Add DHKEM support and test cases#1069
Conversation
On OpenSSL 3.2-3.4, DHKEM on EC/ECX keys need the operation (DHKEM) to be explicitly selected, so this adds a helper to the implementation to fill the operation parameter
| * X25519, X448 and EC keys only support the RFC 9180 DH-Based KEM (DHKEM). | ||
| * OpenSSL 3.2-3.4 require the operation to be selected explicitly via | ||
| * OSSL_KEM_PARAM_OPERATION before encapsulate/decapsulate; without it the | ||
| * operation fails with "invalid mode". OpenSSL 3.5 defaults to DHKEM. Build |
There was a problem hiding this comment.
OpenSSL 3.3 is EOL already and 3.4 will reach EOL in 4 months: https://openssl-library.org/policies/releasestrat/index.html
To me, this looks like more of a bug fix. Fortunately, the usual suspects (Ubuntu and RHEL) appear to have skipped these versions, so I wonder if anyone would actually benefit from this workaround?
There was a problem hiding this comment.
If that's the case, I might just opt to remove the options helper altogether. That fix is b7d163e, and with this, the patch only includes changes to the test.
|
I'm leaning towards not merging the default values for FWIW, I've been exploring if we could expose |
As OpenSSL <3.4 is approaching EOL, I opted to remove the helper altogether and changed the version gating to 3.5+
2 participants
Follow-up to #1062:
Note: I left out EVP_KEM-RSA intentionally. RSA keys have a different mode of operation (RSASVE), and on OpenSSL 3.2-3.4, this needs to be explicitly set to perform RSASVE (just like DHKEM needed an explicit parameter). If there is need for this I will add it separately or in the same pull request.