From f33636faf77aa2b8bb96f75b9719cd3f5b41e3ba Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 16 Oct 2014 04:18:50 +0100 Subject: [PATCH] Don't try 1**0 test with FIPS. MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The 1**0 test will fail for FIPS capable builds because it uses the old BIGNUM code in the 1.2 FIPS module which can't be fixed. Reviewed-by: Emilia Käsper --- crypto/bn/exptest.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/crypto/bn/exptest.c b/crypto/bn/exptest.c index 44a90e2c84..329a05dee2 100644 --- a/crypto/bn/exptest.c +++ b/crypto/bn/exptest.c @@ -71,6 +71,11 @@ static const char rnd_seed[] = "string to make the random number generator think it has entropy"; +/* + * Disabled for FIPS capable builds because they use the FIPS BIGNUM library + * which will fail this test. + */ +#ifndef OPENSSL_FIPS /* test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success. */ static int test_exp_mod_zero() { BIGNUM a, p, m; @@ -107,7 +112,7 @@ static int test_exp_mod_zero() { return ret; } - +#endif int main(int argc, char *argv[]) { BN_CTX *ctx; @@ -228,10 +233,10 @@ int main(int argc, char *argv[]) CRYPTO_mem_leaks(out); BIO_free(out); printf("\n"); - +#ifndef OPENSSL_FIPS if (test_exp_mod_zero() != 0) goto err; - +#endif printf("done\n"); EXIT(0); -- 2.25.1