testing/openssl-3
SHA256
7
0
Fork 0
forked from pool/openssl-3
Code Pull Requests Activity
Files
main
openssl-3/openssl-skip-quic-pairwise.patch
Pedro Monreal Gonzalez 8a00581af4 - Update to 3.5.0: 
* Changes:
    - Default encryption cipher for the req, cms, and smime applications
      changed from des-ede3-cbc to aes-256-cbc.
    - The default TLS supported groups list has been changed to include
      and prefer hybrid PQC KEM groups. Some practically unused groups
      were removed from the default list.
    - The default TLS keyshares have been changed to offer X25519MLKEM768
      and and X25519.
    - All BIO_meth_get_*() functions were deprecated.
  * New features:
    - Support for server side QUIC (RFC 9000)
    - Support for 3rd party QUIC stacks including 0-RTT support
    - Support for PQC algorithms (ML-KEM, ML-DSA and SLH-DSA)
    - A new configuration option no-tls-deprecated-ec to disable support
      for TLS groups deprecated in RFC8422
    - A new configuration option enable-fips-jitter to make the FIPS
      provider to use the JITTER seed source
    - Support for central key generation in CMP
    - Support added for opaque symmetric key objects (EVP_SKEY)
    - Support for multiple TLS keyshares and improved TLS key establishment
      group configurability
    - API support for pipelining in provided cipher algorithms
  * Remove patches:
    - openssl-3-disable-hmac-hw-acceleration-with-engine-digest.patch
    - openssl-3-support-CPACF-sha3-shake-perf-improvement.patch
    - openssl-3-add-defines-CPACF-funcs.patch
    - openssl-3-fix-memleak-s390x_HMAC_CTX_copy.patch
    - openssl-3-add-xof-state-handling-s3_absorb.patch
    - openssl-3-fix-state-handling-sha3_absorb_s390x.patch

OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=139
2025-04-16 13:02:20 +00:00

87 lines
3.0 KiB
Diff
Raw Permalink Blame History

From ce9fd9a7e822c37229c482febb1f38edbf3d36b7 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Thu, 7 Mar 2024 17:37:09 +0100
Subject: [PATCH 14/53] RH: skip quic pairwise
Patch-name: 0115-skip-quic-pairwise.patch
Patch-id: 115
Patch-status: |
# skip quic and pairwise tests temporarily
---
test/quicapitest.c | 4 +++-
test/recipes/01-test_symbol_presence.t | 1 +
test/recipes/30-test_pairwise_fail.t | 10 ++++++++--
3 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/test/quicapitest.c b/test/quicapitest.c
index 4782479cc6..2b41b8259c 100644
--- a/test/quicapitest.c
+++ b/test/quicapitest.c
@@ -2729,7 +2729,9 @@ int setup_tests(void)
ADD_TEST(test_cipher_find);
ADD_TEST(test_version);
#if defined(DO_SSL_TRACE_TEST)
- ADD_TEST(test_ssl_trace);
+ if (is_fips == 0) {
+ ADD_TEST(test_ssl_trace);
+ }
#endif
ADD_TEST(test_quic_forbidden_apis_ctx);
ADD_TEST(test_quic_forbidden_apis);
diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t
index 222b1886ae..7e2f65cccb 100644
--- a/test/recipes/01-test_symbol_presence.t
+++ b/test/recipes/01-test_symbol_presence.t
@@ -185,6 +185,7 @@ foreach (sort keys %stlibname) {
}
}
my @duplicates = sort grep { $symbols{$_} > 1 } keys %symbols;
+@duplicates = grep {($_ ne "OPENSSL_ia32cap_P") && ($_ ne "EVP_CIPHER_CTX_dup") && ($_ ne "EVP_MD_CTX_dup") } @duplicates;
if (@duplicates) {
note "Duplicates:";
note join('\n', @duplicates);
diff --git a/test/recipes/30-test_pairwise_fail.t b/test/recipes/30-test_pairwise_fail.t
index a101a26fb1..43e5396766 100644
--- a/test/recipes/30-test_pairwise_fail.t
+++ b/test/recipes/30-test_pairwise_fail.t
@@ -9,7 +9,7 @@
use strict;
use warnings;
-use OpenSSL::Test qw(:DEFAULT bldtop_dir srctop_file srctop_dir data_file);
+use OpenSSL::Test qw(:DEFAULT bldtop_dir srctop_file srctop_dir data_file with);
use OpenSSL::Test::Utils;
BEGIN {
@@ -39,20 +39,26 @@ SKIP: {
SKIP: {
skip "Skip EC test because of no ec in this build", 2
if disabled("ec");
+ with({ exit_checker => sub {my $val = shift; return $val == 134; } },
+ sub {
ok(run(test(["pairwise_fail_test", "-config", $provconf,
"-pairwise", "ec"])),
"fips provider ec keygen pairwise failure test");
+ });
skip "FIPS provider version is too old", 1
if !$fips_exit;
+ with({ exit_checker => sub {my $val = shift; return $val == 134; } },
+ sub {
ok(run(test(["pairwise_fail_test", "-config", $provconf,
"-pairwise", "eckat"])),
"fips provider ec keygen kat failure test");
+ });
}
SKIP: {
skip "Skip DSA tests because of no dsa in this build", 2
- if disabled("dsa");
+ if 1; #if disabled("dsa");
ok(run(test(["pairwise_fail_test", "-config", $provconf,
"-pairwise", "dsa", "-dsaparam", data_file("dsaparam.pem")])),
"fips provider dsa keygen pairwise failure test");
--
2.49.0
View Git Blame Copy Permalink