diff options
author | Todd Short <todd.short@me.com> | 2024-02-01 23:09:38 -0500 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-04-09 20:19:07 +0200 |
commit | 6b566687b58fde08b28e3331377f050768fad89b (patch) | |
tree | abd753bfb8153bd397271168f7dd6e677be29c15 /test | |
parent | 56e4d112ae226d5fa0210cd1f0dd96e6857805fd (diff) |
Fix EVP_PKEY_CTX_add1_hkdf_info() behavior
Fix #23448
`EVP_PKEY_CTX_add1_hkdf_info()` behaves like a `set1` function.
Fix the setting of the parameter in the params code.
Update the TLS_PRF code to also use the params code.
Add tests.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23456)
Diffstat (limited to 'test')
-rw-r--r-- | test/pkey_meth_kdf_test.c | 53 |
1 files changed, 42 insertions, 11 deletions
diff --git a/test/pkey_meth_kdf_test.c b/test/pkey_meth_kdf_test.c index f816d24fb5..c09e2f3830 100644 --- a/test/pkey_meth_kdf_test.c +++ b/test/pkey_meth_kdf_test.c @@ -16,7 +16,7 @@ #include <openssl/kdf.h> #include "testutil.h" -static int test_kdf_tls1_prf(void) +static int test_kdf_tls1_prf(int index) { int ret = 0; EVP_PKEY_CTX *pctx; @@ -40,10 +40,23 @@ static int test_kdf_tls1_prf(void) TEST_error("EVP_PKEY_CTX_set1_tls1_prf_secret"); goto err; } - if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, - (unsigned char *)"seed", 4) <= 0) { - TEST_error("EVP_PKEY_CTX_add1_tls1_prf_seed"); - goto err; + if (index == 0) { + if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, + (unsigned char *)"seed", 4) <= 0) { + TEST_error("EVP_PKEY_CTX_add1_tls1_prf_seed"); + goto err; + } + } else { + if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, + (unsigned char *)"se", 2) <= 0) { + TEST_error("EVP_PKEY_CTX_add1_tls1_prf_seed"); + goto err; + } + if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, + (unsigned char *)"ed", 2) <= 0) { + TEST_error("EVP_PKEY_CTX_add1_tls1_prf_seed"); + goto err; + } } if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) { TEST_error("EVP_PKEY_derive"); @@ -65,7 +78,7 @@ err: return ret; } -static int test_kdf_hkdf(void) +static int test_kdf_hkdf(int index) { int ret = 0; EVP_PKEY_CTX *pctx; @@ -94,10 +107,23 @@ static int test_kdf_hkdf(void) TEST_error("EVP_PKEY_CTX_set1_hkdf_key"); goto err; } - if (EVP_PKEY_CTX_add1_hkdf_info(pctx, (const unsigned char *)"label", 5) + if (index == 0) { + if (EVP_PKEY_CTX_add1_hkdf_info(pctx, (const unsigned char *)"label", 5) <= 0) { - TEST_error("EVP_PKEY_CTX_set1_hkdf_info"); - goto err; + TEST_error("EVP_PKEY_CTX_add1_hkdf_info"); + goto err; + } + } else { + if (EVP_PKEY_CTX_add1_hkdf_info(pctx, (const unsigned char *)"lab", 3) + <= 0) { + TEST_error("EVP_PKEY_CTX_add1_hkdf_info"); + goto err; + } + if (EVP_PKEY_CTX_add1_hkdf_info(pctx, (const unsigned char *)"el", 2) + <= 0) { + TEST_error("EVP_PKEY_CTX_add1_hkdf_info"); + goto err; + } } if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) { TEST_error("EVP_PKEY_derive"); @@ -195,8 +221,13 @@ err: int setup_tests(void) { - ADD_TEST(test_kdf_tls1_prf); - ADD_TEST(test_kdf_hkdf); + int tests = 1; + + if (fips_provider_version_ge(NULL, 3, 3, 1)) + tests = 2; + + ADD_ALL_TESTS(test_kdf_tls1_prf, tests); + ADD_ALL_TESTS(test_kdf_hkdf, tests); #ifndef OPENSSL_NO_SCRYPT ADD_TEST(test_kdf_scrypt); #endif |