diff options
| author | Neil Horman <nhorman@openssl.org> | 2023-08-29 15:42:48 -0400 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2023-09-12 16:00:55 +0200 |
| commit | d739b3e05e749d4310b7310c007a4f3b8d5f8556 (patch) | |
| tree | 64477908423aefc746efc23ebce65b92538c65da /test | |
| parent | 838173b614938dac84cb5273dc4e6e5acd92649e (diff) | |
| download | openssl-d739b3e05e749d4310b7310c007a4f3b8d5f8556.zip openssl-d739b3e05e749d4310b7310c007a4f3b8d5f8556.tar.gz openssl-d739b3e05e749d4310b7310c007a4f3b8d5f8556.tar.bz2 | |
make inability to dup/clone ciphers an error
There should be no reason that a cipher can't be duplicated
Fixes #21887
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21933)
(cherry picked from commit 39d857bb610d25b3de4e414264246ec41753c446)
Diffstat (limited to 'test')
| -rw-r--r-- | test/evp_test.c | 28 |
1 files changed, 22 insertions, 6 deletions
diff --git a/test/evp_test.c b/test/evp_test.c index 280e19c..ce72998 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -709,6 +709,9 @@ static int cipher_test_enc(EVP_TEST *t, int enc, int ok = 0, tmplen, chunklen, tmpflen, i; EVP_CIPHER_CTX *ctx_base = NULL; EVP_CIPHER_CTX *ctx = NULL, *duped; + int fips_dupctx_supported = (fips_provider_version_ge(libctx, 3, 0, 11) + && fips_provider_version_lt(libctx, 3, 1, 0)) + || fips_provider_version_ge(libctx, 3, 1, 3); t->err = "TEST_FAILURE"; if (!TEST_ptr(ctx_base = EVP_CIPHER_CTX_new())) @@ -839,18 +842,30 @@ static int cipher_test_enc(EVP_TEST *t, int enc, /* Test that the cipher dup functions correctly if it is supported */ ERR_set_mark(); - if (EVP_CIPHER_CTX_copy(ctx, ctx_base)) { - EVP_CIPHER_CTX_free(ctx_base); - ctx_base = NULL; - } else { - EVP_CIPHER_CTX_free(ctx); - ctx = ctx_base; + if (!EVP_CIPHER_CTX_copy(ctx, ctx_base)) { + if (fips_dupctx_supported) { + TEST_info("Doing a copy of Cipher %s Fails!\n", + EVP_CIPHER_get0_name(expected->cipher)); + ERR_print_errors_fp(stderr); + goto err; + } else { + TEST_info("Allowing copy fail as an old fips provider is in use."); + } } /* Likewise for dup */ duped = EVP_CIPHER_CTX_dup(ctx); if (duped != NULL) { EVP_CIPHER_CTX_free(ctx); ctx = duped; + } else { + if (fips_dupctx_supported) { + TEST_info("Doing a dup of Cipher %s Fails!\n", + EVP_CIPHER_get0_name(expected->cipher)); + ERR_print_errors_fp(stderr); + goto err; + } else { + TEST_info("Allowing dup fail as an old fips provider is in use."); + } } ERR_pop_to_mark(); @@ -1035,6 +1050,7 @@ static int cipher_test_run(EVP_TEST *t) int rv, frag = 0; size_t out_misalign, inp_misalign; + TEST_info("RUNNING TEST FOR CIPHER %s\n", EVP_CIPHER_get0_name(cdat->cipher)); if (!cdat->key) { t->err = "NO_KEY"; return 0; |