diff options
author | slontis <shane.lontis@oracle.com> | 2022-12-20 13:44:18 +1000 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-01-12 12:19:36 +0100 |
commit | 18308d6616c13a19094b4fae5cd0d728cae4964c (patch) | |
tree | 16644ac5032d89e9b57bd8f0d8e9756c27bc44ff /test/evp_kdf_test.c | |
parent | 757fd35182bd749bcb2cb5f2e775bc2a00f4e624 (diff) |
SSKDF with KMAC should return SIZE_MAX when EVP_KDF_CTX_get_kdf_size()
is used.
Fixes #19934
The existing code was looking for the digest size, and then returned
zero.
The example code in EVP_KDF-SS.pod has been corrected to not use a
digest.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19935)
(cherry picked from commit e8add4d379075a6daef2591edd830297d469b9f4)
Diffstat (limited to 'test/evp_kdf_test.c')
-rw-r--r-- | test/evp_kdf_test.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/test/evp_kdf_test.c b/test/evp_kdf_test.c index 145e64fbdb..14c1c9d84c 100644 --- a/test/evp_kdf_test.c +++ b/test/evp_kdf_test.c @@ -1399,7 +1399,7 @@ static int test_kdf_ss_kmac(void) { int ret; EVP_KDF_CTX *kctx; - OSSL_PARAM params[6], *p = params; + OSSL_PARAM params[7], *p = params; unsigned char out[64]; size_t mac_size = 20; static unsigned char z[] = { @@ -1422,6 +1422,9 @@ static int test_kdf_ss_kmac(void) *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, (char *)OSSL_MAC_NAME_KMAC128, 0); + /* The digest parameter is not needed here and should be ignored */ + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, + (char *)"SHA256", 0); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z)); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other, sizeof(other)); @@ -1432,7 +1435,12 @@ static int test_kdf_ss_kmac(void) ret = TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF)) - && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0) + && TEST_size_t_eq(EVP_KDF_CTX_get_kdf_size(kctx), 0) + && TEST_int_eq(EVP_KDF_CTX_set_params(kctx, params), 1) + /* The bug fix for KMAC returning SIZE_MAX was added in 3.0.8 */ + && (fips_provider_version_lt(NULL, 3, 0, 8) + || TEST_size_t_eq(EVP_KDF_CTX_get_kdf_size(kctx), SIZE_MAX)) + && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); EVP_KDF_CTX_free(kctx); |