use platform;
my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
+my $no_check = disabled('fips-securitychecks');
plan tests =>
- ($no_fips ? 0 : 2) # FIPS install test
+ ($no_fips ? 0 : 1 + ($no_check ? 0 : 1)) # FIPS install test
+ 9;
my @prov = ( );
"fipsinstall");
$ENV{OPENSSL_TEST_LIBCTX} = "1";
- ok(!run(app(['openssl', 'pkeyutl',
- @prov,
- '-encrypt',
- '-in', $msg_file,
- '-inkey', $small_key_file,
- '-pkeyopt', 'pad-mode:oaep',
- '-pkeyopt', 'oaep-label:123',
- '-pkeyopt', 'digest:sha1',
- '-pkeyopt', 'mgf1-digest:sha1',
- '-out', $enc1_file])),
- "RSA OAEP Encryption with a key smaller than 2048 in fips mode should fail");
+ unless ($no_check) {
+ ok(!run(app(['openssl', 'pkeyutl',
+ @prov,
+ '-encrypt',
+ '-in', $msg_file,
+ '-inkey', $small_key_file,
+ '-pkeyopt', 'pad-mode:oaep',
+ '-pkeyopt', 'oaep-label:123',
+ '-pkeyopt', 'digest:sha1',
+ '-pkeyopt', 'mgf1-digest:sha1',
+ '-out', $enc1_file])),
+ "RSA OAEP Encryption with a key smaller than 2048 in fips mode should fail");
+ }
}
ok(run(app(['openssl', 'pkeyutl',