[openssl/openssl] d1a8d5: Add HKDF algorithms with fixed digests.

[Daniel Van Geest]

Branch: refs/heads/master
Home: https://github.com/openssl/openssl
Commit: d1a8d5a8330a8c9d939e18a22f7382af090cf108
https://github.com/openssl/openssl/commit/d1a8d5a8330a8c9d939e18a22f7382af090cf108
Author: Daniel Van Geest <daniel....@cryptonext-security.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)

Changed paths:
M CHANGES.md
M crypto/objects/obj_dat.h
M crypto/objects/obj_mac.num
M crypto/objects/objects.txt
M fuzz/oids.txt
M include/openssl/core_names.h.in
M include/openssl/obj_mac.h
M providers/defltprov.c
M providers/fips/fipsprov.c
M providers/implementations/exchange/kdf_exch.c
M providers/implementations/include/prov/implementations.h
M providers/implementations/include/prov/names.h
M providers/implementations/kdfs/hkdf.c
M test/evp_kdf_test.c
M test/recipes/20-test_kdf.t
M test/recipes/30-test_evp_data/evpkdf_hkdf.txt
M test/recipes/30-test_evp_data/evppkey_kdf_hkdf.txt

Log Message:
-----------
Add HKDF algorithms with fixed digests.

Add HKDF-SHA256, HKDF-SHA384 and HKDF-SHA512 which are versions
of HKDF that have the digest pre-set. The digest cannot be changed
for contexts of these types.

RFC 8619 defines algorithm identifiers for these combinations.
These algorithm identifiers will be used in future features, e.g.
KEMRecipientInfo.

Reviewed-by: Shane Lontis <shane....@oracle.com>
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Paul Dale <ppz...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27247)


Commit: 2671a68a27100851c857c9116e64808e86e47c06
https://github.com/openssl/openssl/commit/2671a68a27100851c857c9116e64808e86e47c06
Author: Daniel Van Geest <daniel....@cryptonext-security.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)

Changed paths:
M doc/man7/EVP_KDF-HKDF.pod
M doc/man7/OSSL_PROVIDER-FIPS.pod
M doc/man7/OSSL_PROVIDER-default.pod

Log Message:
-----------
Add fixed-digest HKDF documentation

Reviewed-by: Shane Lontis <shane....@oracle.com>
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Paul Dale <ppz...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27247)


Commit: c6a1d8ea744abac1c467642dba0bbea88293ffef
https://github.com/openssl/openssl/commit/c6a1d8ea744abac1c467642dba0bbea88293ffef
Author: Daniel Van Geest <daniel....@cryptonext-security.com>
Date: 2025-07-10 (Thu, 10 Jul 2025)

Changed paths:
M CHANGES.md
M doc/man7/EVP_KDF-HKDF.pod
M doc/man7/OSSL_PROVIDER-FIPS.pod
M doc/man7/OSSL_PROVIDER-default.pod
M providers/defltprov.c
M providers/fips/fipsprov.c
M providers/implementations/exchange/kdf_exch.c
M providers/implementations/kdfs/hkdf.c
M test/evp_kdf_test.c
M test/recipes/30-test_evp_data/evpkdf_hkdf.txt
M test/recipes/30-test_evp_data/evppkey_kdf_hkdf.txt

Log Message:
-----------
HKDF updates

- prevent fixed-digest HKDF from having its digest changed
- implement gettable params in HKDF
- update fixed-digest HKDF tests

Reviewed-by: Shane Lontis <shane....@oracle.com>
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Paul Dale <ppz...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27247)


Compare: https://github.com/openssl/openssl/compare/162089af7c68...c6a1d8ea744a

To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications