Run ssl_test_old in fips #11534
Run ssl_test_old in fips #11534
Conversation
mattcaswell
changed the title
test/recipes/80-test_ssl_old.t
Outdated
| '-provider_name', 'fips', '-mac_name', 'HMAC', | ||
| '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', | ||
| '-section_name', 'fips_sect'])), | ||
| "fipsinstall"); |
There was a problem hiding this comment.
Considering how this is copied all over the place, we might want to consider making this a separate script.
There was a problem hiding this comment.
Yes...and a separate "make test" dependency so that we don't have to do this everywhere? Not this PR though I think.
There was a problem hiding this comment.
Yeah, I'm getting to a point where I'll do this, in a separate PR
levitte
changed the title
mattcaswell
changed the title
mattcaswell
force-pushed
the
ssltest_old
branch
from
bb9d1c7
to
9be3853
Compare
|
Rebased now that #11371 has been merged. I have had to include the same libssl fixup commit that I've added to #11508 here, in order to get the tests to pass. Please don't review the libssl changes in this PR. Please provide any review comments on that aspect in #11508 instead. I've taken this out of WIP, although it cannot now be pushed until #11508 goes in. |
|
Fixed the fips disabled config. |
|
Ping - this needs review (and for the record I'm fine with @slontis's update to this PR). |
slontis
added
the
approval: done
mattcaswell
changed the title
mattcaswell
force-pushed
the
ssltest_old
branch
from
8928912
to
2c0337c
Compare
|
Rebased now that #11508 has gone in. No other changes were made. |
|
@levitte - I would prefer to push this as is, and modify the fipsinstall stuff with a follow on PR since this PR is now otherwise ready-to-merge. |
|
24 hours has passed since 'approval: done' was set, but as this PR has been updated in that time the label 'approval: ready to merge' is not being automatically set. Please review the updates and set the label manually. |
|
Considering there seemed to be some problem in travis when the fipsinstall stuff was done - that is probably a good idea i.e- it was merged with an error - @paulidale looked at this today.. |
Okie |
mattcaswell
added
approval: ready to merge
|
Pushed. Thanks! |
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from #11534)
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from #11534)
|
In a similar way to #11511 and #11508, we run ssl_test_old twice: once with a non-default library context with the default provider loaded into it, and once with a non-default library context with the FIPS provider loaded into it. In both cases we load the "null" provider into the default context to make sure we don't accidentally pick up algorithms from there.
These tests will fail since they require all the key gen PRs to be merged first as well as #11494 and #11507 (and I have not included them here). However, aside from the dependencies this should be fairly complete and can be reviewed.