Blame SOURCES/openssl-1.1.1-kdf-selftest.patch

9b88be
diff -up openssl-1.1.1g/crypto/fips/build.info.kdf-selftest openssl-1.1.1g/crypto/fips/build.info
9b88be
--- openssl-1.1.1g/crypto/fips/build.info.kdf-selftest	2020-06-03 16:08:36.274849058 +0200
9b88be
+++ openssl-1.1.1g/crypto/fips/build.info	2020-06-03 16:11:05.609079372 +0200
9b88be
@@ -5,7 +5,7 @@ SOURCE[../../libcrypto]=\
9b88be
         fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
9b88be
         fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \
9b88be
         fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c \
9b88be
-        fips_dh_selftest.c fips_ers.c
9b88be
+        fips_dh_selftest.c fips_kdf_selftest.c fips_ers.c
9b88be
 
9b88be
 PROGRAMS_NO_INST=\
9b88be
           fips_standalone_hmac
9b88be
diff -up openssl-1.1.1g/crypto/fips/fips_kdf_selftest.c.kdf-selftest openssl-1.1.1g/crypto/fips/fips_kdf_selftest.c
9b88be
--- openssl-1.1.1g/crypto/fips/fips_kdf_selftest.c.kdf-selftest	2020-06-03 16:08:36.337849577 +0200
9b88be
+++ openssl-1.1.1g/crypto/fips/fips_kdf_selftest.c	2020-06-03 16:08:36.337849577 +0200
9b88be
@@ -0,0 +1,117 @@
9b88be
+/*
9b88be
+ * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
9b88be
+ * Copyright (c) 2018-2019, Oracle and/or its affiliates.  All rights reserved.
9b88be
+ *
9b88be
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
9b88be
+ * this file except in compliance with the License.  You can obtain a copy
9b88be
+ * in the file LICENSE in the source distribution or at
9b88be
+ * https://www.openssl.org/source/license.html
9b88be
+ */
9b88be
+
9b88be
+#include <string.h>
9b88be
+#include <openssl/err.h>
9b88be
+#include <openssl/fips.h>
9b88be
+#include "crypto/fips.h"
9b88be
+
9b88be
+#include <openssl/evp.h>
9b88be
+#include <openssl/kdf.h>
9b88be
+
9b88be
+#ifdef OPENSSL_FIPS
9b88be
+int FIPS_selftest_pbkdf2(void)
9b88be
+{
9b88be
+    int ret = 0;
9b88be
+    EVP_KDF_CTX *kctx;
9b88be
+    unsigned char out[32];
9b88be
+
9b88be
+    if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_PBKDF2)) == NULL) {
9b88be
+        goto err;
9b88be
+    }
9b88be
+    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, "password", (size_t)8) <= 0) {
9b88be
+        goto err;
9b88be
+    }
9b88be
+    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt", (size_t)4) <= 0) {
9b88be
+        goto err;
9b88be
+    }
9b88be
+    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 2) <= 0) {
9b88be
+        goto err;
9b88be
+    }
9b88be
+    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
9b88be
+        goto err;
9b88be
+    }
9b88be
+    if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
9b88be
+        goto err;
9b88be
+    }
9b88be
+
9b88be
+    {
9b88be
+        const unsigned char expected[sizeof(out)] = {
9b88be
+            0xae, 0x4d, 0x0c, 0x95, 0xaf, 0x6b, 0x46, 0xd3,
9b88be
+            0x2d, 0x0a, 0xdf, 0xf9, 0x28, 0xf0, 0x6d, 0xd0,
9b88be
+            0x2a, 0x30, 0x3f, 0x8e, 0xf3, 0xc2, 0x51, 0xdf,
9b88be
+            0xd6, 0xe2, 0xd8, 0x5a, 0x95, 0x47, 0x4c, 0x43
9b88be
+        };
9b88be
+        if (memcmp(out, expected, sizeof(expected))) {
9b88be
+            goto err;
9b88be
+        }
9b88be
+    }
9b88be
+    ret = 1;
9b88be
+
9b88be
+err:
9b88be
+    if (!ret)
9b88be
+        FIPSerr(FIPS_F_FIPS_SELFTEST_PBKDF2, FIPS_R_SELFTEST_FAILED);
9b88be
+    EVP_KDF_CTX_free(kctx);
9b88be
+    return ret;
9b88be
+}
9b88be
+
9b88be
+/* Test vector from RFC 8009 (AES Encryption with HMAC-SHA2 for Kerberos
9b88be
+ * 5) appendix A. */
9b88be
+int FIPS_selftest_kbkdf(void)
9b88be
+{
9b88be
+    int ret = 0;
9b88be
+    EVP_KDF_CTX *kctx;
9b88be
+    char *label = "prf", *prf_input = "test";
9b88be
+    static unsigned char input_key[] = {
9b88be
+        0x37, 0x05, 0xD9, 0x60, 0x80, 0xC1, 0x77, 0x28,
9b88be
+        0xA0, 0xE8, 0x00, 0xEA, 0xB6, 0xE0, 0xD2, 0x3C,
9b88be
+    };
9b88be
+    static unsigned char output[] = {
9b88be
+        0x9D, 0x18, 0x86, 0x16, 0xF6, 0x38, 0x52, 0xFE,
9b88be
+        0x86, 0x91, 0x5B, 0xB8, 0x40, 0xB4, 0xA8, 0x86,
9b88be
+        0xFF, 0x3E, 0x6B, 0xB0, 0xF8, 0x19, 0xB4, 0x9B,
9b88be
+        0x89, 0x33, 0x93, 0xD3, 0x93, 0x85, 0x42, 0x95,
9b88be
+    };
9b88be
+    unsigned char result[sizeof(output)] = { 0 };
9b88be
+
9b88be
+    if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_KB)) == NULL) {
9b88be
+        goto err;
9b88be
+    }
9b88be
+    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KB_MAC_TYPE, EVP_KDF_KB_MAC_TYPE_HMAC) <= 0) {
9b88be
+        goto err;
9b88be
+    }
9b88be
+    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
9b88be
+        goto err;
9b88be
+    }
9b88be
+    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, input_key, sizeof(input_key)) <= 0) {
9b88be
+        goto err;
9b88be
+    }
9b88be
+    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, label, strlen(label)) <= 0) {
9b88be
+        goto err;
9b88be
+    }
9b88be
+    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KB_INFO, prf_input, strlen(prf_input)) <= 0) {
9b88be
+        goto err;
9b88be
+    }
9b88be
+    ret = EVP_KDF_derive(kctx, result, sizeof(result)) > 0
9b88be
+        && memcmp(result, output, sizeof(output)) == 0;
9b88be
+err:
9b88be
+
9b88be
+    if (!ret)
9b88be
+        FIPSerr(FIPS_F_FIPS_SELFTEST_KBKDF, FIPS_R_SELFTEST_FAILED);
9b88be
+    EVP_KDF_CTX_free(kctx);
9b88be
+    return ret;
9b88be
+}
9b88be
+
9b88be
+int FIPS_selftest_kdf(void)
9b88be
+{
9b88be
+    return FIPS_selftest_pbkdf2() && FIPS_selftest_kbkdf();
9b88be
+}
9b88be
+
9b88be
+#endif
9b88be
diff -up openssl-1.1.1g/crypto/fips/fips_post.c.kdf-selftest openssl-1.1.1g/crypto/fips/fips_post.c
9b88be
--- openssl-1.1.1g/crypto/fips/fips_post.c.kdf-selftest	2020-06-03 16:08:36.332849536 +0200
9b88be
+++ openssl-1.1.1g/crypto/fips/fips_post.c	2020-06-03 16:08:36.338849585 +0200
9b88be
@@ -111,6 +111,8 @@ int FIPS_selftest(void)
9b88be
         rv = 0;
9b88be
     if (!FIPS_selftest_ecdh())
9b88be
         rv = 0;
9b88be
+    if (!FIPS_selftest_kdf())
9b88be
+        rv = 0;
9b88be
     return rv;
9b88be
 }
9b88be
 
9b88be
diff -up openssl-1.1.1g/include/crypto/fips.h.kdf-selftest openssl-1.1.1g/include/crypto/fips.h
9b88be
--- openssl-1.1.1g/include/crypto/fips.h.kdf-selftest	2020-06-03 16:08:36.330849519 +0200
9b88be
+++ openssl-1.1.1g/include/crypto/fips.h	2020-06-03 16:08:36.338849585 +0200
9b88be
@@ -72,6 +72,9 @@ void FIPS_drbg_stick(int onoff);
9b88be
 int FIPS_selftest_hmac(void);
9b88be
 int FIPS_selftest_drbg(void);
9b88be
 int FIPS_selftest_cmac(void);
9b88be
+int FIPS_selftest_kbkdf(void);
9b88be
+int FIPS_selftest_pbkdf2(void);
9b88be
+int FIPS_selftest_kdf(void);
9b88be
 
9b88be
 int fips_in_post(void);
9b88be
 
9b88be
diff -up openssl-1.1.1g/include/openssl/fips.h.kdf-selftest openssl-1.1.1g/include/openssl/fips.h
9b88be
--- openssl-1.1.1g/include/openssl/fips.h.kdf-selftest	2020-06-03 16:08:36.282849124 +0200
9b88be
+++ openssl-1.1.1g/include/openssl/fips.h	2020-06-03 16:08:36.338849585 +0200
9b88be
@@ -123,6 +123,8 @@ extern "C" {
9b88be
 # define FIPS_F_FIPS_SELFTEST_DSA                         112
9b88be
 # define FIPS_F_FIPS_SELFTEST_ECDSA                       133
9b88be
 # define FIPS_F_FIPS_SELFTEST_HMAC                        113
9b88be
+# define FIPS_F_FIPS_SELFTEST_KBKDF                       151
9b88be
+# define FIPS_F_FIPS_SELFTEST_PBKDF2                      152
9b88be
 # define FIPS_F_FIPS_SELFTEST_SHA1                        115
9b88be
 # define FIPS_F_FIPS_SELFTEST_SHA2                        105
9b88be
 # define FIPS_F_OSSL_ECDSA_SIGN_SIG                       143