File tree Expand file tree Collapse file tree 1 file changed +16
-5
lines changed Expand file tree Collapse file tree 1 file changed +16
-5
lines changed Original file line number Diff line number Diff line change @@ -12,13 +12,24 @@ import (
1212 "unsafe"
1313)
1414
15+ // SupprtHKDF reports whether the current OpenSSL version supports HKDF.
1516func SupportsHKDF () bool {
16- ctx := C .go_openssl_EVP_PKEY_CTX_new_id (C .GO_EVP_PKEY_HKDF , nil )
17- if ctx == nil {
18- return false
17+ switch vMajor {
18+ case 1 :
19+ return versionAtOrAbove (1 , 1 , 1 )
20+ case 3 :
21+ // Some OpenSSL 3 providers don't support HKDF or don't support it via
22+ // the EVP_PKEY API, which is the one we use.
23+ // See https://github.com/golang-fips/openssl/issues/189.
24+ ctx := C .go_openssl_EVP_PKEY_CTX_new_id (C .GO_EVP_PKEY_HKDF , nil )
25+ if ctx == nil {
26+ return false
27+ }
28+ C .go_openssl_EVP_PKEY_CTX_free (ctx )
29+ return true
30+ default :
31+ panic (errUnsupportedVersion ())
1932 }
20- C .go_openssl_EVP_PKEY_CTX_free (ctx )
21- return false
2233}
2334
2435func newHKDF (h func () hash.Hash , mode C.int ) (* hkdf , error ) {
You can’t perform that action at this time.
0 commit comments