New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Run ssl_test_old in fips #11534
Run ssl_test_old in fips #11534
Conversation
test/recipes/80-test_ssl_old.t
Outdated
'-provider_name', 'fips', '-mac_name', 'HMAC', | ||
'-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', | ||
'-section_name', 'fips_sect'])), | ||
"fipsinstall"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Considering how this is copied all over the place, we might want to consider making this a separate script.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes...and a separate "make test" dependency so that we don't have to do this everywhere? Not this PR though I think.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh! That too
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, I'm getting to a point where I'll do this, in a separate PR
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Provided the CIs agree
bb9d1c7
to
9be3853
Compare
Rebased now that #11371 has been merged. I have had to include the same libssl fixup commit that I've added to #11508 here, in order to get the tests to pass. Please don't review the libssl changes in this PR. Please provide any review comments on that aspect in #11508 instead. I've taken this out of WIP, although it cannot now be pushed until #11508 goes in. |
Fixed the fips disabled config. |
Ping - this needs review (and for the record I'm fine with @slontis's update to this PR). |
8928912
to
2c0337c
Compare
Rebased now that #11508 has gone in. No other changes were made. |
@levitte - I would prefer to push this as is, and modify the fipsinstall stuff with a follow on PR since this PR is now otherwise ready-to-merge. |
24 hours has passed since 'approval: done' was set, but as this PR has been updated in that time the label 'approval: ready to merge' is not being automatically set. Please review the updates and set the label manually. |
Considering there seemed to be some problem in travis when the fipsinstall stuff was done - that is probably a good idea i.e- it was merged with an error - @paulidale looked at this today.. |
Okie |
Pushed. Thanks! |
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from #11534)
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from #11534)
|
In a similar way to #11511 and #11508, we run ssl_test_old twice: once with a non-default library context with the default provider loaded into it, and once with a non-default library context with the FIPS provider loaded into it. In both cases we load the "null" provider into the default context to make sure we don't accidentally pick up algorithms from there.
These tests will fail since they require all the key gen PRs to be merged first as well as #11494 and #11507 (and I have not included them here). However, aside from the dependencies this should be fairly complete and can be reviewed.