Backport CMS test fix for FIPS DH/ECDH SHA1.

Related to PR #25517 Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25572)
2024-09-30 14:09:08 +10:00 · 2024-09-30 14:09:08 +10:00 · 0300691dd1
commit 0300691dd1
parent fcca3c3e79
1 changed files with 20 additions and 10 deletions
--- a/test/recipes/80-test_cms.t
+++ b/test/recipes/80-test_cms.t
@ -25,6 +25,7 @@ use lib srctop_dir('Configurations');
 use lib bldtop_dir('.');

 my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
+my $old_fips = 0;

 plan skip_all => "CMS is not supported by this OpenSSL build"
    if disabled("cms");
@ -55,8 +56,12 @@ plan tests => 23;
 ok(run(test(["pkcs7_test"])), "test pkcs7");

 unless ($no_fips) {
-    @config = ( "-config", srctop_file("test", "fips-and-base.cnf") );
+    my $provconf = srctop_file("test", "fips-and-base.cnf");
+    @config = ( "-config", $provconf );
    $provname = 'fips';
+
+    run(test(["fips_version_test", "-config", $provconf, "<3.4.0"]),
+    capture => 1, statusvar => $old_fips);
 }

 $ENV{OPENSSL_TEST_LIBCTX} = "1";
@ -633,18 +638,23 @@ my @smime_cms_param_tests = (
      [ "{cmd2}", @prov, "-decrypt", "-recip", catfile($smdir, "smec2.pem"),
        "-in", "{output}.cms", "-out", "{output}.txt" ],
      \&final_compare
-    ],
-
-    [ "enveloped content test streaming S/MIME format, X9.42 DH",
-      [ "{cmd1}", @prov, "-encrypt", "-in", $smcont,
-        "-stream", "-out", "{output}.cms",
-        "-recip", catfile($smdir, "smdh.pem"), "-aes128" ],
-      [ "{cmd2}", @prov, "-decrypt", "-recip", catfile($smdir, "smdh.pem"),
-        "-in", "{output}.cms", "-out", "{output}.txt" ],
-      \&final_compare
    ]
 );

+if ($no_fips || $old_fips) {
+    # Only SHA1 supported in dh_cms_encrypt()
+    push(@smime_cms_param_tests,
+         [ "enveloped content test streaming S/MIME format, X9.42 DH",
+           [ "{cmd1}", @prov, "-encrypt", "-in", $smcont,
+             "-stream", "-out", "{output}.cms",
+             "-recip", catfile($smdir, "smdh.pem"), "-aes128" ],
+           [ "{cmd2}", @prov, "-decrypt", "-recip", catfile($smdir, "smdh.pem"),
+             "-in", "{output}.cms", "-out", "{output}.txt" ],
+           \&final_compare
+         ]
+    );
+}
+
 my @smime_cms_param_tests_autodigestmax = (
    [ "signed content test streaming PEM format, RSA keys, PSS signature, saltlen=auto-digestmax, digestsize < maximum salt length",
      [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",