From: slontis Date: Thu, 8 Jan 2026 04:22:44 +0000 (+1100) Subject: KDF: Add configuration options to disable many of the KDF algorithms. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fe874fcf0d308a683bb7c2948521fbd11d8720a7;p=thirdparty%2Fopenssl.git KDF: Add configuration options to disable many of the KDF algorithms. This includes KDF's for ss,x963,hmac-drbg,KB,KRB5,PVK,SNMP,SSH and X942. SSKDF/X963KDF Changes: Modify code to handle algorithms being disabled via configuration options. Reviewed-by: Tim Hudson Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/29576) --- diff --git a/.github/workflows/run-checker-daily.yml b/.github/workflows/run-checker-daily.yml index 08274ee1312..113e65e9f83 100644 --- a/.github/workflows/run-checker-daily.yml +++ b/.github/workflows/run-checker-daily.yml @@ -69,8 +69,11 @@ jobs: no-gost, enable-h3demo, enable-hqinterop, + no-hmac-drbg-kdf, no-hw, no-idea, + no-kbkdf, + no-krb5kdf, enable-lms, no-makedepend, enable-md2, @@ -84,6 +87,7 @@ jobs: no-poly1305, no-posix-io, no-psk, + no-pvkkdf, no-rc2, enable-rc5, no-rdrand, @@ -99,8 +103,11 @@ jobs: no-sm2-precomp, no-sm3, no-sm4, + no-snmpkdf, no-sock, no-sse2, + no-sshkdf, + no-sskdf, no-ssl, no-ssl-trace, enable-sslkeylog, @@ -119,6 +126,8 @@ jobs: no-uplink, no-weak-ssl-ciphers, no-whirlpool, + no-x942kdf, + no-x963kdf, enable-zlib-dynamic, -DOPENSSL_PEDANTIC_ZEROIZATION, -DOPENSSL_PEDANTIC_ZEROIZATION enable-fips, diff --git a/.gitignore b/.gitignore index c5dcdcdf7c2..b62f232fceb 100644 --- a/.gitignore +++ b/.gitignore @@ -112,6 +112,7 @@ providers/implementations/kdfs/sshkdf.inc providers/implementations/kdfs/sskdf.inc providers/implementations/kdfs/tls1_prf.inc providers/implementations/kdfs/x942kdf.inc +providers/implementations/kdfs/x963kdf.inc providers/implementations/kem/ec_kem.inc providers/implementations/kem/ecx_kem.inc providers/implementations/kem/ml_kem_kem.inc diff --git a/CHANGES.md b/CHANGES.md index dfe4b0d2d38..3d01712f134 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -32,6 +32,11 @@ OpenSSL 4.0 ### Changes between 3.6 and 4.0 [xx XXX xxxx] + * Added configure options to disable KDF algorithms for + hmac-drbg-kdf, kbkdf, krb5kdf, pvkkdf, snmpkdf, sskdf, sshkdf, x942kdf and x963kdf. + + *Shane Lontis* + * Remove support for an SSLv2 Client Hello. When a client wanted to support both SSLv2 and higher versions like SSLv3 or even TLSv1, it needed to send an SSLv2 Client Hello. SSLv2 support itself was removed in version diff --git a/Configure b/Configure index 7682185697a..e5d587f2fc2 100755 --- a/Configure +++ b/Configure @@ -456,6 +456,7 @@ my @disablables = ( "demos", "h3demo", "hqinterop", + "hmac-drbg-kdf", "deprecated", "des", "dgram", @@ -486,6 +487,8 @@ my @disablables = ( "idea", "integrity-only-ciphers", "jitter", + "kbkdf", + "krb5kdf", "ktls", "legacy", "lms", @@ -507,6 +510,7 @@ my @disablables = ( "poly1305", "posix-io", "psk", + "pvkkdf", "quic", "unstable-qlog", "rc2", @@ -527,10 +531,13 @@ my @disablables = ( "sm2-precomp", "sm3", "sm4", + "snmpkdf", "sock", "srp", "srtp", "sse2", + "sshkdf", + "sskdf", "ssl-trace", "stdio", "sslkeylog", @@ -548,6 +555,8 @@ my @disablables = ( "uplink", "weak-ssl-ciphers", "whirlpool", + "x942kdf", + "x963kdf", "zlib", "zlib-dynamic", "zstd", @@ -638,16 +647,18 @@ my @disable_cascades = ( "cmac", "cms", "cmp", "comp", "ct", "des", "dgram", "dh", "dsa", "ec", - "filenames", - "idea", "ktls", "lms", + "filenames", "hmac-drbg-kdf", + "idea", "kbkdf", "krb5kdf", "ktls", "lms", "md4", "ml-dsa", "ml-kem", "multiblock", "nextprotoneg", "ocsp", "ocb", "poly1305", "psk", - "rc2", "rc4", "rmd160", + "pvkkdf", "rc2", "rc4", "rmd160", "scrypt", "seed", "siphash", "siv", - "slh-dsa", "sm3", "sm4", "srp", - "srtp", "ssl-trace", + "slh-dsa", "sm3", "sm4", "snmpkdf", + "srp", "srtp", "sshkdf", "sskdf", + "ssl-trace", "tfo", "ts", "ui-console", "whirlpool", + "x942kdf", "x963kdf", "fips-securitychecks" ], sub { $config{processor} eq "386" } => [ "sse2" ], diff --git a/INSTALL.md b/INSTALL.md index 252bc13e7c5..c911ab90eaf 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -757,14 +757,6 @@ Don't build and install documentation, i.e. manual pages in various forms. Don't build support for loading Dynamic Shared Objects (DSO) -### no-ec - -Don't build support for Elliptic Curves. - -### no-ec2m - -Don't build support for binary Elliptic Curves - ### no-tls-deprecated-ec Disable legacy TLS EC groups that were deprecated in RFC8422. These are the @@ -873,26 +865,10 @@ Don't build the legacy provider. Disabling this also disables the legacy algorithms: MD2 (already disabled by default). -### enable-lms - -Enable Leighton-Micali Signatures (LMS) support. -Support is currently limited to verification only as per -[SP 800-208](https://csrc.nist.gov/pubs/sp/800/208/final). - ### no-makedepend Don't generate dependencies. -### no-ml-dsa - -Disable Module-Lattice-Based Digital Signature Standard (ML-DSA) support. -ML-DSA is based on CRYSTALS-DILITHIUM. See [FIPS 204]. - -### no-ml-kem - -Disable Module-Lattice-Based Key-Encapsulation Mechanism Standard (ML-KEM) -support. ML-KEM is based on CRYSTALS-KYBER. See [FIPS 203]. - ### no-module Don't build any dynamically loadable modules. @@ -972,11 +948,6 @@ Do not create shared libraries, only static ones. See [Notes on shared libraries](#notes-on-shared-libraries) below. -### no-slh-dsa - -Disable Stateless Hash Based Digital Signature Standard support. -(SLH-DSA is based on SPHINCS+. See [FIPS 205]) - ### no-sm2-precomp Disable using the SM2 precomputed table on aarch64 to make the library smaller. @@ -1191,16 +1162,23 @@ use `TLS_method()` instead. ### enable-{algorithm} - enable-{md2|rc5} + enable-{md2|rc5|lms} Build with support for the specified algorithm. +The `lms` algorithm support is currently limited to verification only as per +[SP 800-208](https://csrc.nist.gov/pubs/sp/800/208/final). + ### no-{algorithm} no-{aria|bf|blake2|camellia|cast|chacha|cmac| - des|dh|dsa|ecdh|ecdsa|idea|md4|mdc2|ml-dsa| - ml-kem|ocb|poly1305|rc2|rc4|rmd160|scrypt| - seed|siphash|siv|sm2|sm3|sm4|whirlpool} + des|dh|dsa| + ec|ec2m|ecdh|ecdsa|hmac-drbg-kdf|idea|kbkdf|krb5kdf| + md4|mdc2| + ml-dsa|ml-kem| + ocb|poly1305|pvkkdf|rc2|rc4|rmd160|scrypt| + seed|siphash|siv|slh-dsa|sm2|sm3|sm4|snmpkdf|sshkdf|sskdf| + x942kdf|x963kdf|whirlpool} Build without support for the specified algorithm. diff --git a/build.info b/build.info index c7a833710bd..5607fbdad46 100644 --- a/build.info +++ b/build.info @@ -72,6 +72,7 @@ DEPEND[]=include/openssl/asn1.h \ providers/implementations/kdfs/sskdf.inc \ providers/implementations/kdfs/tls1_prf.inc \ providers/implementations/kdfs/x942kdf.inc \ + providers/implementations/kdfs/x963kdf.inc \ providers/implementations/kem/ec_kem.inc \ providers/implementations/kem/ecx_kem.inc \ providers/implementations/kem/ml_kem_kem.inc \ @@ -192,6 +193,7 @@ DEPEND[providers/implementations/asymciphers/rsa_enc.inc \ providers/implementations/kdfs/sskdf.inc \ providers/implementations/kdfs/tls1_prf.inc \ providers/implementations/kdfs/x942kdf.inc \ + providers/implementations/kdfs/x963kdf.inc \ providers/implementations/kem/ec_kem.inc \ providers/implementations/kem/ecx_kem.inc \ providers/implementations/kem/ml_kem_kem.inc \ @@ -307,6 +309,8 @@ GENERATE[providers/implementations/kdfs/tls1_prf.inc]=\ providers/implementations/kdfs/tls1_prf.inc.in GENERATE[providers/implementations/kdfs/x942kdf.inc]=\ providers/implementations/kdfs/x942kdf.inc.in +GENERATE[providers/implementations/kdfs/x963kdf.inc]=\ + providers/implementations/kdfs/x963kdf.inc.in GENERATE[providers/implementations/kem/ec_kem.inc]=\ providers/implementations/kem/ec_kem.inc.in GENERATE[providers/implementations/kem/ecx_kem.inc]=\ diff --git a/doc/man7/EVP_KDF-X963.pod b/doc/man7/EVP_KDF-X963.pod index 2df67a728e4..49b03fa5d3a 100644 --- a/doc/man7/EVP_KDF-X963.pod +++ b/doc/man7/EVP_KDF-X963.pod @@ -8,7 +8,8 @@ EVP_KDF-X963 - The X9.63-2001 EVP_KDF implementation The EVP_KDF-X963 algorithm implements the key derivation function (X963KDF). X963KDF is used by Cryptographic Message Syntax (CMS) for EC KeyAgreement, to -derive a key using input such as a shared secret key and shared info. +derive a key using input such as a shared secret key and shared info. It is +also used by SM2 encryption and decryption operations. The output is considered to be keying material. diff --git a/providers/defltprov.c b/providers/defltprov.c index aa673f7c7fd..cddec703698 100644 --- a/providers/defltprov.c +++ b/providers/defltprov.c @@ -366,21 +366,37 @@ static const OSSL_ALGORITHM deflt_kdfs[] = { { PROV_NAMES_HKDF_SHA512, "provider=default", ossl_kdf_hkdf_sha512_functions }, { PROV_NAMES_TLS1_3_KDF, "provider=default", ossl_kdf_tls1_3_kdf_functions }, - { PROV_NAMES_SSKDF, "provider=default", ossl_kdf_sskdf_functions }, + { PROV_NAMES_TLS1_PRF, "provider=default", ossl_kdf_tls1_prf_functions }, { PROV_NAMES_PBKDF2, "provider=default", ossl_kdf_pbkdf2_functions }, { PROV_NAMES_PKCS12KDF, "provider=default", ossl_kdf_pkcs12_functions }, +#ifndef OPENSSL_NO_SSKDF + { PROV_NAMES_SSKDF, "provider=default", ossl_kdf_sskdf_functions }, +#endif +#ifndef OPENSSL_NO_SNMPKDF { PROV_NAMES_SNMPKDF, "provider=default", ossl_kdf_snmpkdf_functions }, +#endif +#ifndef OPENSSL_NO_SSHKDF { PROV_NAMES_SSHKDF, "provider=default", ossl_kdf_sshkdf_functions }, +#endif +#ifndef OPENSSL_NO_X963KDF { PROV_NAMES_X963KDF, "provider=default", ossl_kdf_x963_kdf_functions }, - { PROV_NAMES_TLS1_PRF, "provider=default", ossl_kdf_tls1_prf_functions }, +#endif +#ifndef OPENSSL_NO_KBKDF { PROV_NAMES_KBKDF, "provider=default", ossl_kdf_kbkdf_functions }, +#endif +#ifndef OPENSSL_NO_X942KDF { PROV_NAMES_X942KDF_ASN1, "provider=default", ossl_kdf_x942_kdf_functions }, +#endif #ifndef OPENSSL_NO_SCRYPT { PROV_NAMES_SCRYPT, "provider=default", ossl_kdf_scrypt_functions }, #endif +#ifndef OPENSSL_NO_KRB5KDF { PROV_NAMES_KRB5KDF, "provider=default", ossl_kdf_krb5kdf_functions }, +#endif +#ifndef OPENSSL_NO_HMAC_DRBG_KDF { PROV_NAMES_HMAC_DRBG_KDF, "provider=default", ossl_kdf_hmac_drbg_functions }, +#endif #ifndef OPENSSL_NO_ARGON2 { PROV_NAMES_ARGON2I, "provider=default", ossl_kdf_argon2i_functions }, { PROV_NAMES_ARGON2D, "provider=default", ossl_kdf_argon2d_functions }, diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 9905fa404f1..ce2645ce073 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -424,36 +424,71 @@ static const OSSL_ALGORITHM fips_macs_internal[] = { { NULL, NULL, NULL } }; -#define FIPS_KDFS_COMMON() \ - { PROV_NAMES_HKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_hkdf_functions }, \ - { PROV_NAMES_HKDF_SHA256, FIPS_DEFAULT_PROPERTIES, ossl_kdf_hkdf_sha256_functions }, \ - { PROV_NAMES_HKDF_SHA384, FIPS_DEFAULT_PROPERTIES, ossl_kdf_hkdf_sha384_functions }, \ - { PROV_NAMES_HKDF_SHA512, FIPS_DEFAULT_PROPERTIES, ossl_kdf_hkdf_sha512_functions }, \ - { PROV_NAMES_TLS1_3_KDF, FIPS_DEFAULT_PROPERTIES, \ - ossl_kdf_tls1_3_kdf_functions }, \ - { PROV_NAMES_SSKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_sskdf_functions }, \ - { PROV_NAMES_PBKDF2, FIPS_DEFAULT_PROPERTIES, ossl_kdf_pbkdf2_functions }, \ - { PROV_NAMES_SNMPKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_snmpkdf_functions }, \ - { PROV_NAMES_SSHKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_sshkdf_functions }, \ - { PROV_NAMES_X963KDF, FIPS_DEFAULT_PROPERTIES, \ - ossl_kdf_x963_kdf_functions }, \ - { PROV_NAMES_X942KDF_ASN1, FIPS_DEFAULT_PROPERTIES, \ - ossl_kdf_x942_kdf_functions }, \ - { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, \ - ossl_kdf_tls1_prf_functions }, \ - { \ - PROV_NAMES_KBKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_kbkdf_functions \ - } +/* clang-format off */ +#define FIPS_KDFS_COMMON() \ + { PROV_NAMES_HKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_hkdf_functions }, \ + { PROV_NAMES_HKDF_SHA256, FIPS_DEFAULT_PROPERTIES, ossl_kdf_hkdf_sha256_functions }, \ + { PROV_NAMES_HKDF_SHA384, FIPS_DEFAULT_PROPERTIES, ossl_kdf_hkdf_sha384_functions }, \ + { PROV_NAMES_HKDF_SHA512, FIPS_DEFAULT_PROPERTIES, ossl_kdf_hkdf_sha512_functions }, \ + { PROV_NAMES_TLS1_3_KDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_tls1_3_kdf_functions }, \ + { PROV_NAMES_PBKDF2, FIPS_DEFAULT_PROPERTIES, ossl_kdf_pbkdf2_functions }, \ + { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_tls1_prf_functions } +/* clang-format on */ +/* + * NOTE: + * Any algorithms added to this table need to be copied to fips_kdfs_internal[]. + */ static const OSSL_ALGORITHM fips_kdfs[] = { FIPS_KDFS_COMMON(), +#ifndef OPENSSL_NO_SSKDF + { PROV_NAMES_SSKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_sskdf_functions }, +#endif +#ifndef OPENSSL_NO_SNMPKDF + { PROV_NAMES_SNMPKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_snmpkdf_functions }, +#endif +#ifndef OPENSSL_NO_SSHKDF + { PROV_NAMES_SSHKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_sshkdf_functions }, +#endif +#ifndef OPENSSL_NO_KBKDF + { PROV_NAMES_KBKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_kbkdf_functions }, +#endif +#ifndef OPENSSL_NO_X942KDF + { PROV_NAMES_X942KDF_ASN1, FIPS_DEFAULT_PROPERTIES, + ossl_kdf_x942_kdf_functions }, +#endif +#ifndef OPENSSL_NO_X963KDF + { PROV_NAMES_X963KDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_x963_kdf_functions }, +#endif { NULL, NULL, NULL } }; static const OSSL_ALGORITHM fips_kdfs_internal[] = { FIPS_KDFS_COMMON(), +#ifndef OPENSSL_NO_SSKDF + { PROV_NAMES_SSKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_sskdf_functions }, +#endif +#ifndef OPENSSL_NO_SNMPKDF + { PROV_NAMES_SNMPKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_snmpkdf_functions }, +#endif +#ifndef OPENSSL_NO_SSHKDF + { PROV_NAMES_SSHKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_sshkdf_functions }, +#endif +#ifndef OPENSSL_NO_KBKDF + { PROV_NAMES_KBKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_kbkdf_functions }, +#endif +#ifndef OPENSSL_NO_X942KDF + { PROV_NAMES_X942KDF_ASN1, FIPS_DEFAULT_PROPERTIES, + ossl_kdf_x942_kdf_functions }, +#endif +#ifndef OPENSSL_NO_X963KDF + { PROV_NAMES_X963KDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_x963_kdf_functions }, +#endif + +#ifndef OPENSSL_NO_HMAC_DRBG_KDF /* For deterministic ECDSA */ { PROV_NAMES_HMAC_DRBG_KDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_hmac_drbg_functions }, +#endif { NULL, NULL, NULL } }; diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc index 2442038eb17..4b5160ac23f 100644 --- a/providers/fips/self_test_data.inc +++ b/providers/fips/self_test_data.inc @@ -512,6 +512,7 @@ static const ST_KAT_PARAM hkdf_params[] = { ST_KAT_PARAM_END() }; +#ifndef OPENSSL_NO_SNMPKDF static const char snmpkdf_digest[] = "SHA1"; static const unsigned char snmpkdf_eid[] = { 0x80, 0x00, 0x02, 0xb8, 0x05, 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, @@ -530,7 +531,9 @@ static const ST_KAT_PARAM snmpkdf_params[] = { ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_PASSWORD, snmpkdf_password), ST_KAT_PARAM_END() }; +#endif +#ifndef OPENSSL_NO_SSKDF static const char sskdf_digest[] = "SHA256"; static const unsigned char sskdf_secret[] = { 0x6d, 0xbd, 0xc2, 0x3f, 0x04, 0x54, 0x88, 0xe4, @@ -559,7 +562,9 @@ static const ST_KAT_PARAM sskdf_params[] = { ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, sskdf_otherinfo), ST_KAT_PARAM_END() }; +#endif /* OPENSSL_NO_SSKDF */ +#ifndef OPENSSL_NO_X942KDF static const char x942kdf_digest[] = "SHA256"; static const char x942kdf_cekalg[] = "AES-128-WRAP"; static const unsigned char x942kdf_secret[] = { @@ -577,7 +582,9 @@ static const ST_KAT_PARAM x942kdf_params[] = { ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, x942kdf_secret), ST_KAT_PARAM_END() }; +#endif /* OPENSSL_NO_X942KDF */ +#ifndef OPENSSL_NO_X963KDF static const char x963kdf_digest[] = "SHA256"; static const unsigned char x963kdf_otherinfo[] = { 0x75, 0xee, 0xf8, 0x1a, 0xa3, 0x04, 0x1e, 0x33, @@ -600,6 +607,7 @@ static const ST_KAT_PARAM x963kdf_params[] = { ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, x963kdf_otherinfo), ST_KAT_PARAM_END() }; +#endif /* OPENSSL_NO_X963KDF */ static const char pbkdf2_digest[] = "SHA256"; /* @@ -685,6 +693,7 @@ static const ST_KAT_PARAM tls12prf_params[] = { ST_KAT_PARAM_END() }; +#ifndef OPENSSL_NO_KBKDF static const char kbkdf_digest[] = "SHA256"; static const char kbkdf_mac[] = "HMAC"; static const unsigned char kbkdf_salt[] = { 'p', 'r', 'f' }; @@ -734,6 +743,7 @@ static const ST_KAT_PARAM kbkdf_kmac_params[] = { ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, kbkdf_kmac_context), ST_KAT_PARAM_END() }; +#endif /* OPENSSL_NO_KBKDF */ static const char tls13_kdf_digest[] = "SHA256"; static int tls13_kdf_extract_mode = EVP_KDF_HKDF_MODE_EXTRACT_ONLY; @@ -822,6 +832,7 @@ static const ST_KAT_KDF st_kat_kdf_tests[] = pbkdf2_params, ITM(pbkdf2_expected) }, +#ifndef OPENSSL_NO_KBKDF { OSSL_SELF_TEST_DESC_KDF_KBKDF, OSSL_KDF_NAME_KBKDF, @@ -836,6 +847,7 @@ static const ST_KAT_KDF st_kat_kdf_tests[] = kbkdf_kmac_params, ITM(kbkdf_kmac_expected) }, +#endif { OSSL_SELF_TEST_DESC_KDF_HKDF, OSSL_KDF_NAME_HKDF, @@ -843,6 +855,7 @@ static const ST_KAT_KDF st_kat_kdf_tests[] = hkdf_params, ITM(hkdf_expected) }, +#ifndef OPENSSL_NO_SNMPKDF { OSSL_SELF_TEST_DESC_KDF_SNMPKDF, OSSL_KDF_NAME_SNMPKDF, @@ -850,6 +863,8 @@ static const ST_KAT_KDF st_kat_kdf_tests[] = snmpkdf_params, ITM(snmpkdf_expected) }, +#endif +#ifndef OPENSSL_NO_SSKDF { OSSL_SELF_TEST_DESC_KDF_SSKDF, OSSL_KDF_NAME_SSKDF, @@ -857,6 +872,8 @@ static const ST_KAT_KDF st_kat_kdf_tests[] = sskdf_params, ITM(sskdf_expected) }, +#endif +#ifndef OPENSSL_NO_X963KDF { OSSL_SELF_TEST_DESC_KDF_X963KDF, OSSL_KDF_NAME_X963KDF, @@ -864,6 +881,8 @@ static const ST_KAT_KDF st_kat_kdf_tests[] = x963kdf_params, ITM(x963kdf_expected) }, +#endif +#ifndef OPENSSL_NO_X942KDF { OSSL_SELF_TEST_DESC_KDF_X942KDF, OSSL_KDF_NAME_X942KDF_ASN1, @@ -871,6 +890,7 @@ static const ST_KAT_KDF st_kat_kdf_tests[] = x942kdf_params, ITM(x942kdf_expected) }, +#endif }; /*- @@ -1627,6 +1647,7 @@ static const unsigned char ecdsa_prime_expected_sig[] = { 0x45, 0xc3, 0x6f, 0x9e, 0x2e, 0xc1, 0x44, 0x9f, 0xfd, 0x79, 0xdb, 0x90, 0x3e, 0xb9, 0xb2 }; +#ifndef OPENSSL_NO_HMAC_DRBG_KDF static const unsigned char ecdsa_prime_expected_detsig[] = { 0x30, 0x3c, 0x02, 0x1c, 0x6a, 0x6d, 0x2c, 0x88, 0x2b, 0xe5, 0x6b, 0xe6, 0xb1, 0x28, 0xe7, 0xa8, @@ -1637,6 +1658,7 @@ static const unsigned char ecdsa_prime_expected_detsig[] = { 0xf9, 0x16, 0xe6, 0x06, 0xa5, 0xf0, 0x94, 0x2f, 0x57, 0xf1, 0x7e, 0xf2, 0x16, 0x76 }; +#endif static const ST_KAT_PARAM ecdsa_prime_key[] = { ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name), ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_prime_pub), @@ -3225,6 +3247,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = { ITM(sig_kat_persstr), ITM(ecdsa_prime_expected_sig) }, +# ifndef OPENSSL_NO_HMAC_DRBG_KDF { OSSL_SELF_TEST_DESC_SIGN_DetECDSA, "EC", "ECDSA-SHA256", 0, 0, @@ -3234,6 +3257,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = { ITM(ecdsa_prime_expected_detsig), ecdsa_sig_params }, +# endif # ifndef OPENSSL_NO_EC2M { OSSL_SELF_TEST_DESC_SIGN_ECDSA, diff --git a/providers/implementations/kdfs/build.info b/providers/implementations/kdfs/build.info index b41a730e574..f94c78bf4d4 100644 --- a/providers/implementations/kdfs/build.info +++ b/providers/implementations/kdfs/build.info @@ -21,25 +21,47 @@ SOURCE[$TLS1_PRF_GOAL]=tls1_prf.c SOURCE[$HKDF_GOAL]=hkdf.c -SOURCE[$KBKDF_GOAL]=kbkdf.c +IF[{- !$disable{kbkdf} -}] + SOURCE[$KBKDF_GOAL]=kbkdf.c +ENDIF -SOURCE[$KRB5KDF_GOAL]=krb5kdf.c +IF[{- !$disabled{krb5kdf} -}] + SOURCE[$KRB5KDF_GOAL]=krb5kdf.c +ENDIF SOURCE[$PBKDF1_GOAL]=pbkdf1.c SOURCE[$PBKDF2_GOAL]=pbkdf2.c -SOURCE[$PVKKDF_GOAL]=pvkkdf.c +IF[{- !$disabled{pvkkdf} -}] + SOURCE[$PVKKDF_GOAL]=pvkkdf.c +ENDIF SOURCE[$PKCS12KDF_GOAL]=pkcs12kdf.c -SOURCE[$SSKDF_GOAL]=sskdf.c +IF[{- !$disabled{sskdf} || !$disabled{x963kdf} -}] + SOURCE[$SSKDF_GOAL]=sskdf.c +ENDIF -SOURCE[$SCRYPT_GOAL]=scrypt.c -SOURCE[$SNMPKDF_GOAL]=snmpkdf.c -SOURCE[$SSHKDF_GOAL]=sshkdf.c -SOURCE[$X942KDF_GOAL]=x942kdf.c -DEPEND[x942kdf.o]=../../common/include/prov/der_wrap.h +IF[{- !$disabled{scrypt} -}] + SOURCE[$SCRYPT_GOAL]=scrypt.c +ENDIF + +IF[{- !$disabled{snmpkdf} -}] + SOURCE[$SNMPKDF_GOAL]=snmpkdf.c +ENDIF + +IF[{- !$disabled{sshkdf} -}] + SOURCE[$SSHKDF_GOAL]=sshkdf.c +ENDIF + +IF[{- !$disabled{x942kdf} -}] + SOURCE[$X942KDF_GOAL]=x942kdf.c + DEPEND[x942kdf.o]=../../common/include/prov/der_wrap.h +ENDIF + +IF[{- !$disabled{hmac-drbg-kdf} -}] + SOURCE[$HMAC_DRBG_KDF_GOAL]=hmacdrbg_kdf.c +ENDIF -SOURCE[$HMAC_DRBG_KDF_GOAL]=hmacdrbg_kdf.c SOURCE[$ARGON2_GOAL]=argon2.c diff --git a/providers/implementations/kdfs/sskdf.c b/providers/implementations/kdfs/sskdf.c index 25b619e248a..2e61cf3f218 100644 --- a/providers/implementations/kdfs/sskdf.c +++ b/providers/implementations/kdfs/sskdf.c @@ -53,6 +53,9 @@ #include "prov/securitycheck.h" #include "internal/params.h" +#define SSKDF_MAX_INLEN (1 << 30) +#define SSKDF_MAX_INFOS 5 + typedef struct { void *provctx; EVP_MAC_CTX *macctx; /* H(x) = HMAC_hash OR H(x) = KMAC */ @@ -68,28 +71,49 @@ typedef struct { OSSL_FIPS_IND_DECLARE } KDF_SSKDF; -#define SSKDF_MAX_INLEN (1 << 30) -#define SSKDF_KMAC128_DEFAULT_SALT_SIZE (168 - 4) -#define SSKDF_KMAC256_DEFAULT_SALT_SIZE (136 - 4) - -#define SSKDF_MAX_INFOS 5 - -/* KMAC uses a Customisation string of 'KDF' */ -static const unsigned char kmac_custom_str[] = { 0x4B, 0x44, 0x46 }; +struct sskdf_all_set_ctx_params_st { + OSSL_PARAM *secret; + OSSL_PARAM *propq; + OSSL_PARAM *digest; + OSSL_PARAM *mac; + OSSL_PARAM *salt; + OSSL_PARAM *size; +#ifdef FIPS_MODULE + OSSL_PARAM *ind_k; + OSSL_PARAM *ind_d; +#endif + OSSL_PARAM *info[SSKDF_MAX_INFOS]; + int num_info; +}; static OSSL_FUNC_kdf_newctx_fn sskdf_new; static OSSL_FUNC_kdf_dupctx_fn sskdf_dup; static OSSL_FUNC_kdf_freectx_fn sskdf_free; static OSSL_FUNC_kdf_reset_fn sskdf_reset; + +#ifndef OPENSSL_NO_SSKDF +#define SSKDF_KMAC128_DEFAULT_SALT_SIZE (168 - 4) +#define SSKDF_KMAC256_DEFAULT_SALT_SIZE (136 - 4) +/* KMAC uses a Customisation string of 'KDF' */ +static const unsigned char kmac_custom_str[] = { 0x4B, 0x44, 0x46 }; + static OSSL_FUNC_kdf_derive_fn sskdf_derive; static OSSL_FUNC_kdf_settable_ctx_params_fn sskdf_settable_ctx_params; static OSSL_FUNC_kdf_set_ctx_params_fn sskdf_set_ctx_params; -static OSSL_FUNC_kdf_gettable_ctx_params_fn sskdf_common_gettable_ctx_params; -static OSSL_FUNC_kdf_get_ctx_params_fn sskdf_common_get_ctx_params; +static OSSL_FUNC_kdf_gettable_ctx_params_fn sskdf_gettable_ctx_params; +static OSSL_FUNC_kdf_get_ctx_params_fn sskdf_get_ctx_params; +#define sskdf_set_ctx_params_st sskdf_all_set_ctx_params_st +#include "providers/implementations/kdfs/sskdf.inc" +#endif +#ifndef OPENSSL_NO_X963KDF static OSSL_FUNC_kdf_derive_fn x963kdf_derive; static OSSL_FUNC_kdf_settable_ctx_params_fn x963kdf_settable_ctx_params; static OSSL_FUNC_kdf_set_ctx_params_fn x963kdf_set_ctx_params; - +static OSSL_FUNC_kdf_gettable_ctx_params_fn x963kdf_gettable_ctx_params; +static OSSL_FUNC_kdf_get_ctx_params_fn x963kdf_get_ctx_params; +#define x963kdf_set_ctx_params_st sskdf_all_set_ctx_params_st +#include "providers/implementations/kdfs/x963kdf.inc" +#endif /* * Refer to https://csrc.nist.gov/publications/detail/sp/800-56c/rev-1/final * Section 4. One-Step Key Derivation using H(x) = hash(x) @@ -164,6 +188,7 @@ end: return ret; } +#ifndef OPENSSL_NO_SSKDF static int kmac_init(EVP_MAC_CTX *ctx, const unsigned char *custom, size_t custom_len, size_t kmac_out_len, size_t derived_key_len, unsigned char **out) @@ -290,6 +315,7 @@ end: EVP_MAC_CTX_free(ctx); return ret; } +#endif /* OPENSSL_NO_SSKDF */ static void *sskdf_new(void *provctx) { @@ -377,6 +403,7 @@ static size_t sskdf_size(KDF_SSKDF *ctx) return (len <= 0) ? 0 : (size_t)len; } +#ifndef OPENSSL_NO_SSKDF #ifdef FIPS_MODULE static int fips_sskdf_key_check_passed(KDF_SSKDF *ctx) { @@ -393,7 +420,7 @@ static int fips_sskdf_key_check_passed(KDF_SSKDF *ctx) } return 1; } -#endif +#endif /* FIPS_MODULE */ static int sskdf_derive(void *vctx, unsigned char *key, size_t keylen, const OSSL_PARAM params[]) @@ -462,7 +489,9 @@ static int sskdf_derive(void *vctx, unsigned char *key, size_t keylen, ctx->info, ctx->info_len, 0, key, keylen); } } +#endif +#ifndef OPENSSL_NO_X963KDF #ifdef FIPS_MODULE static int fips_x963kdf_digest_check_passed(KDF_SSKDF *ctx, const EVP_MD *md) { @@ -502,7 +531,7 @@ static int fips_x963kdf_key_check_passed(KDF_SSKDF *ctx) } return 1; } -#endif +#endif /* FIPS_MODULE */ static int x963kdf_derive(void *vctx, unsigned char *key, size_t keylen, const OSSL_PARAM params[]) @@ -533,48 +562,16 @@ static int x963kdf_derive(void *vctx, unsigned char *key, size_t keylen, return SSKDF_hash_kdm(md, ctx->secret, ctx->secret_len, ctx->info, ctx->info_len, 1, key, keylen); } - -struct sskdf_all_set_ctx_params_st { - OSSL_PARAM *secret; - OSSL_PARAM *propq; - OSSL_PARAM *digest; - OSSL_PARAM *mac; - OSSL_PARAM *salt; - OSSL_PARAM *size; -#ifdef FIPS_MODULE - OSSL_PARAM *ind_k; - OSSL_PARAM *ind_d; -#endif - OSSL_PARAM *info[SSKDF_MAX_INFOS]; - int num_info; -}; - -#define sskdf_set_ctx_params_st sskdf_all_set_ctx_params_st -#define x963kdf_set_ctx_params_st sskdf_all_set_ctx_params_st - -#include "providers/implementations/kdfs/sskdf.inc" +#endif /* OPENSSL_NO_X963KDF */ static int sskdf_common_set_ctx_params(KDF_SSKDF *ctx, struct sskdf_all_set_ctx_params_st *p, - const OSSL_PARAM *params) + const OSSL_PARAM *params, OSSL_LIB_CTX *libctx) { - OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx); + const EVP_MD *md = NULL; size_t sz; int r; - if (!ossl_prov_macctx_load(&ctx->macctx, - p->mac, NULL, p->digest, p->propq, - NULL, NULL, NULL, libctx)) - return 0; - if (ctx->macctx != NULL) { - if (EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->macctx), - OSSL_MAC_NAME_KMAC128) - || EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->macctx), - OSSL_MAC_NAME_KMAC256)) { - ctx->is_kmac = 1; - } - } - if (p->digest != NULL) { if (!ossl_prov_digest_load(&ctx->digest, p->digest, p->propq, libctx)) return 0; @@ -596,11 +593,6 @@ static int sskdf_common_set_ctx_params(KDF_SSKDF *ctx, struct sskdf_all_set_ctx_ == 0) return 0; - if (ossl_param_get1_octet_string_from_param(p->salt, &ctx->salt, - &ctx->salt_len) - == 0) - return 0; - if (p->size != NULL) { if (!OSSL_PARAM_get_size_t(p->size, &sz) || sz == 0) return 0; @@ -609,9 +601,11 @@ static int sskdf_common_set_ctx_params(KDF_SSKDF *ctx, struct sskdf_all_set_ctx_ return 1; } +#ifndef OPENSSL_NO_SSKDF static int sskdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) { KDF_SSKDF *ctx = (KDF_SSKDF *)vctx; + OSSL_LIB_CTX *libctx; struct sskdf_all_set_ctx_params_st p; if (ctx == NULL || !sskdf_set_ctx_params_decoder(params, &p)) @@ -620,7 +614,24 @@ static int sskdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(ctx, OSSL_FIPS_IND_SETTABLE0, p.ind_k)) return 0; - if (!sskdf_common_set_ctx_params(ctx, &p, params)) + libctx = PROV_LIBCTX_OF(ctx->provctx); + if (!ossl_prov_macctx_load(&ctx->macctx, + p.mac, NULL, p.digest, p.propq, + NULL, NULL, NULL, libctx)) + return 0; + if (ctx->macctx != NULL) { + if (EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->macctx), + OSSL_MAC_NAME_KMAC128) + || EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->macctx), + OSSL_MAC_NAME_KMAC256)) { + ctx->is_kmac = 1; + } + } + if (ossl_param_get1_octet_string_from_param(p.salt, &ctx->salt, + &ctx->salt_len) + == 0) + return 0; + if (!sskdf_common_set_ctx_params(ctx, &p, params, libctx)) return 0; #ifdef FIPS_MODULE @@ -638,7 +649,7 @@ static const OSSL_PARAM *sskdf_settable_ctx_params(ossl_unused void *ctx, return sskdf_set_ctx_params_list; } -static int sskdf_common_get_ctx_params(void *vctx, OSSL_PARAM params[]) +static int sskdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) { KDF_SSKDF *ctx = (KDF_SSKDF *)vctx; struct sskdf_get_ctx_params_st p; @@ -657,11 +668,14 @@ static int sskdf_common_get_ctx_params(void *vctx, OSSL_PARAM params[]) return 1; } -static const OSSL_PARAM *sskdf_common_gettable_ctx_params(ossl_unused void *ctx, ossl_unused void *provctx) +static const OSSL_PARAM *sskdf_gettable_ctx_params(ossl_unused void *ctx, ossl_unused void *provctx) { return sskdf_get_ctx_params_list; } +#endif /* OPENSSL_NO_SSKDF */ + +#ifndef OPENSSL_NO_X963KDF static int x963kdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) { KDF_SSKDF *ctx = (KDF_SSKDF *)vctx; @@ -675,7 +689,7 @@ static int x963kdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(ctx, OSSL_FIPS_IND_SETTABLE1, p.ind_k)) return 0; - if (!sskdf_common_set_ctx_params(ctx, &p, params)) + if (!sskdf_common_set_ctx_params(ctx, &p, params, PROV_LIBCTX_OF(ctx->provctx))) return 0; #ifdef FIPS_MODULE @@ -700,6 +714,33 @@ static const OSSL_PARAM *x963kdf_settable_ctx_params(ossl_unused void *ctx, return x963kdf_set_ctx_params_list; } +static int x963kdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) +{ + KDF_SSKDF *ctx = (KDF_SSKDF *)vctx; + struct x963kdf_get_ctx_params_st p; + + if (ctx == NULL || !x963kdf_get_ctx_params_decoder(params, &p)) + return 0; + + if (p.size != NULL) { + if (!OSSL_PARAM_set_size_t(p.size, sskdf_size(ctx))) + return 0; + } + + if (!OSSL_FIPS_IND_GET_CTX_PARAM(ctx, p.ind)) + return 0; + + return 1; +} + +static const OSSL_PARAM *x963kdf_gettable_ctx_params(ossl_unused void *ctx, ossl_unused void *provctx) +{ + return x963kdf_get_ctx_params_list; +} + +#endif /* OPENSSL_NO_X963KDF */ + +#ifndef OPENSSL_NO_SSKDF const OSSL_DISPATCH ossl_kdf_sskdf_functions[] = { { OSSL_FUNC_KDF_NEWCTX, (void (*)(void))sskdf_new }, { OSSL_FUNC_KDF_DUPCTX, (void (*)(void))sskdf_dup }, @@ -710,11 +751,13 @@ const OSSL_DISPATCH ossl_kdf_sskdf_functions[] = { (void (*)(void))sskdf_settable_ctx_params }, { OSSL_FUNC_KDF_SET_CTX_PARAMS, (void (*)(void))sskdf_set_ctx_params }, { OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS, - (void (*)(void))sskdf_common_gettable_ctx_params }, - { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void (*)(void))sskdf_common_get_ctx_params }, + (void (*)(void))sskdf_gettable_ctx_params }, + { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void (*)(void))sskdf_get_ctx_params }, OSSL_DISPATCH_END }; +#endif +#ifndef OPENSSL_NO_X963KDF const OSSL_DISPATCH ossl_kdf_x963_kdf_functions[] = { { OSSL_FUNC_KDF_NEWCTX, (void (*)(void))sskdf_new }, { OSSL_FUNC_KDF_DUPCTX, (void (*)(void))sskdf_dup }, @@ -725,7 +768,8 @@ const OSSL_DISPATCH ossl_kdf_x963_kdf_functions[] = { (void (*)(void))x963kdf_settable_ctx_params }, { OSSL_FUNC_KDF_SET_CTX_PARAMS, (void (*)(void))x963kdf_set_ctx_params }, { OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS, - (void (*)(void))sskdf_common_gettable_ctx_params }, - { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void (*)(void))sskdf_common_get_ctx_params }, + (void (*)(void))x963kdf_gettable_ctx_params }, + { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void (*)(void))x963kdf_get_ctx_params }, OSSL_DISPATCH_END }; +#endif diff --git a/providers/implementations/kdfs/sskdf.inc.in b/providers/implementations/kdfs/sskdf.inc.in index 059e1794455..d8979a556cc 100644 --- a/providers/implementations/kdfs/sskdf.inc.in +++ b/providers/implementations/kdfs/sskdf.inc.in @@ -27,16 +27,3 @@ use OpenSSL::paramnames qw(produce_param_decoder); (['OSSL_KDF_PARAM_SIZE', 'size', 'size_t'], ['OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int', 'fips'], )); -} - -{- produce_param_decoder('x963kdf_set_ctx_params', - (['OSSL_KDF_PARAM_SECRET', 'secret', 'octet_string'], - ['OSSL_KDF_PARAM_KEY', 'secret', 'octet_string'], - ['OSSL_KDF_PARAM_INFO', 'info', 'octet_string', SSKDF_MAX_INFOS], - ['OSSL_KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'], - ['OSSL_KDF_PARAM_DIGEST', 'digest', 'utf8_string'], - ['OSSL_KDF_PARAM_MAC', 'mac', 'utf8_string'], - ['OSSL_KDF_PARAM_SALT', 'salt', 'octet_string'], - ['OSSL_KDF_PARAM_MAC_SIZE', 'size', 'size_t'], - ['OSSL_KDF_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int', 'fips'], - ['OSSL_KDF_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int', 'fips'], - )); -} diff --git a/providers/implementations/kdfs/x963kdf.inc.in b/providers/implementations/kdfs/x963kdf.inc.in new file mode 100644 index 00000000000..c8e91d4c44c --- /dev/null +++ b/providers/implementations/kdfs/x963kdf.inc.in @@ -0,0 +1,27 @@ +/* + * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the \"License\"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +{- +use OpenSSL::paramnames qw(produce_param_decoder); +-} + +{- produce_param_decoder('x963kdf_get_ctx_params', + (['OSSL_KDF_PARAM_SIZE', 'size', 'size_t'], + ['OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int', 'fips'], + )); -} + +{- produce_param_decoder('x963kdf_set_ctx_params', + (['OSSL_KDF_PARAM_SECRET', 'secret', 'octet_string'], + ['OSSL_KDF_PARAM_KEY', 'secret', 'octet_string'], + ['OSSL_KDF_PARAM_INFO', 'info', 'octet_string', SSKDF_MAX_INFOS], + ['OSSL_KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'], + ['OSSL_KDF_PARAM_DIGEST', 'digest', 'utf8_string'], + ['OSSL_KDF_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int', 'fips'], + ['OSSL_KDF_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int', 'fips'], + )); -} diff --git a/providers/legacyprov.c b/providers/legacyprov.c index 996c412e05a..89ab6e8336f 100644 --- a/providers/legacyprov.c +++ b/providers/legacyprov.c @@ -163,7 +163,9 @@ static const OSSL_ALGORITHM legacy_ciphers[] = { static const OSSL_ALGORITHM legacy_kdfs[] = { ALG(PROV_NAMES_PBKDF1, ossl_kdf_pbkdf1_functions), +#ifndef OPENSSL_NO_PVKKDF ALG(PROV_NAMES_PVKKDF, ossl_kdf_pvk_functions), +#endif { NULL, NULL, NULL } }; diff --git a/test/endecode_test.c b/test/endecode_test.c index 538907b363b..5b809cc28ec 100644 --- a/test/endecode_test.c +++ b/test/endecode_test.c @@ -830,7 +830,7 @@ static int test_protected_via_legacy_PEM(const char *type, EVP_PKEY *key) dump_pem, 0); } -#ifndef OPENSSL_NO_RC4 +#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_PVKKDF) static int test_protected_via_PVK(const char *type, EVP_PKEY *key) { int ret = 0; @@ -1019,7 +1019,7 @@ static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key) } #define ADD_TEST_SUITE_UNPROTECTED_PVK(KEYTYPE) \ ADD_TEST(test_unprotected_##KEYTYPE##_via_PVK) -#ifndef OPENSSL_NO_RC4 +#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_PVKKDF) #define IMPLEMENT_TEST_SUITE_PROTECTED_PVK(KEYTYPE, KEYTYPEstr) \ static int test_protected_##KEYTYPE##_via_PVK(void) \ { \ @@ -1048,7 +1048,7 @@ IMPLEMENT_TEST_SUITE_PARAMS(DSA, "DSA") IMPLEMENT_TEST_SUITE_LEGACY(DSA, "DSA") IMPLEMENT_TEST_SUITE_MSBLOB(DSA, "DSA") IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(DSA, "DSA") -#ifndef OPENSSL_NO_RC4 +#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_PVKKDF) IMPLEMENT_TEST_SUITE_PROTECTED_PVK(DSA, "DSA") #endif #endif @@ -1139,7 +1139,7 @@ IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS", 1) */ IMPLEMENT_TEST_SUITE_MSBLOB(RSA, "RSA") IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(RSA, "RSA") -#ifndef OPENSSL_NO_RC4 +#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_PVKKDF) IMPLEMENT_TEST_SUITE_PROTECTED_PVK(RSA, "RSA") #endif @@ -1602,7 +1602,7 @@ int setup_tests(void) ADD_TEST_SUITE_LEGACY(DSA); ADD_TEST_SUITE_MSBLOB(DSA); ADD_TEST_SUITE_UNPROTECTED_PVK(DSA); -#ifndef OPENSSL_NO_RC4 +#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_PVKKDF) ADD_TEST_SUITE_PROTECTED_PVK(DSA); #endif #endif @@ -1654,7 +1654,7 @@ int setup_tests(void) */ ADD_TEST_SUITE_MSBLOB(RSA); ADD_TEST_SUITE_UNPROTECTED_PVK(RSA); -#ifndef OPENSSL_NO_RC4 +#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_PVKKDF) ADD_TEST_SUITE_PROTECTED_PVK(RSA); #endif diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index cc25ad58537..ecf635733ab 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -2676,19 +2676,17 @@ static int test_EVP_SM2(void) EVP_MD_CTX *md_ctx_verify = NULL; EVP_PKEY_CTX *cctx = NULL; EVP_MD *check_md = NULL; - + uint8_t sm2_id[] = { 1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r' }; +#ifndef OPENSSL_NO_X963KDF uint8_t ciphertext[128]; size_t ctext_len = sizeof(ciphertext); - uint8_t plaintext[8]; size_t ptext_len = sizeof(plaintext); - - uint8_t sm2_id[] = { 1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r' }; - OSSL_PARAM sparams[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; OSSL_PARAM gparams[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; int i; char mdname[OSSL_MAX_NAME_SIZE]; +#endif if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "SM2", testpropq))) @@ -2781,7 +2779,7 @@ static int test_EVP_SM2(void) goto done; /* now check encryption/decryption */ - +#ifndef OPENSSL_NO_X963KDF gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST, mdname, sizeof(mdname)); for (i = 0; i < 2; i++) { @@ -2848,7 +2846,7 @@ static int test_EVP_SM2(void) if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0)) goto done; } - +#endif /* OPENSSL_NO_X963KDF */ ret = 1; done: EVP_PKEY_CTX_free(pctx); diff --git a/test/evp_kdf_test.c b/test/evp_kdf_test.c index 89e2afb669b..b57f03c46cd 100644 --- a/test/evp_kdf_test.c +++ b/test/evp_kdf_test.c @@ -1208,6 +1208,7 @@ static int test_kdf_scrypt(void) } #endif /* OPENSSL_NO_SCRYPT */ +#ifndef OPENSSL_NO_SSKDF static int test_kdf_ss_hash(void) { int ret; @@ -1244,7 +1245,9 @@ static int test_kdf_ss_hash(void) EVP_KDF_CTX_free(kctx); return ret; } +#endif /* OPENSSL_NO_SSKDF */ +#ifndef OPENSSL_NO_X963KDF static int test_kdf_x963(void) { int ret; @@ -1296,7 +1299,9 @@ static int test_kdf_x963(void) EVP_KDF_CTX_free(kctx); return ret; } +#endif /* OPENSSL_NO_X963KDF */ +#ifndef OPENSSL_NO_KBKDF #if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_CAMELLIA) /* * KBKDF test vectors from RFC 6803 (Camellia Encryption for Kerberos 5) @@ -2214,7 +2219,9 @@ static int test_kdf_kbkdf_kmac(void) EVP_KDF_CTX_free(kctx); return ret; } +#endif /* OPENSSL_NO_KBKDF */ +#ifndef OPENSSL_NO_SSKDF static int test_kdf_ss_hmac(void) { int ret; @@ -2305,7 +2312,9 @@ static int test_kdf_ss_kmac(void) EVP_KDF_CTX_free(kctx); return ret; } +#endif /* OPENSSL_NO_SSKDF */ +#ifndef OPENSSL_NO_SSHKDF static int test_kdf_sshkdf(void) { int ret; @@ -2361,6 +2370,7 @@ static int test_kdf_sshkdf(void) EVP_KDF_CTX_free(kctx); return ret; } +#endif /* OPENSSL_NO_SSHKDF */ static int test_kdfs_same(EVP_KDF *kdf1, EVP_KDF *kdf2) { @@ -2413,7 +2423,7 @@ static int test_kdf_get_kdf(void) return ok; } -#if !defined(OPENSSL_NO_CMS) && !defined(OPENSSL_NO_DES) +#if !defined(OPENSSL_NO_CMS) && !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_X942KDF) static int test_kdf_x942_asn1(void) { int ret; @@ -2449,6 +2459,7 @@ static int test_kdf_x942_asn1(void) } #endif /* OPENSSL_NO_CMS */ +#ifndef OPENSSL_NO_KRB5KDF static int test_kdf_krb5kdf(void) { int ret; @@ -2482,7 +2493,9 @@ static int test_kdf_krb5kdf(void) EVP_KDF_CTX_free(kctx); return ret; } +#endif /* OPENSSL_NO_KRB5KDF */ +#ifndef OPENSSL_NO_HMAC_DRBG_KDF static int test_kdf_hmac_drbg_settables(void) { int ret = 0, i = 0, j = 0; @@ -2592,7 +2605,9 @@ err: EVP_KDF_CTX_free(kctx); return ret; } +#endif /* OPENSSL_NO_HMAC_DRBG_KDF */ +#ifndef OPENSSL_NO_KBKDF /* Test that changing the KBKDF algorithm from KMAC to HMAC works correctly */ static int test_kbkdf_mac_change(void) { @@ -2650,12 +2665,14 @@ err: EVP_KDF_CTX_free(kctx); return ret; } +#endif /* OPENSSL_NO_KBKDF */ int setup_tests(void) { ADD_TEST(test_kdf_pbkdf1); ADD_TEST(test_kdf_pbkdf1_skey); ADD_TEST(test_kdf_pbkdf1_key_too_long); +#ifndef OPENSSL_NO_KBKDF #if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_CAMELLIA) ADD_TEST(test_kdf_kbkdf_6803_128); ADD_TEST(test_kdf_kbkdf_6803_256); @@ -2673,6 +2690,7 @@ int setup_tests(void) #endif if (fips_provider_version_ge(NULL, 3, 1, 0)) ADD_TEST(test_kdf_kbkdf_kmac); +#endif /* OPENSSL_NO_KBKDF */ ADD_TEST(test_kdf_get_kdf); ADD_TEST(test_kdf_tls1_prf); ADD_TEST(test_kdf_tls1_prf_set_skey); @@ -2709,17 +2727,29 @@ int setup_tests(void) #ifndef OPENSSL_NO_SCRYPT ADD_TEST(test_kdf_scrypt); #endif +#ifndef OPENSSL_NO_SSKDF ADD_TEST(test_kdf_ss_hash); ADD_TEST(test_kdf_ss_hmac); ADD_TEST(test_kdf_ss_kmac); +#endif +#ifndef OPENSSL_NO_SSHKDF ADD_TEST(test_kdf_sshkdf); +#endif +#ifndef OPENSSL_NO_X963KDF ADD_TEST(test_kdf_x963); -#if !defined(OPENSSL_NO_CMS) && !defined(OPENSSL_NO_DES) +#endif +#if !defined(OPENSSL_NO_CMS) && !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_X942KDF) ADD_TEST(test_kdf_x942_asn1); #endif +#ifndef OPENSSL_NO_KRB5KDF ADD_TEST(test_kdf_krb5kdf); +#endif +#ifndef OPENSSL_NO_HMAC_DRBG_KDF ADD_TEST(test_kdf_hmac_drbg_settables); ADD_TEST(test_kdf_hmac_drbg_gettables); +#endif +#ifndef OPENSSL_NO_KBKDF ADD_TEST(test_kbkdf_mac_change); +#endif return 1; } diff --git a/test/recipes/15-test_rsa.t b/test/recipes/15-test_rsa.t index e0ac15772a5..c9be7128c8e 100644 --- a/test/recipes/15-test_rsa.t +++ b/test/recipes/15-test_rsa.t @@ -65,7 +65,7 @@ sub run_rsa_tests { SKIP: { skip "Skipping PVK conversion test", 1 if disabled($cmd) || $cmd eq 'pkey' || disabled("rc4") - || disabled ("legacy"); + || disabled ("legacy") || disabled("pvkkdf"); subtest "$cmd conversions -- private key" => sub { tconversion( -type => 'pvk', -prefix => "$cmd-pvk", diff --git a/test/recipes/20-test_dgst.t b/test/recipes/20-test_dgst.t index 250821c9a7f..02ec526c143 100644 --- a/test/recipes/20-test_dgst.t +++ b/test/recipes/20-test_dgst.t @@ -372,6 +372,9 @@ SKIP: { "Generating signature with xoflen should fail"); }; + skip "HMAC-DRBG-KDF is not supported by this OpenSSL build", 1 + if disabled("hmac-drbg-kdf"); + subtest "signing using the nonce-type sigopt" => sub { plan tests => 1; my $data_to_sign = srctop_file('test', 'data.bin'); diff --git a/test/recipes/20-test_kdf.t b/test/recipes/20-test_kdf.t index 00f9eeac950..ed0429bb82e 100755 --- a/test/recipes/20-test_kdf.t +++ b/test/recipes/20-test_kdf.t @@ -31,18 +31,6 @@ my @kdf_tests = ( { cmd => [qw{openssl kdf -keylen 25 -digest SHA256 -kdfopt pass:passwordPASSWORDpassword -kdfopt salt:saltSALTsaltSALTsaltSALTsaltSALTsalt -kdfopt iter:4096 PBKDF2}], expected => '34:8C:89:DB:CB:D3:2B:2F:32:D8:14:B8:11:6E:84:CF:2B:17:34:7E:BC:18:00:18:1C', desc => 'PBKDF2 SHA256'}, - { cmd => [qw{openssl kdf -keylen 64 -mac KMAC128 -kdfopt maclen:20 -kdfopt hexkey:b74a149a161546f8c20b06ac4ed4 -kdfopt hexinfo:348a37a27ef1282f5f020dcc -kdfopt hexsalt:3638271ccd68a25dc24ecddd39ef3f89 SSKDF}], - expected => 'e9:c1:84:53:a0:62:b5:3b:db:fc:bb:5a:34:bd:b8:e5:e7:07:ee:bb:5d:d1:34:42:43:d8:cf:c2:c2:e6:33:2f:91:bd:a5:86:f3:7d:e4:8a:65:d4:c5:14:fd:ef:aa:1e:67:54:f3:73:d2:38:e1:95:ae:15:7e:1d:e8:14:98:03', - desc => 'SSKDF KMAC128'}, - { cmd => [qw{openssl kdf -keylen 16 -mac HMAC -digest SHA256 -kdfopt hexkey:b74a149a161546f8c20b06ac4ed4 -kdfopt hexinfo:348a37a27ef1282f5f020dcc -kdfopt hexsalt:3638271ccd68a25dc24ecddd39ef3f89 SSKDF}], - expected => '44:f6:76:e8:5c:1b:1a:8b:bc:3d:31:92:18:63:1c:a3', - desc => 'SSKDF HMAC SHA256'}, - { cmd => [qw{openssl kdf -keylen 14 -digest SHA224 -kdfopt hexkey:6dbdc23f045488e4062757b06b9ebae183fc5a5946d80db93fec6f62ec07e3727f0126aed12ce4b262f47d48d54287f81d474c7c3b1850e9 -kdfopt hexinfo:a1b2c3d4e54341565369643c832e9849dcdba71e9a3139e606e095de3c264a66e98a165854cd07989b1ee0ec3f8dbe SSKDF}], - expected => 'a4:62:de:16:a8:9d:e8:46:6e:f5:46:0b:47:b8', - desc => 'SSKDF HASH SHA224'}, - { cmd => [qw{openssl kdf -keylen 16 -digest SHA256 -kdfopt hexkey:0102030405 -kdfopt hexxcghash:06090A -kdfopt hexsession_id:01020304 -kdfopt type:A SSHKDF}], - expected => '5C:49:94:47:3B:B1:53:3A:58:EB:19:42:04:D3:78:16', - desc => 'SSHKDF SHA256'}, # Using the -kdfopt digest: option instead of -digest { cmd => [qw{openssl kdf -keylen 16 -kdfopt digest:SHA256 -kdfopt secret:secret -kdfopt seed:seed TLS1-PRF}], @@ -57,7 +45,19 @@ my @kdf_tests = ( { cmd => [qw{openssl kdf -keylen 25 -kdfopt digest:SHA256 -kdfopt pass:passwordPASSWORDpassword -kdfopt salt:saltSALTsaltSALTsaltSALTsaltSALTsalt -kdfopt iter:4096 PBKDF2}], expected => '34:8C:89:DB:CB:D3:2B:2F:32:D8:14:B8:11:6E:84:CF:2B:17:34:7E:BC:18:00:18:1C', desc => 'PBKDF2 SHA256'}, - { cmd => [qw{openssl kdf -keylen 64 -mac KMAC128 -kdfopt maclen:20 -kdfopt hexkey:b74a149a161546f8c20b06ac4ed4 -kdfopt hexinfo:348a37a27ef1282f5f020dcc -kdfopt hexsalt:3638271ccd68a25dc24ecddd39ef3f89 SSKDF}], +); + +my @sshkdf_tests = ( + { cmd => [qw{openssl kdf -keylen 16 -digest SHA256 -kdfopt hexkey:0102030405 -kdfopt hexxcghash:06090A -kdfopt hexsession_id:01020304 -kdfopt type:A SSHKDF}], + expected => '5C:49:94:47:3B:B1:53:3A:58:EB:19:42:04:D3:78:16', + desc => 'SSHKDF SHA256'}, + { cmd => [qw{openssl kdf -keylen 16 -kdfopt digest:SHA256 -kdfopt hexkey:0102030405 -kdfopt hexxcghash:06090A -kdfopt hexsession_id:01020304 -kdfopt type:A SSHKDF}], + expected => '5C:49:94:47:3B:B1:53:3A:58:EB:19:42:04:D3:78:16', + desc => 'SSHKDF SHA256'}, +); + +my @sskdf_tests = ( + { cmd => [qw{openssl kdf -keylen 64 -mac KMAC128 -kdfopt maclen:20 -kdfopt hexkey:b74a149a161546f8c20b06ac4ed4 -kdfopt hexinfo:348a37a27ef1282f5f020dcc -kdfopt hexsalt:3638271ccd68a25dc24ecddd39ef3f89 SSKDF}], expected => 'e9:c1:84:53:a0:62:b5:3b:db:fc:bb:5a:34:bd:b8:e5:e7:07:ee:bb:5d:d1:34:42:43:d8:cf:c2:c2:e6:33:2f:91:bd:a5:86:f3:7d:e4:8a:65:d4:c5:14:fd:ef:aa:1e:67:54:f3:73:d2:38:e1:95:ae:15:7e:1d:e8:14:98:03', desc => 'SSKDF KMAC128'}, { cmd => [qw{openssl kdf -keylen 16 -mac HMAC -kdfopt digest:SHA256 -kdfopt hexkey:b74a149a161546f8c20b06ac4ed4 -kdfopt hexinfo:348a37a27ef1282f5f020dcc -kdfopt hexsalt:3638271ccd68a25dc24ecddd39ef3f89 SSKDF}], @@ -66,10 +66,6 @@ my @kdf_tests = ( { cmd => [qw{openssl kdf -keylen 14 -kdfopt digest:SHA224 -kdfopt hexkey:6dbdc23f045488e4062757b06b9ebae183fc5a5946d80db93fec6f62ec07e3727f0126aed12ce4b262f47d48d54287f81d474c7c3b1850e9 -kdfopt hexinfo:a1b2c3d4e54341565369643c832e9849dcdba71e9a3139e606e095de3c264a66e98a165854cd07989b1ee0ec3f8dbe SSKDF}], expected => 'a4:62:de:16:a8:9d:e8:46:6e:f5:46:0b:47:b8', desc => 'SSKDF HASH SHA224'}, - { cmd => [qw{openssl kdf -keylen 16 -kdfopt digest:SHA256 -kdfopt hexkey:0102030405 -kdfopt hexxcghash:06090A -kdfopt hexsession_id:01020304 -kdfopt type:A SSHKDF}], - expected => '5C:49:94:47:3B:B1:53:3A:58:EB:19:42:04:D3:78:16', - desc => 'SSHKDF SHA256'}, - # Additionally using -kdfopt mac: instead of -mac { cmd => [qw{openssl kdf -keylen 64 -kdfopt mac:KMAC128 -kdfopt maclen:20 -kdfopt hexkey:b74a149a161546f8c20b06ac4ed4 -kdfopt hexinfo:348a37a27ef1282f5f020dcc -kdfopt hexsalt:3638271ccd68a25dc24ecddd39ef3f89 SSKDF}], expected => 'e9:c1:84:53:a0:62:b5:3b:db:fc:bb:5a:34:bd:b8:e5:e7:07:ee:bb:5d:d1:34:42:43:d8:cf:c2:c2:e6:33:2f:91:bd:a5:86:f3:7d:e4:8a:65:d4:c5:14:fd:ef:aa:1e:67:54:f3:73:d2:38:e1:95:ae:15:7e:1d:e8:14:98:03', @@ -86,6 +82,8 @@ my @scrypt_tests = ( ); push @kdf_tests, @scrypt_tests unless disabled("scrypt"); +push @kdf_tests, @sshkdf_tests unless disabled("sshkdf"); +push @kdf_tests, @sskdf_tests unless disabled("sskdf"); plan tests => scalar @kdf_tests; diff --git a/test/recipes/20-test_pkeyutl.t b/test/recipes/20-test_pkeyutl.t index 31e46c6d99b..9ea92bbb83b 100644 --- a/test/recipes/20-test_pkeyutl.t +++ b/test/recipes/20-test_pkeyutl.t @@ -23,7 +23,7 @@ plan tests => 27; SKIP: { skip "Skipping tests that require EC, SM2 or SM3", 4 - if disabled("ec") || disabled("sm2") || disabled("sm3"); + if disabled("ec") || disabled("sm2") || disabled("sm3") || disabled("x963kdf"); # SM2 ok_nofips(run(app(([ 'openssl', 'pkeyutl', '-sign', diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t index 98af32086d8..c6bb748c4f1 100644 --- a/test/recipes/30-test_evp.t +++ b/test/recipes/30-test_evp.t @@ -29,12 +29,20 @@ my $no_dsa = disabled("dsa"); my $no_ec = disabled("ec"); my $no_ecx = disabled("ecx"); my $no_ec2m = disabled("ec2m"); -my $no_sm2 = disabled("sm2"); +my $no_sm2 = disabled("sm2") || disabled("x963kdf"); my $no_siv = disabled("siv"); my $no_argon2 = disabled("argon2"); my $no_ml_dsa = disabled("ml-dsa"); my $no_ml_kem = disabled("ml-kem"); my $no_lms = disabled("lms"); +my $no_sskdf = disabled("sskdf"); +my $no_x942kdf = disabled("x942kdf"); +my $no_x963kdf = disabled("x963kdf"); +my $no_determinstic_nonce = disabled("hmac-drbg-kdf"); +my $no_kbkdf = disabled("kbkdf"); +my $no_krb5kdf = disabled("krb5kdf"); +my $no_snmpkdf = disabled("snmpkdf"); +my $no_sshkdf = disabled("sshkdf"); # Default config depends on if the legacy module is built or not my $defaultcnf = $no_legacy ? 'default.cnf' : 'default-and-legacy.cnf'; @@ -52,17 +60,10 @@ my @files = qw( evpciph_aes_stitched.txt evpciph_des3_common.txt evpkdf_hkdf.txt - evpkdf_kbkdf_counter.txt - evpkdf_kbkdf_kmac.txt evpkdf_pbkdf1.txt evpkdf_pbkdf2.txt - evpkdf_snmp.txt - evpkdf_ss.txt - evpkdf_ssh.txt evpkdf_tls12_prf.txt evpkdf_tls13_kdf.txt - evpkdf_x942.txt - evpkdf_x963.txt evpmac_common.txt evpmd_sha.txt evppbe_pbkdf2.txt @@ -73,14 +74,22 @@ my @files = qw( evppkey_rsa_sigalg.txt evprand.txt ); +push @files, qw(evpkdf_ssh.txt) unless $no_sshkdf; +push @files, qw(evpkdf_snmp.txt) unless $no_snmpkdf; +push @files, qw( + evpkdf_kbkdf_counter.txt + evpkdf_kbkdf_kmac.txt + ) unless $no_kbkdf; +push @files, qw(evpkdf_ss.txt) unless $no_sskdf; +push @files, qw(evpkdf_x942.txt) unless $no_x942kdf; +push @files, qw(evpkdf_x963.txt) unless $no_x963kdf; push @files, qw( evppkey_ffdhe.txt evppkey_dh.txt ) unless $no_dh; -push @files, qw( - evpkdf_x942_des.txt - evpmac_cmac_des.txt - ) unless $no_des; +push @files, qw(evppkey_ffdhe_x942kdf.txt) unless ($no_x942kdf || $no_dh); +push @files, qw(evpmac_cmac_des.txt) unless $no_des; +push @files, qw(evpkdf_x942_des.txt) unless ($no_des || $no_x942kdf); push @files, qw( evppkey_slh_dsa_siggen.txt evppkey_slh_dsa_sigver.txt @@ -131,7 +140,7 @@ push @files, qw( ) unless $no_lms; push @files, qw( evppkey_ecdsa_rfc6979.txt - ) unless $no_ec; + ) unless ($no_ec || $no_determinstic_nonce); # A list of tests that only run with the default provider # (i.e. The algorithms are not present in the fips provider) @@ -152,10 +161,8 @@ my @defltfiles = qw( evpciph_seed.txt evpciph_sm4.txt evpencod.txt - evpkdf_krb5.txt evpkdf_scrypt.txt evpkdf_tls11_prf.txt - evpkdf_hmac_drbg.txt evpmac_blake.txt evpmac_poly1305.txt evpmac_siphash.txt @@ -171,13 +178,15 @@ my @defltfiles = qw( evppkey_kdf_scrypt.txt evppkey_kdf_tls1_prf.txt ); +push @defltfiles, qw(evpkdf_krb5.txt) unless $no_krb5kdf; push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec; push @defltfiles, qw(evppkey_ecx_kem.txt) unless $no_ecx; -push @defltfiles, qw(evppkey_dsa_rfc6979.txt) unless $no_dsa; +push @defltfiles, qw(evppkey_dsa_rfc6979.txt) unless ($no_dsa || $no_determinstic_nonce); push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2; push @defltfiles, qw(evpciph_aes_gcm_siv.txt) unless $no_siv; push @defltfiles, qw(evpciph_aes_siv.txt) unless $no_siv; push @defltfiles, qw(evpkdf_argon2.txt) unless $no_argon2; +push @defltfiles, qw(evpkdf_hmac_drbg.txt) unless $no_determinstic_nonce; plan tests => + (scalar(@configs) * scalar(@files)) diff --git a/test/recipes/30-test_evp_data/evppkey_ffdhe.txt b/test/recipes/30-test_evp_data/evppkey_ffdhe.txt index dd4dac63b67..554aba93b88 100644 --- a/test/recipes/30-test_evp_data/evppkey_ffdhe.txt +++ b/test/recipes/30-test_evp_data/evppkey_ffdhe.txt @@ -93,29 +93,6 @@ PeerKey=ffdhe2048-2-pub Ctrl = dh_pad:1 SharedSecret=00006620DD85B56EE8540C8040CAC46B7385344A164E4DBDF521F7D99F88FA68EDD295A45E36E0BBD5FF5DE84598824E2CA52ED82ACA918CAECC6B22846D0FC6F0203E8B6963964D11E9E704F83AF1D60E9B1931139E9E9967C4665A831A75D99359A8BA80DD5921E74379AF4CA8DB453EDBC5E669AB17A5254CA6C96794CD5196BE90AF37742C8F6812515FFCC45B08F4158EFF9559F1AEF3665B3D91519DCBC6DF22CD6DA521B86613558602E73D2CA4666972F7D2CB6B46299B1DF2DA29A2A2D99D105E10CB553D6738A9B1DB2A0314C3CF30642D5C44695623D8B95C4426BEA830FB51816B4F086945E9B12A445F42DD68610E3F378A6E69A383D13D85BF -# The following two testcases check that the padding is implicitly enabled -# with X942KDF-ASN1 KDF. -# The plain shared secret for these keys needs padding as seen above. -Derive=ffdhe2048-1 -PeerKey=ffdhe2048-2-pub -Ctrl = kdf-type:X942KDF-ASN1 -Ctrl = kdf-outlen:32 -Ctrl = kdf-digest:SHA-256 -Ctrl = cekalg:AES-128-WRAP -Ctrl = dh_pad:1 -SharedSecret=89A249DF4EE9033B89C2B4E52072A736D94F51143A1ED5C8F1E91FCBEBE09654 - -# FIPS(3.0.0): allows the padding to be set, later versions do not #17859 -FIPSversion = >3.0.0 -Derive=ffdhe2048-2 -PeerKey=ffdhe2048-1-pub -Ctrl = kdf-type:X942KDF-ASN1 -Ctrl = kdf-outlen:32 -Ctrl = kdf-digest:SHA-256 -Ctrl = cekalg:AES-128-WRAP -Ctrl = dh_pad:0 -SharedSecret=89A249DF4EE9033B89C2B4E52072A736D94F51143A1ED5C8F1E91FCBEBE09654 - PrivateKey=ffdhe3072-1 -----BEGIN PRIVATE KEY----- MIIByQIBADCCAZsGCSqGSIb3DQEDATCCAYwCggGBAP//////////rfhUWKK7Spqv diff --git a/test/recipes/30-test_evp_data/evppkey_ffdhe_x942kdf.txt b/test/recipes/30-test_evp_data/evppkey_ffdhe_x942kdf.txt new file mode 100644 index 00000000000..894421111a1 --- /dev/null +++ b/test/recipes/30-test_evp_data/evppkey_ffdhe_x942kdf.txt @@ -0,0 +1,97 @@ +# +# Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# Tests start with one of these keywords +# Cipher Decrypt Derive Digest Encoding KDF MAC PBE +# PrivPubKeyPair Sign Verify VerifyRecover +# and continue until a blank line. Lines starting with a pound sign are ignored. + + +# ffdhe2048-1 and ffdhe2048-2 were randomly generated and have a shared secret +# less than 256 bytes in length (to test padding) other keys have no special +# properties +PrivateKey=ffdhe2048-1 +-----BEGIN PRIVATE KEY----- +MIIBQwIBADCCARsGCSqGSIb3DQEDATCCAQwCggEBAP//////////rfhUWKK7Spqv +3FYgJz088di5xYPOLTaVqeE2QRRkM/vMk53OJJs++X0v42NjDHXY9oGyAq7EYXrT +3x7V1f1lYSQz9R9fBm7QhWNlVT3tGvO1VxNef1fJNZhPDHDg5ot34qaJ2vPv6HId +8VihNq3nNTCsyk9IOnl6vAqxgrMk+2HRCKlLssjj+7lq2rdg1/RoHU9Co945TfSu +Vu3nY3K7GQsHp8juCm1wngL84c334uzANATNKDQvYZFy/pzphYP/jk8SMu7ygYPD +/jsbTG+tczu1/LwuwiAFxY7xg30Wg7LG80omwbLv+ohrQjhhKFyX//////////8C +AQICAgDhBB8CHQGUa5iGUF9rGvDjv9PDFGIvtS9OIqbbi8rqm4b6 +-----END PRIVATE KEY----- + +PrivateKey=ffdhe2048-2 +-----BEGIN PRIVATE KEY----- +MIIBQwIBADCCARsGCSqGSIb3DQEDATCCAQwCggEBAP//////////rfhUWKK7Spqv +3FYgJz088di5xYPOLTaVqeE2QRRkM/vMk53OJJs++X0v42NjDHXY9oGyAq7EYXrT +3x7V1f1lYSQz9R9fBm7QhWNlVT3tGvO1VxNef1fJNZhPDHDg5ot34qaJ2vPv6HId +8VihNq3nNTCsyk9IOnl6vAqxgrMk+2HRCKlLssjj+7lq2rdg1/RoHU9Co945TfSu +Vu3nY3K7GQsHp8juCm1wngL84c334uzANATNKDQvYZFy/pzphYP/jk8SMu7ygYPD +/jsbTG+tczu1/LwuwiAFxY7xg30Wg7LG80omwbLv+ohrQjhhKFyX//////////8C +AQICAgDhBB8CHQEYNZIth+/EaIgKK2gcxFutVjUTWYCaReyTKMvP +-----END PRIVATE KEY----- + +PublicKey=ffdhe2048-1-pub +-----BEGIN PUBLIC KEY----- +MIICKTCCARsGCSqGSIb3DQEDATCCAQwCggEBAP//////////rfhUWKK7Spqv3FYg +Jz088di5xYPOLTaVqeE2QRRkM/vMk53OJJs++X0v42NjDHXY9oGyAq7EYXrT3x7V +1f1lYSQz9R9fBm7QhWNlVT3tGvO1VxNef1fJNZhPDHDg5ot34qaJ2vPv6HId8Vih +Nq3nNTCsyk9IOnl6vAqxgrMk+2HRCKlLssjj+7lq2rdg1/RoHU9Co945TfSuVu3n +Y3K7GQsHp8juCm1wngL84c334uzANATNKDQvYZFy/pzphYP/jk8SMu7ygYPD/jsb +TG+tczu1/LwuwiAFxY7xg30Wg7LG80omwbLv+ohrQjhhKFyX//////////8CAQIC +AgDhA4IBBgACggEBAOYRygvHGUKaIXLfUatc2YkYcm9Ew65H0hwpiDXG6XHAYAjJ +bjKNJxdFRjjeCwtJEAGlyUtjSHrka6dHDfzkQfDK6u13Z+3Xmh+nCMZwPOHDNR3I +Ep5vy3quU7suD3ADDrjwX3sVfsXensgh+JpexbrR+leHATf8aX1g8jQofFdi1Wn7 +CbE6VciU4b32L8HPwO1ePpJGib70Em45VurmUfCwNXgEUnu1N6LYRAjH9vnjB529 +C3BSp58rJnA2aslacC0CFY6YVCQfLTdN7y+F5QlGrdGd6wQmf3FXPLf9iYSiuLrm +jW/WDFmPnwAn5A7TEgiNeNu8pwsSKPgZqdW+lyw= +-----END PUBLIC KEY----- + +PublicKey=ffdhe2048-2-pub +-----BEGIN PUBLIC KEY----- +MIICKTCCARsGCSqGSIb3DQEDATCCAQwCggEBAP//////////rfhUWKK7Spqv3FYg +Jz088di5xYPOLTaVqeE2QRRkM/vMk53OJJs++X0v42NjDHXY9oGyAq7EYXrT3x7V +1f1lYSQz9R9fBm7QhWNlVT3tGvO1VxNef1fJNZhPDHDg5ot34qaJ2vPv6HId8Vih +Nq3nNTCsyk9IOnl6vAqxgrMk+2HRCKlLssjj+7lq2rdg1/RoHU9Co945TfSuVu3n +Y3K7GQsHp8juCm1wngL84c334uzANATNKDQvYZFy/pzphYP/jk8SMu7ygYPD/jsb +TG+tczu1/LwuwiAFxY7xg30Wg7LG80omwbLv+ohrQjhhKFyX//////////8CAQIC +AgDhA4IBBgACggEBAN5LAdrzTwa7nT7855NJQLNum5Yr1O8XZupjvwtVIrJgORvh +L8VMKJoerEwOZ38snTsh9tuKnAWrmdIyFhnOjaHm40GlvInQGff5Lwb1itf7ib3U +ELPOO29PajwY1RocWKX7Wfdj8n6Kd9gHhdoO5v8MyZMCkUU6Rz6y1VzaVwykdsqA +kbMdZfK8Dkpd5PBZ8SJpJF02IEzvh5OYfjcbMN2K0lDO5ZvoMYQku7yXr6PfJebC +CpoVOaoqH19n3g8Xni8IFi7znI83UqxKuYhyYCuMwtE+HS+9WkmkQ1coo512Gw2f +TcY3pf9gGZ41xLFxCOdrUbR3QlieI+zl+TttLzM= +-----END PUBLIC KEY----- + +PrivPubKeyPair=ffdhe2048-1:ffdhe2048-1-pub + +PrivPubKeyPair=ffdhe2048-2:ffdhe2048-2-pub + +# The following two testcases check that the padding is implicitly enabled +# with X942KDF-ASN1 KDF. +# The plain shared secret for these keys needs padding as seen above. +Derive=ffdhe2048-1 +PeerKey=ffdhe2048-2-pub +Ctrl = kdf-type:X942KDF-ASN1 +Ctrl = kdf-outlen:32 +Ctrl = kdf-digest:SHA-256 +Ctrl = cekalg:AES-128-WRAP +Ctrl = dh_pad:1 +SharedSecret=89A249DF4EE9033B89C2B4E52072A736D94F51143A1ED5C8F1E91FCBEBE09654 + +# FIPS(3.0.0): allows the padding to be set, later versions do not #17859 +FIPSversion = >3.0.0 +Derive=ffdhe2048-2 +PeerKey=ffdhe2048-1-pub +Ctrl = kdf-type:X942KDF-ASN1 +Ctrl = kdf-outlen:32 +Ctrl = kdf-digest:SHA-256 +Ctrl = cekalg:AES-128-WRAP +Ctrl = dh_pad:0 +SharedSecret=89A249DF4EE9033B89C2B4E52072A736D94F51143A1ED5C8F1E91FCBEBE09654 diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t index 8a5cfac69c9..b146725c49d 100644 --- a/test/recipes/80-test_cms.t +++ b/test/recipes/80-test_cms.t @@ -44,6 +44,8 @@ my $provname = 'default'; my $dsaallow = '1'; my $no_pqc = 0; my $no_hkdf_fixed = 0; +my $no_x963kdf = disabled("x963kdf"); +my $no_x942kdf = disabled("x942kdf"); my $datadir = srctop_dir("test", "recipes", "80-test_cms_data"); my $smdir = srctop_dir("test", "smime-certs"); @@ -694,7 +696,7 @@ my @smime_cms_param_tests = ( ] ); -if ($no_fips || $old_fips) { +if (!$no_x942kdf && ($no_fips || $old_fips)) { # Only SHA1 supported in dh_cms_encrypt() push(@smime_cms_param_tests, @@ -1005,7 +1007,7 @@ subtest "CMS Decrypt message encrypted with OpenSSL 1.1.1\n" => sub { SKIP: { skip "EC or DES isn't supported in this build", 1 - if disabled("ec") || disabled("des"); + if disabled("ec") || disabled("des") || disabled("x963kdf"); my $out = "smtst.txt"; @@ -1283,8 +1285,8 @@ with({ exit_checker => sub { return shift == 4; } }, sub check_availability { my $tnam = shift; - return "$tnam: skipped, EC disabled\n" - if ($no_ec && $tnam =~ /ECDH/); + return "$tnam: skipped, X963KDF disabled\n" + if ($no_x963kdf && $tnam =~ /ECDH/); return "$tnam: skipped, ECDH disabled\n" if ($no_ec && $tnam =~ /ECDH/); return "$tnam: skipped, EC2M disabled\n" diff --git a/test/recipes/90-test_store.t b/test/recipes/90-test_store.t index bc22fdaad77..a41c8988399 100644 --- a/test/recipes/90-test_store.t +++ b/test/recipes/90-test_store.t @@ -36,7 +36,7 @@ my @data_files = ( "testrsa.msb" ); push(@data_files, ( "testrsa.pvk" )) - unless disabled("legacy") || disabled("rc4"); + unless disabled("legacy") || disabled("rc4") || disabled("pvkkdf"); my @src_rsa_files = ( "test/testrsa.pem", "test/testrsapub.pem" ); diff --git a/test/sm2_internal_test.c b/test/sm2_internal_test.c index c0dbb66b71d..684e3ac2696 100644 --- a/test/sm2_internal_test.c +++ b/test/sm2_internal_test.c @@ -130,6 +130,7 @@ done: return group; } +#ifndef OPENSSL_NO_X963KDF static int test_sm2_crypt(const EC_GROUP *group, const EVP_MD *digest, const char *privkey_hex, @@ -294,6 +295,7 @@ done: return testresult; } +#endif /* OPENSSL_NO_X963KDF */ static int test_sm2_sign(const EC_GROUP *group, const char *userid, @@ -463,7 +465,9 @@ int setup_tests(void) if (fake_rand == NULL) return 0; +#ifndef OPENSSL_NO_X963KDF ADD_TEST(sm2_crypt_test); +#endif ADD_TEST(sm2_sig_test); #endif return 1;