Project

General

Profile

action #115775

[security][fips][refinement] test fails in openssl_fips_alglist

Added by punkioudi 3 months ago. Updated 23 days ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Refactor/Code Improvements
Target version:
-
Start date:
2022-08-25
Due date:
% Done:

100%

Estimated time:
Difficulty:

Description

Taking a quick look in the comments of the attached bugs for 15-SP4 in the same testsuite, we can probably make some changes in the test as they are marked as WONTFIX.

I think it should be better to discuss it separately in a call and take together the decision :)

Observation

openQA test in scenario sle-15-SP5-Online-x86_64-fips_env_mode_tests_crypt_core@64bit fails in
openssl_fips_alglist

Test suite description

Maintainer: bchou@suse.com.

Workaround for FIPS single module mode

Reproducible

Fails since (at least) Build 15.2 (current job)

Expected result

Last good: (unknown) (or more recent)

Further details

Always latest result in this scenario: latest

History

#1 Updated by openqa_review 3 months ago

This is an autogenerated message for openQA integration by the openqa_review script:

This bug is still referenced in a failing openQA test: fips_env_mode_tests_crypt_core
https://openqa.suse.de/tests/9417419#step/openssl_fips_alglist/1

To prevent further reminder comments one of the following options should be followed:

  1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted
  2. The openQA job group is moved to "Released" or "EOL" (End-of-Life)
  3. The bugref in the openQA scenario is removed or replaced, e.g. label:wontfix:boo1234

Expect the next reminder at the earliest in 28 days if nothing changes in this ticket.

#2 Updated by openqa_review 2 months ago

This is an autogenerated message for openQA integration by the openqa_review script:

This bug is still referenced in a failing openQA test: fips_env_mode_tests_crypt_core
https://openqa.suse.de/tests/9564497#step/openssl_fips_alglist/1

To prevent further reminder comments one of the following options should be followed:

  1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted
  2. The openQA job group is moved to "Released" or "EOL" (End-of-Life)
  3. The bugref in the openQA scenario is removed or replaced, e.g. label:wontfix:boo1234

Expect the next reminder at the earliest in 28 days if nothing changes in this ticket.

#4 Updated by openqa_review about 1 month ago

This is an autogenerated message for openQA integration by the openqa_review script:

This bug is still referenced in a failing openQA test: fips_env_mode_tests_crypt_core
https://openqa.suse.de/tests/9680027#step/openssl_fips_alglist/1

To prevent further reminder comments one of the following options should be followed:

  1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted
  2. The openQA job group is moved to "Released" or "EOL" (End-of-Life)
  3. The bugref in the openQA scenario is removed or replaced, e.g. label:wontfix:boo1234

Expect the next reminder at the earliest in 28 days if nothing changes in this ticket.

#5 Updated by pstivanin about 1 month ago

  • Status changed from New to In Progress
  • Assignee set to pstivanin

#6 Updated by pstivanin about 1 month ago

  • % Done changed from 0 to 90
  • openssl list -cipher-algorithms: remove the related test, since it won't be fixed (see bsc above)
  • openssl list -digest-algorithms: add new algos

The PR (https://github.com/os-autoinst/os-autoinst-distri-opensuse/pull/15786) will stay in WIP until a new build with the latest openssl update (1.1.1l-150400.7.10.5) will come out.

#7 Updated by pstivanin about 1 month ago

  • Status changed from In Progress to Blocked

Setting to blocked until the new build with the new update comes out.

#8 Updated by pstivanin about 1 month ago

  • Status changed from Blocked to In Progress

Build 32.1 is out. Testing it as soon as the qcow2 is generated.

#9 Updated by pstivanin about 1 month ago

Can confirm that the newest build has the needed openssl update (1.1.1l-150400.7.10.5).

#10 Updated by pstivanin about 1 month ago

  • Status changed from In Progress to Resolved
  • % Done changed from 90 to 100

VRs are green, PR merged.

#11 Updated by punkioudi 24 days ago

There are still failures in the latest build, eg: https://openqa.suse.de/tests/9824600#step/openssl_fips_alglist/21
Should we re-open probably the ticket?

#12 Updated by pstivanin 24 days ago

there's something fishy going on. The test fails on 'openssl list -cipher-algorithms', but that code has been removed with my PR. In fact, it's not in the source if you click on the name on the left.

#13 Updated by pstivanin 23 days ago

also, there are failures because the PR was merged after build 32.1 was out

Also available in: Atom PDF