From: Tomas Mraz <tomas@openssl.org>
Date: Thu, 25 Sep 2025 10:21:21 +0000 (+0200)
Subject: Add test for using KRB5KDF with erroneous key size
X-Git-Tag: openssl-3.0.18~8
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b07cbf53d5fb6c63bc81b255de359ab9bce9e1d5;p=thirdparty%2Fopenssl.git

Add test for using KRB5KDF with erroneous key size

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28663)

(cherry picked from commit c18b6968cc1824bd3280cffa914093bba85dff3f)
---

diff --git a/test/recipes/30-test_evp_data/evpkdf_krb5.txt b/test/recipes/30-test_evp_data/evpkdf_krb5.txt
index d8f6aa72a17..972897d61f9 100644
--- a/test/recipes/30-test_evp_data/evpkdf_krb5.txt
+++ b/test/recipes/30-test_evp_data/evpkdf_krb5.txt
@@ -129,3 +129,11 @@ Ctrl.cipher = cipher:DES-EDE3-CBC
 Ctrl.hexkey = hexkey:dce06b1f64c857a11c3db57c51899b2cc1791008ce973b92
 Ctrl.hexconstant = hexconstant:0000000155
 Output = 935079d14490a75c3093c4a6e8c3b049c71e6ee705
+
+#Erroneous key size for the cipher as XTS has double key size
+KDF = KRB5KDF
+Ctrl.cipher = cipher:AES-256-XTS
+Ctrl.hexkey = hexkey:FE697B52BC0D3CE14432BA036A92E65BBB52280990A2FA27883998D72AF30161
+Ctrl.hexconstant = hexconstant:0000000255
+Output = 97151B4C76945063E2EB0529DC067D97D7BBA90776D8126D91F34F3101AEA8BA
+Result = KDF_DERIVE_ERROR