return 0;
}
-#ifdef FIPS_MODULE
- if (!fips_hkdf_key_check_passed(ctx))
- return 0;
-#endif
-
switch (ctx->mode) {
case EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND:
default:
HKDF_MAXINFO) == 0)
return 0;
+#ifdef FIPS_MODULE
+ if (OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KEY) != NULL)
+ if (!fips_hkdf_key_check_passed(ctx))
+ return 0;
+#endif
+
return 1;
}
return 0;
}
-#ifdef FIPS_MODULE
- if (!fips_tls1_3_key_check_passed(ctx))
- return 0;
-#endif
-
switch (ctx->mode) {
default:
return 0;
if (!fips_tls1_3_digest_check_passed(ctx, md))
return 0;
}
+
+ if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KEY)) != NULL)
+ if (!fips_tls1_3_key_check_passed(ctx))
+ return 0;
#endif
return 1;
return 0;
}
-#ifdef FIPS_MODULE
- if (!fips_key_check_passed(ctx))
- return 0;
-#endif
-
return SSHKDF(md, ctx->key, ctx->key_len,
ctx->xcghash, ctx->xcghash_len,
ctx->session_id, ctx->session_id_len,
#endif
}
- if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KEY)) != NULL)
+ if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KEY)) != NULL) {
if (!sshkdf_set_membuf(&ctx->key, &ctx->key_len, p))
return 0;
+#ifdef FIPS_MODULE
+ if (!fips_key_check_passed(ctx))
+ return 0;
+#endif
+ }
+
if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SSHKDF_XCGHASH))
!= NULL)
if (!sshkdf_set_membuf(&ctx->xcghash, &ctx->xcghash_len, p))
return 0;
}
-#ifdef FIPS_MODULE
- if (!fips_sskdf_key_check_passed(ctx))
- return 0;
-#endif
-
md = ossl_prov_digest_md(&ctx->digest);
if (ctx->macctx != NULL) {
return 0;
}
-#ifdef FIPS_MODULE
- if (!fips_x963kdf_key_check_passed(ctx))
- return 0;
-#endif
-
/* H(x) = hash */
md = ossl_prov_digest_md(&ctx->digest);
if (md == NULL) {
if (!sskdf_common_set_ctx_params(ctx, params))
return 0;
+#ifdef FIPS_MODULE
+ if ((OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KEY) != NULL) ||
+ (OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SECRET) != NULL))
+ if (!fips_sskdf_key_check_passed(ctx))
+ return 0;
+#endif
+
return 1;
}
if (!fips_x963kdf_digest_check_passed(ctx, md))
return 0;
}
+
+ if ((OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KEY) != NULL) ||
+ (OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SECRET) != NULL))
+ if (!fips_x963kdf_key_check_passed(ctx))
+ return 0;
#endif
return 1;
#ifdef FIPS_MODULE
if (!fips_ems_check_passed(ctx))
return 0;
- if (!fips_key_check_passed(ctx))
- return 0;
#endif
return tls1_prf_alg(ctx->P_hash, ctx->P_sha1,
ctx->sec = NULL;
if (!OSSL_PARAM_get_octet_string(p, (void **)&ctx->sec, 0, &ctx->seclen))
return 0;
+
+#ifdef FIPS_MODULE
+ if (!fips_key_check_passed(ctx))
+ return 0;
+#endif
}
/* The seed fields concatenate, so process them all */
if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SEED)) != NULL) {
Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b
Ctrl.salt = hexsalt:000102030405060708090a0b0c
Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9
-Result = KDF_DERIVE_ERROR
+Result = KDF_CTRL_ERROR
# Test that the key whose length is shorter than 112 bits is reported as
# unapproved
Ctrl.digest = digest:SHA1
Ctrl.hexsecret = hexsecret:d7e6
Ctrl.hexinfo = hexinfo:0bbe1fa8722023d7c3da4fff
-Result = KDF_DERIVE_ERROR
+Result = KDF_CTRL_ERROR
# Test that the key whose length is shorter than 112 bits is reported as
# unapproved
Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245
Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245
Ctrl.type = type:A
-Result = KDF_DERIVE_ERROR
+Result = KDF_CTRL_ERROR
# Test that the key whose length is shorter than 112 bits is reported as
# unapproved
Ctrl.label = seed:extended master secret
Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
-Result = KDF_DERIVE_ERROR
+Result = KDF_CTRL_ERROR
# Test that the key whose length is shorter than 112 bits is reported as
# unapproved
Ctrl.mode = mode:EXTRACT_ONLY
Ctrl.digest = digest:SHA2-256
Ctrl.key = hexkey:0102030405060708090a0b
-Result = KDF_DERIVE_ERROR
+Result = KDF_CTRL_ERROR
FIPSversion = >=3.4.0
KDF = TLS13-KDF
Ctrl.data = hexdata:7c92f68bd5bf3638ea338a6494722e1b44127e1b7e8aad535f2322a644ff22b3
Ctrl.prefix = hexprefix:746c73313320
Ctrl.label = hexlabel:6320652074726166666963
-Result = KDF_DERIVE_ERROR
+Result = KDF_CTRL_ERROR
# Test that the key whose length is shorter than 112 bits is reported as
# unapproved
Ctrl.digest = digest:SHA224
Ctrl.hexsecret = hexsecret:0102030405060908090a0b
Ctrl.hexinfo = hexinfo:0102030405060708090a0b0c0d0e0f10
-Result = KDF_DERIVE_ERROR
+Result = KDF_CTRL_ERROR
# Test that the key whose length is shorter than 112 bits is reported as
# unapproved
Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b
Ctrl.salt = hexsalt:000102030405060708090a0b0c
Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9
-Result = KDF_DERIVE_ERROR
+Result = PKEY_CTRL_ERROR
# Test that the key whose length is shorter than 112 bits is reported as
# unapproved
Ctrl.label = seed:extended master secret
Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
-Result = KDF_DERIVE_ERROR
+Result = KDF_CTRL_ERROR
# Test that the key whose length is shorter than 112 bits is reported as
# unapproved
projects / thirdparty / openssl.git / commitdiff
