diff options
| author | Shane Lontis <shane.lontis@oracle.com> | 2020-07-22 02:40:55 +0200 |
|---|---|---|
| committer | Shane Lontis <shane.lontis@oracle.com> | 2020-07-22 02:40:55 +0200 |
| commit | 90409da6a520812b0266fcb1303175406dea81fe (patch) | |
| tree | a9d4fcbae513c3daaa7dabb9dce681e30465bd90 | |
| parent | Avoid errors with a priori inapplicable protocol bounds (diff) | |
| download | openssl-90409da6a520812b0266fcb1303175406dea81fe.tar.xz openssl-90409da6a520812b0266fcb1303175406dea81fe.zip | |
Fix provider cipher reinit issue
Fixes #12405
Fixes #12377
Calling Init()/Update() and then Init()/Update() again gave a different result when using the same key and iv.
Cipher modes that were using ctx->num were not resetting this value, this includes OFB, CFB & CTR.
The fix is to reset this value during the ciphers einit() and dinit() methods.
Most ciphers go thru a generic method so one line fixes most cases.
Add test for calling EVP_EncryptInit()/EVP_EncryptUpdate() multiple times for all ciphers.
Ciphers should return the same value for both updates.
DES3-WRAP does not since it uses a random in the update.
CCM modes currently also fail on the second update (This also happens in 1_1_1).
Fix memory leak in AES_OCB cipher if EVP_EncryptInit is called multiple times.
Fix AES_SIV cipher dup_ctx and init.
Calling EVP_CIPHER_init multiple times resulted in a memory leak in the siv.
Fixing this leak also showed that the dup ctx was not working for siv mode.
Note: aes_siv_cleanup() can not be used by aes_siv_dupctx() as it clears data
that is required for the decrypt (e.g the tag).
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12413)
| -rw-r--r-- | crypto/evp/e_aes.c | 2 | ||||
| -rw-r--r-- | crypto/modes/siv128.c | 24 | ||||
| -rw-r--r-- | include/crypto/siv.h | 6 | ||||
| -rw-r--r-- | providers/implementations/ciphers/cipher_aes_ocb_hw.c | 1 | ||||
| -rw-r--r-- | providers/implementations/ciphers/cipher_aes_siv.c | 19 | ||||
| -rw-r--r-- | providers/implementations/ciphers/cipher_aes_siv.h | 4 | ||||
| -rw-r--r-- | providers/implementations/ciphers/cipher_aes_siv_hw.c | 49 | ||||
| -rw-r--r-- | providers/implementations/ciphers/cipher_des.c | 1 | ||||
| -rw-r--r-- | providers/implementations/ciphers/cipher_tdes_common.c | 1 | ||||
| -rw-r--r-- | providers/implementations/ciphers/ciphercommon.c | 2 | ||||
| -rw-r--r-- | test/evp_libctx_test.c | 90 | ||||
| -rw-r--r-- | test/recipes/30-test_evp_libctx.t | 11 |
12 files changed, 185 insertions, 25 deletions
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 05be21901d..c037090695 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -4061,7 +4061,7 @@ static int aes_siv_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, /* klen is the length of the underlying cipher, not the input key, which should be twice as long */ - return CRYPTO_siv128_init(sctx, key, klen, cbc, ctr); + return CRYPTO_siv128_init(sctx, key, klen, cbc, ctr, NULL, NULL); } #define aesni_siv_cipher aes_siv_cipher diff --git a/crypto/modes/siv128.c b/crypto/modes/siv128.c index d3655674b4..27e29c3cc6 100644 --- a/crypto/modes/siv128.c +++ b/crypto/modes/siv128.c @@ -140,13 +140,15 @@ __owur static ossl_inline int siv128_do_encrypt(EVP_CIPHER_CTX *ctx, unsigned ch /* * Create a new SIV128_CONTEXT */ -SIV128_CONTEXT *CRYPTO_siv128_new(const unsigned char *key, int klen, EVP_CIPHER* cbc, EVP_CIPHER* ctr) +SIV128_CONTEXT *CRYPTO_siv128_new(const unsigned char *key, int klen, + EVP_CIPHER *cbc, EVP_CIPHER *ctr, + OPENSSL_CTX *libctx, const char *propq) { SIV128_CONTEXT *ctx; int ret; if ((ctx = OPENSSL_malloc(sizeof(*ctx))) != NULL) { - ret = CRYPTO_siv128_init(ctx, key, klen, cbc, ctr); + ret = CRYPTO_siv128_init(ctx, key, klen, cbc, ctr, libctx, propq); if (ret) return ctx; OPENSSL_free(ctx); @@ -159,7 +161,8 @@ SIV128_CONTEXT *CRYPTO_siv128_new(const unsigned char *key, int klen, EVP_CIPHER * Initialise an existing SIV128_CONTEXT */ int CRYPTO_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen, - const EVP_CIPHER* cbc, const EVP_CIPHER* ctr) + const EVP_CIPHER *cbc, const EVP_CIPHER *ctr, + OPENSSL_CTX *libctx, const char *propq) { static const unsigned char zero[SIV_LEN] = { 0 }; size_t out_len = SIV_LEN; @@ -174,14 +177,17 @@ int CRYPTO_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen, params[2] = OSSL_PARAM_construct_end(); memset(&ctx->d, 0, sizeof(ctx->d)); + EVP_CIPHER_CTX_free(ctx->cipher_ctx); + EVP_MAC_CTX_free(ctx->mac_ctx_init); + EVP_MAC_free(ctx->mac); + ctx->mac = NULL; ctx->cipher_ctx = NULL; ctx->mac_ctx_init = NULL; if (key == NULL || cbc == NULL || ctr == NULL || (ctx->cipher_ctx = EVP_CIPHER_CTX_new()) == NULL - /* TODO(3.0) library context */ || (ctx->mac = - EVP_MAC_fetch(NULL, OSSL_MAC_NAME_CMAC, NULL)) == NULL + EVP_MAC_fetch(libctx, OSSL_MAC_NAME_CMAC, propq)) == NULL || (ctx->mac_ctx_init = EVP_MAC_CTX_new(ctx->mac)) == NULL || !EVP_MAC_CTX_set_params(ctx->mac_ctx_init, params) || !EVP_EncryptInit_ex(ctx->cipher_ctx, ctr, NULL, key + klen, NULL) @@ -209,12 +215,20 @@ int CRYPTO_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen, int CRYPTO_siv128_copy_ctx(SIV128_CONTEXT *dest, SIV128_CONTEXT *src) { memcpy(&dest->d, &src->d, sizeof(src->d)); + if (dest->cipher_ctx == NULL) { + dest->cipher_ctx = EVP_CIPHER_CTX_new(); + if (dest->cipher_ctx == NULL) + return 0; + } if (!EVP_CIPHER_CTX_copy(dest->cipher_ctx, src->cipher_ctx)) return 0; EVP_MAC_CTX_free(dest->mac_ctx_init); dest->mac_ctx_init = EVP_MAC_CTX_dup(src->mac_ctx_init); if (dest->mac_ctx_init == NULL) return 0; + dest->mac = src->mac; + if (dest->mac != NULL) + EVP_MAC_up_ref(dest->mac); return 1; } diff --git a/include/crypto/siv.h b/include/crypto/siv.h index 8a8ef6e15f..9ed8b1b121 100644 --- a/include/crypto/siv.h +++ b/include/crypto/siv.h @@ -12,9 +12,11 @@ typedef struct siv128_context SIV128_CONTEXT; SIV128_CONTEXT *CRYPTO_siv128_new(const unsigned char *key, int klen, - EVP_CIPHER* cbc, EVP_CIPHER* ctr); + EVP_CIPHER *cbc, EVP_CIPHER *ctr, + OPENSSL_CTX *libctx, const char *propq); int CRYPTO_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen, - const EVP_CIPHER* cbc, const EVP_CIPHER* ctr); + const EVP_CIPHER *cbc, const EVP_CIPHER *ctr, + OPENSSL_CTX *libctx, const char *propq); int CRYPTO_siv128_copy_ctx(SIV128_CONTEXT *dest, SIV128_CONTEXT *src); int CRYPTO_siv128_aad(SIV128_CONTEXT *ctx, const unsigned char *aad, size_t len); diff --git a/providers/implementations/ciphers/cipher_aes_ocb_hw.c b/providers/implementations/ciphers/cipher_aes_ocb_hw.c index da82b66fa1..5caca0b1df 100644 --- a/providers/implementations/ciphers/cipher_aes_ocb_hw.c +++ b/providers/implementations/ciphers/cipher_aes_ocb_hw.c @@ -18,6 +18,7 @@ #define OCB_SET_KEY_FN(fn_set_enc_key, fn_set_dec_key, \ fn_block_enc, fn_block_dec, \ fn_stream_enc, fn_stream_dec) \ +CRYPTO_ocb128_cleanup(&ctx->ocb); \ fn_set_enc_key(key, keylen * 8, &ctx->ksenc.ks); \ fn_set_dec_key(key, keylen * 8, &ctx->ksdec.ks); \ if (!CRYPTO_ocb128_init(&ctx->ocb, &ctx->ksenc.ks, &ctx->ksdec.ks, \ diff --git a/providers/implementations/ciphers/cipher_aes_siv.c b/providers/implementations/ciphers/cipher_aes_siv.c index 48bf01649a..84c078da82 100644 --- a/providers/implementations/ciphers/cipher_aes_siv.c +++ b/providers/implementations/ciphers/cipher_aes_siv.c @@ -19,6 +19,7 @@ #include "prov/implementations.h" #include "prov/providercommonerr.h" #include "prov/ciphercommon_aead.h" +#include "prov/provider_ctx.h" #define siv_stream_update siv_cipher #define SIV_FLAGS AEAD_FLAGS @@ -34,6 +35,7 @@ static void *aes_siv_newctx(void *provctx, size_t keybits, unsigned int mode, ctx->flags = flags; ctx->keylen = keybits / 8; ctx->hw = PROV_CIPHER_HW_aes_siv(keybits); + ctx->libctx = PROV_LIBRARY_CONTEXT_OF(provctx); } return ctx; } @@ -48,6 +50,22 @@ static void aes_siv_freectx(void *vctx) } } +static void *siv_dupctx(void *vctx) +{ + PROV_AES_SIV_CTX *in = (PROV_AES_SIV_CTX *)vctx; + PROV_AES_SIV_CTX *ret = OPENSSL_malloc(sizeof(*ret)); + + if (ret == NULL) { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + return NULL; + } + if (!in->hw->dupctx(in, ret)) { + OPENSSL_free(ret); + ret = NULL; + } + return ret; +} + static int siv_init(void *vctx, const unsigned char *key, size_t keylen, const unsigned char *iv, size_t ivlen, int enc) { @@ -219,6 +237,7 @@ static void * alg##kbits##lc##_newctx(void *provctx) \ const OSSL_DISPATCH alg##kbits##lc##_functions[] = { \ { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))alg##kbits##lc##_newctx }, \ { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))alg##_##lc##_freectx }, \ + { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void)) lc##_dupctx }, \ { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void)) lc##_einit }, \ { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void)) lc##_dinit }, \ { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void)) lc##_stream_update }, \ diff --git a/providers/implementations/ciphers/cipher_aes_siv.h b/providers/implementations/ciphers/cipher_aes_siv.h index 05411d7012..3179943f0e 100644 --- a/providers/implementations/ciphers/cipher_aes_siv.h +++ b/providers/implementations/ciphers/cipher_aes_siv.h @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -18,6 +18,7 @@ typedef struct prov_cipher_hw_aes_siv_st { void (*setspeed)(void *ctx, int speed); int (*settag)(void *ctx, const unsigned char *tag, size_t tagl); void (*cleanup)(void *ctx); + int (*dupctx)(void *src, void *dst); } PROV_CIPHER_HW_AES_SIV; typedef struct prov_siv_ctx_st { @@ -30,6 +31,7 @@ typedef struct prov_siv_ctx_st { EVP_CIPHER *ctr; /* These are fetched - so we need to free them */ EVP_CIPHER *cbc; const PROV_CIPHER_HW_AES_SIV *hw; + OPENSSL_CTX *libctx; } PROV_AES_SIV_CTX; const PROV_CIPHER_HW_AES_SIV *PROV_CIPHER_HW_aes_siv(size_t keybits); diff --git a/providers/implementations/ciphers/cipher_aes_siv_hw.c b/providers/implementations/ciphers/cipher_aes_siv_hw.c index ef910dd6f8..547eb1a4c4 100644 --- a/providers/implementations/ciphers/cipher_aes_siv_hw.c +++ b/providers/implementations/ciphers/cipher_aes_siv_hw.c @@ -15,33 +15,63 @@ #include "cipher_aes_siv.h" +static void aes_siv_cleanup(void *vctx); + static int aes_siv_initkey(void *vctx, const unsigned char *key, size_t keylen) { PROV_AES_SIV_CTX *ctx = (PROV_AES_SIV_CTX *)vctx; SIV128_CONTEXT *sctx = &ctx->siv; size_t klen = keylen / 2; + OPENSSL_CTX *libctx = ctx->libctx; + const char *propq = NULL; + + EVP_CIPHER_free(ctx->cbc); + EVP_CIPHER_free(ctx->ctr); + ctx->cbc = NULL; + ctx->ctr = NULL; switch (klen) { case 16: - ctx->cbc = EVP_CIPHER_fetch(NULL, "AES-128-CBC", ""); - ctx->ctr = EVP_CIPHER_fetch(NULL, "AES-128-CTR", ""); + ctx->cbc = EVP_CIPHER_fetch(libctx, "AES-128-CBC", propq); + ctx->ctr = EVP_CIPHER_fetch(libctx, "AES-128-CTR", propq); break; case 24: - ctx->cbc = EVP_CIPHER_fetch(NULL, "AES-192-CBC", ""); - ctx->ctr = EVP_CIPHER_fetch(NULL, "AES-192-CTR", ""); + ctx->cbc = EVP_CIPHER_fetch(libctx, "AES-192-CBC", propq); + ctx->ctr = EVP_CIPHER_fetch(libctx, "AES-192-CTR", propq); break; case 32: - ctx->cbc = EVP_CIPHER_fetch(NULL, "AES-256-CBC", ""); - ctx->ctr = EVP_CIPHER_fetch(NULL, "AES-256-CTR", ""); + ctx->cbc = EVP_CIPHER_fetch(libctx, "AES-256-CBC", propq); + ctx->ctr = EVP_CIPHER_fetch(libctx, "AES-256-CTR", propq); break; default: - return 0; + break; } + if (ctx->cbc == NULL || ctx->ctr == NULL) + return 0; /* * klen is the length of the underlying cipher, not the input key, * which should be twice as long */ - return CRYPTO_siv128_init(sctx, key, klen, ctx->cbc, ctx->ctr); + return CRYPTO_siv128_init(sctx, key, klen, ctx->cbc, ctx->ctr, libctx, + propq); +} + +static int aes_siv_dupctx(void *in_vctx, void *out_vctx) +{ + PROV_AES_SIV_CTX *in = (PROV_AES_SIV_CTX *)in_vctx; + PROV_AES_SIV_CTX *out = (PROV_AES_SIV_CTX *)out_vctx; + + *out = *in; + out->siv.cipher_ctx = NULL; + out->siv.mac_ctx_init = NULL; + out->siv.mac = NULL; + if (!CRYPTO_siv128_copy_ctx(&out->siv, &in->siv)) + return 0; + if (out->cbc != NULL) + EVP_CIPHER_up_ref(out->cbc); + if (out->ctr != NULL) + EVP_CIPHER_up_ref(out->ctr); + return 1; } static int aes_siv_settag(void *vctx, const unsigned char *tag, size_t tagl) @@ -96,7 +126,8 @@ static const PROV_CIPHER_HW_AES_SIV aes_siv_hw = aes_siv_cipher, aes_siv_setspeed, aes_siv_settag, - aes_siv_cleanup + aes_siv_cleanup, + aes_siv_dupctx, }; const PROV_CIPHER_HW_AES_SIV *PROV_CIPHER_HW_aes_siv(size_t keybits) diff --git a/providers/implementations/ciphers/cipher_des.c b/providers/implementations/ciphers/cipher_des.c index 7a60e0501c..9a7c13902f 100644 --- a/providers/implementations/ciphers/cipher_des.c +++ b/providers/implementations/ciphers/cipher_des.c @@ -67,6 +67,7 @@ static int des_init(void *vctx, const unsigned char *key, size_t keylen, { PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; + ctx->num = 0; ctx->enc = enc; if (iv != NULL) { diff --git a/providers/implementations/ciphers/cipher_tdes_common.c b/providers/implementations/ciphers/cipher_tdes_common.c index 6cdc88749c..d2379f741b 100644 --- a/providers/implementations/ciphers/cipher_tdes_common.c +++ b/providers/implementations/ciphers/cipher_tdes_common.c @@ -57,6 +57,7 @@ static int tdes_init(void *vctx, const unsigned char *key, size_t keylen, { PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; + ctx->num = 0; ctx->enc = enc; if (iv != NULL) { diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c index a8905d1242..a3ebd3f7e7 100644 --- a/providers/implementations/ciphers/ciphercommon.c +++ b/providers/implementations/ciphers/ciphercommon.c @@ -149,6 +149,8 @@ static int cipher_generic_init_internal(PROV_CIPHER_CTX *ctx, const unsigned char *iv, size_t ivlen, int enc) { + ctx->num = 0; + ctx->updated = 0; ctx->enc = enc ? 1 : 0; if (iv != NULL && ctx->mode != EVP_CIPH_ECB_MODE) { diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c index 77054f93a2..a9f665842a 100644 --- a/test/evp_libctx_test.c +++ b/test/evp_libctx_test.c @@ -23,13 +23,18 @@ #include <openssl/evp.h> #include <openssl/provider.h> #include <openssl/dsa.h> +#include <openssl/safestack.h> #include "testutil.h" #include "internal/nelem.h" -#include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */ +#include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */ +#include "../e_os.h" /* strcasecmp */ + +DEFINE_STACK_OF_CSTRING() static OPENSSL_CTX *libctx = NULL; static OSSL_PROVIDER *nullprov = NULL; static OSSL_PROVIDER *libprov = NULL; +static STACK_OF(OPENSSL_CSTRING) *cipher_names = NULL; typedef enum OPTION_choice { OPT_ERR = -1, @@ -193,9 +198,83 @@ static int test_dh_safeprime_param_keygen(int tstid) }; return do_dh_param_keygen(tstid, bn); } - #endif /* OPENSSL_NO_DH */ +static int test_cipher_reinit(int test_id) +{ + int ret = 0, out1_len = 0, out2_len = 0, diff, ccm; + EVP_CIPHER *cipher = NULL; + EVP_CIPHER_CTX *ctx = NULL; + unsigned char out1[256]; + unsigned char out2[256]; + unsigned char in[16] = { + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10 + }; + unsigned char key[64] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + }; + unsigned char iv[16] = { + 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, + 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 + }; + const char *name = sk_OPENSSL_CSTRING_value(cipher_names, test_id); + + if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) + goto err; + + TEST_note("Fetching %s\n", name); + if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL))) + goto err; + + /* ccm fails on the second update - this matches OpenSSL 1_1_1 behaviour */ + ccm = (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE); + + /* DES3-WRAP uses random every update - so it will give a different value */ + diff = EVP_CIPHER_is_a(cipher, "DES3-WRAP"); + + if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv)) + || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, sizeof(in))) + || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) + || !TEST_int_eq(EVP_EncryptUpdate(ctx, out2, &out2_len, in, sizeof(in)), + ccm ? 0 : 1)) + goto err; + + if (ccm == 0) { + if (diff) { + if (!TEST_mem_ne(out1, out1_len, out2, out2_len)) + goto err; + } else { + if (!TEST_mem_eq(out1, out1_len, out2, out2_len)) + goto err; + } + } + ret = 1; +err: + EVP_CIPHER_free(cipher); + EVP_CIPHER_CTX_free(ctx); + return ret; +} + +static int name_cmp(const char * const *a, const char * const *b) +{ + return strcasecmp(*a, *b); +} + +static void collect_cipher_names(EVP_CIPHER *cipher, void *cipher_names_list) +{ + STACK_OF(OPENSSL_CSTRING) *names = cipher_names_list; + + sk_OPENSSL_CSTRING_push(names, EVP_CIPHER_name(cipher)); +} + int setup_tests(void) { const char *prov_name = "default"; @@ -242,11 +321,18 @@ int setup_tests(void) #ifndef OPENSSL_NO_DH ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3); #endif + + if (!TEST_ptr(cipher_names = sk_OPENSSL_CSTRING_new(name_cmp))) + return 0; + EVP_CIPHER_do_all_provided(libctx, collect_cipher_names, cipher_names); + + ADD_ALL_TESTS(test_cipher_reinit, sk_OPENSSL_CSTRING_num(cipher_names)); return 1; } void cleanup_tests(void) { + sk_OPENSSL_CSTRING_free(cipher_names); OSSL_PROVIDER_unload(libprov); OPENSSL_CTX_free(libctx); OSSL_PROVIDER_unload(nullprov); diff --git a/test/recipes/30-test_evp_libctx.t b/test/recipes/30-test_evp_libctx.t index 0d0a762900..8c36a9e24e 100644 --- a/test/recipes/30-test_evp_libctx.t +++ b/test/recipes/30-test_evp_libctx.t @@ -27,7 +27,7 @@ my $infile = bldtop_file('providers', platform->dso('fips')); my @test_args = ( ); plan tests => - ($no_fips ? 0 : 1) # FIPS install test + ($no_fips ? 0 : 2) # FIPS install test + 1; unless ($no_fips) { @@ -36,10 +36,11 @@ unless ($no_fips) { ok(run(app(['openssl', 'fipsinstall', '-out', bldtop_file('providers', 'fipsmodule.cnf'), - '-module', $infile, - '-provider_name', 'fips', '-mac_name', 'HMAC', - '-section_name', 'fips_sect'])), + '-module', $infile])), "fipsinstall"); + ok(run(test(["evp_libctx_test", @test_args])), "running fips evp_libctx_test"); } -ok(run(test(["evp_libctx_test", @test_args])), "running evp_libctx_test"); +ok(run(test(["evp_libctx_test", + "-config", srctop_file("test","default-and-legacy.cnf"),])), + "running default-and-legacy evp_libctx_test"); |