From: Pauli <ppzgs1@gmail.com>
Date: Thu, 25 Jul 2024 00:29:39 +0000 (+1000)
Subject: test: fix failing KDF tests with changed behaviour
X-Git-Tag: openssl-3.4.0-alpha1~276
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8fe150cce805aa538a8d51d9f9fb932d23db9c90;p=thirdparty%2Fopenssl.git

test: fix failing KDF tests with changed behaviour

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24917)
---

diff --git a/test/recipes/30-test_evp_data/evpkdf_ssh.txt b/test/recipes/30-test_evp_data/evpkdf_ssh.txt
index fb33733ad10..e0221e3c090 100644
--- a/test/recipes/30-test_evp_data/evpkdf_ssh.txt
+++ b/test/recipes/30-test_evp_data/evpkdf_ssh.txt
@@ -4848,6 +4848,7 @@ Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245
 Output = FF
 Result = KDF_DERIVE_ERROR
 
+Availablein = default
 KDF = SSHKDF
 Ctrl.digest = digest:SHA1
 Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59
@@ -4867,6 +4868,7 @@ Output = FF
 Result = KDF_MISMATCH
 
 # Test that unsupported XOF is rejected
+FIPSversion = >=3.4.0
 KDF = SSHKDF
 Ctrl.digest = digest:SHAKE-256
 Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59
@@ -4875,6 +4877,15 @@ Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245
 Ctrl.type = type:A
 Result = KDF_CTRL_ERROR
 
+FIPSversion = <3.4.0
+KDF = SSHKDF
+Ctrl.digest = digest:SHAKE-256
+Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59
+Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245
+Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245
+Ctrl.type = type:A
+Result = KDF_MISMATCH
+
 Title = FIPS indicator tests
 
 # Test that the operation with unapproved digest function is rejected
diff --git a/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt b/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
index e43c442e7d3..7e9acbda98e 100644
--- a/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
+++ b/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
@@ -71,6 +71,7 @@ Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae04
 Output = 202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf
 
 # Test that unsupported XOF is rejected
+Availablein = default
 KDF = TLS1-PRF
 Ctrl.digest = digest:SHAKE-256
 Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc
diff --git a/test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt b/test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt
index 453362d6145..5dc0c55afce 100644
--- a/test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt
+++ b/test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt
@@ -4937,6 +4937,14 @@ Result = KDF_CTRL_ERROR
 
 Title = TLS13-KDF unsupported XOF test
 
+FIPSversion = <3.4.0
+KDF = TLS13-KDF
+Ctrl.mode = mode:EXTRACT_ONLY
+Ctrl.digest = digest:SHAKE-256
+Ctrl.key = hexkey:f8af6aea2d397baf2948a25b2834200692cff17eee9165e4e27babee9edefd05
+Result = KDF_DERIVE_ERROR
+
+FIPSversion = >=3.4.0
 KDF = TLS13-KDF
 Ctrl.mode = mode:EXTRACT_ONLY
 Ctrl.digest = digest:SHAKE-256
diff --git a/test/recipes/30-test_evp_data/evpkdf_x963.txt b/test/recipes/30-test_evp_data/evpkdf_x963.txt
index 445ea23d4f1..e74e7293221 100644
--- a/test/recipes/30-test_evp_data/evpkdf_x963.txt
+++ b/test/recipes/30-test_evp_data/evpkdf_x963.txt
@@ -122,6 +122,14 @@ Ctrl.hexinfo = hexinfo:af42f1ae85477ead645583
 Output = 995d1ab8557dfeafcb347f8182583fa0ac5e6cb3912393592590989f38a0214f6cf7d6fbe23917b0966c6a870876de2a2c13a45fa7aa1715be137ed332e1ffc204ce4dcce33ece6dec7f3da61fa049780040e44142cc8a1e5121cf56b386f65b7c261a192f05e5fefae4221a602bc51c41ef175dc45fb7eab8642421b4f7e3e7
 
 # Test that unsupported XOF is rejected
+FIPSversion = <3.4.0
+KDF = X963KDF
+Ctrl.digest = digest:SHAKE-256
+Ctrl.hexsecret = hexsecret:fd17198b89ab39c4ab5d7cca363b82f9fd7e23c3984dc8a2
+Ctrl.hexinfo = hexinfo:856a53f3e36a26bbc5792879f307cce2
+Result = KDF_DERIVE_ERROR
+
+FIPSversion = >=3.4.0
 KDF = X963KDF
 Ctrl.digest = digest:SHAKE-256
 Ctrl.hexsecret = hexsecret:fd17198b89ab39c4ab5d7cca363b82f9fd7e23c3984dc8a2