diff options
Diffstat (limited to 'providers/fips/fipsprov.c')
| -rw-r--r-- | providers/fips/fipsprov.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 000bf73672..59cd4080f4 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -15,6 +15,7 @@ #include <openssl/params.h> #include <openssl/err.h> #include <openssl/evp.h> +#include <openssl/kdf.h> /* TODO(3.0): Needed for dummy_evp_call(). To be removed */ #include <openssl/sha.h> @@ -121,6 +122,7 @@ static int dummy_evp_call(void *provctx) OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx); EVP_MD_CTX *ctx = EVP_MD_CTX_new(); EVP_MD *sha256 = EVP_MD_fetch(libctx, "SHA256", NULL); + EVP_KDF *kdf = EVP_KDF_fetch(libctx, "pbkdf2", NULL); char msg[] = "Hello World!"; const unsigned char exptd[] = { 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, @@ -138,7 +140,7 @@ static int dummy_evp_call(void *provctx) EC_KEY *key = NULL; #endif - if (ctx == NULL || sha256 == NULL || drbg == NULL) + if (ctx == NULL || sha256 == NULL || drbg == NULL || kdf == NULL) goto err; if (!EVP_DigestInit_ex(ctx, sha256, NULL)) @@ -185,6 +187,7 @@ static int dummy_evp_call(void *provctx) BN_CTX_end(bnctx); BN_CTX_free(bnctx); + EVP_KDF_free(kdf); EVP_MD_CTX_free(ctx); EVP_MD_free(sha256); @@ -342,6 +345,14 @@ static const OSSL_ALGORITHM fips_macs[] = { { NULL, NULL, NULL } }; +static const OSSL_ALGORITHM fips_kdfs[] = { + { "HKDF", "fips=yes", kdf_hkdf_functions }, + { "SSKDF", "fips=yes", kdf_sskdf_functions }, + { "PBKDF2", "fips=yes", kdf_pbkdf2_functions }, + { "TLS1-PRF", "fips=yes", kdf_tls1_prf_functions }, + { NULL, NULL, NULL } +}; + static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov, int operation_id, int *no_cache) @@ -354,6 +365,8 @@ static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov, return fips_ciphers; case OSSL_OP_MAC: return fips_macs; + case OSSL_OP_KDF: + return fips_kdfs; } return NULL; } |