and-base.cnf")]))); } diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t index cdd5ec15a8..1edddb2a82 100644 --- a/test/recipes/80-test_cms.t +++ b/test/recipes/80-test_cms.t @@ -59,7 +59,7 @@ unless ($no_fips) { '-out', bldtop_file('providers', 'fipsmodule.cnf'), '-module', $infile])), "fipsinstall"); - @config = ( "-config", srctop_file("test", "fips.cnf") ); + @config = ( "-config", srctop_file("test", "fips-and-base.cnf") ); $provname = 'fips'; } diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t index 6051adbfb2..e2b9349d04 100644 --- a/test/recipes/80-test_ssl_new.t +++ b/test/recipes/80-test_ssl_new.t @@ -171,7 +171,7 @@ sub test_conf { if ($provider eq "fips") { ok(run(test(["ssl_test", $output_file, $provider, - srctop_file("test", "fips.cnf")])), + srctop_file("test", "fips-and-base.cnf")])), "running ssl_test $conf"); } else { ok(run(test(["ssl_test", $output_file, $provider])), diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t index 210346cb70..a4d84c9b5c 100644 --- a/test/recipes/80-test_ssl_old.t +++ b/test/recipes/80-test_ssl_old.t @@ -106,7 +106,8 @@ subtest 'test_ss' => sub { note('test_ssl -- key U'); testssl("keyU.ss", $Ucert, $CAcert, "default", srctop_file("test","default.cnf")); unless ($no_fips) { - testssl("keyU.ss", $Ucert, $CAcert, "fips", srctop_file("test","fips.cnf")); + testssl("keyU.ss", $Ucert, $CAcert, "fips", + srctop_file("test","fips-and-base.cnf")); } # ----------- diff --git a/test/recipes/90-test_sslapi.t b/test/recipes/90-test_sslapi.t index 9af8435f6e..8cef077a66 100644 --- a/test/recipes/90-test_sslapi.t +++ b/test/recipes/90-test_sslapi.t @@ -45,7 +45,7 @@ unless ($no_fips) { ok(run(test(["sslapitest", srctop_dir("test", "certs"), srctop_file("test", "recipes", "90-test_sslapi_data", "passwd.txt"), $tmpfilename, "fips", - srctop_file("test", "fips.cnf")])), + srctop_file("test", "fips-and-base.cnf")])), "running sslapitest"); } -- cgit v1.2.3