Add 'fips-securitychecks' option and plumb this into the actual fips checks

[openssl.git] / test / recipes / 15-test_rsaoaep.t

diff --git a/test/recipes/15-test_rsaoaep.t b/test/recipes/15-test_rsaoaep.t
index 923e5fdcb8ce752024bdfd6b4aafc726ccd89095..ddbfe84bd702459f60e8ad11554e250efcbc8781 100644 (file)
--- a/test/recipes/15-test_rsaoaep.t
+++ b/test/recipes/15-test_rsaoaep.t
@@ -21,9 +21,10 @@ use lib bldtop_dir('.');
 use platform;
 
 my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
+my $no_check = disabled('fips-securitychecks');
 
 plan tests =>
-    ($no_fips ? 0 : 2)          # FIPS install test
+    ($no_fips ? 0 : 1 + ($no_check ? 0 : 1))          # FIPS install test
     + 9;
 
 my @prov = ( );
@@ -49,17 +50,19 @@ unless ($no_fips) {
        "fipsinstall");
     $ENV{OPENSSL_TEST_LIBCTX} = "1";
 
-    ok(!run(app(['openssl', 'pkeyutl',
-                @prov,
-                '-encrypt',
-                '-in', $msg_file,
-                '-inkey', $small_key_file,
-                '-pkeyopt', 'pad-mode:oaep',
-                '-pkeyopt', 'oaep-label:123',
-                '-pkeyopt', 'digest:sha1',
-                '-pkeyopt', 'mgf1-digest:sha1',
-                '-out', $enc1_file])),
-       "RSA OAEP Encryption with a key smaller than 2048 in fips mode should fail");
+    unless ($no_check) {
+        ok(!run(app(['openssl', 'pkeyutl',
+                    @prov,
+                    '-encrypt',
+                    '-in', $msg_file,
+                    '-inkey', $small_key_file,
+                    '-pkeyopt', 'pad-mode:oaep',
+                    '-pkeyopt', 'oaep-label:123',
+                    '-pkeyopt', 'digest:sha1',
+                    '-pkeyopt', 'mgf1-digest:sha1',
+                    '-out', $enc1_file])),
+           "RSA OAEP Encryption with a key smaller than 2048 in fips mode should fail");
+    }
 }
 
 ok(run(app(['openssl', 'pkeyutl',