Fix default padding regression against 3.0.0 FIPS provider

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19201)

(cherry picked from commit 9684335839fcdeac06d21b06628c4c37117b5478)

diff --git a/test/recipes/30-test_evp_data/evppkey_ffdhe.txt b/test/recipes/30-test_evp_data/evppkey_ffdhe.txt
index 2dc732bfcbc0ebc0d892a211f535e4dce70e8b97..b6b1a8e8a090c2a8851f035a1926a37a0e0f623f 100644 (file)
--- a/test/recipes/30-test_evp_data/evppkey_ffdhe.txt
+++ b/test/recipes/30-test_evp_data/evppkey_ffdhe.txt
@@ -105,6 +105,8 @@ CEKAlg=id-aes128-wrap
 Ctrl = dh_pad:1
 SharedSecret=89A249DF4EE9033B89C2B4E52072A736D94F51143A1ED5C8F1E91FCBEBE09654
 
+# FIPS(3.0.0): allows the padding to be set, later versions do not #17859
+FIPSversion = >3.0.0
 Derive=ffdhe2048-2
 PeerKey=ffdhe2048-1-pub
 KDFType=X942KDF-ASN1