TEST: Ensure that the base provider i activated when needed

The fips providers can't be activated alone if encoding, decoding or STORE are going to be used. To enable this, we selectively use test/fips-and-base.cnf instead of test/fips.cnf in our test recipes. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12587)
2025-05-01 20:19:39 +00:00 · 2020-08-30 09:53:22 +02:00 · 2020-08-30 09:53:22 +02:00 · 7192e4dfa1
commit 7192e4dfa1
parent 96b924105f
10 changed files with 13 additions and 11 deletions
--- a/test/recipes/15-test_genrsa.t
+++ b/test/recipes/15-test_genrsa.t
@ -117,10 +117,9 @@ ok(!run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA',
 }

 unless ($no_fips) {
-    my $provconf = srctop_file("test", "fips.cnf");
+    my $provconf = srctop_file("test", "fips-and-base.cnf");
    my $provpath = bldtop_dir("providers");
    my @prov = ( "-provider-path", $provpath,
-                 "-provider", "base",
                 "-config", $provconf);
    my $infile = bldtop_file('providers', platform->dso('fips'));

--- a/test/recipes/15-test_rsaoaep.t
+++ b/test/recipes/15-test_rsaoaep.t
@ -27,7 +27,7 @@ plan tests =>
    + 9;

 my @prov = ( );
-my $provconf = srctop_file("test", "fips.cnf");
+my $provconf = srctop_file("test", "fips-and-base.cnf");
 my $provpath = bldtop_dir("providers");
 my $msg_file = data_file("plain_text");
 my $enc1_file = "enc1.bin";
--- a/test/recipes/30-test_evp.t
+++ b/test/recipes/30-test_evp.t
@ -29,7 +29,7 @@ my $defaultcnf = $no_legacy ? 'default.cnf' : 'default-and-legacy.cnf';

 my @configs = ( $defaultcnf );
 # Only add the FIPS config if the FIPS module has been built
-push @configs, 'fips.cnf' unless $no_fips;
+push @configs, 'fips-and-base.cnf' unless $no_fips;

 # A list of tests that run with both the default and fips provider.
 my @files = qw(
--- a/test/recipes/65-test_cmp_client.t
+++ b/test/recipes/65-test_cmp_client.t
@ -44,5 +44,5 @@ unless ($no_fips) {
                '-module', bldtop_file('providers', platform->dso('fips'))])),
       "fipsinstall");

-    ok(run(test([@basic_cmd, "fips", srctop_file("test", "fips.cnf")])));
+    ok(run(test([@basic_cmd, "fips", srctop_file("test", "fips-and-base.cnf")])));
 }
--- a/test/recipes/65-test_cmp_msg.t
+++ b/test/recipes/65-test_cmp_msg.t
@ -42,5 +42,6 @@ unless ($no_fips) {
                '-module', bldtop_file('providers', platform->dso('fips'))])),
       "fipsinstall");

-    ok(run(test([@basic_cmd, "fips", srctop_file("test", "fips.cnf")])));
+    ok(run(test([@basic_cmd,
+                 "fips", srctop_file("test", "fips-and-base.cnf")])));
 }
--- a/test/recipes/65-test_cmp_protect.t
+++ b/test/recipes/65-test_cmp_protect.t
@ -52,5 +52,6 @@ unless ($no_fips) {
                '-module', bldtop_file('providers', platform->dso('fips'))])),
       "fipsinstall");

-    ok(run(test([@basic_cmd, "fips", srctop_file("test", "fips.cnf")])));
+    ok(run(test([@basic_cmd,
+                 "fips", srctop_file("test", "fips-and-base.cnf")])));
 }
--- a/test/recipes/80-test_cms.t
+++ b/test/recipes/80-test_cms.t
@ -59,7 +59,7 @@ unless ($no_fips) {
                '-out', bldtop_file('providers', 'fipsmodule.cnf'),
                '-module', $infile])),
       "fipsinstall");
-    @config = ( "-config", srctop_file("test", "fips.cnf") );
+    @config = ( "-config", srctop_file("test", "fips-and-base.cnf") );
    $provname = 'fips';
 }

--- a/test/recipes/80-test_ssl_new.t
+++ b/test/recipes/80-test_ssl_new.t
@ -171,7 +171,7 @@ sub test_conf {

      if ($provider eq "fips") {
          ok(run(test(["ssl_test", $output_file, $provider,
-                       srctop_file("test", "fips.cnf")])),
+                       srctop_file("test", "fips-and-base.cnf")])),
             "running ssl_test $conf");
      } else {
          ok(run(test(["ssl_test", $output_file, $provider])),
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
@ -106,7 +106,8 @@ subtest 'test_ss' => sub {
 note('test_ssl -- key U');
 testssl("keyU.ss", $Ucert, $CAcert, "default", srctop_file("test","default.cnf"));
 unless ($no_fips) {
-    testssl("keyU.ss", $Ucert, $CAcert, "fips", srctop_file("test","fips.cnf"));
+    testssl("keyU.ss", $Ucert, $CAcert, "fips",
+            srctop_file("test","fips-and-base.cnf"));
 }

 # -----------
--- a/test/recipes/90-test_sslapi.t
+++ b/test/recipes/90-test_sslapi.t
@ -45,7 +45,7 @@ unless ($no_fips) {
    ok(run(test(["sslapitest", srctop_dir("test", "certs"),
                 srctop_file("test", "recipes", "90-test_sslapi_data",
                             "passwd.txt"), $tmpfilename, "fips",
-                 srctop_file("test", "fips.cnf")])),
+                 srctop_file("test", "fips-and-base.cnf")])),
                 "running sslapitest");
 }