From: Dr. Stephen Henson <steve@openssl.org>
Date: Thu, 16 Oct 2014 03:18:50 +0000 (+0100)
Subject: Don't try 1**0 test with FIPS.
X-Git-Tag: OpenSSL_0_9_8zd~31
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=f33636faf77aa2b8bb96f75b9719cd3f5b41e3ba;p=oweals%2Fopenssl.git

Don't try 1**0 test with FIPS.

The 1**0 test will fail for FIPS capable builds because it uses the
old BIGNUM code in the 1.2 FIPS module which can't be fixed.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
---

diff --git a/crypto/bn/exptest.c b/crypto/bn/exptest.c
index 44a90e2c84..329a05dee2 100644
--- a/crypto/bn/exptest.c
+++ b/crypto/bn/exptest.c
@@ -71,6 +71,11 @@
 
 static const char rnd_seed[] = "string to make the random number generator think it has entropy";
 
+/*
+ * Disabled for FIPS capable builds because they use the FIPS BIGNUM library
+ * which will fail this test.
+ */
+#ifndef OPENSSL_FIPS
 /* test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success. */
 static int test_exp_mod_zero() {
 	BIGNUM a, p, m;
@@ -107,7 +112,7 @@ static int test_exp_mod_zero() {
 
 	return ret;
 }
-
+#endif
 int main(int argc, char *argv[])
 	{
 	BN_CTX *ctx;
@@ -228,10 +233,10 @@ int main(int argc, char *argv[])
 	CRYPTO_mem_leaks(out);
 	BIO_free(out);
 	printf("\n");
-
+#ifndef OPENSSL_FIPS
 	if (test_exp_mod_zero() != 0)
 		goto err;
-
+#endif
 	printf("done\n");
 
 	EXIT(0);