Run ssl_test_old in fips #11534
Run ssl_test_old in fips #11534
Conversation
test/recipes/80-test_ssl_old.t
Outdated
Show resolved
Hide resolved
| '-provider_name', 'fips', '-mac_name', 'HMAC', | ||
| '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', | ||
| '-section_name', 'fips_sect'])), | ||
| "fipsinstall"); |
levitte
Apr 16, 2020
Member
Considering how this is copied all over the place, we might want to consider making this a separate script.
Considering how this is copied all over the place, we might want to consider making this a separate script.
mattcaswell
Apr 16, 2020
Author
Member
Yes...and a separate "make test" dependency so that we don't have to do this everywhere? Not this PR though I think.
Yes...and a separate "make test" dependency so that we don't have to do this everywhere? Not this PR though I think.
levitte
Apr 16, 2020
Member
Oh! That too
Oh! That too
levitte
Apr 16, 2020
Member
Yeah, I'm getting to a point where I'll do this, in a separate PR
Yeah, I'm getting to a point where I'll do this, in a separate PR
|
Provided the CIs agree |
|
Rebased now that #11371 has been merged. I have had to include the same libssl fixup commit that I've added to #11508 here, in order to get the tests to pass. Please don't review the libssl changes in this PR. Please provide any review comments on that aspect in #11508 instead. I've taken this out of WIP, although it cannot now be pushed until #11508 goes in. |
|
Fixed the fips disabled config. |
|
Ping - this needs review (and for the record I'm fine with @slontis's update to this PR). |
|
Rebased now that #11508 has gone in. No other changes were made. |
|
@levitte - I would prefer to push this as is, and modify the fipsinstall stuff with a follow on PR since this PR is now otherwise ready-to-merge. |
|
24 hours has passed since 'approval: done' was set, but as this PR has been updated in that time the label 'approval: ready to merge' is not being automatically set. Please review the updates and set the label manually. |
|
Considering there seemed to be some problem in travis when the fipsinstall stuff was done - that is probably a good idea i.e- it was merged with an error - @paulidale looked at this today.. |
Okie |
|
Pushed. Thanks! |
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from #11534)
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from #11534)
|
In a similar way to #11511 and #11508, we run ssl_test_old twice: once with a non-default library context with the default provider loaded into it, and once with a non-default library context with the FIPS provider loaded into it. In both cases we load the "null" provider into the default context to make sure we don't accidentally pick up algorithms from there.
These tests will fail since they require all the key gen PRs to be merged first as well as #11494 and #11507 (and I have not included them here). However, aside from the dependencies this should be fairly complete and can be reviewed.