refactor: add libcrypto PRF impl for openssl-3.0-fips #5158

lrstewart · 2025-03-02T01:51:46Z

resolves #5143

Add a new libcrypto PRF using openssl-3.0's EVP_KDF methods and "EVP_KDF-TLS1_PRF" algorithm:
https://docs.openssl.org/3.4/man3/EVP_KDF/
https://docs.openssl.org/3.4/man7/EVP_KDF-TLS1_PRF/

I also moved the libcrypto PRFs to a separate file. I think it belongs in the crypto folder?

I mostly reused the existing tests, but with some improvements to make them more useful:

I added more known-value tests to cover variations on how s2n_prf executes.
I made the values used in the s2n_prf tests different. I had some issues figuring out bugs because they were all just identically all-zero.
Run the s2n_prf tests before the tests for all the methods that depend on s2n_prf.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

lrstewart · 2025-03-02T04:30:19Z

crypto/s2n_prf_libcrypto.c

+#if defined(OPENSSL_IS_AWSLC)
+
+/* The AWSLC TLS PRF API is exported in all AWSLC versions. However, in the AWSLC FIPS branch, this


I didn't modify any of the AWSLC PRF code. I just moved it.

github-actions bot added the s2n-core team label Mar 2, 2025

lrstewart force-pushed the openssl3fips_prf branch from 8201d5c to 206fdfa Compare March 2, 2025 02:07

refactor: add libcrypto PRF impl for openssl-3.0-fips

302ce4a

lrstewart force-pushed the openssl3fips_prf branch from 206fdfa to 302ce4a Compare March 2, 2025 04:22

lrstewart commented Mar 2, 2025

View reviewed changes

lrstewart marked this pull request as ready for review March 2, 2025 06:29

lrstewart requested a review from dougch as a code owner March 2, 2025 06:29

lrstewart requested review from goatgoose and jmayclin March 2, 2025 06:30

dougch approved these changes Mar 3, 2025

View reviewed changes

Provide feedback

		#if defined(OPENSSL_IS_AWSLC)

		/* The AWSLC TLS PRF API is exported in all AWSLC versions. However, in the AWSLC FIPS branch, this