Make provider preferential, not mandatory

Apparently Ubuntu has some configuration that tries hard to load a rdrand engine. When the propquery is set to a hard provider=pkcs11 this fails as the tpe of DRBG being sourced becomes incompatible with the mandate property. Soften the test to only prefer the provider so that the operations we care for will come from the pkcs11 provider (we check errors anyway) and we do not get the noise of unrelated failures. Signed-off-by: Simo Sorce <[email protected]>
latchset · May 29, 2024 · a9936e9 · a9936e9
1 parent cf1ca98
commit a9936e9
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/tests/trsapssam b/tests/trsapssam
@@ -10,7 +10,7 @@ sed -e "s/#pkcs11-module-encode-provider-uri-to-pem/pkcs11-module-encode-provide
 OPENSSL_CONF=${OPENSSL_CONF}.rsapss_genpkey
 
 ossl '
-genpkey -propquery "provider=pkcs11"
+genpkey -propquery "?provider=pkcs11"
         -algorithm "RSA-PSS" -pkeyopt "rsa_pss_keygen_md:SHA256"
         -pkeyopt "pkcs11_uri:pkcs11:object=Test-RSA-PSS-Restrictions"'