Restrict digest in set_ctx_paramsHEADmaster

In this commit, we also return different error if the digest is XOF.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23889)

8 files changed, 52 insertions, 38 deletions

diff --git a/test/recipes/30-test_evp_data/evpkdf_hkdf.txt b/test/recipes/30-test_evp_data/evpkdf_hkdf.txt
index 5918840ac7..82f10d803b 100644
--- a/test/recipes/30-test_evp_data/evpkdf_hkdf.txt
+++ b/test/recipes/30-test_evp_data/evpkdf_hkdf.txt
@@ -222,20 +222,11 @@ Ctrl.salt = hexsalt:000000000000000000000000000000000000000000000000000000000000
 Ctrl.info = info:
 Output = 62f99231760bedd72319cc6cad
 
-Title = FIPS indicator tests
-
-# Test that the operation with unapproved digest function is rejected
-#
-# There is no corresponding test for checking `fips-indicator` and derived key
-# because that
-# * HKDF can be used with SHA-1, SHA-2 and SHA-3 but not with the
-#   extendable-output functions.
-# * HMAC construction is not allowed to be used with the extendable-output
-#   functions.
+# Test that the operation with XOF digest function is rejected
 FIPSversion = >=3.4.0
 KDF = HKDF
 Ctrl.digest = digest:SHAKE-256
 Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
 Ctrl.salt = hexsalt:000102030405060708090a0b0c
 Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9
-Result = KDF_DERIVE_ERROR
+Result = KDF_CTRL_ERROR
diff --git a/test/recipes/30-test_evp_data/evpkdf_ss.txt b/test/recipes/30-test_evp_data/evpkdf_ss.txt
index bfa42a296b..b206f86086 100644
--- a/test/recipes/30-test_evp_data/evpkdf_ss.txt
+++ b/test/recipes/30-test_evp_data/evpkdf_ss.txt
@@ -1132,20 +1132,10 @@ Ctrl.hexinfo = hexinfo:0553552e5345a22404223020a003020110a10c040aaaaaaaaaaaaaaa
 Ctrl.hexinfo = hexinfo:aaaaaaa20b0409bbbbbbbbbbbbbbbbbb
 Output = d3c78b78d75313e9a926f75dfb012363fa17fa01db
 
-Title = FIPS indicator tests
-
-# Test that the operation with unapproved digest function is rejected
-#
-# There is no corresponding test for checking `fips-indicator` and derived key
-# because that
-# * SSKDF can be used with SHA-1, SHA-2 and SHA-3 but not with the
-#   extendable-output functions.
-# * The return value from the `EVP_MD_get_size` function for the
-#   extendable-output functions always is 0, so the `SSKDF_hash_kdm` function
-#   will return 0 directly.
+# Test that the operation with XOF digest function is rejected
 FIPSversion = >=3.4.0
 KDF = SSKDF
 Ctrl.digest = digest:SHAKE-256
 Ctrl.hexsecret = hexsecret:d09a6b1a472f930db4f5e6b967900744
 Ctrl.hexinfo = hexinfo:b117255ab5f1b6b96fc434b0
-Result = KDF_DERIVE_ERROR
+Result = KDF_CTRL_ERROR
diff --git a/test/recipes/30-test_evp_data/evpkdf_ssh.txt b/test/recipes/30-test_evp_data/evpkdf_ssh.txt
index 29383a710c..fb33733ad1 100644
--- a/test/recipes/30-test_evp_data/evpkdf_ssh.txt
+++ b/test/recipes/30-test_evp_data/evpkdf_ssh.txt
@@ -4866,6 +4866,15 @@ Ctrl.type = type:A
 Output = FF
 Result = KDF_MISMATCH
 
+# Test that unsupported XOF is rejected
+KDF = SSHKDF
+Ctrl.digest = digest:SHAKE-256
+Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59
+Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245
+Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245
+Ctrl.type = type:A
+Result = KDF_CTRL_ERROR
+
 Title = FIPS indicator tests
 
 # Test that the operation with unapproved digest function is rejected
@@ -4876,7 +4885,7 @@ Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a6869
 Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245
 Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245
 Ctrl.type = type:A
-Result = KDF_DERIVE_ERROR
+Result = KDF_CTRL_ERROR
 
 # Test that the operation with unapproved digest function is is reported as
 # unapproved
diff --git a/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt b/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
index e10f24a333..e43c442e7d 100644
--- a/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
+++ b/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
@@ -70,6 +70,15 @@ Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587c
 Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
 Output = 202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf
 
+# Test that unsupported XOF is rejected
+KDF = TLS1-PRF
+Ctrl.digest = digest:SHAKE-256
+Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc
+Ctrl.label = seed:extended master secret
+Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
+Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
+Result = KDF_CTRL_ERROR
+
 Title = FIPS indicator tests
 
 # Test that the operation with unapproved digest function is rejected
@@ -80,7 +89,7 @@ Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55
 Ctrl.label = seed:extended master secret
 Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
 Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
-Result = KDF_DERIVE_ERROR
+Result = KDF_CTRL_ERROR
 
 # Test that the operation with unapproved digest function is is reported as
 # unapproved
diff --git a/test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt b/test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt
index 9eb2975176..453362d614 100644
--- a/test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt
+++ b/test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt
@@ -4935,6 +4935,14 @@ Ctrl.mode = mode:EXTRACT_AND_EXPAND
 Ctrl.digest = digest:SHA256
 Result = KDF_CTRL_ERROR
 
+Title = TLS13-KDF unsupported XOF test
+
+KDF = TLS13-KDF
+Ctrl.mode = mode:EXTRACT_ONLY
+Ctrl.digest = digest:SHAKE-256
+Ctrl.key = hexkey:f8af6aea2d397baf2948a25b2834200692cff17eee9165e4e27babee9edefd05
+Result = KDF_CTRL_ERROR
+
 Title = FIPS indicator tests
 
 # Test that the operation with unapproved digest function is rejected
@@ -4943,7 +4951,7 @@ KDF = TLS13-KDF
 Ctrl.mode = mode:EXTRACT_ONLY
 Ctrl.digest = digest:SHA512-256
 Ctrl.key = hexkey:f8af6aea2d397baf2948a25b2834200692cff17eee9165e4e27babee9edefd05
-Result = KDF_DERIVE_ERROR
+Result = KDF_CTRL_ERROR
 
 # Test that the operation with unapproved digest function is is reported as
 # unapproved
diff --git a/test/recipes/30-test_evp_data/evpkdf_x963.txt b/test/recipes/30-test_evp_data/evpkdf_x963.txt
index a305aa4c02..445ea23d4f 100644
--- a/test/recipes/30-test_evp_data/evpkdf_x963.txt
+++ b/test/recipes/30-test_evp_data/evpkdf_x963.txt
@@ -121,6 +121,13 @@ Ctrl.hexinfo = hexinfo:cf3a74ba86
 Ctrl.hexinfo = hexinfo:af42f1ae85477ead645583
 Output = 995d1ab8557dfeafcb347f8182583fa0ac5e6cb3912393592590989f38a0214f6cf7d6fbe23917b0966c6a870876de2a2c13a45fa7aa1715be137ed332e1ffc204ce4dcce33ece6dec7f3da61fa049780040e44142cc8a1e5121cf56b386f65b7c261a192f05e5fefae4221a602bc51c41ef175dc45fb7eab8642421b4f7e3e7
 
+# Test that unsupported XOF is rejected
+KDF = X963KDF
+Ctrl.digest = digest:SHAKE-256
+Ctrl.hexsecret = hexsecret:fd17198b89ab39c4ab5d7cca363b82f9fd7e23c3984dc8a2
+Ctrl.hexinfo = hexinfo:856a53f3e36a26bbc5792879f307cce2
+Result = KDF_CTRL_ERROR
+
 Title = FIPS indicator tests
 
 # Test that the operation with unapproved digest function is rejected
@@ -129,7 +136,7 @@ KDF = X963KDF
 Ctrl.digest = digest:SHA1
 Ctrl.hexsecret = hexsecret:fd17198b89ab39c4ab5d7cca363b82f9fd7e23c3984dc8a2
 Ctrl.hexinfo = hexinfo:856a53f3e36a26bbc5792879f307cce2
-Result = KDF_DERIVE_ERROR
+Result = KDF_CTRL_ERROR
 
 # Test that the operation with unapproved digest function is is reported as
 # unapproved
diff --git a/test/recipes/30-test_evp_data/evppkey_kdf_hkdf.txt b/test/recipes/30-test_evp_data/evppkey_kdf_hkdf.txt
index ef574128aa..805f65abc4 100644
--- a/test/recipes/30-test_evp_data/evppkey_kdf_hkdf.txt
+++ b/test/recipes/30-test_evp_data/evppkey_kdf_hkdf.txt
@@ -194,20 +194,11 @@ Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c
 Ctrl.salt = salt:
 Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48
 
-Title = FIPS indicator tests
-
-# Test that the operation with unapproved digest function is rejected
-#
-# There is no corresponding test for checking `fips-indicator` and derived key
-# because that
-# * HKDF can be used with SHA-1, SHA-2 and SHA-3 but not with the
-#   extendable-output functions.
-# * HMAC construction is not allowed to be used with the extendable-output
-#   functions.
+# Test that the operation with XOF digest function is rejected
 FIPSversion = >=3.4.0
 PKEYKDF = HKDF
 Ctrl.digest = digest:SHAKE-256
 Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
 Ctrl.salt = hexsalt:000102030405060708090a0b0c
 Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9
-Result = KDF_DERIVE_ERROR
+Result = PKEY_CTRL_ERROR
diff --git a/test/recipes/30-test_evp_data/evppkey_kdf_tls1_prf.txt b/test/recipes/30-test_evp_data/evppkey_kdf_tls1_prf.txt
index b5276e664e..a1510cc036 100644
--- a/test/recipes/30-test_evp_data/evppkey_kdf_tls1_prf.txt
+++ b/test/recipes/30-test_evp_data/evppkey_kdf_tls1_prf.txt
@@ -70,6 +70,15 @@ Ctrl.Seed = hexseed:02
 Output = 03
 Result = KDF_DERIVE_ERROR
 
+# Test that unsupported XOF is rejected
+KDF = TLS1-PRF
+Ctrl.digest = digest:SHAKE-256
+Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc
+Ctrl.label = seed:extended master secret
+Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
+Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
+Result = KDF_CTRL_ERROR
+
 Title = FIPS indicator tests
 
 # Test that the operation with unapproved digest function is rejected