1 files changed, 96 insertions, 1 deletions
diff --git a/src/regress/lib/libcrypto/evp/evp_test.c b/src/regress/lib/libcrypto/evp/evp_test.c
index eebbd50b0c..43a3aead66 100644
--- a/src/regress/lib/libcrypto/evp/evp_test.c
+++ b/src/regress/lib/libcrypto/evp/evp_test.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: evp_test.c,v 1.18 2024/03/24 14:00:11 jca Exp $ */
+/*      $OpenBSD: evp_test.c,v 1.19 2024/07/09 17:09:23 tb Exp $ */
 /*
 * Copyright (c) 2022 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
@@ -22,6 +22,7 @@
 #include <openssl/crypto.h>
 #include <openssl/evp.h>
+#include <openssl/kdf.h>
 #include <openssl/objects.h>
 #include <openssl/ossl_typ.h>
@@ -759,6 +760,99 @@ evp_get_digestbyname_test(void)
        return failure;
 }
+static void
+hexdump(const unsigned char *buf, int len)
+{
+        int i;
+        if (len <= 0) {
+                fprintf(stderr, "<negative length %d>\n", len);
+                return;
+        }
+        for (i = 1; i <= len; i++)
+                fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n");
+        fprintf(stderr, "\n");
+}
+static int
+kdf_compare_bytes(const char *label, const unsigned char *d1, int len1,
+    const unsigned char *d2, int len2)
+{
+        if (len1 != len2) {
+                fprintf(stderr, "FAIL: %s - byte lengths differ "
+                    "(%d != %d)\n", label, len1, len2);
+                fprintf(stderr, "Got:\n");
+                hexdump(d1, len1);
+                fprintf(stderr, "Want:\n");
+                hexdump(d2, len2);
+                return 0;
+        }
+        if (memcmp(d1, d2, len1) != 0) {
+                fprintf(stderr, "FAIL: %s - bytes differ\n", label);
+                fprintf(stderr, "Got:\n");
+                hexdump(d1, len1);
+                fprintf(stderr, "Want:\n");
+                hexdump(d2, len2);
+                return 0;
+        }
+        return 1;
+}
+static int
+evp_kdf_tls1_prf(void)
+{
+        EVP_PKEY_CTX *pctx;
+        unsigned char got[16];
+        size_t got_len = sizeof(got);
+        unsigned char want[16] = {
+                0x8e, 0x4d, 0x93, 0x25, 0x30, 0xd7, 0x65, 0xa0,
+                0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc,
+        };
+        int failed = 1;
+        if ((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL)) == NULL) {
+                fprintf(stderr, "FAIL: EVP_PKEY_CTX_new_id\n");
+                goto err;
+        }
+        if (EVP_PKEY_derive_init(pctx) <= 0) {
+                fprintf(stderr, "FAIL: EVP_PKEY_derive_init\n");
+                goto err;
+        }
+        if (EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_sha256()) <= 0) {
+                fprintf(stderr, "FAIL: EVP_PKEY_CTX_set1_tls1_prf_md\n");
+                goto err;
+        }
+        if (EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, "secret", 6) <= 0) {
+                fprintf(stderr, "FAIL: EVP_PKEY_CTX_set1_tls1_prf_secret\n");
+                goto err;
+        }
+        if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, "seed", 4) <= 0) {
+                fprintf(stderr, "FAIL: EVP_PKEY_CTX_set1_tls1_prf_seed\n");
+                goto err;
+        }
+        if (EVP_PKEY_derive(pctx, got, &got_len) <= 0) {
+                fprintf(stderr, "FAIL: EVP_PKEY_derive\n");
+                goto err;
+        }
+        if (!kdf_compare_bytes("kdf test", got, got_len, want, sizeof(want)))
+                goto err;
+        failed = 0;
+ err:
+        EVP_PKEY_CTX_free(pctx);
+        return failed;
+}
 int
 main(int argc, char **argv)
 {
@@ -772,6 +866,7 @@ main(int argc, char **argv)
        failed |= obj_name_do_all_test();
        failed |= evp_get_cipherbyname_test();
        failed |= evp_get_digestbyname_test();
+        failed |= evp_kdf_tls1_prf();
        OPENSSL_cleanup();

diff --git a/src/regress/lib/libcrypto/evp/evp_test.c b/src/regress/lib/libcrypto/evp/evp_test.c index eebbd50b0c..43a3aead66 100644 --- a/src/regress/lib/libcrypto/evp/evp_test.c +++ b/src/regress/lib/libcrypto/evp/evp_test.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: evp_test.c,v 1.18 2024/03/24 14:00:11 jca Exp $ */	1	/* $OpenBSD: evp_test.c,v 1.19 2024/07/09 17:09:23 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2022 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2022 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2023 Theo Buehler <tb@openbsd.org>	4	* Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
@@ -22,6 +22,7 @@
22		22
23	#include <openssl/crypto.h>	23	#include <openssl/crypto.h>
24	#include <openssl/evp.h>	24	#include <openssl/evp.h>
		25	#include <openssl/kdf.h>
25	#include <openssl/objects.h>	26	#include <openssl/objects.h>
26	#include <openssl/ossl_typ.h>	27	#include <openssl/ossl_typ.h>
27		28
@@ -759,6 +760,99 @@ evp_get_digestbyname_test(void)
759	return failure;	760	return failure;
760	}	761	}
761		762
		763	static void
		764	hexdump(const unsigned char *buf, int len)
		765	{
		766	int i;
		767
		768	if (len <= 0) {
		769	fprintf(stderr, "<negative length %d>\n", len);
		770	return;
		771	}
		772
		773	for (i = 1; i <= len; i++)
		774	fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n");
		775
		776	fprintf(stderr, "\n");
		777	}
		778
		779	static int
		780	kdf_compare_bytes(const char label, const unsigned char d1, int len1,
		781	const unsigned char *d2, int len2)
		782	{
		783	if (len1 != len2) {
		784	fprintf(stderr, "FAIL: %s - byte lengths differ "
		785	"(%d != %d)\n", label, len1, len2);
		786	fprintf(stderr, "Got:\n");
		787	hexdump(d1, len1);
		788	fprintf(stderr, "Want:\n");
		789	hexdump(d2, len2);
		790	return 0;
		791	}
		792	if (memcmp(d1, d2, len1) != 0) {
		793	fprintf(stderr, "FAIL: %s - bytes differ\n", label);
		794	fprintf(stderr, "Got:\n");
		795	hexdump(d1, len1);
		796	fprintf(stderr, "Want:\n");
		797	hexdump(d2, len2);
		798	return 0;
		799	}
		800	return 1;
		801	}
		802
		803	static int
		804	evp_kdf_tls1_prf(void)
		805	{
		806	EVP_PKEY_CTX *pctx;
		807	unsigned char got[16];
		808	size_t got_len = sizeof(got);
		809	unsigned char want[16] = {
		810	0x8e, 0x4d, 0x93, 0x25, 0x30, 0xd7, 0x65, 0xa0,
		811	0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc,
		812	};
		813	int failed = 1;
		814
		815	if ((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL)) == NULL) {
		816	fprintf(stderr, "FAIL: EVP_PKEY_CTX_new_id\n");
		817	goto err;
		818	}
		819
		820	if (EVP_PKEY_derive_init(pctx) <= 0) {
		821	fprintf(stderr, "FAIL: EVP_PKEY_derive_init\n");
		822	goto err;
		823	}
		824
		825	if (EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_sha256()) <= 0) {
		826	fprintf(stderr, "FAIL: EVP_PKEY_CTX_set1_tls1_prf_md\n");
		827	goto err;
		828	}
		829
		830	if (EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, "secret", 6) <= 0) {
		831	fprintf(stderr, "FAIL: EVP_PKEY_CTX_set1_tls1_prf_secret\n");
		832	goto err;
		833	}
		834
		835	if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, "seed", 4) <= 0) {
		836	fprintf(stderr, "FAIL: EVP_PKEY_CTX_set1_tls1_prf_seed\n");
		837	goto err;
		838	}
		839
		840	if (EVP_PKEY_derive(pctx, got, &got_len) <= 0) {
		841	fprintf(stderr, "FAIL: EVP_PKEY_derive\n");
		842	goto err;
		843	}
		844
		845	if (!kdf_compare_bytes("kdf test", got, got_len, want, sizeof(want)))
		846	goto err;
		847
		848	failed = 0;
		849
		850	err:
		851	EVP_PKEY_CTX_free(pctx);
		852
		853	return failed;
		854	}
		855
762	int	856	int
763	main(int argc, char **argv)	857	main(int argc, char **argv)
764	{	858	{
@@ -772,6 +866,7 @@ main(int argc, char **argv)
772	failed \|= obj_name_do_all_test();	866	failed \|= obj_name_do_all_test();
773	failed \|= evp_get_cipherbyname_test();	867	failed \|= evp_get_cipherbyname_test();
774	failed \|= evp_get_digestbyname_test();	868	failed \|= evp_get_digestbyname_test();
		869	failed \|= evp_kdf_tls1_prf();
775		870
776	OPENSSL_cleanup();	871	OPENSSL_cleanup();
777		872