Improve test coverage for TLS1-PRF

This is basically a copy of the libssl unit tests, moved to libcrypto to avoid starting the infection of libssl with this particular piece of EVP garbage.
author: tb <> 2024-07-09 17:24:12 +0000
committer: tb <> 2024-07-09 17:24:12 +0000
commit: 5abae30b0971022196f18c7381dcf32a77144295 (patch)
tree: aa7e6a4568d30fb6ae0783a94e4f6ae2dfaa2b79 /src
parent: 6986b24fc9e652366489107d6e46d7f572edfd4d (diff)
download: openbsd-5abae30b0971022196f18c7381dcf32a77144295.tar.gz
openbsd-5abae30b0971022196f18c7381dcf32a77144295.tar.bz2
openbsd-5abae30b0971022196f18c7381dcf32a77144295.zip
1 files changed, 177 insertions, 4 deletions
diff --git a/src/regress/lib/libcrypto/evp/evp_test.c b/src/regress/lib/libcrypto/evp/evp_test.c
index 43a3aead66..a699832c45 100644
--- a/src/regress/lib/libcrypto/evp/evp_test.c
+++ b/src/regress/lib/libcrypto/evp/evp_test.c
@@ -1,7 +1,7 @@
-/*      $OpenBSD: evp_test.c,v 1.19 2024/07/09 17:09:23 tb Exp $ */
+/*      $OpenBSD: evp_test.c,v 1.20 2024/07/09 17:24:12 tb Exp $ */
 /*
- * Copyright (c) 2022 Joel Sing <jsing@openbsd.org>
+ * Copyright (c) 2017, 2022 Joel Sing <jsing@openbsd.org>
- * Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
+ * Copyright (c) 2023, 2024 Theo Buehler <tb@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
@@ -17,6 +17,7 @@
 */
 #include <assert.h>
+#include <err.h>
 #include <stdio.h>
 #include <string.h>
@@ -801,7 +802,7 @@ kdf_compare_bytes(const char *label, const unsigned char *d1, int len1,
 }
 static int
-evp_kdf_tls1_prf(void)
+evp_kdf_tls1_prf_basic(void)
 {
        EVP_PKEY_CTX *pctx;
        unsigned char got[16];
@@ -853,6 +854,177 @@ evp_kdf_tls1_prf(void)
        return failed;
 }
+#define TLS_PRF_OUT_LEN 128
+static const struct tls_prf_test {
+        const unsigned char *desc;
+        const EVP_MD *(*md)(void);
+        const uint16_t cipher_value;
+        const unsigned char out[TLS_PRF_OUT_LEN];
+} tls_prf_tests[] = {
+        {
+                .desc = "MD5+SHA1",
+                .md = EVP_md5_sha1,
+                .cipher_value = 0x0033,
+                .out = {
+                        0x03, 0xa1, 0xc1, 0x7d, 0x2c, 0xa5, 0x3d, 0xe8,
+                        0x9d, 0x59, 0x5e, 0x30, 0xf5, 0x71, 0xbb, 0x96,
+                        0xde, 0x5c, 0x8e, 0xdc, 0x25, 0x8a, 0x7c, 0x05,
+                        0x9f, 0x7d, 0x35, 0x29, 0x45, 0xae, 0x56, 0xad,
+                        0x9f, 0x57, 0x15, 0x5c, 0xdb, 0x83, 0x3a, 0xac,
+                        0x19, 0xa8, 0x2b, 0x40, 0x72, 0x38, 0x1e, 0xed,
+                        0xf3, 0x25, 0xde, 0x84, 0x84, 0xd8, 0xd1, 0xfc,
+                        0x31, 0x85, 0x81, 0x12, 0x55, 0x4d, 0x12, 0xb5,
+                        0xed, 0x78, 0x5e, 0xba, 0xc8, 0xec, 0x8d, 0x28,
+                        0xa1, 0x21, 0x1e, 0x6e, 0x07, 0xf1, 0xfc, 0xf5,
+                        0xbf, 0xe4, 0x8e, 0x8e, 0x97, 0x15, 0x93, 0x85,
+                        0x75, 0xdd, 0x87, 0x09, 0xd0, 0x4e, 0xe5, 0xd5,
+                        0x9e, 0x1f, 0xd6, 0x1c, 0x3b, 0xe9, 0xad, 0xba,
+                        0xe0, 0x16, 0x56, 0x62, 0x90, 0xd6, 0x82, 0x84,
+                        0xec, 0x8a, 0x22, 0xbe, 0xdc, 0x6a, 0x5e, 0x05,
+                        0x12, 0x44, 0xec, 0x60, 0x61, 0xd1, 0x8a, 0x66,
+                },
+        },
+        {
+                .desc = "SHA256 (via TLSv1.2)",
+                .md = EVP_sha256,
+                .cipher_value = 0x0033,
+                .out = {
+                         0x37, 0xa7, 0x06, 0x71, 0x6e, 0x19, 0x19, 0xda,
+                         0x23, 0x8c, 0xcc, 0xb4, 0x2f, 0x31, 0x64, 0x9d,
+                         0x05, 0x29, 0x1c, 0x33, 0x7e, 0x09, 0x1b, 0x0c,
+                         0x0e, 0x23, 0xc1, 0xb0, 0x40, 0xcc, 0x31, 0xf7,
+                         0x55, 0x66, 0x68, 0xd9, 0xa8, 0xae, 0x74, 0x75,
+                         0xf3, 0x46, 0xe9, 0x3a, 0x54, 0x9d, 0xe0, 0x8b,
+                         0x7e, 0x6c, 0x63, 0x1c, 0xfa, 0x2f, 0xfd, 0xc9,
+                         0xd3, 0xf1, 0xd3, 0xfe, 0x7b, 0x9e, 0x14, 0x95,
+                         0xb5, 0xd0, 0xad, 0x9b, 0xee, 0x78, 0x8c, 0x83,
+                         0x18, 0x58, 0x7e, 0xa2, 0x23, 0xc1, 0x8b, 0x62,
+                         0x94, 0x12, 0xcb, 0xb6, 0x60, 0x69, 0x32, 0xfe,
+                         0x98, 0x0e, 0x93, 0xb0, 0x8e, 0x5c, 0xfb, 0x6e,
+                         0xdb, 0x9a, 0xc2, 0x9f, 0x8c, 0x5c, 0x43, 0x19,
+                         0xeb, 0x4a, 0x52, 0xad, 0x62, 0x2b, 0xdd, 0x9f,
+                         0xa3, 0x74, 0xa6, 0x96, 0x61, 0x4d, 0x98, 0x40,
+                         0x63, 0xa6, 0xd4, 0xbb, 0x17, 0x11, 0x75, 0xed,
+                },
+        },
+        {
+                .desc = "SHA384",
+                .md = EVP_sha384,
+                .cipher_value = 0x009d,
+                .out = {
+                         0x00, 0x93, 0xc3, 0xfd, 0xa7, 0xbb, 0xdc, 0x5b,
+                         0x13, 0x3a, 0xe6, 0x8b, 0x1b, 0xac, 0xf3, 0xfb,
+                         0x3c, 0x9a, 0x78, 0xf6, 0x19, 0xf0, 0x13, 0x0f,
+                         0x0d, 0x01, 0x9d, 0xdf, 0x0a, 0x28, 0x38, 0xce,
+                         0x1a, 0x9b, 0x43, 0xbe, 0x56, 0x12, 0xa7, 0x16,
+                         0x58, 0xe1, 0x8a, 0xe4, 0xc5, 0xbb, 0x10, 0x4c,
+                         0x3a, 0xf3, 0x7f, 0xd3, 0xdb, 0xe4, 0xe0, 0x3d,
+                         0xcc, 0x83, 0xca, 0xf0, 0xf9, 0x69, 0xcc, 0x70,
+                         0x83, 0x32, 0xf6, 0xfc, 0x81, 0x80, 0x02, 0xe8,
+                         0x31, 0x1e, 0x7c, 0x3b, 0x34, 0xf7, 0x34, 0xd1,
+                         0xcf, 0x2a, 0xc4, 0x36, 0x2f, 0xe9, 0xaa, 0x7f,
+                         0x6d, 0x1f, 0x5e, 0x0e, 0x39, 0x05, 0x15, 0xe1,
+                         0xa2, 0x9a, 0x4d, 0x97, 0x8c, 0x62, 0x46, 0xf1,
+                         0x87, 0x65, 0xd8, 0xe9, 0x14, 0x11, 0xa6, 0x48,
+                         0xd7, 0x0e, 0x6e, 0x70, 0xad, 0xfb, 0x3f, 0x36,
+                         0x05, 0x76, 0x4b, 0xe4, 0x28, 0x50, 0x4a, 0xf2,
+                },
+        },
+};
+#define N_TLS_PRF_TESTS \
+    (sizeof(tls_prf_tests) / sizeof(*tls_prf_tests))
+#define TLS_PRF_SEED1   "tls prf seed 1"
+#define TLS_PRF_SEED2   "tls prf seed 2"
+#define TLS_PRF_SEED3   "tls prf seed 3"
+#define TLS_PRF_SEED4   "tls prf seed 4"
+#define TLS_PRF_SEED5   "tls prf seed 5"
+#define TLS_PRF_SECRET  "tls prf secretz"
+static int
+do_tls_prf_evp_test(int test_no, const struct tls_prf_test *test)
+{
+        EVP_PKEY_CTX *pkey_ctx = NULL;
+        unsigned char *out;
+        size_t len, out_len;
+        int failed = 1;
+        if ((pkey_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL)) == NULL)
+                errx(1, "EVP_PKEY_CTX_new_id");
+        if ((out = malloc(TLS_PRF_OUT_LEN)) == NULL)
+                errx(1, "malloc");
+        for (len = 1; len <= TLS_PRF_OUT_LEN; len++) {
+                if (EVP_PKEY_derive_init(pkey_ctx) <= 0)
+                        errx(1, "EVP_PKEY_derive_init");
+                if (EVP_PKEY_CTX_set_tls1_prf_md(pkey_ctx, test->md()) <= 0)
+                        errx(1, "EVP_PKEY_CTX_set_tls1_prf_md");
+                if (EVP_PKEY_CTX_set1_tls1_prf_secret(pkey_ctx, TLS_PRF_SECRET,
+                    sizeof(TLS_PRF_SECRET)) <= 0)
+                        errx(1, "EVP_PKEY_CTX_set1_tls1_prf_secret");
+                if (EVP_PKEY_CTX_add1_tls1_prf_seed(pkey_ctx, TLS_PRF_SEED1,
+                    sizeof(TLS_PRF_SEED1)) <= 0)
+                        errx(1, "EVP_PKEY_CTX_add1_tls1_prf_seed 1");
+                if (EVP_PKEY_CTX_add1_tls1_prf_seed(pkey_ctx, TLS_PRF_SEED2,
+                    sizeof(TLS_PRF_SEED2)) <= 0)
+                        errx(1, "EVP_PKEY_CTX_add1_tls1_prf_seed 2");
+                if (EVP_PKEY_CTX_add1_tls1_prf_seed(pkey_ctx, TLS_PRF_SEED3,
+                    sizeof(TLS_PRF_SEED3)) <= 0)
+                        errx(1, "EVP_PKEY_CTX_add1_tls1_prf_seed 3");
+                if (EVP_PKEY_CTX_add1_tls1_prf_seed(pkey_ctx, TLS_PRF_SEED4,
+                    sizeof(TLS_PRF_SEED4)) <= 0)
+                        errx(1, "EVP_PKEY_CTX_add1_tls1_prf_seed 4");
+                if (EVP_PKEY_CTX_add1_tls1_prf_seed(pkey_ctx, TLS_PRF_SEED5,
+                    sizeof(TLS_PRF_SEED5)) <= 0)
+                        errx(1, "EVP_PKEY_CTX_add1_tls1_prf_seed 5");
+                out_len = len;
+                if (EVP_PKEY_derive(pkey_ctx, out, &out_len) <= 0)
+                        errx(1, "EVP_PKEY_derive");
+                if (out_len != len) {
+                        fprintf(stderr, "FAIL: %s: length %zu != %zu\n",
+                            __func__, out_len, len);
+                        goto err;
+                }
+                if (memcmp(test->out, out, out_len) != 0) {
+                        fprintf(stderr, "FAIL: tls_PRF output differs for "
+                            "len %zu\n", len);
+                        fprintf(stderr, "output:\n");
+                        hexdump(out, out_len);
+                        fprintf(stderr, "test data:\n");
+                        hexdump(test->out, len);
+                        goto err;
+                }
+        }
+        failed = 0;
+ err:
+        EVP_PKEY_CTX_free(pkey_ctx);
+        free(out);
+        return failed;
+}
+static int
+evp_kdf_tls1_prf(void)
+{
+        size_t i;
+        int failed = 0;
+        for (i = 0; i < N_TLS_PRF_TESTS; i++)
+                failed |= do_tls_prf_evp_test(i, &tls_prf_tests[i]);
+        return failed;
+}
 int
 main(int argc, char **argv)
 {
@@ -866,6 +1038,7 @@ main(int argc, char **argv)
        failed |= obj_name_do_all_test();
        failed |= evp_get_cipherbyname_test();
        failed |= evp_get_digestbyname_test();
+        failed |= evp_kdf_tls1_prf_basic();
        failed |= evp_kdf_tls1_prf();
        OPENSSL_cleanup();
author	tb <>	2024-07-09 17:24:12 +0000
committer	tb <>	2024-07-09 17:24:12 +0000
commit	5abae30b0971022196f18c7381dcf32a77144295 (patch)
tree	aa7e6a4568d30fb6ae0783a94e4f6ae2dfaa2b79 /src
parent	6986b24fc9e652366489107d6e46d7f572edfd4d (diff)
download	openbsd-5abae30b0971022196f18c7381dcf32a77144295.tar.gz openbsd-5abae30b0971022196f18c7381dcf32a77144295.tar.bz2 openbsd-5abae30b0971022196f18c7381dcf32a77144295.zip

diff --git a/src/regress/lib/libcrypto/evp/evp_test.c b/src/regress/lib/libcrypto/evp/evp_test.c index 43a3aead66..a699832c45 100644 --- a/src/regress/lib/libcrypto/evp/evp_test.c +++ b/src/regress/lib/libcrypto/evp/evp_test.c
@@ -1,7 +1,7 @@
1	/* $OpenBSD: evp_test.c,v 1.19 2024/07/09 17:09:23 tb Exp $ */	1	/* $OpenBSD: evp_test.c,v 1.20 2024/07/09 17:24:12 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2022 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2017, 2022 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2023 Theo Buehler <tb@openbsd.org>	4	* Copyright (c) 2023, 2024 Theo Buehler <tb@openbsd.org>
5	*	5	*
6	* Permission to use, copy, modify, and distribute this software for any	6	* Permission to use, copy, modify, and distribute this software for any
7	* purpose with or without fee is hereby granted, provided that the above	7	* purpose with or without fee is hereby granted, provided that the above
@@ -17,6 +17,7 @@
17	*/	17	*/
18		18
19	#include <assert.h>	19	#include <assert.h>
		20	#include <err.h>
20	#include <stdio.h>	21	#include <stdio.h>
21	#include <string.h>	22	#include <string.h>
22		23
@@ -801,7 +802,7 @@ kdf_compare_bytes(const char label, const unsigned char d1, int len1,
801	}	802	}
802		803
803	static int	804	static int
804	evp_kdf_tls1_prf(void)	805	evp_kdf_tls1_prf_basic(void)
805	{	806	{
806	EVP_PKEY_CTX *pctx;	807	EVP_PKEY_CTX *pctx;
807	unsigned char got[16];	808	unsigned char got[16];
@@ -853,6 +854,177 @@ evp_kdf_tls1_prf(void)
853	return failed;	854	return failed;
854	}	855	}
855		856
		857	#define TLS_PRF_OUT_LEN 128
		858
		859	static const struct tls_prf_test {
		860	const unsigned char *desc;
		861	const EVP_MD (md)(void);
		862	const uint16_t cipher_value;
		863	const unsigned char out[TLS_PRF_OUT_LEN];
		864	} tls_prf_tests[] = {
		865	{
		866	.desc = "MD5+SHA1",
		867	.md = EVP_md5_sha1,
		868	.cipher_value = 0x0033,
		869	.out = {
		870	0x03, 0xa1, 0xc1, 0x7d, 0x2c, 0xa5, 0x3d, 0xe8,
		871	0x9d, 0x59, 0x5e, 0x30, 0xf5, 0x71, 0xbb, 0x96,
		872	0xde, 0x5c, 0x8e, 0xdc, 0x25, 0x8a, 0x7c, 0x05,
		873	0x9f, 0x7d, 0x35, 0x29, 0x45, 0xae, 0x56, 0xad,
		874	0x9f, 0x57, 0x15, 0x5c, 0xdb, 0x83, 0x3a, 0xac,
		875	0x19, 0xa8, 0x2b, 0x40, 0x72, 0x38, 0x1e, 0xed,
		876	0xf3, 0x25, 0xde, 0x84, 0x84, 0xd8, 0xd1, 0xfc,
		877	0x31, 0x85, 0x81, 0x12, 0x55, 0x4d, 0x12, 0xb5,
		878	0xed, 0x78, 0x5e, 0xba, 0xc8, 0xec, 0x8d, 0x28,
		879	0xa1, 0x21, 0x1e, 0x6e, 0x07, 0xf1, 0xfc, 0xf5,
		880	0xbf, 0xe4, 0x8e, 0x8e, 0x97, 0x15, 0x93, 0x85,
		881	0x75, 0xdd, 0x87, 0x09, 0xd0, 0x4e, 0xe5, 0xd5,
		882	0x9e, 0x1f, 0xd6, 0x1c, 0x3b, 0xe9, 0xad, 0xba,
		883	0xe0, 0x16, 0x56, 0x62, 0x90, 0xd6, 0x82, 0x84,
		884	0xec, 0x8a, 0x22, 0xbe, 0xdc, 0x6a, 0x5e, 0x05,
		885	0x12, 0x44, 0xec, 0x60, 0x61, 0xd1, 0x8a, 0x66,
		886	},
		887	},
		888	{
		889	.desc = "SHA256 (via TLSv1.2)",
		890	.md = EVP_sha256,
		891	.cipher_value = 0x0033,
		892	.out = {
		893	0x37, 0xa7, 0x06, 0x71, 0x6e, 0x19, 0x19, 0xda,
		894	0x23, 0x8c, 0xcc, 0xb4, 0x2f, 0x31, 0x64, 0x9d,
		895	0x05, 0x29, 0x1c, 0x33, 0x7e, 0x09, 0x1b, 0x0c,
		896	0x0e, 0x23, 0xc1, 0xb0, 0x40, 0xcc, 0x31, 0xf7,
		897	0x55, 0x66, 0x68, 0xd9, 0xa8, 0xae, 0x74, 0x75,
		898	0xf3, 0x46, 0xe9, 0x3a, 0x54, 0x9d, 0xe0, 0x8b,
		899	0x7e, 0x6c, 0x63, 0x1c, 0xfa, 0x2f, 0xfd, 0xc9,
		900	0xd3, 0xf1, 0xd3, 0xfe, 0x7b, 0x9e, 0x14, 0x95,
		901	0xb5, 0xd0, 0xad, 0x9b, 0xee, 0x78, 0x8c, 0x83,
		902	0x18, 0x58, 0x7e, 0xa2, 0x23, 0xc1, 0x8b, 0x62,
		903	0x94, 0x12, 0xcb, 0xb6, 0x60, 0x69, 0x32, 0xfe,
		904	0x98, 0x0e, 0x93, 0xb0, 0x8e, 0x5c, 0xfb, 0x6e,
		905	0xdb, 0x9a, 0xc2, 0x9f, 0x8c, 0x5c, 0x43, 0x19,
		906	0xeb, 0x4a, 0x52, 0xad, 0x62, 0x2b, 0xdd, 0x9f,
		907	0xa3, 0x74, 0xa6, 0x96, 0x61, 0x4d, 0x98, 0x40,
		908	0x63, 0xa6, 0xd4, 0xbb, 0x17, 0x11, 0x75, 0xed,
		909	},
		910	},
		911	{
		912	.desc = "SHA384",
		913	.md = EVP_sha384,
		914	.cipher_value = 0x009d,
		915	.out = {
		916	0x00, 0x93, 0xc3, 0xfd, 0xa7, 0xbb, 0xdc, 0x5b,
		917	0x13, 0x3a, 0xe6, 0x8b, 0x1b, 0xac, 0xf3, 0xfb,
		918	0x3c, 0x9a, 0x78, 0xf6, 0x19, 0xf0, 0x13, 0x0f,
		919	0x0d, 0x01, 0x9d, 0xdf, 0x0a, 0x28, 0x38, 0xce,
		920	0x1a, 0x9b, 0x43, 0xbe, 0x56, 0x12, 0xa7, 0x16,
		921	0x58, 0xe1, 0x8a, 0xe4, 0xc5, 0xbb, 0x10, 0x4c,
		922	0x3a, 0xf3, 0x7f, 0xd3, 0xdb, 0xe4, 0xe0, 0x3d,
		923	0xcc, 0x83, 0xca, 0xf0, 0xf9, 0x69, 0xcc, 0x70,
		924	0x83, 0x32, 0xf6, 0xfc, 0x81, 0x80, 0x02, 0xe8,
		925	0x31, 0x1e, 0x7c, 0x3b, 0x34, 0xf7, 0x34, 0xd1,
		926	0xcf, 0x2a, 0xc4, 0x36, 0x2f, 0xe9, 0xaa, 0x7f,
		927	0x6d, 0x1f, 0x5e, 0x0e, 0x39, 0x05, 0x15, 0xe1,
		928	0xa2, 0x9a, 0x4d, 0x97, 0x8c, 0x62, 0x46, 0xf1,
		929	0x87, 0x65, 0xd8, 0xe9, 0x14, 0x11, 0xa6, 0x48,
		930	0xd7, 0x0e, 0x6e, 0x70, 0xad, 0xfb, 0x3f, 0x36,
		931	0x05, 0x76, 0x4b, 0xe4, 0x28, 0x50, 0x4a, 0xf2,
		932	},
		933	},
		934	};
		935
		936	#define N_TLS_PRF_TESTS \
		937	(sizeof(tls_prf_tests) / sizeof(*tls_prf_tests))
		938
		939	#define TLS_PRF_SEED1 "tls prf seed 1"
		940	#define TLS_PRF_SEED2 "tls prf seed 2"
		941	#define TLS_PRF_SEED3 "tls prf seed 3"
		942	#define TLS_PRF_SEED4 "tls prf seed 4"
		943	#define TLS_PRF_SEED5 "tls prf seed 5"
		944	#define TLS_PRF_SECRET "tls prf secretz"
		945
		946	static int
		947	do_tls_prf_evp_test(int test_no, const struct tls_prf_test *test)
		948	{
		949	EVP_PKEY_CTX *pkey_ctx = NULL;
		950	unsigned char *out;
		951	size_t len, out_len;
		952	int failed = 1;
		953
		954	if ((pkey_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL)) == NULL)
		955	errx(1, "EVP_PKEY_CTX_new_id");
		956
		957	if ((out = malloc(TLS_PRF_OUT_LEN)) == NULL)
		958	errx(1, "malloc");
		959
		960	for (len = 1; len <= TLS_PRF_OUT_LEN; len++) {
		961	if (EVP_PKEY_derive_init(pkey_ctx) <= 0)
		962	errx(1, "EVP_PKEY_derive_init");
		963
		964	if (EVP_PKEY_CTX_set_tls1_prf_md(pkey_ctx, test->md()) <= 0)
		965	errx(1, "EVP_PKEY_CTX_set_tls1_prf_md");
		966
		967	if (EVP_PKEY_CTX_set1_tls1_prf_secret(pkey_ctx, TLS_PRF_SECRET,
		968	sizeof(TLS_PRF_SECRET)) <= 0)
		969	errx(1, "EVP_PKEY_CTX_set1_tls1_prf_secret");
		970	if (EVP_PKEY_CTX_add1_tls1_prf_seed(pkey_ctx, TLS_PRF_SEED1,
		971	sizeof(TLS_PRF_SEED1)) <= 0)
		972	errx(1, "EVP_PKEY_CTX_add1_tls1_prf_seed 1");
		973	if (EVP_PKEY_CTX_add1_tls1_prf_seed(pkey_ctx, TLS_PRF_SEED2,
		974	sizeof(TLS_PRF_SEED2)) <= 0)
		975	errx(1, "EVP_PKEY_CTX_add1_tls1_prf_seed 2");
		976	if (EVP_PKEY_CTX_add1_tls1_prf_seed(pkey_ctx, TLS_PRF_SEED3,
		977	sizeof(TLS_PRF_SEED3)) <= 0)
		978	errx(1, "EVP_PKEY_CTX_add1_tls1_prf_seed 3");
		979	if (EVP_PKEY_CTX_add1_tls1_prf_seed(pkey_ctx, TLS_PRF_SEED4,
		980	sizeof(TLS_PRF_SEED4)) <= 0)
		981	errx(1, "EVP_PKEY_CTX_add1_tls1_prf_seed 4");
		982	if (EVP_PKEY_CTX_add1_tls1_prf_seed(pkey_ctx, TLS_PRF_SEED5,
		983	sizeof(TLS_PRF_SEED5)) <= 0)
		984	errx(1, "EVP_PKEY_CTX_add1_tls1_prf_seed 5");
		985
		986	out_len = len;
		987	if (EVP_PKEY_derive(pkey_ctx, out, &out_len) <= 0)
		988	errx(1, "EVP_PKEY_derive");
		989
		990	if (out_len != len) {
		991	fprintf(stderr, "FAIL: %s: length %zu != %zu\n",
		992	__func__, out_len, len);
		993	goto err;
		994	}
		995
		996	if (memcmp(test->out, out, out_len) != 0) {
		997	fprintf(stderr, "FAIL: tls_PRF output differs for "
		998	"len %zu\n", len);
		999	fprintf(stderr, "output:\n");
		1000	hexdump(out, out_len);
		1001	fprintf(stderr, "test data:\n");
		1002	hexdump(test->out, len);
		1003	goto err;
		1004	}
		1005	}
		1006
		1007	failed = 0;
		1008
		1009	err:
		1010	EVP_PKEY_CTX_free(pkey_ctx);
		1011	free(out);
		1012
		1013	return failed;
		1014	}
		1015
		1016	static int
		1017	evp_kdf_tls1_prf(void)
		1018	{
		1019	size_t i;
		1020	int failed = 0;
		1021
		1022	for (i = 0; i < N_TLS_PRF_TESTS; i++)
		1023	failed \|= do_tls_prf_evp_test(i, &tls_prf_tests[i]);
		1024
		1025	return failed;
		1026	}
		1027
856	int	1028	int
857	main(int argc, char **argv)	1029	main(int argc, char **argv)
858	{	1030	{
@@ -866,6 +1038,7 @@ main(int argc, char **argv)
866	failed \|= obj_name_do_all_test();	1038	failed \|= obj_name_do_all_test();
867	failed \|= evp_get_cipherbyname_test();	1039	failed \|= evp_get_cipherbyname_test();
868	failed \|= evp_get_digestbyname_test();	1040	failed \|= evp_get_digestbyname_test();
		1041	failed \|= evp_kdf_tls1_prf_basic();
869	failed \|= evp_kdf_tls1_prf();	1042	failed \|= evp_kdf_tls1_prf();
870		1043
871	OPENSSL_cleanup();	1044	OPENSSL_cleanup();