From a60f6b78ec63dc4f734cd824bc1be94f0e23c724 Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Sun, 15 Sep 2024 17:31:57 +0200 Subject: [PATCH 1/4] disable tmp OID generation Signed-off-by: Michael Baentsch <57787676+baentsch@users.noreply.github.com> --- ALGORITHMS.md | 92 +++++++++--------- oqs-template/generate.py | 8 +- .../oqsprov.c/assign_sig_oids.fragment | 8 ++ oqsprov/oqsprov.c | 94 ++++++++++--------- 4 files changed, 110 insertions(+), 92 deletions(-) diff --git a/ALGORITHMS.md b/ALGORITHMS.md index 236cef8a..5969ee75 100644 --- a/ALGORITHMS.md +++ b/ALGORITHMS.md @@ -146,6 +146,10 @@ OQS_CODEPOINT_X25519_KYBER512=65072 ./openssl/apps/openssl s_client -groups x25 Along the same lines as the code points, X.509 OIDs may be subject to change prior to final standardization. The environment variables below permit adapting the OIDs of all supported signature algorithms as per the table below. +OIDs denoted with NULL are not maintained and may lead to errors in code +execution. Anyone interested in using an algorithm with such designation is +requested to contribute to the maintenance of these OIDs along the lines +discussed in https://github.com/open-quantum-safe/oqs-provider/issues/351. |Algorithm name | default OID | enabled | environment variable | @@ -228,58 +232,58 @@ If [OQS_KEM_ENCODERS](CONFIGURE.md#OQS_KEM_ENCODERS) is enabled the following li |Algorithm name | default OID | environment variable | |---------------|:-----------------:|----------------------| -| frodo640aes | 1.3.9999.99.61 | OQS_OID_FRODO640AES -| p256_frodo640aes | 1.3.9999.99.60 | OQS_OID_P256_FRODO640AES -| x25519_frodo640aes | 1.3.9999.99.45 | OQS_OID_X25519_FRODO640AES -| frodo640shake | 1.3.9999.99.63 | OQS_OID_FRODO640SHAKE -| p256_frodo640shake | 1.3.9999.99.62 | OQS_OID_P256_FRODO640SHAKE -| x25519_frodo640shake | 1.3.9999.99.46 | OQS_OID_X25519_FRODO640SHAKE -| frodo976aes | 1.3.9999.99.65 | OQS_OID_FRODO976AES -| p384_frodo976aes | 1.3.9999.99.64 | OQS_OID_P384_FRODO976AES -| x448_frodo976aes | 1.3.9999.99.47 | OQS_OID_X448_FRODO976AES -| frodo976shake | 1.3.9999.99.67 | OQS_OID_FRODO976SHAKE -| p384_frodo976shake | 1.3.9999.99.66 | OQS_OID_P384_FRODO976SHAKE -| x448_frodo976shake | 1.3.9999.99.48 | OQS_OID_X448_FRODO976SHAKE -| frodo1344aes | 1.3.9999.99.69 | OQS_OID_FRODO1344AES -| p521_frodo1344aes | 1.3.9999.99.68 | OQS_OID_P521_FRODO1344AES -| frodo1344shake | 1.3.9999.99.71 | OQS_OID_FRODO1344SHAKE -| p521_frodo1344shake | 1.3.9999.99.70 | OQS_OID_P521_FRODO1344SHAKE +| frodo640aes | NULL | OQS_OID_FRODO640AES +| p256_frodo640aes | NULL | OQS_OID_P256_FRODO640AES +| x25519_frodo640aes | NULL | OQS_OID_X25519_FRODO640AES +| frodo640shake | NULL | OQS_OID_FRODO640SHAKE +| p256_frodo640shake | NULL | OQS_OID_P256_FRODO640SHAKE +| x25519_frodo640shake | NULL | OQS_OID_X25519_FRODO640SHAKE +| frodo976aes | NULL | OQS_OID_FRODO976AES +| p384_frodo976aes | NULL | OQS_OID_P384_FRODO976AES +| x448_frodo976aes | NULL | OQS_OID_X448_FRODO976AES +| frodo976shake | NULL | OQS_OID_FRODO976SHAKE +| p384_frodo976shake | NULL | OQS_OID_P384_FRODO976SHAKE +| x448_frodo976shake | NULL | OQS_OID_X448_FRODO976SHAKE +| frodo1344aes | NULL | OQS_OID_FRODO1344AES +| p521_frodo1344aes | NULL | OQS_OID_P521_FRODO1344AES +| frodo1344shake | NULL | OQS_OID_FRODO1344SHAKE +| p521_frodo1344shake | NULL | OQS_OID_P521_FRODO1344SHAKE | kyber512 | 1.3.6.1.4.1.2.267.8.2.2 | OQS_OID_KYBER512 -| p256_kyber512 | 1.3.9999.99.72 | OQS_OID_P256_KYBER512 -| x25519_kyber512 | 1.3.9999.99.49 | OQS_OID_X25519_KYBER512 +| p256_kyber512 | NULL | OQS_OID_P256_KYBER512 +| x25519_kyber512 | NULL | OQS_OID_X25519_KYBER512 | kyber768 | 1.3.6.1.4.1.2.267.8.3.3 | OQS_OID_KYBER768 -| p384_kyber768 | 1.3.9999.99.73 | OQS_OID_P384_KYBER768 -| x448_kyber768 | 1.3.9999.99.50 | OQS_OID_X448_KYBER768 -| x25519_kyber768 | 1.3.9999.99.51 | OQS_OID_X25519_KYBER768 -| p256_kyber768 | 1.3.9999.99.52 | OQS_OID_P256_KYBER768 +| p384_kyber768 | NULL | OQS_OID_P384_KYBER768 +| x448_kyber768 | NULL | OQS_OID_X448_KYBER768 +| x25519_kyber768 | NULL | OQS_OID_X25519_KYBER768 +| p256_kyber768 | NULL | OQS_OID_P256_KYBER768 | kyber1024 | 1.3.6.1.4.1.2.267.8.4.4 | OQS_OID_KYBER1024 -| p521_kyber1024 | 1.3.9999.99.74 | OQS_OID_P521_KYBER1024 +| p521_kyber1024 | NULL | OQS_OID_P521_KYBER1024 | mlkem512 | 2.16.840.1.101.3.4.4.1 | OQS_OID_MLKEM512 | p256_mlkem512 | 1.3.6.1.4.1.22554.5.7.1 | OQS_OID_P256_MLKEM512 | x25519_mlkem512 | 1.3.6.1.4.1.22554.5.8.1 | OQS_OID_X25519_MLKEM512 | mlkem768 | 2.16.840.1.101.3.4.4.2 | OQS_OID_MLKEM768 -| p384_mlkem768 | 1.3.9999.99.75 | OQS_OID_P384_MLKEM768 -| x448_mlkem768 | 1.3.9999.99.53 | OQS_OID_X448_MLKEM768 -| x25519_mlkem768 | 1.3.9999.99.54 | OQS_OID_X25519_MLKEM768 -| p256_mlkem768 | 1.3.9999.99.55 | OQS_OID_P256_MLKEM768 +| p384_mlkem768 | NULL | OQS_OID_P384_MLKEM768 +| x448_mlkem768 | NULL | OQS_OID_X448_MLKEM768 +| x25519_mlkem768 | NULL | OQS_OID_X25519_MLKEM768 +| p256_mlkem768 | NULL | OQS_OID_P256_MLKEM768 | mlkem1024 | 2.16.840.1.101.3.4.4.3 | OQS_OID_MLKEM1024 -| p521_mlkem1024 | 1.3.9999.99.76 | OQS_OID_P521_MLKEM1024 +| p521_mlkem1024 | NULL | OQS_OID_P521_MLKEM1024 | p384_mlkem1024 | 1.3.6.1.4.1.42235.6 | OQS_OID_P384_MLKEM1024 -| bikel1 | 1.3.9999.99.78 | OQS_OID_BIKEL1 -| p256_bikel1 | 1.3.9999.99.77 | OQS_OID_P256_BIKEL1 -| x25519_bikel1 | 1.3.9999.99.56 | OQS_OID_X25519_BIKEL1 -| bikel3 | 1.3.9999.99.80 | OQS_OID_BIKEL3 -| p384_bikel3 | 1.3.9999.99.79 | OQS_OID_P384_BIKEL3 -| x448_bikel3 | 1.3.9999.99.57 | OQS_OID_X448_BIKEL3 -| bikel5 | 1.3.9999.99.82 | OQS_OID_BIKEL5 -| p521_bikel5 | 1.3.9999.99.81 | OQS_OID_P521_BIKEL5 -| hqc128 | 1.3.9999.99.84 | OQS_OID_HQC128 -| p256_hqc128 | 1.3.9999.99.83 | OQS_OID_P256_HQC128 -| x25519_hqc128 | 1.3.9999.99.58 | OQS_OID_X25519_HQC128 -| hqc192 | 1.3.9999.99.86 | OQS_OID_HQC192 -| p384_hqc192 | 1.3.9999.99.85 | OQS_OID_P384_HQC192 -| x448_hqc192 | 1.3.9999.99.59 | OQS_OID_X448_HQC192 -| hqc256 | 1.3.9999.99.88 | OQS_OID_HQC256 -| p521_hqc256 | 1.3.9999.99.87 | OQS_OID_P521_HQC256 +| bikel1 | NULL | OQS_OID_BIKEL1 +| p256_bikel1 | NULL | OQS_OID_P256_BIKEL1 +| x25519_bikel1 | NULL | OQS_OID_X25519_BIKEL1 +| bikel3 | NULL | OQS_OID_BIKEL3 +| p384_bikel3 | NULL | OQS_OID_P384_BIKEL3 +| x448_bikel3 | NULL | OQS_OID_X448_BIKEL3 +| bikel5 | NULL | OQS_OID_BIKEL5 +| p521_bikel5 | NULL | OQS_OID_P521_BIKEL5 +| hqc128 | NULL | OQS_OID_HQC128 +| p256_hqc128 | NULL | OQS_OID_P256_HQC128 +| x25519_hqc128 | NULL | OQS_OID_X25519_HQC128 +| hqc192 | NULL | OQS_OID_HQC192 +| p384_hqc192 | NULL | OQS_OID_P384_HQC192 +| x448_hqc192 | NULL | OQS_OID_X448_HQC192 +| hqc256 | NULL | OQS_OID_HQC256 +| p521_hqc256 | NULL | OQS_OID_P521_HQC256 diff --git a/oqs-template/generate.py b/oqs-template/generate.py index b36433ff..e6091874 100644 --- a/oqs-template/generate.py +++ b/oqs-template/generate.py @@ -93,9 +93,11 @@ def nist_to_bits(nistlevel): return None def get_tmp_kem_oid(): - global kemoidcnt - kemoidcnt = kemoidcnt+1 - return "1.3.9999.99."+str(kemoidcnt) + # doesn't work for runs on different files: + # global kemoidcnt + # kemoidcnt = kemoidcnt+1 + # return "1.3.9999.99."+str(kemoidcnt) + return "NULL" def complete_config(config): for kem in config['kems']: diff --git a/oqs-template/oqsprov/oqsprov.c/assign_sig_oids.fragment b/oqs-template/oqsprov/oqsprov.c/assign_sig_oids.fragment index 21af9c85..2012d8b0 100644 --- a/oqs-template/oqsprov/oqsprov.c/assign_sig_oids.fragment +++ b/oqs-template/oqsprov/oqsprov.c/assign_sig_oids.fragment @@ -29,9 +29,17 @@ const char* oqs_oid_alg_list[OQS_OID_CNT] = #ifdef OQS_KEM_ENCODERS {% for kem in config['kems'] %} +{%- if kem['oid'] == "NULL" -%} +NULL, "{{ kem['name_group'] }}", +{%- else -%} "{{ kem['oid'] }}", "{{ kem['name_group'] }}", +{%- endif -%} {%- for hybrid in kem['hybrids'] %} +{%- if hybrid['hybrid_oid'] == "NULL" -%} +NULL, "{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}", +{%- else -%} "{{hybrid['hybrid_oid']}}", "{{hybrid['hybrid_group']}}_{{ kem['name_group'] }}", +{%- endif -%} {%- endfor -%} {%- endfor %} diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index b95a1741..2a02899c 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -58,58 +58,57 @@ extern OSSL_FUNC_provider_get_capabilities_fn oqs_provider_get_capabilities; const char *oqs_oid_alg_list[OQS_OID_CNT] = { #ifdef OQS_KEM_ENCODERS - - "1.3.9999.99.17", + NULL, "frodo640aes", - "1.3.9999.99.16", + NULL, "p256_frodo640aes", - "1.3.9999.99.1", + NULL, "x25519_frodo640aes", - "1.3.9999.99.19", + NULL, "frodo640shake", - "1.3.9999.99.18", + NULL, "p256_frodo640shake", - "1.3.9999.99.2", + NULL, "x25519_frodo640shake", - "1.3.9999.99.21", + NULL, "frodo976aes", - "1.3.9999.99.20", + NULL, "p384_frodo976aes", - "1.3.9999.99.3", + NULL, "x448_frodo976aes", - "1.3.9999.99.23", + NULL, "frodo976shake", - "1.3.9999.99.22", + NULL, "p384_frodo976shake", - "1.3.9999.99.4", + NULL, "x448_frodo976shake", - "1.3.9999.99.25", + NULL, "frodo1344aes", - "1.3.9999.99.24", + NULL, "p521_frodo1344aes", - "1.3.9999.99.27", + NULL, "frodo1344shake", - "1.3.9999.99.26", + NULL, "p521_frodo1344shake", "1.3.6.1.4.1.2.267.8.2.2", "kyber512", - "1.3.9999.99.28", + NULL, "p256_kyber512", - "1.3.9999.99.5", + NULL, "x25519_kyber512", "1.3.6.1.4.1.2.267.8.3.3", "kyber768", - "1.3.9999.99.29", + NULL, "p384_kyber768", - "1.3.9999.99.6", + NULL, "x448_kyber768", - "1.3.9999.99.7", + NULL, "x25519_kyber768", - "1.3.9999.99.8", + NULL, "p256_kyber768", "1.3.6.1.4.1.2.267.8.4.4", "kyber1024", - "1.3.9999.99.30", + NULL, "p521_kyber1024", "2.16.840.1.101.3.4.4.1", "mlkem512", @@ -119,51 +118,51 @@ const char *oqs_oid_alg_list[OQS_OID_CNT] = { "x25519_mlkem512", "2.16.840.1.101.3.4.4.2", "mlkem768", - "1.3.9999.99.31", + NULL, "p384_mlkem768", - "1.3.9999.99.9", + NULL, "x448_mlkem768", - "1.3.9999.99.10", + NULL, "x25519_mlkem768", - "1.3.9999.99.11", + NULL, "p256_mlkem768", "2.16.840.1.101.3.4.4.3", "mlkem1024", - "1.3.9999.99.32", + NULL, "p521_mlkem1024", "1.3.6.1.4.1.42235.6", "p384_mlkem1024", - "1.3.9999.99.34", + NULL, "bikel1", - "1.3.9999.99.33", + NULL, "p256_bikel1", - "1.3.9999.99.12", + NULL, "x25519_bikel1", - "1.3.9999.99.36", + NULL, "bikel3", - "1.3.9999.99.35", + NULL, "p384_bikel3", - "1.3.9999.99.13", + NULL, "x448_bikel3", - "1.3.9999.99.38", + NULL, "bikel5", - "1.3.9999.99.37", + NULL, "p521_bikel5", - "1.3.9999.99.40", + NULL, "hqc128", - "1.3.9999.99.39", + NULL, "p256_hqc128", - "1.3.9999.99.14", + NULL, "x25519_hqc128", - "1.3.9999.99.42", + NULL, "hqc192", - "1.3.9999.99.41", + NULL, "p384_hqc192", - "1.3.9999.99.15", + NULL, "x448_hqc192", - "1.3.9999.99.44", + NULL, "hqc256", - "1.3.9999.99.43", + NULL, "p521_hqc256", #endif /* OQS_KEM_ENCODERS */ @@ -1151,6 +1150,11 @@ int OQS_PROVIDER_ENTRYPOINT_NAME(const OSSL_CORE_HANDLE *handle, // insert all OIDs to the global objects list for (i = 0; i < OQS_OID_CNT; i += 2) { + if (oqs_oid_alg_list[i] == NULL) { + OQS_PROV_PRINTF2("OQS PROV: Warning: No OID registered for %s\n", + oqs_oid_alg_list[i + 1]); + break; + } if (!c_obj_create(handle, oqs_oid_alg_list[i], oqs_oid_alg_list[i + 1], oqs_oid_alg_list[i + 1])) { ERR_raise(ERR_LIB_USER, OQSPROV_R_OBJ_CREATE_ERR); From e94338d88d05da8743d562e799c54f56b07fd869 Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Sun, 15 Sep 2024 18:19:33 +0200 Subject: [PATCH 2/4] disable tests on no-OID KEMs Signed-off-by: Michael Baentsch <57787676+baentsch@users.noreply.github.com> --- oqsprov/oqsprov.c | 94 ++++++++++++++++++++-------------------- test/oqs_test_endecode.c | 5 +++ 2 files changed, 53 insertions(+), 46 deletions(-) diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index 2a02899c..b3ddc3d3 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -1153,53 +1153,55 @@ int OQS_PROVIDER_ENTRYPOINT_NAME(const OSSL_CORE_HANDLE *handle, if (oqs_oid_alg_list[i] == NULL) { OQS_PROV_PRINTF2("OQS PROV: Warning: No OID registered for %s\n", oqs_oid_alg_list[i + 1]); - break; - } - if (!c_obj_create(handle, oqs_oid_alg_list[i], oqs_oid_alg_list[i + 1], - oqs_oid_alg_list[i + 1])) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_OBJ_CREATE_ERR); - fprintf(stderr, "error registering NID for %s\n", - oqs_oid_alg_list[i + 1]); - goto end_init; - } - - /* create object (NID) again to avoid setup corner case problems - * see https://github.com/openssl/openssl/discussions/21903 - * Not testing for errors is intentional. - * At least one core version hangs up; so don't do this there: - */ - if (strcmp("3.1.0", ossl_versionp)) { - ERR_set_mark(); - OBJ_create(oqs_oid_alg_list[i], oqs_oid_alg_list[i + 1], - oqs_oid_alg_list[i + 1]); - ERR_pop_to_mark(); - } - - if (!oqs_set_nid((char *)oqs_oid_alg_list[i + 1], - OBJ_sn2nid(oqs_oid_alg_list[i + 1]))) { - ERR_raise(ERR_LIB_USER, OQSPROV_R_OBJ_CREATE_ERR); - goto end_init; - } - - if (!c_obj_add_sigid(handle, oqs_oid_alg_list[i + 1], "", - oqs_oid_alg_list[i + 1])) { - fprintf(stderr, "error registering %s with no hash\n", - oqs_oid_alg_list[i + 1]); - ERR_raise(ERR_LIB_USER, OQSPROV_R_OBJ_CREATE_ERR); - goto end_init; - } - - if (OBJ_sn2nid(oqs_oid_alg_list[i + 1]) != 0) { - OQS_PROV_PRINTF3( - "OQS PROV: successfully registered %s with NID %d\n", - oqs_oid_alg_list[i + 1], OBJ_sn2nid(oqs_oid_alg_list[i + 1])); } else { - fprintf(stderr, - "OQS PROV: Impossible error: NID unregistered " - "for %s.\n", - oqs_oid_alg_list[i + 1]); - ERR_raise(ERR_LIB_USER, OQSPROV_R_OBJ_CREATE_ERR); - goto end_init; + if (!c_obj_create(handle, oqs_oid_alg_list[i], + oqs_oid_alg_list[i + 1], + oqs_oid_alg_list[i + 1])) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_OBJ_CREATE_ERR); + fprintf(stderr, "error registering NID for %s\n", + oqs_oid_alg_list[i + 1]); + goto end_init; + } + + /* create object (NID) again to avoid setup corner case problems + * see https://github.com/openssl/openssl/discussions/21903 + * Not testing for errors is intentional. + * At least one core version hangs up; so don't do this there: + */ + if (strcmp("3.1.0", ossl_versionp)) { + ERR_set_mark(); + OBJ_create(oqs_oid_alg_list[i], oqs_oid_alg_list[i + 1], + oqs_oid_alg_list[i + 1]); + ERR_pop_to_mark(); + } + + if (!oqs_set_nid((char *)oqs_oid_alg_list[i + 1], + OBJ_sn2nid(oqs_oid_alg_list[i + 1]))) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_OBJ_CREATE_ERR); + goto end_init; + } + + if (!c_obj_add_sigid(handle, oqs_oid_alg_list[i + 1], "", + oqs_oid_alg_list[i + 1])) { + fprintf(stderr, "error registering %s with no hash\n", + oqs_oid_alg_list[i + 1]); + ERR_raise(ERR_LIB_USER, OQSPROV_R_OBJ_CREATE_ERR); + goto end_init; + } + + if (OBJ_sn2nid(oqs_oid_alg_list[i + 1]) != 0) { + OQS_PROV_PRINTF3( + "OQS PROV: successfully registered %s with NID %d\n", + oqs_oid_alg_list[i + 1], + OBJ_sn2nid(oqs_oid_alg_list[i + 1])); + } else { + fprintf(stderr, + "OQS PROV: Impossible error: NID unregistered " + "for %s.\n", + oqs_oid_alg_list[i + 1]); + ERR_raise(ERR_LIB_USER, OQSPROV_R_OBJ_CREATE_ERR); + goto end_init; + } } } diff --git a/test/oqs_test_endecode.c b/test/oqs_test_endecode.c index 583ed3e5..31ac55e9 100644 --- a/test/oqs_test_endecode.c +++ b/test/oqs_test_endecode.c @@ -175,6 +175,11 @@ static int test_oqs_encdec(const char *alg_name) { if (pkey == NULL) goto end; + if (!OBJ_sn2nid(alg_name)) { + printf("No OID registered for %s", alg_name); + ok = 1; + goto end; + } if (!encode_EVP_PKEY_prov(pkey, test_params_list[i].format, test_params_list[i].structure, test_params_list[i].pass, From 3d5b68ee258fdf66bde7bd6248235dc19d5699d0 Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Mon, 23 Sep 2024 11:18:58 +0200 Subject: [PATCH 3/4] Update test/oqs_test_endecode.c Co-authored-by: Spencer Wilson Signed-off-by: Michael Baentsch <57787676+baentsch@users.noreply.github.com> --- test/oqs_test_endecode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/oqs_test_endecode.c b/test/oqs_test_endecode.c index 31ac55e9..09d74749 100644 --- a/test/oqs_test_endecode.c +++ b/test/oqs_test_endecode.c @@ -176,7 +176,7 @@ static int test_oqs_encdec(const char *alg_name) { goto end; if (!OBJ_sn2nid(alg_name)) { - printf("No OID registered for %s", alg_name); + printf("No OID registered for %s\n", alg_name); ok = 1; goto end; } From f0fe7d13bd75057dd067bff9efe1530d7974ecf2 Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Mon, 23 Sep 2024 11:19:08 +0200 Subject: [PATCH 4/4] Update test/oqs_test_endecode.c Co-authored-by: Spencer Wilson Signed-off-by: Michael Baentsch <57787676+baentsch@users.noreply.github.com> --- test/oqs_test_endecode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/oqs_test_endecode.c b/test/oqs_test_endecode.c index 09d74749..0e498e37 100644 --- a/test/oqs_test_endecode.c +++ b/test/oqs_test_endecode.c @@ -177,7 +177,7 @@ static int test_oqs_encdec(const char *alg_name) { if (!OBJ_sn2nid(alg_name)) { printf("No OID registered for %s\n", alg_name); - ok = 1; + ok = -1; goto end; } if (!encode_EVP_PKEY_prov(pkey, test_params_list[i].format,