diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2021-06-03 19:09:38 +1000 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2021-06-08 15:16:06 +1000 |
commit | f41fd10d90fb5202f4c05f8842b4a4f25afd51d0 (patch) | |
tree | 09106bd79af443731ff67bee224ec5609d632c7a /test | |
parent | 5135a9bd9280301a24640a6bf5125c144e28cfdd (diff) | |
download | openssl-new-f41fd10d90fb5202f4c05f8842b4a4f25afd51d0.tar.gz |
Add a gettable for provider ciphers to return the EVP_CIPH_RAND_KEY flag
Fixes #15531
DES and TDES set this flag which could possibly be used by applications.
The gettable cipher param OSSL_CIPHER_PARAM_HAS_RAND_KEY has been added.
Note that EVP_CIPHER_CTX_rand_key() uses this flag.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15606)
Diffstat (limited to 'test')
-rw-r--r-- | test/evp_libctx_test.c | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c index b9794b6b7d..bfbbafdbab 100644 --- a/test/evp_libctx_test.c +++ b/test/evp_libctx_test.c @@ -557,6 +557,33 @@ static int kem_rsa_gen_recover(void) return ret; } +#ifndef OPENSSL_NO_DES +/* + * This test makes sure that EVP_CIPHER_CTX_rand_key() works correctly + * For fips mode this code would produce an error if the flag is not set. + */ +static int test_cipher_tdes_randkey(void) +{ + int ret; + EVP_CIPHER_CTX *ctx = NULL; + EVP_CIPHER *tdes_cipher = NULL, *aes_cipher = NULL; + unsigned char key[24] = { 0 }; + + ret = TEST_ptr(aes_cipher = EVP_CIPHER_fetch(libctx, "AES-256-CBC", NULL)) + && TEST_int_eq(EVP_CIPHER_get_flags(aes_cipher) & EVP_CIPH_RAND_KEY, 0) + && TEST_ptr(tdes_cipher = EVP_CIPHER_fetch(libctx, "DES-EDE3-CBC", NULL)) + && TEST_int_ne(EVP_CIPHER_get_flags(tdes_cipher) & EVP_CIPH_RAND_KEY, 0) + && TEST_ptr(ctx = EVP_CIPHER_CTX_new()) + && TEST_true(EVP_CipherInit_ex(ctx, tdes_cipher, NULL, NULL, NULL, 1)) + && TEST_true(EVP_CIPHER_CTX_rand_key(ctx, key)); + + EVP_CIPHER_CTX_free(ctx); + EVP_CIPHER_free(tdes_cipher); + EVP_CIPHER_free(aes_cipher); + return ret; +} +#endif /* OPENSSL_NO_DES */ + static int kem_rsa_params(void) { int ret = 0; @@ -717,6 +744,9 @@ int setup_tests(void) #ifndef OPENSSL_NO_DH ADD_TEST(kem_invalid_keytype); #endif +#ifndef OPENSSL_NO_DES + ADD_TEST(test_cipher_tdes_randkey); +#endif return 1; } |