[openssl] master update
tomas at openssl.org
tomas at openssl.org
Fri Feb 11 08:06:45 UTC 2022
The branch master has been updated
via 0c47b8a879c6cd2d553831f930af5ee9df291eca (commit)
via bbbd1210b43d7a7aff60ccc3c92561beaf6b2bb3 (commit)
via 3fdf4b9365900889b54734a348012eae38dedce5 (commit)
from b84c6e86dd8ca88444207080808d1d598856041f (commit)
- Log -----------------------------------------------------------------
commit 0c47b8a879c6cd2d553831f930af5ee9df291eca
Author: Tomas Mraz <tomas at openssl.org>
Date: Wed Feb 9 12:03:16 2022 +0100
Add test of FIPS provider from the master branch with 3.0 build
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17671)
commit bbbd1210b43d7a7aff60ccc3c92561beaf6b2bb3
Author: Tomas Mraz <tomas at openssl.org>
Date: Wed Feb 9 11:23:01 2022 +0100
evp_test: Skip testcase if r parameter is unsupported
The r parameter of the KBKDF is unsupported by 3.0 FIPS module.
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17671)
commit 3fdf4b9365900889b54734a348012eae38dedce5
Author: Tomas Mraz <tomas at openssl.org>
Date: Tue Feb 8 15:42:31 2022 +0100
Add test of FIPS provider from the 3.0 branch with master build
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17671)
-----------------------------------------------------------------------
Summary of changes:
.github/workflows/fips-provider.yml | 94 +++++++++++++++++++++++++++++++++++++
test/evp_test.c | 10 ++++
2 files changed, 104 insertions(+)
create mode 100644 .github/workflows/fips-provider.yml
diff --git a/.github/workflows/fips-provider.yml b/.github/workflows/fips-provider.yml
new file mode 100644
index 0000000000..18af712b62
--- /dev/null
+++ b/.github/workflows/fips-provider.yml
@@ -0,0 +1,94 @@
+# Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+name: Provider compat
+on: [push]
+
+jobs:
+ fips-provider-30:
+ runs-on: ubuntu-latest
+ steps:
+ - name: create build dirs
+ run: |
+ mkdir ./build
+ mkdir ./build-3.0
+ mkdir ./source
+ mkdir ./source-3.0
+ - uses: actions/checkout at v2
+ with:
+ path: source
+ - name: config current
+ run: ../source/config enable-shared enable-fips
+ working-directory: ./build
+ - name: config dump
+ run: ./configdata.pm --dump
+ working-directory: ./build
+ - name: make
+ run: make -s -j4
+ working-directory: ./build
+ - uses: actions/checkout at v2
+ with:
+ repository: openssl/openssl
+ ref: openssl-3.0
+ path: source-3.0
+ - name: config 3.0
+ run: ../source-3.0/config enable-shared enable-fips
+ working-directory: ./build-3.0
+ - name: config 3.0 dump
+ run: ./configdata.pm --dump
+ working-directory: ./build-3.0
+ - name: make fips provider
+ run: make -s -j4 build_modules
+ working-directory: ./build-3.0
+ - name: copy the provider
+ run: |
+ cp -a build-3.0/providers/fips.so build/providers/fips.so
+ - name: make test
+ run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
+ working-directory: ./build
+
+ fips-provider-master:
+ runs-on: ubuntu-latest
+ steps:
+ - name: create build dirs
+ run: |
+ mkdir ./build
+ mkdir ./build-3.0
+ mkdir ./source
+ mkdir ./source-3.0
+ - uses: actions/checkout at v2
+ with:
+ repository: openssl/openssl
+ ref: openssl-3.0
+ path: source-3.0
+ - name: config 3.0
+ run: ../source-3.0/config enable-shared enable-fips
+ working-directory: ./build-3.0
+ - name: config 3.0 dump
+ run: ./configdata.pm --dump
+ working-directory: ./build-3.0
+ - name: make 3.0
+ run: make -s -j4
+ working-directory: ./build-3.0
+ - uses: actions/checkout at v2
+ with:
+ path: source
+ - name: config current
+ run: ../source/config enable-shared enable-fips
+ working-directory: ./build
+ - name: config dump
+ run: ./configdata.pm --dump
+ working-directory: ./build
+ - name: make fips provider
+ run: make -s -j4 build_modules
+ working-directory: ./build
+ - name: copy the provider
+ run: |
+ cp -a build/providers/fips.so build-3.0/providers/fips.so
+ - name: make test 3.0
+ run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
+ working-directory: ./build-3.0
diff --git a/test/evp_test.c b/test/evp_test.c
index a1b6bce8fa..5c9b9fea86 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -2651,6 +2651,13 @@ static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx,
if (p != NULL)
*p++ = '\0';
+ if (strcmp(name, "r") == 0
+ && OSSL_PARAM_locate_const(defs, name) == NULL) {
+ TEST_info("skipping, setting 'r' is unsupported");
+ t->skip = 1;
+ goto end;
+ }
+
rv = OSSL_PARAM_allocate_from_text(kdata->p, defs, name, p,
p != NULL ? strlen(p) : 0, NULL);
*++kdata->p = OSSL_PARAM_construct_end();
@@ -2664,6 +2671,7 @@ static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx,
TEST_info("skipping, '%s' is disabled", p);
t->skip = 1;
}
+ goto end;
}
if (p != NULL
&& (strcmp(name, "cipher") == 0
@@ -2671,6 +2679,7 @@ static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx,
&& is_cipher_disabled(p)) {
TEST_info("skipping, '%s' is disabled", p);
t->skip = 1;
+ goto end;
}
if (p != NULL
&& (strcmp(name, "mac") == 0)
@@ -2678,6 +2687,7 @@ static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx,
TEST_info("skipping, '%s' is disabled", p);
t->skip = 1;
}
+ end:
OPENSSL_free(name);
return 1;
}
More information about the openssl-commits
mailing list