Commit fe874fcf0d for openssl.org
commit fe874fcf0d308a683bb7c2948521fbd11d8720a7
Author: slontis <shane.lontis@oracle.com>
Date: Thu Jan 8 15:22:44 2026 +1100
KDF: Add configuration options to disable many of the KDF algorithms.
This includes KDF's for ss,x963,hmac-drbg,KB,KRB5,PVK,SNMP,SSH and X942.
SSKDF/X963KDF Changes: Modify code to handle algorithms being disabled via configuration options.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29576)
diff --git a/.github/workflows/run-checker-daily.yml b/.github/workflows/run-checker-daily.yml
index 08274ee131..113e65e9f8 100644
--- a/.github/workflows/run-checker-daily.yml
+++ b/.github/workflows/run-checker-daily.yml
@@ -69,8 +69,11 @@ jobs:
no-gost,
enable-h3demo,
enable-hqinterop,
+ no-hmac-drbg-kdf,
no-hw,
no-idea,
+ no-kbkdf,
+ no-krb5kdf,
enable-lms,
no-makedepend,
enable-md2,
@@ -84,6 +87,7 @@ jobs:
no-poly1305,
no-posix-io,
no-psk,
+ no-pvkkdf,
no-rc2,
enable-rc5,
no-rdrand,
@@ -99,8 +103,11 @@ jobs:
no-sm2-precomp,
no-sm3,
no-sm4,
+ no-snmpkdf,
no-sock,
no-sse2,
+ no-sshkdf,
+ no-sskdf,
no-ssl,
no-ssl-trace,
enable-sslkeylog,
@@ -119,6 +126,8 @@ jobs:
no-uplink,
no-weak-ssl-ciphers,
no-whirlpool,
+ no-x942kdf,
+ no-x963kdf,
enable-zlib-dynamic,
-DOPENSSL_PEDANTIC_ZEROIZATION,
-DOPENSSL_PEDANTIC_ZEROIZATION enable-fips,
diff --git a/.gitignore b/.gitignore
index c5dcdcdf7c..b62f232fce 100644
--- a/.gitignore
+++ b/.gitignore
@@ -112,6 +112,7 @@ providers/implementations/kdfs/sshkdf.inc
providers/implementations/kdfs/sskdf.inc
providers/implementations/kdfs/tls1_prf.inc
providers/implementations/kdfs/x942kdf.inc
+providers/implementations/kdfs/x963kdf.inc
providers/implementations/kem/ec_kem.inc
providers/implementations/kem/ecx_kem.inc
providers/implementations/kem/ml_kem_kem.inc
diff --git a/CHANGES.md b/CHANGES.md
index dfe4b0d2d3..3d01712f13 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -32,6 +32,11 @@ OpenSSL 4.0
### Changes between 3.6 and 4.0 [xx XXX xxxx]
+ * Added configure options to disable KDF algorithms for
+ hmac-drbg-kdf, kbkdf, krb5kdf, pvkkdf, snmpkdf, sskdf, sshkdf, x942kdf and x963kdf.
+
+ *Shane Lontis*
+
* Remove support for an SSLv2 Client Hello. When a client wanted to support
both SSLv2 and higher versions like SSLv3 or even TLSv1, it needed to
send an SSLv2 Client Hello. SSLv2 support itself was removed in version
diff --git a/Configure b/Configure
index 7682185697..e5d587f2fc 100755
--- a/Configure
+++ b/Configure
@@ -456,6 +456,7 @@ my @disablables = (
"demos",
"h3demo",
"hqinterop",
+ "hmac-drbg-kdf",
"deprecated",
"des",
"dgram",
@@ -486,6 +487,8 @@ my @disablables = (
"idea",
"integrity-only-ciphers",
"jitter",
+ "kbkdf",
+ "krb5kdf",
"ktls",
"legacy",
"lms",
@@ -507,6 +510,7 @@ my @disablables = (
"poly1305",
"posix-io",
"psk",
+ "pvkkdf",
"quic",
"unstable-qlog",
"rc2",
@@ -527,10 +531,13 @@ my @disablables = (
"sm2-precomp",
"sm3",
"sm4",
+ "snmpkdf",
"sock",
"srp",
"srtp",
"sse2",
+ "sshkdf",
+ "sskdf",
"ssl-trace",
"stdio",
"sslkeylog",
@@ -548,6 +555,8 @@ my @disablables = (
"uplink",
"weak-ssl-ciphers",
"whirlpool",
+ "x942kdf",
+ "x963kdf",
"zlib",
"zlib-dynamic",
"zstd",
@@ -638,16 +647,18 @@ my @disable_cascades = (
"cmac", "cms", "cmp", "comp", "ct",
"des", "dgram", "dh", "dsa",
"ec",
- "filenames",
- "idea", "ktls", "lms",
+ "filenames", "hmac-drbg-kdf",
+ "idea", "kbkdf", "krb5kdf", "ktls", "lms",
"md4", "ml-dsa", "ml-kem", "multiblock",
"nextprotoneg", "ocsp", "ocb", "poly1305", "psk",
- "rc2", "rc4", "rmd160",
+ "pvkkdf", "rc2", "rc4", "rmd160",
"scrypt", "seed", "siphash", "siv",
- "slh-dsa", "sm3", "sm4", "srp",
- "srtp", "ssl-trace",
+ "slh-dsa", "sm3", "sm4", "snmpkdf",
+ "srp", "srtp", "sshkdf", "sskdf",
+ "ssl-trace",
"tfo",
"ts", "ui-console", "whirlpool",
+ "x942kdf", "x963kdf",
"fips-securitychecks" ],
sub { $config{processor} eq "386" }
=> [ "sse2" ],
diff --git a/INSTALL.md b/INSTALL.md
index 252bc13e7c..c911ab90ea 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -757,14 +757,6 @@ Don't build and install documentation, i.e. manual pages in various forms.
Don't build support for loading Dynamic Shared Objects (DSO)
-### no-ec
-
-Don't build support for Elliptic Curves.
-
-### no-ec2m
-
-Don't build support for binary Elliptic Curves
-
### no-tls-deprecated-ec
Disable legacy TLS EC groups that were deprecated in RFC8422. These are the
@@ -873,26 +865,10 @@ Don't build the legacy provider.
Disabling this also disables the legacy algorithms: MD2 (already disabled by default).
-### enable-lms
-
-Enable Leighton-Micali Signatures (LMS) support.
-Support is currently limited to verification only as per
-[SP 800-208](https://csrc.nist.gov/pubs/sp/800/208/final).
-
### no-makedepend
Don't generate dependencies.
-### no-ml-dsa
-
-Disable Module-Lattice-Based Digital Signature Standard (ML-DSA) support.
-ML-DSA is based on CRYSTALS-DILITHIUM. See [FIPS 204].
-
-### no-ml-kem
-
-Disable Module-Lattice-Based Key-Encapsulation Mechanism Standard (ML-KEM)
-support. ML-KEM is based on CRYSTALS-KYBER. See [FIPS 203].
-
### no-module
Don't build any dynamically loadable modules.
@@ -972,11 +948,6 @@ Do not create shared libraries, only static ones.
See [Notes on shared libraries](#notes-on-shared-libraries) below.
-### no-slh-dsa
-
-Disable Stateless Hash Based Digital Signature Standard support.
-(SLH-DSA is based on SPHINCS+. See [FIPS 205])
-
### no-sm2-precomp
Disable using the SM2 precomputed table on aarch64 to make the library smaller.
@@ -1191,16 +1162,23 @@ use `TLS_method()` instead.
### enable-{algorithm}
- enable-{md2|rc5}
+ enable-{md2|rc5|lms}
Build with support for the specified algorithm.
+The `lms` algorithm support is currently limited to verification only as per
+[SP 800-208](https://csrc.nist.gov/pubs/sp/800/208/final).
+
### no-{algorithm}
no-{aria|bf|blake2|camellia|cast|chacha|cmac|
- des|dh|dsa|ecdh|ecdsa|idea|md4|mdc2|ml-dsa|
- ml-kem|ocb|poly1305|rc2|rc4|rmd160|scrypt|
- seed|siphash|siv|sm2|sm3|sm4|whirlpool}
+ des|dh|dsa|
+ ec|ec2m|ecdh|ecdsa|hmac-drbg-kdf|idea|kbkdf|krb5kdf|
+ md4|mdc2|
+ ml-dsa|ml-kem|
+ ocb|poly1305|pvkkdf|rc2|rc4|rmd160|scrypt|
+ seed|siphash|siv|slh-dsa|sm2|sm3|sm4|snmpkdf|sshkdf|sskdf|
+ x942kdf|x963kdf|whirlpool}
Build without support for the specified algorithm.
diff --git a/build.info b/build.info
index c7a833710b..5607fbdad4 100644
--- a/build.info
+++ b/build.info
@@ -72,6 +72,7 @@ DEPEND[]=include/openssl/asn1.h \
providers/implementations/kdfs/sskdf.inc \
providers/implementations/kdfs/tls1_prf.inc \
providers/implementations/kdfs/x942kdf.inc \
+ providers/implementations/kdfs/x963kdf.inc \
providers/implementations/kem/ec_kem.inc \
providers/implementations/kem/ecx_kem.inc \
providers/implementations/kem/ml_kem_kem.inc \
@@ -192,6 +193,7 @@ DEPEND[providers/implementations/asymciphers/rsa_enc.inc \
providers/implementations/kdfs/sskdf.inc \
providers/implementations/kdfs/tls1_prf.inc \
providers/implementations/kdfs/x942kdf.inc \
+ providers/implementations/kdfs/x963kdf.inc \
providers/implementations/kem/ec_kem.inc \
providers/implementations/kem/ecx_kem.inc \
providers/implementations/kem/ml_kem_kem.inc \
@@ -307,6 +309,8 @@ GENERATE[providers/implementations/kdfs/tls1_prf.inc]=\
providers/implementations/kdfs/tls1_prf.inc.in
GENERATE[providers/implementations/kdfs/x942kdf.inc]=\
providers/implementations/kdfs/x942kdf.inc.in
+GENERATE[providers/implementations/kdfs/x963kdf.inc]=\
+ providers/implementations/kdfs/x963kdf.inc.in
GENERATE[providers/implementations/kem/ec_kem.inc]=\
providers/implementations/kem/ec_kem.inc.in
GENERATE[providers/implementations/kem/ecx_kem.inc]=\
diff --git a/doc/man7/EVP_KDF-X963.pod b/doc/man7/EVP_KDF-X963.pod
index 2df67a728e..49b03fa5d3 100644
--- a/doc/man7/EVP_KDF-X963.pod
+++ b/doc/man7/EVP_KDF-X963.pod
@@ -8,7 +8,8 @@ EVP_KDF-X963 - The X9.63-2001 EVP_KDF implementation
The EVP_KDF-X963 algorithm implements the key derivation function (X963KDF).
X963KDF is used by Cryptographic Message Syntax (CMS) for EC KeyAgreement, to
-derive a key using input such as a shared secret key and shared info.
+derive a key using input such as a shared secret key and shared info. It is
+also used by SM2 encryption and decryption operations.
The output is considered to be keying material.
diff --git a/providers/defltprov.c b/providers/defltprov.c
index aa673f7c7f..cddec70369 100644
--- a/providers/defltprov.c
+++ b/providers/defltprov.c
@@ -366,21 +366,37 @@ static const OSSL_ALGORITHM deflt_kdfs[] = {
{ PROV_NAMES_HKDF_SHA512, "provider=default", ossl_kdf_hkdf_sha512_functions },
{ PROV_NAMES_TLS1_3_KDF, "provider=default",
ossl_kdf_tls1_3_kdf_functions },
- { PROV_NAMES_SSKDF, "provider=default", ossl_kdf_sskdf_functions },
+ { PROV_NAMES_TLS1_PRF, "provider=default", ossl_kdf_tls1_prf_functions },
{ PROV_NAMES_PBKDF2, "provider=default", ossl_kdf_pbkdf2_functions },
{ PROV_NAMES_PKCS12KDF, "provider=default", ossl_kdf_pkcs12_functions },
+#ifndef OPENSSL_NO_SSKDF
+ { PROV_NAMES_SSKDF, "provider=default", ossl_kdf_sskdf_functions },
+#endif
+#ifndef OPENSSL_NO_SNMPKDF
{ PROV_NAMES_SNMPKDF, "provider=default", ossl_kdf_snmpkdf_functions },
+#endif
+#ifndef OPENSSL_NO_SSHKDF
{ PROV_NAMES_SSHKDF, "provider=default", ossl_kdf_sshkdf_functions },
+#endif
+#ifndef OPENSSL_NO_X963KDF
{ PROV_NAMES_X963KDF, "provider=default", ossl_kdf_x963_kdf_functions },
- { PROV_NAMES_TLS1_PRF, "provider=default", ossl_kdf_tls1_prf_functions },
+#endif
+#ifndef OPENSSL_NO_KBKDF
{ PROV_NAMES_KBKDF, "provider=default", ossl_kdf_kbkdf_functions },
+#endif
+#ifndef OPENSSL_NO_X942KDF
{ PROV_NAMES_X942KDF_ASN1, "provider=default", ossl_kdf_x942_kdf_functions },
+#endif
#ifndef OPENSSL_NO_SCRYPT
{ PROV_NAMES_SCRYPT, "provider=default", ossl_kdf_scrypt_functions },
#endif
+#ifndef OPENSSL_NO_KRB5KDF
{ PROV_NAMES_KRB5KDF, "provider=default", ossl_kdf_krb5kdf_functions },
+#endif
+#ifndef OPENSSL_NO_HMAC_DRBG_KDF
{ PROV_NAMES_HMAC_DRBG_KDF, "provider=default",
ossl_kdf_hmac_drbg_functions },
+#endif
#ifndef OPENSSL_NO_ARGON2
{ PROV_NAMES_ARGON2I, "provider=default", ossl_kdf_argon2i_functions },
{ PROV_NAMES_ARGON2D, "provider=default", ossl_kdf_argon2d_functions },
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index 9905fa404f..ce2645ce07 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -424,36 +424,71 @@ static const OSSL_ALGORITHM fips_macs_internal[] = {
{ NULL, NULL, NULL }
};
-#define FIPS_KDFS_COMMON() \
- { PROV_NAMES_HKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_hkdf_functions }, \
- { PROV_NAMES_HKDF_SHA256, FIPS_DEFAULT_PROPERTIES, ossl_kdf_hkdf_sha256_functions }, \
- { PROV_NAMES_HKDF_SHA384, FIPS_DEFAULT_PROPERTIES, ossl_kdf_hkdf_sha384_functions }, \
- { PROV_NAMES_HKDF_SHA512, FIPS_DEFAULT_PROPERTIES, ossl_kdf_hkdf_sha512_functions }, \
- { PROV_NAMES_TLS1_3_KDF, FIPS_DEFAULT_PROPERTIES, \
- ossl_kdf_tls1_3_kdf_functions }, \
- { PROV_NAMES_SSKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_sskdf_functions }, \
- { PROV_NAMES_PBKDF2, FIPS_DEFAULT_PROPERTIES, ossl_kdf_pbkdf2_functions }, \
- { PROV_NAMES_SNMPKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_snmpkdf_functions }, \
- { PROV_NAMES_SSHKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_sshkdf_functions }, \
- { PROV_NAMES_X963KDF, FIPS_DEFAULT_PROPERTIES, \
- ossl_kdf_x963_kdf_functions }, \
- { PROV_NAMES_X942KDF_ASN1, FIPS_DEFAULT_PROPERTIES, \
- ossl_kdf_x942_kdf_functions }, \
- { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, \
- ossl_kdf_tls1_prf_functions }, \
- { \
- PROV_NAMES_KBKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_kbkdf_functions \
- }
+/* clang-format off */
+#define FIPS_KDFS_COMMON() \
+ { PROV_NAMES_HKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_hkdf_functions }, \
+ { PROV_NAMES_HKDF_SHA256, FIPS_DEFAULT_PROPERTIES, ossl_kdf_hkdf_sha256_functions }, \
+ { PROV_NAMES_HKDF_SHA384, FIPS_DEFAULT_PROPERTIES, ossl_kdf_hkdf_sha384_functions }, \
+ { PROV_NAMES_HKDF_SHA512, FIPS_DEFAULT_PROPERTIES, ossl_kdf_hkdf_sha512_functions }, \
+ { PROV_NAMES_TLS1_3_KDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_tls1_3_kdf_functions }, \
+ { PROV_NAMES_PBKDF2, FIPS_DEFAULT_PROPERTIES, ossl_kdf_pbkdf2_functions }, \
+ { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_tls1_prf_functions }
+/* clang-format on */
+/*
+ * NOTE:
+ * Any algorithms added to this table need to be copied to fips_kdfs_internal[].
+ */
static const OSSL_ALGORITHM fips_kdfs[] = {
FIPS_KDFS_COMMON(),
+#ifndef OPENSSL_NO_SSKDF
+ { PROV_NAMES_SSKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_sskdf_functions },
+#endif
+#ifndef OPENSSL_NO_SNMPKDF
+ { PROV_NAMES_SNMPKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_snmpkdf_functions },
+#endif
+#ifndef OPENSSL_NO_SSHKDF
+ { PROV_NAMES_SSHKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_sshkdf_functions },
+#endif
+#ifndef OPENSSL_NO_KBKDF
+ { PROV_NAMES_KBKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_kbkdf_functions },
+#endif
+#ifndef OPENSSL_NO_X942KDF
+ { PROV_NAMES_X942KDF_ASN1, FIPS_DEFAULT_PROPERTIES,
+ ossl_kdf_x942_kdf_functions },
+#endif
+#ifndef OPENSSL_NO_X963KDF
+ { PROV_NAMES_X963KDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_x963_kdf_functions },
+#endif
{ NULL, NULL, NULL }
};
static const OSSL_ALGORITHM fips_kdfs_internal[] = {
FIPS_KDFS_COMMON(),
+#ifndef OPENSSL_NO_SSKDF
+ { PROV_NAMES_SSKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_sskdf_functions },
+#endif
+#ifndef OPENSSL_NO_SNMPKDF
+ { PROV_NAMES_SNMPKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_snmpkdf_functions },
+#endif
+#ifndef OPENSSL_NO_SSHKDF
+ { PROV_NAMES_SSHKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_sshkdf_functions },
+#endif
+#ifndef OPENSSL_NO_KBKDF
+ { PROV_NAMES_KBKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_kbkdf_functions },
+#endif
+#ifndef OPENSSL_NO_X942KDF
+ { PROV_NAMES_X942KDF_ASN1, FIPS_DEFAULT_PROPERTIES,
+ ossl_kdf_x942_kdf_functions },
+#endif
+#ifndef OPENSSL_NO_X963KDF
+ { PROV_NAMES_X963KDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_x963_kdf_functions },
+#endif
+
+#ifndef OPENSSL_NO_HMAC_DRBG_KDF
/* For deterministic ECDSA */
{ PROV_NAMES_HMAC_DRBG_KDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_hmac_drbg_functions },
+#endif
{ NULL, NULL, NULL }
};
diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
index 2442038eb1..4b5160ac23 100644
--- a/providers/fips/self_test_data.inc
+++ b/providers/fips/self_test_data.inc
@@ -512,6 +512,7 @@ static const ST_KAT_PARAM hkdf_params[] = {
ST_KAT_PARAM_END()
};
+#ifndef OPENSSL_NO_SNMPKDF
static const char snmpkdf_digest[] = "SHA1";
static const unsigned char snmpkdf_eid[] = {
0x80, 0x00, 0x02, 0xb8, 0x05, 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde,
@@ -530,7 +531,9 @@ static const ST_KAT_PARAM snmpkdf_params[] = {
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_PASSWORD, snmpkdf_password),
ST_KAT_PARAM_END()
};
+#endif
+#ifndef OPENSSL_NO_SSKDF
static const char sskdf_digest[] = "SHA256";
static const unsigned char sskdf_secret[] = {
0x6d, 0xbd, 0xc2, 0x3f, 0x04, 0x54, 0x88, 0xe4,
@@ -559,7 +562,9 @@ static const ST_KAT_PARAM sskdf_params[] = {
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, sskdf_otherinfo),
ST_KAT_PARAM_END()
};
+#endif /* OPENSSL_NO_SSKDF */
+#ifndef OPENSSL_NO_X942KDF
static const char x942kdf_digest[] = "SHA256";
static const char x942kdf_cekalg[] = "AES-128-WRAP";
static const unsigned char x942kdf_secret[] = {
@@ -577,7 +582,9 @@ static const ST_KAT_PARAM x942kdf_params[] = {
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, x942kdf_secret),
ST_KAT_PARAM_END()
};
+#endif /* OPENSSL_NO_X942KDF */
+#ifndef OPENSSL_NO_X963KDF
static const char x963kdf_digest[] = "SHA256";
static const unsigned char x963kdf_otherinfo[] = {
0x75, 0xee, 0xf8, 0x1a, 0xa3, 0x04, 0x1e, 0x33,
@@ -600,6 +607,7 @@ static const ST_KAT_PARAM x963kdf_params[] = {
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, x963kdf_otherinfo),
ST_KAT_PARAM_END()
};
+#endif /* OPENSSL_NO_X963KDF */
static const char pbkdf2_digest[] = "SHA256";
/*
@@ -685,6 +693,7 @@ static const ST_KAT_PARAM tls12prf_params[] = {
ST_KAT_PARAM_END()
};
+#ifndef OPENSSL_NO_KBKDF
static const char kbkdf_digest[] = "SHA256";
static const char kbkdf_mac[] = "HMAC";
static const unsigned char kbkdf_salt[] = { 'p', 'r', 'f' };
@@ -734,6 +743,7 @@ static const ST_KAT_PARAM kbkdf_kmac_params[] = {
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, kbkdf_kmac_context),
ST_KAT_PARAM_END()
};
+#endif /* OPENSSL_NO_KBKDF */
static const char tls13_kdf_digest[] = "SHA256";
static int tls13_kdf_extract_mode = EVP_KDF_HKDF_MODE_EXTRACT_ONLY;
@@ -822,6 +832,7 @@ static const ST_KAT_KDF st_kat_kdf_tests[] =
pbkdf2_params,
ITM(pbkdf2_expected)
},
+#ifndef OPENSSL_NO_KBKDF
{
OSSL_SELF_TEST_DESC_KDF_KBKDF,
OSSL_KDF_NAME_KBKDF,
@@ -836,6 +847,7 @@ static const ST_KAT_KDF st_kat_kdf_tests[] =
kbkdf_kmac_params,
ITM(kbkdf_kmac_expected)
},
+#endif
{
OSSL_SELF_TEST_DESC_KDF_HKDF,
OSSL_KDF_NAME_HKDF,
@@ -843,6 +855,7 @@ static const ST_KAT_KDF st_kat_kdf_tests[] =
hkdf_params,
ITM(hkdf_expected)
},
+#ifndef OPENSSL_NO_SNMPKDF
{
OSSL_SELF_TEST_DESC_KDF_SNMPKDF,
OSSL_KDF_NAME_SNMPKDF,
@@ -850,6 +863,8 @@ static const ST_KAT_KDF st_kat_kdf_tests[] =
snmpkdf_params,
ITM(snmpkdf_expected)
},
+#endif
+#ifndef OPENSSL_NO_SSKDF
{
OSSL_SELF_TEST_DESC_KDF_SSKDF,
OSSL_KDF_NAME_SSKDF,
@@ -857,6 +872,8 @@ static const ST_KAT_KDF st_kat_kdf_tests[] =
sskdf_params,
ITM(sskdf_expected)
},
+#endif
+#ifndef OPENSSL_NO_X963KDF
{
OSSL_SELF_TEST_DESC_KDF_X963KDF,
OSSL_KDF_NAME_X963KDF,
@@ -864,6 +881,8 @@ static const ST_KAT_KDF st_kat_kdf_tests[] =
x963kdf_params,
ITM(x963kdf_expected)
},
+#endif
+#ifndef OPENSSL_NO_X942KDF
{
OSSL_SELF_TEST_DESC_KDF_X942KDF,
OSSL_KDF_NAME_X942KDF_ASN1,
@@ -871,6 +890,7 @@ static const ST_KAT_KDF st_kat_kdf_tests[] =
x942kdf_params,
ITM(x942kdf_expected)
},
+#endif
};
/*-
@@ -1627,6 +1647,7 @@ static const unsigned char ecdsa_prime_expected_sig[] = {
0x45, 0xc3, 0x6f, 0x9e, 0x2e, 0xc1, 0x44, 0x9f,
0xfd, 0x79, 0xdb, 0x90, 0x3e, 0xb9, 0xb2
};
+#ifndef OPENSSL_NO_HMAC_DRBG_KDF
static const unsigned char ecdsa_prime_expected_detsig[] = {
0x30, 0x3c, 0x02, 0x1c, 0x6a, 0x6d, 0x2c, 0x88,
0x2b, 0xe5, 0x6b, 0xe6, 0xb1, 0x28, 0xe7, 0xa8,
@@ -1637,6 +1658,7 @@ static const unsigned char ecdsa_prime_expected_detsig[] = {
0xf9, 0x16, 0xe6, 0x06, 0xa5, 0xf0, 0x94, 0x2f,
0x57, 0xf1, 0x7e, 0xf2, 0x16, 0x76
};
+#endif
static const ST_KAT_PARAM ecdsa_prime_key[] = {
ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name),
ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_prime_pub),
@@ -3225,6 +3247,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = {
ITM(sig_kat_persstr),
ITM(ecdsa_prime_expected_sig)
},
+# ifndef OPENSSL_NO_HMAC_DRBG_KDF
{
OSSL_SELF_TEST_DESC_SIGN_DetECDSA,
"EC", "ECDSA-SHA256", 0, 0,
@@ -3234,6 +3257,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = {
ITM(ecdsa_prime_expected_detsig),
ecdsa_sig_params
},
+# endif
# ifndef OPENSSL_NO_EC2M
{
OSSL_SELF_TEST_DESC_SIGN_ECDSA,
diff --git a/providers/implementations/kdfs/build.info b/providers/implementations/kdfs/build.info
index b41a730e57..f94c78bf4d 100644
--- a/providers/implementations/kdfs/build.info
+++ b/providers/implementations/kdfs/build.info
@@ -21,25 +21,47 @@ SOURCE[$TLS1_PRF_GOAL]=tls1_prf.c
SOURCE[$HKDF_GOAL]=hkdf.c
-SOURCE[$KBKDF_GOAL]=kbkdf.c
+IF[{- !$disable{kbkdf} -}]
+ SOURCE[$KBKDF_GOAL]=kbkdf.c
+ENDIF
-SOURCE[$KRB5KDF_GOAL]=krb5kdf.c
+IF[{- !$disabled{krb5kdf} -}]
+ SOURCE[$KRB5KDF_GOAL]=krb5kdf.c
+ENDIF
SOURCE[$PBKDF1_GOAL]=pbkdf1.c
SOURCE[$PBKDF2_GOAL]=pbkdf2.c
-SOURCE[$PVKKDF_GOAL]=pvkkdf.c
+IF[{- !$disabled{pvkkdf} -}]
+ SOURCE[$PVKKDF_GOAL]=pvkkdf.c
+ENDIF
SOURCE[$PKCS12KDF_GOAL]=pkcs12kdf.c
-SOURCE[$SSKDF_GOAL]=sskdf.c
+IF[{- !$disabled{sskdf} || !$disabled{x963kdf} -}]
+ SOURCE[$SSKDF_GOAL]=sskdf.c
+ENDIF
-SOURCE[$SCRYPT_GOAL]=scrypt.c
-SOURCE[$SNMPKDF_GOAL]=snmpkdf.c
-SOURCE[$SSHKDF_GOAL]=sshkdf.c
-SOURCE[$X942KDF_GOAL]=x942kdf.c
-DEPEND[x942kdf.o]=../../common/include/prov/der_wrap.h
+IF[{- !$disabled{scrypt} -}]
+ SOURCE[$SCRYPT_GOAL]=scrypt.c
+ENDIF
+
+IF[{- !$disabled{snmpkdf} -}]
+ SOURCE[$SNMPKDF_GOAL]=snmpkdf.c
+ENDIF
+
+IF[{- !$disabled{sshkdf} -}]
+ SOURCE[$SSHKDF_GOAL]=sshkdf.c
+ENDIF
+
+IF[{- !$disabled{x942kdf} -}]
+ SOURCE[$X942KDF_GOAL]=x942kdf.c
+ DEPEND[x942kdf.o]=../../common/include/prov/der_wrap.h
+ENDIF
+
+IF[{- !$disabled{hmac-drbg-kdf} -}]
+ SOURCE[$HMAC_DRBG_KDF_GOAL]=hmacdrbg_kdf.c
+ENDIF
-SOURCE[$HMAC_DRBG_KDF_GOAL]=hmacdrbg_kdf.c
SOURCE[$ARGON2_GOAL]=argon2.c
diff --git a/providers/implementations/kdfs/sskdf.c b/providers/implementations/kdfs/sskdf.c
index 25b619e248..2e61cf3f21 100644
--- a/providers/implementations/kdfs/sskdf.c
+++ b/providers/implementations/kdfs/sskdf.c
@@ -53,6 +53,9 @@
#include "prov/securitycheck.h"
#include "internal/params.h"
+#define SSKDF_MAX_INLEN (1 << 30)
+#define SSKDF_MAX_INFOS 5
+
typedef struct {
void *provctx;
EVP_MAC_CTX *macctx; /* H(x) = HMAC_hash OR H(x) = KMAC */
@@ -68,28 +71,49 @@ typedef struct {
OSSL_FIPS_IND_DECLARE
} KDF_SSKDF;
-#define SSKDF_MAX_INLEN (1 << 30)
-#define SSKDF_KMAC128_DEFAULT_SALT_SIZE (168 - 4)
-#define SSKDF_KMAC256_DEFAULT_SALT_SIZE (136 - 4)
-
-#define SSKDF_MAX_INFOS 5
-
-/* KMAC uses a Customisation string of 'KDF' */
-static const unsigned char kmac_custom_str[] = { 0x4B, 0x44, 0x46 };
+struct sskdf_all_set_ctx_params_st {
+ OSSL_PARAM *secret;
+ OSSL_PARAM *propq;
+ OSSL_PARAM *digest;
+ OSSL_PARAM *mac;
+ OSSL_PARAM *salt;
+ OSSL_PARAM *size;
+#ifdef FIPS_MODULE
+ OSSL_PARAM *ind_k;
+ OSSL_PARAM *ind_d;
+#endif
+ OSSL_PARAM *info[SSKDF_MAX_INFOS];
+ int num_info;
+};
static OSSL_FUNC_kdf_newctx_fn sskdf_new;
static OSSL_FUNC_kdf_dupctx_fn sskdf_dup;
static OSSL_FUNC_kdf_freectx_fn sskdf_free;
static OSSL_FUNC_kdf_reset_fn sskdf_reset;
+
+#ifndef OPENSSL_NO_SSKDF
+#define SSKDF_KMAC128_DEFAULT_SALT_SIZE (168 - 4)
+#define SSKDF_KMAC256_DEFAULT_SALT_SIZE (136 - 4)
+/* KMAC uses a Customisation string of 'KDF' */
+static const unsigned char kmac_custom_str[] = { 0x4B, 0x44, 0x46 };
+
static OSSL_FUNC_kdf_derive_fn sskdf_derive;
static OSSL_FUNC_kdf_settable_ctx_params_fn sskdf_settable_ctx_params;
static OSSL_FUNC_kdf_set_ctx_params_fn sskdf_set_ctx_params;
-static OSSL_FUNC_kdf_gettable_ctx_params_fn sskdf_common_gettable_ctx_params;
-static OSSL_FUNC_kdf_get_ctx_params_fn sskdf_common_get_ctx_params;
+static OSSL_FUNC_kdf_gettable_ctx_params_fn sskdf_gettable_ctx_params;
+static OSSL_FUNC_kdf_get_ctx_params_fn sskdf_get_ctx_params;
+#define sskdf_set_ctx_params_st sskdf_all_set_ctx_params_st
+#include "providers/implementations/kdfs/sskdf.inc"
+#endif
+#ifndef OPENSSL_NO_X963KDF
static OSSL_FUNC_kdf_derive_fn x963kdf_derive;
static OSSL_FUNC_kdf_settable_ctx_params_fn x963kdf_settable_ctx_params;
static OSSL_FUNC_kdf_set_ctx_params_fn x963kdf_set_ctx_params;
-
+static OSSL_FUNC_kdf_gettable_ctx_params_fn x963kdf_gettable_ctx_params;
+static OSSL_FUNC_kdf_get_ctx_params_fn x963kdf_get_ctx_params;
+#define x963kdf_set_ctx_params_st sskdf_all_set_ctx_params_st
+#include "providers/implementations/kdfs/x963kdf.inc"
+#endif
/*
* Refer to https://csrc.nist.gov/publications/detail/sp/800-56c/rev-1/final
* Section 4. One-Step Key Derivation using H(x) = hash(x)
@@ -164,6 +188,7 @@ end:
return ret;
}
+#ifndef OPENSSL_NO_SSKDF
static int kmac_init(EVP_MAC_CTX *ctx, const unsigned char *custom,
size_t custom_len, size_t kmac_out_len,
size_t derived_key_len, unsigned char **out)
@@ -290,6 +315,7 @@ end:
EVP_MAC_CTX_free(ctx);
return ret;
}
+#endif /* OPENSSL_NO_SSKDF */
static void *sskdf_new(void *provctx)
{
@@ -377,6 +403,7 @@ static size_t sskdf_size(KDF_SSKDF *ctx)
return (len <= 0) ? 0 : (size_t)len;
}
+#ifndef OPENSSL_NO_SSKDF
#ifdef FIPS_MODULE
static int fips_sskdf_key_check_passed(KDF_SSKDF *ctx)
{
@@ -393,7 +420,7 @@ static int fips_sskdf_key_check_passed(KDF_SSKDF *ctx)
}
return 1;
}
-#endif
+#endif /* FIPS_MODULE */
static int sskdf_derive(void *vctx, unsigned char *key, size_t keylen,
const OSSL_PARAM params[])
@@ -462,7 +489,9 @@ static int sskdf_derive(void *vctx, unsigned char *key, size_t keylen,
ctx->info, ctx->info_len, 0, key, keylen);
}
}
+#endif
+#ifndef OPENSSL_NO_X963KDF
#ifdef FIPS_MODULE
static int fips_x963kdf_digest_check_passed(KDF_SSKDF *ctx, const EVP_MD *md)
{
@@ -502,7 +531,7 @@ static int fips_x963kdf_key_check_passed(KDF_SSKDF *ctx)
}
return 1;
}
-#endif
+#endif /* FIPS_MODULE */
static int x963kdf_derive(void *vctx, unsigned char *key, size_t keylen,
const OSSL_PARAM params[])
@@ -533,48 +562,16 @@ static int x963kdf_derive(void *vctx, unsigned char *key, size_t keylen,
return SSKDF_hash_kdm(md, ctx->secret, ctx->secret_len,
ctx->info, ctx->info_len, 1, key, keylen);
}
-
-struct sskdf_all_set_ctx_params_st {
- OSSL_PARAM *secret;
- OSSL_PARAM *propq;
- OSSL_PARAM *digest;
- OSSL_PARAM *mac;
- OSSL_PARAM *salt;
- OSSL_PARAM *size;
-#ifdef FIPS_MODULE
- OSSL_PARAM *ind_k;
- OSSL_PARAM *ind_d;
-#endif
- OSSL_PARAM *info[SSKDF_MAX_INFOS];
- int num_info;
-};
-
-#define sskdf_set_ctx_params_st sskdf_all_set_ctx_params_st
-#define x963kdf_set_ctx_params_st sskdf_all_set_ctx_params_st
-
-#include "providers/implementations/kdfs/sskdf.inc"
+#endif /* OPENSSL_NO_X963KDF */
static int sskdf_common_set_ctx_params(KDF_SSKDF *ctx, struct sskdf_all_set_ctx_params_st *p,
- const OSSL_PARAM *params)
+ const OSSL_PARAM *params, OSSL_LIB_CTX *libctx)
{
- OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
+
const EVP_MD *md = NULL;
size_t sz;
int r;
- if (!ossl_prov_macctx_load(&ctx->macctx,
- p->mac, NULL, p->digest, p->propq,
- NULL, NULL, NULL, libctx))
- return 0;
- if (ctx->macctx != NULL) {
- if (EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->macctx),
- OSSL_MAC_NAME_KMAC128)
- || EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->macctx),
- OSSL_MAC_NAME_KMAC256)) {
- ctx->is_kmac = 1;
- }
- }
-
if (p->digest != NULL) {
if (!ossl_prov_digest_load(&ctx->digest, p->digest, p->propq, libctx))
return 0;
@@ -596,11 +593,6 @@ static int sskdf_common_set_ctx_params(KDF_SSKDF *ctx, struct sskdf_all_set_ctx_
== 0)
return 0;
- if (ossl_param_get1_octet_string_from_param(p->salt, &ctx->salt,
- &ctx->salt_len)
- == 0)
- return 0;
-
if (p->size != NULL) {
if (!OSSL_PARAM_get_size_t(p->size, &sz) || sz == 0)
return 0;
@@ -609,9 +601,11 @@ static int sskdf_common_set_ctx_params(KDF_SSKDF *ctx, struct sskdf_all_set_ctx_
return 1;
}
+#ifndef OPENSSL_NO_SSKDF
static int sskdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
{
KDF_SSKDF *ctx = (KDF_SSKDF *)vctx;
+ OSSL_LIB_CTX *libctx;
struct sskdf_all_set_ctx_params_st p;
if (ctx == NULL || !sskdf_set_ctx_params_decoder(params, &p))
@@ -620,7 +614,24 @@ static int sskdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(ctx, OSSL_FIPS_IND_SETTABLE0, p.ind_k))
return 0;
- if (!sskdf_common_set_ctx_params(ctx, &p, params))
+ libctx = PROV_LIBCTX_OF(ctx->provctx);
+ if (!ossl_prov_macctx_load(&ctx->macctx,
+ p.mac, NULL, p.digest, p.propq,
+ NULL, NULL, NULL, libctx))
+ return 0;
+ if (ctx->macctx != NULL) {
+ if (EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->macctx),
+ OSSL_MAC_NAME_KMAC128)
+ || EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->macctx),
+ OSSL_MAC_NAME_KMAC256)) {
+ ctx->is_kmac = 1;
+ }
+ }
+ if (ossl_param_get1_octet_string_from_param(p.salt, &ctx->salt,
+ &ctx->salt_len)
+ == 0)
+ return 0;
+ if (!sskdf_common_set_ctx_params(ctx, &p, params, libctx))
return 0;
#ifdef FIPS_MODULE
@@ -638,7 +649,7 @@ static const OSSL_PARAM *sskdf_settable_ctx_params(ossl_unused void *ctx,
return sskdf_set_ctx_params_list;
}
-static int sskdf_common_get_ctx_params(void *vctx, OSSL_PARAM params[])
+static int sskdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
{
KDF_SSKDF *ctx = (KDF_SSKDF *)vctx;
struct sskdf_get_ctx_params_st p;
@@ -657,11 +668,14 @@ static int sskdf_common_get_ctx_params(void *vctx, OSSL_PARAM params[])
return 1;
}
-static const OSSL_PARAM *sskdf_common_gettable_ctx_params(ossl_unused void *ctx, ossl_unused void *provctx)
+static const OSSL_PARAM *sskdf_gettable_ctx_params(ossl_unused void *ctx, ossl_unused void *provctx)
{
return sskdf_get_ctx_params_list;
}
+#endif /* OPENSSL_NO_SSKDF */
+
+#ifndef OPENSSL_NO_X963KDF
static int x963kdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
{
KDF_SSKDF *ctx = (KDF_SSKDF *)vctx;
@@ -675,7 +689,7 @@ static int x963kdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(ctx, OSSL_FIPS_IND_SETTABLE1, p.ind_k))
return 0;
- if (!sskdf_common_set_ctx_params(ctx, &p, params))
+ if (!sskdf_common_set_ctx_params(ctx, &p, params, PROV_LIBCTX_OF(ctx->provctx)))
return 0;
#ifdef FIPS_MODULE
@@ -700,6 +714,33 @@ static const OSSL_PARAM *x963kdf_settable_ctx_params(ossl_unused void *ctx,
return x963kdf_set_ctx_params_list;
}
+static int x963kdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
+{
+ KDF_SSKDF *ctx = (KDF_SSKDF *)vctx;
+ struct x963kdf_get_ctx_params_st p;
+
+ if (ctx == NULL || !x963kdf_get_ctx_params_decoder(params, &p))
+ return 0;
+
+ if (p.size != NULL) {
+ if (!OSSL_PARAM_set_size_t(p.size, sskdf_size(ctx)))
+ return 0;
+ }
+
+ if (!OSSL_FIPS_IND_GET_CTX_PARAM(ctx, p.ind))
+ return 0;
+
+ return 1;
+}
+
+static const OSSL_PARAM *x963kdf_gettable_ctx_params(ossl_unused void *ctx, ossl_unused void *provctx)
+{
+ return x963kdf_get_ctx_params_list;
+}
+
+#endif /* OPENSSL_NO_X963KDF */
+
+#ifndef OPENSSL_NO_SSKDF
const OSSL_DISPATCH ossl_kdf_sskdf_functions[] = {
{ OSSL_FUNC_KDF_NEWCTX, (void (*)(void))sskdf_new },
{ OSSL_FUNC_KDF_DUPCTX, (void (*)(void))sskdf_dup },
@@ -710,11 +751,13 @@ const OSSL_DISPATCH ossl_kdf_sskdf_functions[] = {
(void (*)(void))sskdf_settable_ctx_params },
{ OSSL_FUNC_KDF_SET_CTX_PARAMS, (void (*)(void))sskdf_set_ctx_params },
{ OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS,
- (void (*)(void))sskdf_common_gettable_ctx_params },
- { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void (*)(void))sskdf_common_get_ctx_params },
+ (void (*)(void))sskdf_gettable_ctx_params },
+ { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void (*)(void))sskdf_get_ctx_params },
OSSL_DISPATCH_END
};
+#endif
+#ifndef OPENSSL_NO_X963KDF
const OSSL_DISPATCH ossl_kdf_x963_kdf_functions[] = {
{ OSSL_FUNC_KDF_NEWCTX, (void (*)(void))sskdf_new },
{ OSSL_FUNC_KDF_DUPCTX, (void (*)(void))sskdf_dup },
@@ -725,7 +768,8 @@ const OSSL_DISPATCH ossl_kdf_x963_kdf_functions[] = {
(void (*)(void))x963kdf_settable_ctx_params },
{ OSSL_FUNC_KDF_SET_CTX_PARAMS, (void (*)(void))x963kdf_set_ctx_params },
{ OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS,
- (void (*)(void))sskdf_common_gettable_ctx_params },
- { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void (*)(void))sskdf_common_get_ctx_params },
+ (void (*)(void))x963kdf_gettable_ctx_params },
+ { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void (*)(void))x963kdf_get_ctx_params },
OSSL_DISPATCH_END
};
+#endif
diff --git a/providers/implementations/kdfs/sskdf.inc.in b/providers/implementations/kdfs/sskdf.inc.in
index 059e179445..d8979a556c 100644
--- a/providers/implementations/kdfs/sskdf.inc.in
+++ b/providers/implementations/kdfs/sskdf.inc.in
@@ -27,16 +27,3 @@ use OpenSSL::paramnames qw(produce_param_decoder);
(['OSSL_KDF_PARAM_SIZE', 'size', 'size_t'],
['OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int', 'fips'],
)); -}
-
-{- produce_param_decoder('x963kdf_set_ctx_params',
- (['OSSL_KDF_PARAM_SECRET', 'secret', 'octet_string'],
- ['OSSL_KDF_PARAM_KEY', 'secret', 'octet_string'],
- ['OSSL_KDF_PARAM_INFO', 'info', 'octet_string', SSKDF_MAX_INFOS],
- ['OSSL_KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'],
- ['OSSL_KDF_PARAM_DIGEST', 'digest', 'utf8_string'],
- ['OSSL_KDF_PARAM_MAC', 'mac', 'utf8_string'],
- ['OSSL_KDF_PARAM_SALT', 'salt', 'octet_string'],
- ['OSSL_KDF_PARAM_MAC_SIZE', 'size', 'size_t'],
- ['OSSL_KDF_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int', 'fips'],
- ['OSSL_KDF_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int', 'fips'],
- )); -}
diff --git a/providers/implementations/kdfs/x963kdf.inc.in b/providers/implementations/kdfs/x963kdf.inc.in
new file mode 100644
index 0000000000..c8e91d4c44
--- /dev/null
+++ b/providers/implementations/kdfs/x963kdf.inc.in
@@ -0,0 +1,27 @@
+/*
+ * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the \"License\"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+{-
+use OpenSSL::paramnames qw(produce_param_decoder);
+-}
+
+{- produce_param_decoder('x963kdf_get_ctx_params',
+ (['OSSL_KDF_PARAM_SIZE', 'size', 'size_t'],
+ ['OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int', 'fips'],
+ )); -}
+
+{- produce_param_decoder('x963kdf_set_ctx_params',
+ (['OSSL_KDF_PARAM_SECRET', 'secret', 'octet_string'],
+ ['OSSL_KDF_PARAM_KEY', 'secret', 'octet_string'],
+ ['OSSL_KDF_PARAM_INFO', 'info', 'octet_string', SSKDF_MAX_INFOS],
+ ['OSSL_KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'],
+ ['OSSL_KDF_PARAM_DIGEST', 'digest', 'utf8_string'],
+ ['OSSL_KDF_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int', 'fips'],
+ ['OSSL_KDF_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int', 'fips'],
+ )); -}
diff --git a/providers/legacyprov.c b/providers/legacyprov.c
index 996c412e05..89ab6e8336 100644
--- a/providers/legacyprov.c
+++ b/providers/legacyprov.c
@@ -163,7 +163,9 @@ static const OSSL_ALGORITHM legacy_ciphers[] = {
static const OSSL_ALGORITHM legacy_kdfs[] = {
ALG(PROV_NAMES_PBKDF1, ossl_kdf_pbkdf1_functions),
+#ifndef OPENSSL_NO_PVKKDF
ALG(PROV_NAMES_PVKKDF, ossl_kdf_pvk_functions),
+#endif
{ NULL, NULL, NULL }
};
diff --git a/test/endecode_test.c b/test/endecode_test.c
index 538907b363..5b809cc28e 100644
--- a/test/endecode_test.c
+++ b/test/endecode_test.c
@@ -830,7 +830,7 @@ static int test_protected_via_legacy_PEM(const char *type, EVP_PKEY *key)
dump_pem, 0);
}
-#ifndef OPENSSL_NO_RC4
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_PVKKDF)
static int test_protected_via_PVK(const char *type, EVP_PKEY *key)
{
int ret = 0;
@@ -1019,7 +1019,7 @@ static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key)
}
#define ADD_TEST_SUITE_UNPROTECTED_PVK(KEYTYPE) \
ADD_TEST(test_unprotected_##KEYTYPE##_via_PVK)
-#ifndef OPENSSL_NO_RC4
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_PVKKDF)
#define IMPLEMENT_TEST_SUITE_PROTECTED_PVK(KEYTYPE, KEYTYPEstr) \
static int test_protected_##KEYTYPE##_via_PVK(void) \
{ \
@@ -1048,7 +1048,7 @@ IMPLEMENT_TEST_SUITE_PARAMS(DSA, "DSA")
IMPLEMENT_TEST_SUITE_LEGACY(DSA, "DSA")
IMPLEMENT_TEST_SUITE_MSBLOB(DSA, "DSA")
IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(DSA, "DSA")
-#ifndef OPENSSL_NO_RC4
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_PVKKDF)
IMPLEMENT_TEST_SUITE_PROTECTED_PVK(DSA, "DSA")
#endif
#endif
@@ -1139,7 +1139,7 @@ IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS", 1)
*/
IMPLEMENT_TEST_SUITE_MSBLOB(RSA, "RSA")
IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(RSA, "RSA")
-#ifndef OPENSSL_NO_RC4
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_PVKKDF)
IMPLEMENT_TEST_SUITE_PROTECTED_PVK(RSA, "RSA")
#endif
@@ -1602,7 +1602,7 @@ int setup_tests(void)
ADD_TEST_SUITE_LEGACY(DSA);
ADD_TEST_SUITE_MSBLOB(DSA);
ADD_TEST_SUITE_UNPROTECTED_PVK(DSA);
-#ifndef OPENSSL_NO_RC4
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_PVKKDF)
ADD_TEST_SUITE_PROTECTED_PVK(DSA);
#endif
#endif
@@ -1654,7 +1654,7 @@ int setup_tests(void)
*/
ADD_TEST_SUITE_MSBLOB(RSA);
ADD_TEST_SUITE_UNPROTECTED_PVK(RSA);
-#ifndef OPENSSL_NO_RC4
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_PVKKDF)
ADD_TEST_SUITE_PROTECTED_PVK(RSA);
#endif
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index cc25ad5853..ecf635733a 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -2676,19 +2676,17 @@ static int test_EVP_SM2(void)
EVP_MD_CTX *md_ctx_verify = NULL;
EVP_PKEY_CTX *cctx = NULL;
EVP_MD *check_md = NULL;
-
+ uint8_t sm2_id[] = { 1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r' };
+#ifndef OPENSSL_NO_X963KDF
uint8_t ciphertext[128];
size_t ctext_len = sizeof(ciphertext);
-
uint8_t plaintext[8];
size_t ptext_len = sizeof(plaintext);
-
- uint8_t sm2_id[] = { 1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r' };
-
OSSL_PARAM sparams[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
OSSL_PARAM gparams[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
int i;
char mdname[OSSL_MAX_NAME_SIZE];
+#endif
if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
"SM2", testpropq)))
@@ -2781,7 +2779,7 @@ static int test_EVP_SM2(void)
goto done;
/* now check encryption/decryption */
-
+#ifndef OPENSSL_NO_X963KDF
gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
mdname, sizeof(mdname));
for (i = 0; i < 2; i++) {
@@ -2848,7 +2846,7 @@ static int test_EVP_SM2(void)
if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
goto done;
}
-
+#endif /* OPENSSL_NO_X963KDF */
ret = 1;
done:
EVP_PKEY_CTX_free(pctx);
diff --git a/test/evp_kdf_test.c b/test/evp_kdf_test.c
index 89e2afb669..b57f03c46c 100644
--- a/test/evp_kdf_test.c
+++ b/test/evp_kdf_test.c
@@ -1208,6 +1208,7 @@ static int test_kdf_scrypt(void)
}
#endif /* OPENSSL_NO_SCRYPT */
+#ifndef OPENSSL_NO_SSKDF
static int test_kdf_ss_hash(void)
{
int ret;
@@ -1244,7 +1245,9 @@ static int test_kdf_ss_hash(void)
EVP_KDF_CTX_free(kctx);
return ret;
}
+#endif /* OPENSSL_NO_SSKDF */
+#ifndef OPENSSL_NO_X963KDF
static int test_kdf_x963(void)
{
int ret;
@@ -1296,7 +1299,9 @@ static int test_kdf_x963(void)
EVP_KDF_CTX_free(kctx);
return ret;
}
+#endif /* OPENSSL_NO_X963KDF */
+#ifndef OPENSSL_NO_KBKDF
#if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_CAMELLIA)
/*
* KBKDF test vectors from RFC 6803 (Camellia Encryption for Kerberos 5)
@@ -2214,7 +2219,9 @@ static int test_kdf_kbkdf_kmac(void)
EVP_KDF_CTX_free(kctx);
return ret;
}
+#endif /* OPENSSL_NO_KBKDF */
+#ifndef OPENSSL_NO_SSKDF
static int test_kdf_ss_hmac(void)
{
int ret;
@@ -2305,7 +2312,9 @@ static int test_kdf_ss_kmac(void)
EVP_KDF_CTX_free(kctx);
return ret;
}
+#endif /* OPENSSL_NO_SSKDF */
+#ifndef OPENSSL_NO_SSHKDF
static int test_kdf_sshkdf(void)
{
int ret;
@@ -2361,6 +2370,7 @@ static int test_kdf_sshkdf(void)
EVP_KDF_CTX_free(kctx);
return ret;
}
+#endif /* OPENSSL_NO_SSHKDF */
static int test_kdfs_same(EVP_KDF *kdf1, EVP_KDF *kdf2)
{
@@ -2413,7 +2423,7 @@ static int test_kdf_get_kdf(void)
return ok;
}
-#if !defined(OPENSSL_NO_CMS) && !defined(OPENSSL_NO_DES)
+#if !defined(OPENSSL_NO_CMS) && !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_X942KDF)
static int test_kdf_x942_asn1(void)
{
int ret;
@@ -2449,6 +2459,7 @@ static int test_kdf_x942_asn1(void)
}
#endif /* OPENSSL_NO_CMS */
+#ifndef OPENSSL_NO_KRB5KDF
static int test_kdf_krb5kdf(void)
{
int ret;
@@ -2482,7 +2493,9 @@ static int test_kdf_krb5kdf(void)
EVP_KDF_CTX_free(kctx);
return ret;
}
+#endif /* OPENSSL_NO_KRB5KDF */
+#ifndef OPENSSL_NO_HMAC_DRBG_KDF
static int test_kdf_hmac_drbg_settables(void)
{
int ret = 0, i = 0, j = 0;
@@ -2592,7 +2605,9 @@ err:
EVP_KDF_CTX_free(kctx);
return ret;
}
+#endif /* OPENSSL_NO_HMAC_DRBG_KDF */
+#ifndef OPENSSL_NO_KBKDF
/* Test that changing the KBKDF algorithm from KMAC to HMAC works correctly */
static int test_kbkdf_mac_change(void)
{
@@ -2650,12 +2665,14 @@ err:
EVP_KDF_CTX_free(kctx);
return ret;
}
+#endif /* OPENSSL_NO_KBKDF */
int setup_tests(void)
{
ADD_TEST(test_kdf_pbkdf1);
ADD_TEST(test_kdf_pbkdf1_skey);
ADD_TEST(test_kdf_pbkdf1_key_too_long);
+#ifndef OPENSSL_NO_KBKDF
#if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_CAMELLIA)
ADD_TEST(test_kdf_kbkdf_6803_128);
ADD_TEST(test_kdf_kbkdf_6803_256);
@@ -2673,6 +2690,7 @@ int setup_tests(void)
#endif
if (fips_provider_version_ge(NULL, 3, 1, 0))
ADD_TEST(test_kdf_kbkdf_kmac);
+#endif /* OPENSSL_NO_KBKDF */
ADD_TEST(test_kdf_get_kdf);
ADD_TEST(test_kdf_tls1_prf);
ADD_TEST(test_kdf_tls1_prf_set_skey);
@@ -2709,17 +2727,29 @@ int setup_tests(void)
#ifndef OPENSSL_NO_SCRYPT
ADD_TEST(test_kdf_scrypt);
#endif
+#ifndef OPENSSL_NO_SSKDF
ADD_TEST(test_kdf_ss_hash);
ADD_TEST(test_kdf_ss_hmac);
ADD_TEST(test_kdf_ss_kmac);
+#endif
+#ifndef OPENSSL_NO_SSHKDF
ADD_TEST(test_kdf_sshkdf);
+#endif
+#ifndef OPENSSL_NO_X963KDF
ADD_TEST(test_kdf_x963);
-#if !defined(OPENSSL_NO_CMS) && !defined(OPENSSL_NO_DES)
+#endif
+#if !defined(OPENSSL_NO_CMS) && !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_X942KDF)
ADD_TEST(test_kdf_x942_asn1);
#endif
+#ifndef OPENSSL_NO_KRB5KDF
ADD_TEST(test_kdf_krb5kdf);
+#endif
+#ifndef OPENSSL_NO_HMAC_DRBG_KDF
ADD_TEST(test_kdf_hmac_drbg_settables);
ADD_TEST(test_kdf_hmac_drbg_gettables);
+#endif
+#ifndef OPENSSL_NO_KBKDF
ADD_TEST(test_kbkdf_mac_change);
+#endif
return 1;
}
diff --git a/test/recipes/15-test_rsa.t b/test/recipes/15-test_rsa.t
index e0ac15772a..c9be7128c8 100644
--- a/test/recipes/15-test_rsa.t
+++ b/test/recipes/15-test_rsa.t
@@ -65,7 +65,7 @@ sub run_rsa_tests {
SKIP: {
skip "Skipping PVK conversion test", 1
if disabled($cmd) || $cmd eq 'pkey' || disabled("rc4")
- || disabled ("legacy");
+ || disabled ("legacy") || disabled("pvkkdf");
subtest "$cmd conversions -- private key" => sub {
tconversion( -type => 'pvk', -prefix => "$cmd-pvk",
diff --git a/test/recipes/20-test_dgst.t b/test/recipes/20-test_dgst.t
index 250821c9a7..02ec526c14 100644
--- a/test/recipes/20-test_dgst.t
+++ b/test/recipes/20-test_dgst.t
@@ -372,6 +372,9 @@ SKIP: {
"Generating signature with xoflen should fail");
};
+ skip "HMAC-DRBG-KDF is not supported by this OpenSSL build", 1
+ if disabled("hmac-drbg-kdf");
+
subtest "signing using the nonce-type sigopt" => sub {
plan tests => 1;
my $data_to_sign = srctop_file('test', 'data.bin');
diff --git a/test/recipes/20-test_kdf.t b/test/recipes/20-test_kdf.t
index 00f9eeac95..ed0429bb82 100755
--- a/test/recipes/20-test_kdf.t
+++ b/test/recipes/20-test_kdf.t
@@ -31,18 +31,6 @@ my @kdf_tests = (
{ cmd => [qw{openssl kdf -keylen 25 -digest SHA256 -kdfopt pass:passwordPASSWORDpassword -kdfopt salt:saltSALTsaltSALTsaltSALTsaltSALTsalt -kdfopt iter:4096 PBKDF2}],
expected => '34:8C:89:DB:CB:D3:2B:2F:32:D8:14:B8:11:6E:84:CF:2B:17:34:7E:BC:18:00:18:1C',
desc => 'PBKDF2 SHA256'},
- { cmd => [qw{openssl kdf -keylen 64 -mac KMAC128 -kdfopt maclen:20 -kdfopt hexkey:b74a149a161546f8c20b06ac4ed4 -kdfopt hexinfo:348a37a27ef1282f5f020dcc -kdfopt hexsalt:3638271ccd68a25dc24ecddd39ef3f89 SSKDF}],
- expected => 'e9:c1:84:53:a0:62:b5:3b:db:fc:bb:5a:34:bd:b8:e5:e7:07:ee:bb:5d:d1:34:42:43:d8:cf:c2:c2:e6:33:2f:91:bd:a5:86:f3:7d:e4:8a:65:d4:c5:14:fd:ef:aa:1e:67:54:f3:73:d2:38:e1:95:ae:15:7e:1d:e8:14:98:03',
- desc => 'SSKDF KMAC128'},
- { cmd => [qw{openssl kdf -keylen 16 -mac HMAC -digest SHA256 -kdfopt hexkey:b74a149a161546f8c20b06ac4ed4 -kdfopt hexinfo:348a37a27ef1282f5f020dcc -kdfopt hexsalt:3638271ccd68a25dc24ecddd39ef3f89 SSKDF}],
- expected => '44:f6:76:e8:5c:1b:1a:8b:bc:3d:31:92:18:63:1c:a3',
- desc => 'SSKDF HMAC SHA256'},
- { cmd => [qw{openssl kdf -keylen 14 -digest SHA224 -kdfopt hexkey:6dbdc23f045488e4062757b06b9ebae183fc5a5946d80db93fec6f62ec07e3727f0126aed12ce4b262f47d48d54287f81d474c7c3b1850e9 -kdfopt hexinfo:a1b2c3d4e54341565369643c832e9849dcdba71e9a3139e606e095de3c264a66e98a165854cd07989b1ee0ec3f8dbe SSKDF}],
- expected => 'a4:62:de:16:a8:9d:e8:46:6e:f5:46:0b:47:b8',
- desc => 'SSKDF HASH SHA224'},
- { cmd => [qw{openssl kdf -keylen 16 -digest SHA256 -kdfopt hexkey:0102030405 -kdfopt hexxcghash:06090A -kdfopt hexsession_id:01020304 -kdfopt type:A SSHKDF}],
- expected => '5C:49:94:47:3B:B1:53:3A:58:EB:19:42:04:D3:78:16',
- desc => 'SSHKDF SHA256'},
# Using the -kdfopt digest: option instead of -digest
{ cmd => [qw{openssl kdf -keylen 16 -kdfopt digest:SHA256 -kdfopt secret:secret -kdfopt seed:seed TLS1-PRF}],
@@ -57,7 +45,19 @@ my @kdf_tests = (
{ cmd => [qw{openssl kdf -keylen 25 -kdfopt digest:SHA256 -kdfopt pass:passwordPASSWORDpassword -kdfopt salt:saltSALTsaltSALTsaltSALTsaltSALTsalt -kdfopt iter:4096 PBKDF2}],
expected => '34:8C:89:DB:CB:D3:2B:2F:32:D8:14:B8:11:6E:84:CF:2B:17:34:7E:BC:18:00:18:1C',
desc => 'PBKDF2 SHA256'},
- { cmd => [qw{openssl kdf -keylen 64 -mac KMAC128 -kdfopt maclen:20 -kdfopt hexkey:b74a149a161546f8c20b06ac4ed4 -kdfopt hexinfo:348a37a27ef1282f5f020dcc -kdfopt hexsalt:3638271ccd68a25dc24ecddd39ef3f89 SSKDF}],
+);
+
+my @sshkdf_tests = (
+ { cmd => [qw{openssl kdf -keylen 16 -digest SHA256 -kdfopt hexkey:0102030405 -kdfopt hexxcghash:06090A -kdfopt hexsession_id:01020304 -kdfopt type:A SSHKDF}],
+ expected => '5C:49:94:47:3B:B1:53:3A:58:EB:19:42:04:D3:78:16',
+ desc => 'SSHKDF SHA256'},
+ { cmd => [qw{openssl kdf -keylen 16 -kdfopt digest:SHA256 -kdfopt hexkey:0102030405 -kdfopt hexxcghash:06090A -kdfopt hexsession_id:01020304 -kdfopt type:A SSHKDF}],
+ expected => '5C:49:94:47:3B:B1:53:3A:58:EB:19:42:04:D3:78:16',
+ desc => 'SSHKDF SHA256'},
+);
+
+my @sskdf_tests = (
+ { cmd => [qw{openssl kdf -keylen 64 -mac KMAC128 -kdfopt maclen:20 -kdfopt hexkey:b74a149a161546f8c20b06ac4ed4 -kdfopt hexinfo:348a37a27ef1282f5f020dcc -kdfopt hexsalt:3638271ccd68a25dc24ecddd39ef3f89 SSKDF}],
expected => 'e9:c1:84:53:a0:62:b5:3b:db:fc:bb:5a:34:bd:b8:e5:e7:07:ee:bb:5d:d1:34:42:43:d8:cf:c2:c2:e6:33:2f:91:bd:a5:86:f3:7d:e4:8a:65:d4:c5:14:fd:ef:aa:1e:67:54:f3:73:d2:38:e1:95:ae:15:7e:1d:e8:14:98:03',
desc => 'SSKDF KMAC128'},
{ cmd => [qw{openssl kdf -keylen 16 -mac HMAC -kdfopt digest:SHA256 -kdfopt hexkey:b74a149a161546f8c20b06ac4ed4 -kdfopt hexinfo:348a37a27ef1282f5f020dcc -kdfopt hexsalt:3638271ccd68a25dc24ecddd39ef3f89 SSKDF}],
@@ -66,10 +66,6 @@ my @kdf_tests = (
{ cmd => [qw{openssl kdf -keylen 14 -kdfopt digest:SHA224 -kdfopt hexkey:6dbdc23f045488e4062757b06b9ebae183fc5a5946d80db93fec6f62ec07e3727f0126aed12ce4b262f47d48d54287f81d474c7c3b1850e9 -kdfopt hexinfo:a1b2c3d4e54341565369643c832e9849dcdba71e9a3139e606e095de3c264a66e98a165854cd07989b1ee0ec3f8dbe SSKDF}],
expected => 'a4:62:de:16:a8:9d:e8:46:6e:f5:46:0b:47:b8',
desc => 'SSKDF HASH SHA224'},
- { cmd => [qw{openssl kdf -keylen 16 -kdfopt digest:SHA256 -kdfopt hexkey:0102030405 -kdfopt hexxcghash:06090A -kdfopt hexsession_id:01020304 -kdfopt type:A SSHKDF}],
- expected => '5C:49:94:47:3B:B1:53:3A:58:EB:19:42:04:D3:78:16',
- desc => 'SSHKDF SHA256'},
-
# Additionally using -kdfopt mac: instead of -mac
{ cmd => [qw{openssl kdf -keylen 64 -kdfopt mac:KMAC128 -kdfopt maclen:20 -kdfopt hexkey:b74a149a161546f8c20b06ac4ed4 -kdfopt hexinfo:348a37a27ef1282f5f020dcc -kdfopt hexsalt:3638271ccd68a25dc24ecddd39ef3f89 SSKDF}],
expected => 'e9:c1:84:53:a0:62:b5:3b:db:fc:bb:5a:34:bd:b8:e5:e7:07:ee:bb:5d:d1:34:42:43:d8:cf:c2:c2:e6:33:2f:91:bd:a5:86:f3:7d:e4:8a:65:d4:c5:14:fd:ef:aa:1e:67:54:f3:73:d2:38:e1:95:ae:15:7e:1d:e8:14:98:03',
@@ -86,6 +82,8 @@ my @scrypt_tests = (
);
push @kdf_tests, @scrypt_tests unless disabled("scrypt");
+push @kdf_tests, @sshkdf_tests unless disabled("sshkdf");
+push @kdf_tests, @sskdf_tests unless disabled("sskdf");
plan tests => scalar @kdf_tests;
diff --git a/test/recipes/20-test_pkeyutl.t b/test/recipes/20-test_pkeyutl.t
index 31e46c6d99..9ea92bbb83 100644
--- a/test/recipes/20-test_pkeyutl.t
+++ b/test/recipes/20-test_pkeyutl.t
@@ -23,7 +23,7 @@ plan tests => 27;
SKIP: {
skip "Skipping tests that require EC, SM2 or SM3", 4
- if disabled("ec") || disabled("sm2") || disabled("sm3");
+ if disabled("ec") || disabled("sm2") || disabled("sm3") || disabled("x963kdf");
# SM2
ok_nofips(run(app(([ 'openssl', 'pkeyutl', '-sign',
diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t
index 98af32086d..c6bb748c4f 100644
--- a/test/recipes/30-test_evp.t
+++ b/test/recipes/30-test_evp.t
@@ -29,12 +29,20 @@ my $no_dsa = disabled("dsa");
my $no_ec = disabled("ec");
my $no_ecx = disabled("ecx");
my $no_ec2m = disabled("ec2m");
-my $no_sm2 = disabled("sm2");
+my $no_sm2 = disabled("sm2") || disabled("x963kdf");
my $no_siv = disabled("siv");
my $no_argon2 = disabled("argon2");
my $no_ml_dsa = disabled("ml-dsa");
my $no_ml_kem = disabled("ml-kem");
my $no_lms = disabled("lms");
+my $no_sskdf = disabled("sskdf");
+my $no_x942kdf = disabled("x942kdf");
+my $no_x963kdf = disabled("x963kdf");
+my $no_determinstic_nonce = disabled("hmac-drbg-kdf");
+my $no_kbkdf = disabled("kbkdf");
+my $no_krb5kdf = disabled("krb5kdf");
+my $no_snmpkdf = disabled("snmpkdf");
+my $no_sshkdf = disabled("sshkdf");
# Default config depends on if the legacy module is built or not
my $defaultcnf = $no_legacy ? 'default.cnf' : 'default-and-legacy.cnf';
@@ -52,17 +60,10 @@ my @files = qw(
evpciph_aes_stitched.txt
evpciph_des3_common.txt
evpkdf_hkdf.txt
- evpkdf_kbkdf_counter.txt
- evpkdf_kbkdf_kmac.txt
evpkdf_pbkdf1.txt
evpkdf_pbkdf2.txt
- evpkdf_snmp.txt
- evpkdf_ss.txt
- evpkdf_ssh.txt
evpkdf_tls12_prf.txt
evpkdf_tls13_kdf.txt
- evpkdf_x942.txt
- evpkdf_x963.txt
evpmac_common.txt
evpmd_sha.txt
evppbe_pbkdf2.txt
@@ -73,14 +74,22 @@ my @files = qw(
evppkey_rsa_sigalg.txt
evprand.txt
);
+push @files, qw(evpkdf_ssh.txt) unless $no_sshkdf;
+push @files, qw(evpkdf_snmp.txt) unless $no_snmpkdf;
+push @files, qw(
+ evpkdf_kbkdf_counter.txt
+ evpkdf_kbkdf_kmac.txt
+ ) unless $no_kbkdf;
+push @files, qw(evpkdf_ss.txt) unless $no_sskdf;
+push @files, qw(evpkdf_x942.txt) unless $no_x942kdf;
+push @files, qw(evpkdf_x963.txt) unless $no_x963kdf;
push @files, qw(
evppkey_ffdhe.txt
evppkey_dh.txt
) unless $no_dh;
-push @files, qw(
- evpkdf_x942_des.txt
- evpmac_cmac_des.txt
- ) unless $no_des;
+push @files, qw(evppkey_ffdhe_x942kdf.txt) unless ($no_x942kdf || $no_dh);
+push @files, qw(evpmac_cmac_des.txt) unless $no_des;
+push @files, qw(evpkdf_x942_des.txt) unless ($no_des || $no_x942kdf);
push @files, qw(
evppkey_slh_dsa_siggen.txt
evppkey_slh_dsa_sigver.txt
@@ -131,7 +140,7 @@ push @files, qw(
) unless $no_lms;
push @files, qw(
evppkey_ecdsa_rfc6979.txt
- ) unless $no_ec;
+ ) unless ($no_ec || $no_determinstic_nonce);
# A list of tests that only run with the default provider
# (i.e. The algorithms are not present in the fips provider)
@@ -152,10 +161,8 @@ my @defltfiles = qw(
evpciph_seed.txt
evpciph_sm4.txt
evpencod.txt
- evpkdf_krb5.txt
evpkdf_scrypt.txt
evpkdf_tls11_prf.txt
- evpkdf_hmac_drbg.txt
evpmac_blake.txt
evpmac_poly1305.txt
evpmac_siphash.txt
@@ -171,13 +178,15 @@ my @defltfiles = qw(
evppkey_kdf_scrypt.txt
evppkey_kdf_tls1_prf.txt
);
+push @defltfiles, qw(evpkdf_krb5.txt) unless $no_krb5kdf;
push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec;
push @defltfiles, qw(evppkey_ecx_kem.txt) unless $no_ecx;
-push @defltfiles, qw(evppkey_dsa_rfc6979.txt) unless $no_dsa;
+push @defltfiles, qw(evppkey_dsa_rfc6979.txt) unless ($no_dsa || $no_determinstic_nonce);
push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2;
push @defltfiles, qw(evpciph_aes_gcm_siv.txt) unless $no_siv;
push @defltfiles, qw(evpciph_aes_siv.txt) unless $no_siv;
push @defltfiles, qw(evpkdf_argon2.txt) unless $no_argon2;
+push @defltfiles, qw(evpkdf_hmac_drbg.txt) unless $no_determinstic_nonce;
plan tests =>
+ (scalar(@configs) * scalar(@files))
diff --git a/test/recipes/30-test_evp_data/evppkey_ffdhe.txt b/test/recipes/30-test_evp_data/evppkey_ffdhe.txt
index dd4dac63b6..554aba93b8 100644
--- a/test/recipes/30-test_evp_data/evppkey_ffdhe.txt
+++ b/test/recipes/30-test_evp_data/evppkey_ffdhe.txt
@@ -93,29 +93,6 @@ PeerKey=ffdhe2048-2-pub
Ctrl = dh_pad:1
SharedSecret=00006620DD85B56EE8540C8040CAC46B7385344A164E4DBDF521F7D99F88FA68EDD295A45E36E0BBD5FF5DE84598824E2CA52ED82ACA918CAECC6B22846D0FC6F0203E8B6963964D11E9E704F83AF1D60E9B1931139E9E9967C4665A831A75D99359A8BA80DD5921E74379AF4CA8DB453EDBC5E669AB17A5254CA6C96794CD5196BE90AF37742C8F6812515FFCC45B08F4158EFF9559F1AEF3665B3D91519DCBC6DF22CD6DA521B86613558602E73D2CA4666972F7D2CB6B46299B1DF2DA29A2A2D99D105E10CB553D6738A9B1DB2A0314C3CF30642D5C44695623D8B95C4426BEA830FB51816B4F086945E9B12A445F42DD68610E3F378A6E69A383D13D85BF
-# The following two testcases check that the padding is implicitly enabled
-# with X942KDF-ASN1 KDF.
-# The plain shared secret for these keys needs padding as seen above.
-Derive=ffdhe2048-1
-PeerKey=ffdhe2048-2-pub
-Ctrl = kdf-type:X942KDF-ASN1
-Ctrl = kdf-outlen:32
-Ctrl = kdf-digest:SHA-256
-Ctrl = cekalg:AES-128-WRAP
-Ctrl = dh_pad:1
-SharedSecret=89A249DF4EE9033B89C2B4E52072A736D94F51143A1ED5C8F1E91FCBEBE09654
-
-# FIPS(3.0.0): allows the padding to be set, later versions do not #17859
-FIPSversion = >3.0.0
-Derive=ffdhe2048-2
-PeerKey=ffdhe2048-1-pub
-Ctrl = kdf-type:X942KDF-ASN1
-Ctrl = kdf-outlen:32
-Ctrl = kdf-digest:SHA-256
-Ctrl = cekalg:AES-128-WRAP
-Ctrl = dh_pad:0
-SharedSecret=89A249DF4EE9033B89C2B4E52072A736D94F51143A1ED5C8F1E91FCBEBE09654
-
PrivateKey=ffdhe3072-1
-----BEGIN PRIVATE KEY-----
MIIByQIBADCCAZsGCSqGSIb3DQEDATCCAYwCggGBAP//////////rfhUWKK7Spqv
diff --git a/test/recipes/30-test_evp_data/evppkey_ffdhe_x942kdf.txt b/test/recipes/30-test_evp_data/evppkey_ffdhe_x942kdf.txt
new file mode 100644
index 0000000000..894421111a
--- /dev/null
+++ b/test/recipes/30-test_evp_data/evppkey_ffdhe_x942kdf.txt
@@ -0,0 +1,97 @@
+#
+# Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# Tests start with one of these keywords
+# Cipher Decrypt Derive Digest Encoding KDF MAC PBE
+# PrivPubKeyPair Sign Verify VerifyRecover
+# and continue until a blank line. Lines starting with a pound sign are ignored.
+
+
+# ffdhe2048-1 and ffdhe2048-2 were randomly generated and have a shared secret
+# less than 256 bytes in length (to test padding) other keys have no special
+# properties
+PrivateKey=ffdhe2048-1
+-----BEGIN PRIVATE KEY-----
+MIIBQwIBADCCARsGCSqGSIb3DQEDATCCAQwCggEBAP//////////rfhUWKK7Spqv
+3FYgJz088di5xYPOLTaVqeE2QRRkM/vMk53OJJs++X0v42NjDHXY9oGyAq7EYXrT
+3x7V1f1lYSQz9R9fBm7QhWNlVT3tGvO1VxNef1fJNZhPDHDg5ot34qaJ2vPv6HId
+8VihNq3nNTCsyk9IOnl6vAqxgrMk+2HRCKlLssjj+7lq2rdg1/RoHU9Co945TfSu
+Vu3nY3K7GQsHp8juCm1wngL84c334uzANATNKDQvYZFy/pzphYP/jk8SMu7ygYPD
+/jsbTG+tczu1/LwuwiAFxY7xg30Wg7LG80omwbLv+ohrQjhhKFyX//////////8C
+AQICAgDhBB8CHQGUa5iGUF9rGvDjv9PDFGIvtS9OIqbbi8rqm4b6
+-----END PRIVATE KEY-----
+
+PrivateKey=ffdhe2048-2
+-----BEGIN PRIVATE KEY-----
+MIIBQwIBADCCARsGCSqGSIb3DQEDATCCAQwCggEBAP//////////rfhUWKK7Spqv
+3FYgJz088di5xYPOLTaVqeE2QRRkM/vMk53OJJs++X0v42NjDHXY9oGyAq7EYXrT
+3x7V1f1lYSQz9R9fBm7QhWNlVT3tGvO1VxNef1fJNZhPDHDg5ot34qaJ2vPv6HId
+8VihNq3nNTCsyk9IOnl6vAqxgrMk+2HRCKlLssjj+7lq2rdg1/RoHU9Co945TfSu
+Vu3nY3K7GQsHp8juCm1wngL84c334uzANATNKDQvYZFy/pzphYP/jk8SMu7ygYPD
+/jsbTG+tczu1/LwuwiAFxY7xg30Wg7LG80omwbLv+ohrQjhhKFyX//////////8C
+AQICAgDhBB8CHQEYNZIth+/EaIgKK2gcxFutVjUTWYCaReyTKMvP
+-----END PRIVATE KEY-----
+
+PublicKey=ffdhe2048-1-pub
+-----BEGIN PUBLIC KEY-----
+MIICKTCCARsGCSqGSIb3DQEDATCCAQwCggEBAP//////////rfhUWKK7Spqv3FYg
+Jz088di5xYPOLTaVqeE2QRRkM/vMk53OJJs++X0v42NjDHXY9oGyAq7EYXrT3x7V
+1f1lYSQz9R9fBm7QhWNlVT3tGvO1VxNef1fJNZhPDHDg5ot34qaJ2vPv6HId8Vih
+Nq3nNTCsyk9IOnl6vAqxgrMk+2HRCKlLssjj+7lq2rdg1/RoHU9Co945TfSuVu3n
+Y3K7GQsHp8juCm1wngL84c334uzANATNKDQvYZFy/pzphYP/jk8SMu7ygYPD/jsb
+TG+tczu1/LwuwiAFxY7xg30Wg7LG80omwbLv+ohrQjhhKFyX//////////8CAQIC
+AgDhA4IBBgACggEBAOYRygvHGUKaIXLfUatc2YkYcm9Ew65H0hwpiDXG6XHAYAjJ
+bjKNJxdFRjjeCwtJEAGlyUtjSHrka6dHDfzkQfDK6u13Z+3Xmh+nCMZwPOHDNR3I
+Ep5vy3quU7suD3ADDrjwX3sVfsXensgh+JpexbrR+leHATf8aX1g8jQofFdi1Wn7
+CbE6VciU4b32L8HPwO1ePpJGib70Em45VurmUfCwNXgEUnu1N6LYRAjH9vnjB529
+C3BSp58rJnA2aslacC0CFY6YVCQfLTdN7y+F5QlGrdGd6wQmf3FXPLf9iYSiuLrm
+jW/WDFmPnwAn5A7TEgiNeNu8pwsSKPgZqdW+lyw=
+-----END PUBLIC KEY-----
+
+PublicKey=ffdhe2048-2-pub
+-----BEGIN PUBLIC KEY-----
+MIICKTCCARsGCSqGSIb3DQEDATCCAQwCggEBAP//////////rfhUWKK7Spqv3FYg
+Jz088di5xYPOLTaVqeE2QRRkM/vMk53OJJs++X0v42NjDHXY9oGyAq7EYXrT3x7V
+1f1lYSQz9R9fBm7QhWNlVT3tGvO1VxNef1fJNZhPDHDg5ot34qaJ2vPv6HId8Vih
+Nq3nNTCsyk9IOnl6vAqxgrMk+2HRCKlLssjj+7lq2rdg1/RoHU9Co945TfSuVu3n
+Y3K7GQsHp8juCm1wngL84c334uzANATNKDQvYZFy/pzphYP/jk8SMu7ygYPD/jsb
+TG+tczu1/LwuwiAFxY7xg30Wg7LG80omwbLv+ohrQjhhKFyX//////////8CAQIC
+AgDhA4IBBgACggEBAN5LAdrzTwa7nT7855NJQLNum5Yr1O8XZupjvwtVIrJgORvh
+L8VMKJoerEwOZ38snTsh9tuKnAWrmdIyFhnOjaHm40GlvInQGff5Lwb1itf7ib3U
+ELPOO29PajwY1RocWKX7Wfdj8n6Kd9gHhdoO5v8MyZMCkUU6Rz6y1VzaVwykdsqA
+kbMdZfK8Dkpd5PBZ8SJpJF02IEzvh5OYfjcbMN2K0lDO5ZvoMYQku7yXr6PfJebC
+CpoVOaoqH19n3g8Xni8IFi7znI83UqxKuYhyYCuMwtE+HS+9WkmkQ1coo512Gw2f
+TcY3pf9gGZ41xLFxCOdrUbR3QlieI+zl+TttLzM=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair=ffdhe2048-1:ffdhe2048-1-pub
+
+PrivPubKeyPair=ffdhe2048-2:ffdhe2048-2-pub
+
+# The following two testcases check that the padding is implicitly enabled
+# with X942KDF-ASN1 KDF.
+# The plain shared secret for these keys needs padding as seen above.
+Derive=ffdhe2048-1
+PeerKey=ffdhe2048-2-pub
+Ctrl = kdf-type:X942KDF-ASN1
+Ctrl = kdf-outlen:32
+Ctrl = kdf-digest:SHA-256
+Ctrl = cekalg:AES-128-WRAP
+Ctrl = dh_pad:1
+SharedSecret=89A249DF4EE9033B89C2B4E52072A736D94F51143A1ED5C8F1E91FCBEBE09654
+
+# FIPS(3.0.0): allows the padding to be set, later versions do not #17859
+FIPSversion = >3.0.0
+Derive=ffdhe2048-2
+PeerKey=ffdhe2048-1-pub
+Ctrl = kdf-type:X942KDF-ASN1
+Ctrl = kdf-outlen:32
+Ctrl = kdf-digest:SHA-256
+Ctrl = cekalg:AES-128-WRAP
+Ctrl = dh_pad:0
+SharedSecret=89A249DF4EE9033B89C2B4E52072A736D94F51143A1ED5C8F1E91FCBEBE09654
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
index 8a5cfac69c..b146725c49 100644
--- a/test/recipes/80-test_cms.t
+++ b/test/recipes/80-test_cms.t
@@ -44,6 +44,8 @@ my $provname = 'default';
my $dsaallow = '1';
my $no_pqc = 0;
my $no_hkdf_fixed = 0;
+my $no_x963kdf = disabled("x963kdf");
+my $no_x942kdf = disabled("x942kdf");
my $datadir = srctop_dir("test", "recipes", "80-test_cms_data");
my $smdir = srctop_dir("test", "smime-certs");
@@ -694,7 +696,7 @@ my @smime_cms_param_tests = (
]
);
-if ($no_fips || $old_fips) {
+if (!$no_x942kdf && ($no_fips || $old_fips)) {
# Only SHA1 supported in dh_cms_encrypt()
push(@smime_cms_param_tests,
@@ -1005,7 +1007,7 @@ subtest "CMS Decrypt message encrypted with OpenSSL 1.1.1\n" => sub {
SKIP: {
skip "EC or DES isn't supported in this build", 1
- if disabled("ec") || disabled("des");
+ if disabled("ec") || disabled("des") || disabled("x963kdf");
my $out = "smtst.txt";
@@ -1283,8 +1285,8 @@ with({ exit_checker => sub { return shift == 4; } },
sub check_availability {
my $tnam = shift;
- return "$tnam: skipped, EC disabled\n"
- if ($no_ec && $tnam =~ /ECDH/);
+ return "$tnam: skipped, X963KDF disabled\n"
+ if ($no_x963kdf && $tnam =~ /ECDH/);
return "$tnam: skipped, ECDH disabled\n"
if ($no_ec && $tnam =~ /ECDH/);
return "$tnam: skipped, EC2M disabled\n"
diff --git a/test/recipes/90-test_store.t b/test/recipes/90-test_store.t
index bc22fdaad7..a41c898839 100644
--- a/test/recipes/90-test_store.t
+++ b/test/recipes/90-test_store.t
@@ -36,7 +36,7 @@ my @data_files =
( "testrsa.msb" );
push(@data_files,
( "testrsa.pvk" ))
- unless disabled("legacy") || disabled("rc4");
+ unless disabled("legacy") || disabled("rc4") || disabled("pvkkdf");
my @src_rsa_files =
( "test/testrsa.pem",
"test/testrsapub.pem" );
diff --git a/test/sm2_internal_test.c b/test/sm2_internal_test.c
index c0dbb66b71..684e3ac269 100644
--- a/test/sm2_internal_test.c
+++ b/test/sm2_internal_test.c
@@ -130,6 +130,7 @@ done:
return group;
}
+#ifndef OPENSSL_NO_X963KDF
static int test_sm2_crypt(const EC_GROUP *group,
const EVP_MD *digest,
const char *privkey_hex,
@@ -294,6 +295,7 @@ done:
return testresult;
}
+#endif /* OPENSSL_NO_X963KDF */
static int test_sm2_sign(const EC_GROUP *group,
const char *userid,
@@ -463,7 +465,9 @@ int setup_tests(void)
if (fake_rand == NULL)
return 0;
+#ifndef OPENSSL_NO_X963KDF
ADD_TEST(sm2_crypt_test);
+#endif
ADD_TEST(sm2_sig_test);
#endif
return 1;