diff options
| author | Tomas Mraz <tomas@openssl.org> | 2024-04-11 10:29:23 +0200 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2024-05-15 12:10:32 +0200 |
| commit | b911fef216d1386210ec24e201d54d709528abb4 (patch) | |
| tree | 286d441c79a388be8d94950b8111bf2793eaebf0 /test | |
| parent | 170620675dfd74f34bdcf8aba71dffeb07f3d533 (diff) | |
Intentionally break EVP_DigestFinal for SHAKE128 and SHAKE256
It will work only if OSSL_DIGEST_PARAM_XOFLEN is set.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/24105)
Diffstat (limited to 'test')
| -rw-r--r-- | test/evp_xof_test.c | 25 | ||||
| -rw-r--r-- | test/recipes/20-test_dgst.t | 8 |
2 files changed, 23 insertions, 10 deletions
diff --git a/test/evp_xof_test.c b/test/evp_xof_test.c index eeff8667c4..964005d0c1 100644 --- a/test/evp_xof_test.c +++ b/test/evp_xof_test.c @@ -206,14 +206,29 @@ static int shake_kat_digestfinal_test(void) EVP_MD_CTX *ctx = NULL; unsigned char out[sizeof(shake256_output)]; + /* Test that EVP_DigestFinal without setting XOFLEN fails */ if (!TEST_ptr(ctx = shake_setup("SHAKE256"))) return 0; if (!TEST_true(EVP_DigestUpdate(ctx, shake256_input, - sizeof(shake256_input))) - || !TEST_true(EVP_DigestFinal(ctx, out, &digest_length)) - || !TEST_uint_eq(digest_length, 32) - || !TEST_mem_eq(out, digest_length, - shake256_output, digest_length) + sizeof(shake256_input)))) + return 0; + ERR_set_mark(); + if (!TEST_false(EVP_DigestFinal(ctx, out, &digest_length))) { + ERR_clear_last_mark(); + return 0; + } + ERR_pop_to_mark(); + EVP_MD_CTX_free(ctx); + + /* However EVP_DigestFinalXOF must work */ + if (!TEST_ptr(ctx = shake_setup("SHAKE256"))) + return 0; + if (!TEST_true(EVP_DigestUpdate(ctx, shake256_input, + sizeof(shake256_input)))) + return 0; + if (!TEST_true(EVP_DigestFinalXOF(ctx, out, sizeof(out))) + || !TEST_mem_eq(out, sizeof(out), + shake256_output, sizeof(shake256_output)) || !TEST_false(EVP_DigestFinalXOF(ctx, out, sizeof(out)))) goto err; ret = 1; diff --git a/test/recipes/20-test_dgst.t b/test/recipes/20-test_dgst.t index aed7bf3984..5f07789bfd 100644 --- a/test/recipes/20-test_dgst.t +++ b/test/recipes/20-test_dgst.t @@ -223,13 +223,11 @@ subtest "Custom length XOF digest generation with `dgst` CLI" => sub { }; subtest "SHAKE digest generation with no xoflen set `dgst` CLI" => sub { - plan tests => 1; + plan tests => 2; my $testdata = srctop_file('test', 'data.bin'); - my @xofdata = run(app(['openssl', 'dgst', '-shake128', $testdata], stderr => "outerr.txt"), capture => 1); - chomp(@xofdata); - my $expected = qr/SHAKE-128\(\Q$testdata\E\)= bb565dac72640109e1c926ef441d3fa6/; - ok($xofdata[0] =~ $expected, "Check short digest is output"); + ok(!run(app(['openssl', 'dgst', '-shake128', $testdata])), "SHAKE128 must fail without xoflen"); + ok(!run(app(['openssl', 'dgst', '-shake256', $testdata])), "SHAKE256 must fail without xoflen"); }; SKIP: { |