Update expected openssl digests lists for tumbleweed

SUSE · Aug 8, 2023 · b2b8ed2 · b2b8ed2
1 parent f6f1f2b
commit b2b8ed2
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 10 deletions.
diff --git a/bci_tester/fips.py b/bci_tester/fips.py
@@ -1,16 +1,14 @@
 """Module containing utility functions & constants for FIPS compliant digests."""
 import os
 
+from bci_tester.data import OS_VERSION
+
 #: openssl digests that are not FIPS compliant
-NONFIPS_DIGESTS = (
-    "blake2b512",
-    "blake2s256",
-    "md4",
-    "md5",
-    "mdc2",
-    "rmd160",
-    "sm3",
-)
+NONFIPS_DIGESTS = ("blake2b512", "blake2s256", "md5", "rmd160", "sm3")
+
+# OpenSSL 3.x in Tumbleweed dropped those as they're beyond deprecated
+if OS_VERSION != "tumbleweed":
+    NONFIPS_DIGESTS += ("md4", "mdc2")
 
 #: FIPS compliant openssl digests
 FIPS_DIGESTS = (
@@ -32,6 +30,8 @@
 #: all digests supported by openssl
 ALL_DIGESTS = NONFIPS_DIGESTS + FIPS_DIGESTS
 
+assert len(set(ALL_DIGESTS)) == len(ALL_DIGESTS)
+
 
 def host_fips_supported(
     fipsfile: str = "/proc/sys/crypto/fips_enabled",

diff --git a/tests/test_base.py b/tests/test_base.py
@@ -88,9 +88,11 @@ def test_all_openssl_hashes_known(auto_container):
         .stdout.strip()
         .split()
     )
+    EXPECTED_DIGEST_LIST = ALL_DIGESTS
     # gost is not supported to generate digests, but it appears in:
     # openssl list --digest-commands
-    EXPECTED_DIGEST_LIST = ALL_DIGESTS + ("gost",)
+    if OS_VERSION != "tumbleweed":
+        EXPECTED_DIGEST_LIST += ("gost",)
     assert len(hashes) == len(EXPECTED_DIGEST_LIST)
     assert set(hashes) == set(EXPECTED_DIGEST_LIST)