File openssl-kdf-ssh-selftest.patch of Package openssl-1_1.23236
Index: openssl-1.1.0i/crypto/fips/fips_kdf_selftest.c
===================================================================
--- openssl-1.1.0i.orig/crypto/fips/fips_kdf_selftest.c
+++ openssl-1.1.0i/crypto/fips/fips_kdf_selftest.c
@@ -101,4 +101,68 @@ err:
return ret;
}
+int FIPS_selftest_ssh(void)
+{
+ int ret = 0;
+ EVP_KDF_CTX *kctx;
+ unsigned char out[8];
+
+ /* Test data from NIST CAVS 14.1 test vectors */
+ const unsigned char key[] = {
+ 0x00, 0x00, 0x00, 0x81, 0x00, 0x87, 0x5c, 0x55, 0x1c, 0xef, 0x52, 0x6a,
+ 0x4a, 0x8b, 0xe1, 0xa7, 0xdf, 0x27, 0xe9, 0xed, 0x35, 0x4b, 0xac, 0x9a,
+ 0xfb, 0x71, 0xf5, 0x3d, 0xba, 0xe9, 0x05, 0x67, 0x9d, 0x14, 0xf9, 0xfa,
+ 0xf2, 0x46, 0x9c, 0x53, 0x45, 0x7c, 0xf8, 0x0a, 0x36, 0x6b, 0xe2, 0x78,
+ 0x96, 0x5b, 0xa6, 0x25, 0x52, 0x76, 0xca, 0x2d, 0x9f, 0x4a, 0x97, 0xd2,
+ 0x71, 0xf7, 0x1e, 0x50, 0xd8, 0xa9, 0xec, 0x46, 0x25, 0x3a, 0x6a, 0x90,
+ 0x6a, 0xc2, 0xc5, 0xe4, 0xf4, 0x8b, 0x27, 0xa6, 0x3c, 0xe0, 0x8d, 0x80,
+ 0x39, 0x0a, 0x49, 0x2a, 0xa4, 0x3b, 0xad, 0x9d, 0x88, 0x2c, 0xca, 0xc2,
+ 0x3d, 0xac, 0x88, 0xbc, 0xad, 0xa4, 0xb4, 0xd4, 0x26, 0xa3, 0x62, 0x08,
+ 0x3d, 0xab, 0x65, 0x69, 0xc5, 0x4c, 0x22, 0x4d, 0xd2, 0xd8, 0x76, 0x43,
+ 0xaa, 0x22, 0x76, 0x93, 0xe1, 0x41, 0xad, 0x16, 0x30, 0xce, 0x13, 0x14,
+ 0x4e
+ };
+ const unsigned char xcghash[] = {
+ 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
+ 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
+ 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
+ };
+ const unsigned char sessid[] = {
+ 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
+ 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
+ 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
+ };
+ const unsigned char expected[sizeof(out)] = {
+ 0x41, 0xff, 0x2e, 0xad, 0x16, 0x83, 0xf1, 0xe6
+ };
+
+ if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF)) == NULL)
+ goto err;
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0)
+ goto err;
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, key, sizeof(key)) <= 0)
+ goto err;
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSHKDF_XCGHASH, xcghash,
+ sizeof(xcghash)) <= 0)
+ goto err;
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID, sessid,
+ sizeof(sessid)) <= 0)
+ goto err;
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSHKDF_TYPE,
+ (int)EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV) <= 0)
+ goto err;
+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0)
+ goto err;
+ if (memcmp(out, expected, sizeof(expected)))
+ goto err;
+
+ ret = 1;
+
+ err:
+ if (!ret)
+ FIPSerr(FIPS_F_FIPS_SELFTEST_SSH, FIPS_R_SELFTEST_FAILED);
+ EVP_KDF_CTX_free(kctx);
+ return ret;
+}
+
#endif
Index: openssl-1.1.0i/crypto/fips/fips_post.c
===================================================================
--- openssl-1.1.0i.orig/crypto/fips/fips_post.c
+++ openssl-1.1.0i/crypto/fips/fips_post.c
@@ -107,6 +107,8 @@ int FIPS_selftest(void)
rv = 0;
if (!FIPS_selftest_tls())
rv = 0;
+ if (!FIPS_selftest_ssh())
+ rv = 0;
return rv;
}
Index: openssl-1.1.0i/crypto/include/internal/fips_int.h
===================================================================
--- openssl-1.1.0i.orig/crypto/include/internal/fips_int.h
+++ openssl-1.1.0i/crypto/include/internal/fips_int.h
@@ -77,6 +77,7 @@ int FIPS_selftest_drbg(void);
int FIPS_selftest_cmac(void);
int FIPS_selftest_pbkdf2(void);
int FIPS_selftest_tls(void);
+int FIPS_selftest_ssh(void);
int fips_pkey_signature_test(EVP_PKEY *pkey,
const unsigned char *tbs, int tbslen,
Index: openssl-1.1.0i/include/openssl/fips.h
===================================================================
--- openssl-1.1.0i.orig/include/openssl/fips.h
+++ openssl-1.1.0i/include/openssl/fips.h
@@ -125,6 +125,7 @@ extern "C" {
# define FIPS_F_FIPS_SELFTEST_HMAC 113
# define FIPS_F_FIPS_SELFTEST_PBKDF2 152
# define FIPS_F_FIPS_SELFTEST_TLS 153
+# define FIPS_F_FIPS_SELFTEST_SSH 154
# define FIPS_F_FIPS_SELFTEST_SHA1 115
# define FIPS_F_FIPS_SELFTEST_SHA2 105
# define FIPS_F_OSSL_ECDSA_SIGN_SIG 143