diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2020-11-16 03:42:18 +0100 |
---|---|---|
committer | Shane Lontis <shane.lontis@oracle.com> | 2020-12-02 03:15:05 +0100 |
commit | 89cccbea51fa52a1e4784a9ece35d96e4dcbfd30 (patch) | |
tree | 89cb59183ed18f1e5dd5cb86fed810b04cce466e /providers/fips | |
parent | Fix s390 EDDSA HW support in providers. (diff) | |
download | openssl-89cccbea51fa52a1e4784a9ece35d96e4dcbfd30.tar.xz openssl-89cccbea51fa52a1e4784a9ece35d96e4dcbfd30.zip |
Add EVP_KDF-X942 to the fips module
The X942 KDF had been modified so that it supports all optional fields - not
just the fields used by CMS.
As there are 2 types of KDF for X942 - this has been made a bit clearer
by adding an X942KDF-ASN1 alias. X942KDF-CONCAT has also been added as an
alias of X963KDF.
This work was instigated as a result of the ACVP tests optionally being
able to use keybits for the supp_pubinfo field.
Setting the parameter OSSL_KDF_PARAM_X942_USE_KEYBITS to 0 allows this
to be disabled.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13418)
Diffstat (limited to 'providers/fips')
-rw-r--r-- | providers/fips/fipsprov.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index ffb7510054..f59c2c1c91 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -328,7 +328,10 @@ static const OSSL_ALGORITHM fips_kdfs[] = { { "SSKDF", FIPS_DEFAULT_PROPERTIES, ossl_kdf_sskdf_functions }, { "PBKDF2", FIPS_DEFAULT_PROPERTIES, ossl_kdf_pbkdf2_functions }, { "SSHKDF", FIPS_DEFAULT_PROPERTIES, ossl_kdf_sshkdf_functions }, - { "X963KDF", FIPS_DEFAULT_PROPERTIES, ossl_kdf_x963_kdf_functions }, + { "X963KDF:X942KDF-CONCAT", FIPS_DEFAULT_PROPERTIES, + ossl_kdf_x963_kdf_functions }, + { "X942KDF-ASN1:X942KDF", FIPS_DEFAULT_PROPERTIES, + ossl_kdf_x942_kdf_functions }, { "TLS1-PRF", FIPS_DEFAULT_PROPERTIES, ossl_kdf_tls1_prf_functions }, { "KBKDF", FIPS_DEFAULT_PROPERTIES, ossl_kdf_kbkdf_functions }, { NULL, NULL, NULL } |