diff options
author | Juergen Christ <jchrist@linux.ibm.com> | 2020-12-14 17:36:22 +0100 |
---|---|---|
committer | Patrick Steuer <patrick.steuer@de.ibm.com> | 2021-01-28 16:05:50 +0100 |
commit | 270a5ce1d9ea579a2f1d45887971582b1ef2b6a1 (patch) | |
tree | 5a7d1948571240b57b30cfbf83eaae47b1ee67fc /test | |
parent | 732a4d15b0da7c04437ea828b2915a691b6e38db (diff) |
Fix parameter types in sshkdf
Handling of parameter OSSL_KDF_PARAM_SSHKDF_TYPE mixed integer and string
parameters. This caused endianness problems on big-endian machines. As a
result, it is not possible to pass FIPS tests since the parameter was stored
with an integer value but read via a cast to char pointer. While this works
on little endian machines, big endian s390 read the most significant bits
instead of the least significant (as done by, e.g., x86). Change the
parameter to char array and fix the usages.
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/13781)
Diffstat (limited to 'test')
-rw-r--r-- | test/evp_kdf_test.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/test/evp_kdf_test.c b/test/evp_kdf_test.c index d56e14cdb0..b0e8d2b5fb 100644 --- a/test/evp_kdf_test.c +++ b/test/evp_kdf_test.c @@ -1207,7 +1207,7 @@ static int test_kdf_sshkdf(void) int ret; EVP_KDF_CTX *kctx; OSSL_PARAM params[6], *p = params; - char kdftype = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV; + char kdftype[] = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV; unsigned char out[8]; /* Test data from NIST CAVS 14.1 test vectors */ static unsigned char key[] = { @@ -1247,7 +1247,7 @@ static int test_kdf_sshkdf(void) *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_SESSION_ID, sessid, sizeof(sessid)); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_SSHKDF_TYPE, - &kdftype, sizeof(kdftype)); + kdftype, sizeof(kdftype)); *p = OSSL_PARAM_construct_end(); ret = |