make inability to dup/clone ciphers an error

There should be no reason that a cipher can't be duplicated Fixes #21887 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21933)
author: Neil Horman <nhorman@openssl.org> 2023-08-29 15:42:48 -0400
committer: Tomas Mraz <tomas@openssl.org> 2023-09-12 15:59:11 +0200
commit: 39d857bb610d25b3de4e414264246ec41753c446 (patch)
tree: 94e5889d2b7be8193820edeb012acda48e434893
parent: 9912dfb98c9c2b10c83c5ca4b5136232568ad664 (diff)
1 files changed, 22 insertions, 6 deletions
diff --git a/test/evp_test.c b/test/evp_test.c
index ea1ca65bcd..7447435f06 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -735,6 +735,9 @@ static int cipher_test_enc(EVP_TEST *t, int enc, size_t out_misalign,
     int ok = 0, tmplen, chunklen, tmpflen, i;
     EVP_CIPHER_CTX *ctx_base = NULL;
     EVP_CIPHER_CTX *ctx = NULL, *duped;
+    int fips_dupctx_supported = (fips_provider_version_ge(libctx, 3, 0, 11)
+                                && fips_provider_version_lt(libctx, 3, 1, 0))
+                                || fips_provider_version_ge(libctx, 3, 1, 3);
 
     t->err = "TEST_FAILURE";
     if (!TEST_ptr(ctx_base = EVP_CIPHER_CTX_new()))
@@ -865,18 +868,30 @@ static int cipher_test_enc(EVP_TEST *t, int enc, size_t out_misalign,
 
     /* Test that the cipher dup functions correctly if it is supported */
     ERR_set_mark();
-    if (EVP_CIPHER_CTX_copy(ctx, ctx_base)) {
-        EVP_CIPHER_CTX_free(ctx_base);
-        ctx_base = NULL;
-    } else {
-        EVP_CIPHER_CTX_free(ctx);
-        ctx = ctx_base;
+    if (!EVP_CIPHER_CTX_copy(ctx, ctx_base)) {
+        if (fips_dupctx_supported) {
+            TEST_info("Doing a copy of Cipher %s Fails!\n",
+                      EVP_CIPHER_get0_name(expected->cipher));
+            ERR_print_errors_fp(stderr);
+            goto err;
+        } else {
+            TEST_info("Allowing copy fail as an old fips provider is in use.");
+        }
     }
     /* Likewise for dup */
     duped = EVP_CIPHER_CTX_dup(ctx);
     if (duped != NULL) {
         EVP_CIPHER_CTX_free(ctx);
         ctx = duped;
+    } else {
+        if (fips_dupctx_supported) {
+            TEST_info("Doing a dup of Cipher %s Fails!\n",
+                      EVP_CIPHER_get0_name(expected->cipher));
+            ERR_print_errors_fp(stderr);
+            goto err;
+        } else {
+            TEST_info("Allowing dup fail as an old fips provider is in use.");
+        }
     }
     ERR_pop_to_mark();
 
@@ -1089,6 +1104,7 @@ static int cipher_test_run(EVP_TEST *t)
     int rv, frag, fragmax, in_place;
     size_t out_misalign, inp_misalign;
 
+    TEST_info("RUNNING TEST FOR CIPHER %s\n", EVP_CIPHER_get0_name(cdat->cipher));
     if (!cdat->key) {
         t->err = "NO_KEY";
         return 0;
author	Neil Horman <nhorman@openssl.org>	2023-08-29 15:42:48 -0400
committer	Tomas Mraz <tomas@openssl.org>	2023-09-12 15:59:11 +0200
commit	39d857bb610d25b3de4e414264246ec41753c446 (patch)
tree	94e5889d2b7be8193820edeb012acda48e434893
parent	9912dfb98c9c2b10c83c5ca4b5136232568ad664 (diff)