public/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Make the KEM operating mode optional

Browse source 
There is only one operating mode supported for each of RSA, EC and ECX.
We should not require an explicit setting for the obvious default.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26872)
This commit is contained in:
Viktor Dukhovni 2025-02-23 15:21:14 +11:00 committed by Tomas Mraz
parent 53c54b13ac
commit ddd7ecb04b
10 changed files with 42 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

7
test/evp_libctx_test.c
View file

@ -684,9 +684,12 @@ static int kem_rsa_params(void)
&& TEST_int_eq(EVP_PKEY_decapsulate(pubctx, secret, &secretlen, ct,
sizeof(ct)), 0)
&& TEST_uchar_eq(secret[0], 0)
/* Test encapsulate fails if the mode is not set */
/* Test encapsulate succeeds even if the mode is not set */
&& TEST_int_eq(EVP_PKEY_encapsulate_init(pubctx, NULL), 1)
&& TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, &secretlen), -2)
&& TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, &secretlen), 1)
&& TEST_true(ctlen <= sizeof(ct))
&& TEST_true(secretlen <= sizeof(secret))
&& TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, &secretlen), 1)
/* Test setting a bad kem ops fail */
&& TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSA"), 0)
&& TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, NULL), 0)

6
test/evp_pkey_dhkem_test.c
View file

@ -164,7 +164,7 @@ err:
return ret;
}
/* Fail if the operation parameter is not set */
/* Succeed even if the operation parameter is not set */
static int test_no_operation_set(int tstid)
{
EVP_PKEY_CTX *ctx = rctx[tstid];
@ -172,11 +172,11 @@ static int test_no_operation_set(int tstid)
size_t len = 0;
return TEST_int_eq(EVP_PKEY_encapsulate_init(ctx, NULL), 1)
&& TEST_int_eq(EVP_PKEY_encapsulate(ctx, NULL, &len, NULL, NULL), -2)
&& TEST_int_eq(EVP_PKEY_encapsulate(ctx, NULL, &len, NULL, NULL), 1)
&& TEST_int_eq(EVP_PKEY_decapsulate_init(ctx, NULL), 1)
&& TEST_int_eq(EVP_PKEY_decapsulate(ctx, NULL, &len,
t->expected_enc,
t->expected_enclen), -2);
t->expected_enclen), 1);
}
/* Fail if the ikm is too small */

6
test/recipes/20-test_pkeyutl.t
View file

@ -241,17 +241,17 @@ SKIP: {
if disabled("rsa"); # Note "rsa" isn't (yet?) disablable.
# Self-compat
ok(run(app(([ 'openssl', 'pkeyutl', '-encap', '-kemop', 'RSASVE',
ok(run(app(([ 'openssl', 'pkeyutl', '-encap',
'-inkey', srctop_file('test', 'testrsa2048pub.pem'),
'-out', 'encap_out.bin', '-secret', 'secret.bin']))),
"RSA pubkey encapsulation");
ok(run(app(([ 'openssl', 'pkeyutl', '-decap', '-kemop', 'RSASVE',
ok(run(app(([ 'openssl', 'pkeyutl', '-decap',
'-inkey', srctop_file('test', 'testrsa2048.pem'),
'-in', 'encap_out.bin', '-secret', 'decap_secret.bin']))),
"RSA pubkey decapsulation");
is(compare("secret.bin", "decap_secret.bin"), 0, "Secret is correctly decapsulated");
# Legacy CLI with decap output written to '-out'
# Legacy CLI with decap output written to '-out' and with '-kemop` specified
ok(run(app(([ 'openssl', 'pkeyutl', '-decap', '-kemop', 'RSASVE',
'-inkey', srctop_file('test', 'testrsa2048.pem'),
'-in', 'encap_out.bin', '-out', 'decap_out.bin']))),