You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
test/psk: add compat vector for OpenSSL hkdf info bug
Older OpenSSL versions have a bug where
EVP_PKEY_CTX_add1_hkdf_info() will always overwrite the existing
'info' value, and thus calculate a different identity hash.
This issue has been uncovered by the PSK testcases, and has always
been present.
We have fixed this with eff0ffe ("linux: fix HKDF TLS key derivation
back to OpenSSL 3.0.8"), but the PSK testcases will still fail.
So add the resulting hash values for the 'compat' test, and check both
versions when testing; if either of one matches the test is good.
This avoids having to figure which of all the OpenSSL versions contain
the issue and on which it is fixed.
Signed-off-by: Hannes Reinecke <[email protected]>
0 commit comments