#include <openssl/params.h>
#include <openssl/err.h>
#include <openssl/evp.h>
+#include <openssl/kdf.h>
/* TODO(3.0): Needed for dummy_evp_call(). To be removed */
#include <openssl/sha.h>
OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
EVP_MD *sha256 = EVP_MD_fetch(libctx, "SHA256", NULL);
+ EVP_KDF *kdf = EVP_KDF_fetch(libctx, "pbkdf2", NULL);
char msg[] = "Hello World!";
const unsigned char exptd[] = {
0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
EC_KEY *key = NULL;
#endif
- if (ctx == NULL || sha256 == NULL || drbg == NULL)
+ if (ctx == NULL || sha256 == NULL || drbg == NULL || kdf == NULL)
goto err;
if (!EVP_DigestInit_ex(ctx, sha256, NULL))
BN_CTX_end(bnctx);
BN_CTX_free(bnctx);
+ EVP_KDF_free(kdf);
EVP_MD_CTX_free(ctx);
EVP_MD_free(sha256);
{ NULL, NULL, NULL }
};
+static const OSSL_ALGORITHM fips_kdfs[] = {
+ { "HKDF", "fips=yes", kdf_hkdf_functions },
+ { "SSKDF", "fips=yes", kdf_sskdf_functions },
+ { "PBKDF2", "fips=yes", kdf_pbkdf2_functions },
+ { "TLS1-PRF", "fips=yes", kdf_tls1_prf_functions },
+ { NULL, NULL, NULL }
+};
+
static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov,
int operation_id,
int *no_cache)
return fips_ciphers;
case OSSL_OP_MAC:
return fips_macs;
+ case OSSL_OP_KDF:
+ return fips_kdfs;
}
return NULL;
}