openssl-3/openssl-skip-quic-pairwise.patch

From ce9fd9a7e822c37229c482febb1f38edbf3d36b7 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Thu, 7 Mar 2024 17:37:09 +0100
Subject: [PATCH 14/53] RH: skip quic pairwise

Patch-name: 0115-skip-quic-pairwise.patch
Patch-id: 115
Patch-status: |
    # skip quic and pairwise tests temporarily
---
 test/quicapitest.c                     |  4 +++-
 test/recipes/01-test_symbol_presence.t |  1 +
 test/recipes/30-test_pairwise_fail.t   | 10 ++++++++--
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/test/quicapitest.c b/test/quicapitest.c
index 4782479cc6..2b41b8259c 100644
--- a/test/quicapitest.c
+++ b/test/quicapitest.c
@@ -2729,7 +2729,9 @@ int setup_tests(void)
     ADD_TEST(test_cipher_find);
     ADD_TEST(test_version);
 #if defined(DO_SSL_TRACE_TEST)
-    ADD_TEST(test_ssl_trace);
+    if (is_fips == 0) {
+        ADD_TEST(test_ssl_trace);
+    }
 #endif
     ADD_TEST(test_quic_forbidden_apis_ctx);
     ADD_TEST(test_quic_forbidden_apis);
diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t
index 222b1886ae..7e2f65cccb 100644
--- a/test/recipes/01-test_symbol_presence.t
+++ b/test/recipes/01-test_symbol_presence.t
@@ -185,6 +185,7 @@ foreach (sort keys %stlibname) {
     }
 }
 my @duplicates = sort grep { $symbols{$_} > 1 } keys %symbols;
+@duplicates = grep {($_ ne "OPENSSL_ia32cap_P") && ($_ ne "EVP_CIPHER_CTX_dup") && ($_ ne "EVP_MD_CTX_dup") } @duplicates;
 if (@duplicates) {
     note "Duplicates:";
     note join('\n', @duplicates);
diff --git a/test/recipes/30-test_pairwise_fail.t b/test/recipes/30-test_pairwise_fail.t
index a101a26fb1..43e5396766 100644
--- a/test/recipes/30-test_pairwise_fail.t
+++ b/test/recipes/30-test_pairwise_fail.t
@@ -9,7 +9,7 @@
 use strict;
 use warnings;
 
-use OpenSSL::Test qw(:DEFAULT bldtop_dir srctop_file srctop_dir data_file);
+use OpenSSL::Test qw(:DEFAULT bldtop_dir srctop_file srctop_dir data_file with);
 use OpenSSL::Test::Utils;
 
 BEGIN {
@@ -39,20 +39,26 @@ SKIP: {
 SKIP: {
     skip "Skip EC test because of no ec in this build", 2
         if disabled("ec");
+    with({ exit_checker => sub {my $val = shift; return $val == 134; } },
+    sub {
     ok(run(test(["pairwise_fail_test", "-config", $provconf,
                  "-pairwise", "ec"])),
        "fips provider ec keygen pairwise failure test");
+    });
 
     skip "FIPS provider version is too old", 1
         if !$fips_exit;
+    with({ exit_checker => sub {my $val = shift; return $val == 134; } },
+    sub {
     ok(run(test(["pairwise_fail_test", "-config", $provconf,
                  "-pairwise", "eckat"])),
        "fips provider ec keygen kat failure test");
+    });
 }
 
 SKIP: {
     skip "Skip DSA tests because of no dsa in this build", 2
-        if disabled("dsa");
+        if 1; #if disabled("dsa");
     ok(run(test(["pairwise_fail_test", "-config", $provconf,
                  "-pairwise", "dsa", "-dsaparam", data_file("dsaparam.pem")])),
        "fips provider dsa keygen pairwise failure test");
-- 
2.49.0
- Update to 3.5.0: * Changes: - Default encryption cipher for the req, cms, and smime applications changed from des-ede3-cbc to aes-256-cbc. - The default TLS supported groups list has been changed to include and prefer hybrid PQC KEM groups. Some practically unused groups were removed from the default list. - The default TLS keyshares have been changed to offer X25519MLKEM768 and and X25519. - All BIO_meth_get_() functions were deprecated. New features: - Support for server side QUIC (RFC 9000) - Support for 3rd party QUIC stacks including 0-RTT support - Support for PQC algorithms (ML-KEM, ML-DSA and SLH-DSA) - A new configuration option no-tls-deprecated-ec to disable support for TLS groups deprecated in RFC8422 - A new configuration option enable-fips-jitter to make the FIPS provider to use the JITTER seed source - Support for central key generation in CMP - Support added for opaque symmetric key objects (EVP_SKEY) - Support for multiple TLS keyshares and improved TLS key establishment group configurability - API support for pipelining in provided cipher algorithms * Remove patches: - openssl-3-disable-hmac-hw-acceleration-with-engine-digest.patch - openssl-3-support-CPACF-sha3-shake-perf-improvement.patch - openssl-3-add-defines-CPACF-funcs.patch - openssl-3-fix-memleak-s390x_HMAC_CTX_copy.patch - openssl-3-add-xof-state-handling-s3_absorb.patch - openssl-3-fix-state-handling-sha3_absorb_s390x.patch OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=139 2025-04-16 13:02:20 +00:00			`From ce9fd9a7e822c37229c482febb1f38edbf3d36b7 Mon Sep 17 00:00:00 2001`
			`From: Dmitry Belyavskiy <dbelyavs@redhat.com>`
			`Date: Thu, 7 Mar 2024 17:37:09 +0100`
			`Subject: [PATCH 14/53] RH: skip quic pairwise`

			`Patch-name: 0115-skip-quic-pairwise.patch`
			`Patch-id: 115`
			`Patch-status: \|`
			`# skip quic and pairwise tests temporarily`
			`---`
			`test/quicapitest.c \| 4 +++-`
			`test/recipes/01-test_symbol_presence.t \| 1 +`
			`test/recipes/30-test_pairwise_fail.t \| 10 ++++++++--`
			`3 files changed, 12 insertions(+), 3 deletions(-)`

			`diff --git a/test/quicapitest.c b/test/quicapitest.c`
			`index 4782479cc6..2b41b8259c 100644`
			`--- a/test/quicapitest.c`
			`+++ b/test/quicapitest.c`
			`@@ -2729,7 +2729,9 @@ int setup_tests(void)`
			`ADD_TEST(test_cipher_find);`
			`ADD_TEST(test_version);`
			`#if defined(DO_SSL_TRACE_TEST)`
			`- ADD_TEST(test_ssl_trace);`
			`+ if (is_fips == 0) {`
			`+ ADD_TEST(test_ssl_trace);`
			`+ }`
			`#endif`
			`ADD_TEST(test_quic_forbidden_apis_ctx);`
			`ADD_TEST(test_quic_forbidden_apis);`
			`diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t`
			`index 222b1886ae..7e2f65cccb 100644`
			`--- a/test/recipes/01-test_symbol_presence.t`
			`+++ b/test/recipes/01-test_symbol_presence.t`
			`@@ -185,6 +185,7 @@ foreach (sort keys %stlibname) {`
			`}`
			`}`
			`my @duplicates = sort grep { $symbols{$_} > 1 } keys %symbols;`
			`+@duplicates = grep {($_ ne "OPENSSL_ia32cap_P") && ($_ ne "EVP_CIPHER_CTX_dup") && ($_ ne "EVP_MD_CTX_dup") } @duplicates;`
			`if (@duplicates) {`
			`note "Duplicates:";`
			`note join('\n', @duplicates);`
			`diff --git a/test/recipes/30-test_pairwise_fail.t b/test/recipes/30-test_pairwise_fail.t`
			`index a101a26fb1..43e5396766 100644`
			`--- a/test/recipes/30-test_pairwise_fail.t`
			`+++ b/test/recipes/30-test_pairwise_fail.t`
			`@@ -9,7 +9,7 @@`
			`use strict;`
			`use warnings;`

			`-use OpenSSL::Test qw(:DEFAULT bldtop_dir srctop_file srctop_dir data_file);`
			`+use OpenSSL::Test qw(:DEFAULT bldtop_dir srctop_file srctop_dir data_file with);`
			`use OpenSSL::Test::Utils;`

			`BEGIN {`
			`@@ -39,20 +39,26 @@ SKIP: {`
			`SKIP: {`
			`skip "Skip EC test because of no ec in this build", 2`
			`if disabled("ec");`
			`+ with({ exit_checker => sub {my $val = shift; return $val == 134; } },`
			`+ sub {`
			`ok(run(test(["pairwise_fail_test", "-config", $provconf,`
			`"-pairwise", "ec"])),`
			`"fips provider ec keygen pairwise failure test");`
			`+ });`

			`skip "FIPS provider version is too old", 1`
			`if !$fips_exit;`
			`+ with({ exit_checker => sub {my $val = shift; return $val == 134; } },`
			`+ sub {`
			`ok(run(test(["pairwise_fail_test", "-config", $provconf,`
			`"-pairwise", "eckat"])),`
			`"fips provider ec keygen kat failure test");`
			`+ });`
			`}`

			`SKIP: {`
			`skip "Skip DSA tests because of no dsa in this build", 2`
			`- if disabled("dsa");`
			`+ if 1; #if disabled("dsa");`
			`ok(run(test(["pairwise_fail_test", "-config", $provconf,`
			`"-pairwise", "dsa", "-dsaparam", data_file("dsaparam.pem")])),`
			`"fips provider dsa keygen pairwise failure test");`
			`--`
			`2.49.0`