{
    "mode": "man",
    "parameter": "EVP_KDF-X942-ASN1",
    "section": "7SSL",
    "url": "https://www.chedong.com/phpMan.php/man/EVP_KDF-X942-ASN1/7SSL/json",
    "generated": "2026-06-03T03:39:04Z",
    "sections": {
        "NAME": {
            "content": "EVPKDF-X942-ASN1 - The X9.42-2003 asn1 EVPKDF implementation\n",
            "subsections": []
        },
        "DESCRIPTION": {
            "content": "The EVPKDF-X942-ASN1 algorithm implements the key derivation function X942KDF-ASN1. It is\nused by DH KeyAgreement, to derive a key using input such as a shared secret key and other\ninfo. The other info is DER encoded data that contains a 32 bit counter as well as optional\nfields for \"partyu-info\", \"partyv-info\", \"supp-pubinfo\" and \"supp-privinfo\".  This kdf is\nused by Cryptographic Message Syntax (CMS).\n",
            "subsections": [
                {
                    "name": "Identity",
                    "content": "\"X942KDF-ASN1\" or \"X942KDF\" is the name for this implementation; it can be used with the\nEVPKDFfetch() function.\n"
                },
                {
                    "name": "Supported parameters",
                    "content": "The supported parameters are:\n\n\"properties\" (OSSLKDFPARAMPROPERTIES) <UTF8 string>\n\"digest\" (OSSLKDFPARAMDIGEST) <UTF8 string>\nThese parameters work as described in \"PARAMETERS\" in EVPKDF(3).\n\n\"key\" (OSSLKDFPARAMKEY) <octet string>\nThe shared secret used for key derivation.  This parameter sets the secret.\n\n\"acvp-info\" (OSSLKDFPARAMX942ACVPINFO) <octet string>\nThis value should not be used in production and should only be used for ACVP testing. It\nis an optional octet string containing a combined DER encoded blob of any of the optional\nfields related to \"partyu-info\", \"partyv-info\", \"supp-pubinfo\" and \"supp-privinfo\". If it\nis specified then none of these other fields should be used.\n\n\"partyu-info\" (OSSLKDFPARAMX942PARTYUINFO) <octet string>\nAn optional octet string containing public info contributed by the initiator.\n\n\"ukm\" (OSSLKDFPARAMUKM) <octet string>\nAn alias for \"partyu-info\".  In CMS this is the user keying material.\n\n\"partyv-info\" (OSSLKDFPARAMX942PARTYVINFO) <octet string>\nAn optional octet string containing public info contributed by the responder.\n\n\"supp-pubinfo\" (OSSLKDFPARAMX942SUPPPUBINFO) <octet string>\nAn optional octet string containing some additional, mutually-known public information.\nSetting this value also sets \"use-keybits\" to 0.\n\n\"use-keybits\" (OSSLKDFPARAMX942SUPPPRIVINFO) <integer>\nThe default value of 1 will use the KEK key length (in bits) as the \"supp-pubinfo\". A\nvalue of 0 disables setting the \"supp-pubinfo\".\n\n\"supp-privinfo\" (OSSLKDFPARAMX942SUPPPRIVINFO) <octet string>\nAn optional octet string containing some additional, mutually-known private information.\n\n\"cekalg\" (OSSLKDFPARAMCEKALG) <UTF8 string>\nThis parameter sets the CEK wrapping algorithm name.  Valid values are \"AES-128-WRAP\",\n\"AES-192-WRAP\", \"AES-256-WRAP\" and \"DES3-WRAP\".\n"
                }
            ]
        },
        "NOTES": {
            "content": "A context for X942KDF can be obtained by calling:\n\nEVPKDF *kdf = EVPKDFfetch(NULL, \"X942KDF\", NULL);\nEVPKDFCTX *kctx = EVPKDFCTXnew(kdf);\n\nThe output length of an X942KDF is specified via the keylen parameter to the\nEVPKDFderive(3) function.\n",
            "subsections": []
        },
        "EXAMPLES": {
            "content": "This example derives 24 bytes, with the secret key \"secret\" and random user keying material:\n\nEVPKDFCTX *kctx;\nEVPKDFCTX *kctx;\nunsigned char out[192/8];\nunsignred char ukm[64];\nOSSLPARAM params[5], *p = params;\n\nif (RANDbytes(ukm, sizeof(ukm)) <= 0)\nerror(\"RANDbytes\");\n\nkdf = EVPKDFfetch(NULL, \"X942KDF\", NULL);\nif (kctx == NULL)\nerror(\"EVPKDFfetch\");\nkctx = EVPKDFCTXnew(kdf);\nEVPKDFfree(kdf);\nif (kctx == NULL)\nerror(\"EVPKDFCTXnew\");\n\n*p++ = OSSLPARAMconstructutf8string(OSSLKDFPARAMDIGEST, \"SHA256\", 0);\n*p++ = OSSLPARAMconstructoctetstring(OSSLKDFPARAMSECRET,\n\"secret\", (sizet)6);\n*p++ = OSSLPARAMconstructoctetstring(OSSLKDFPARAMUKM, ukm, sizeof(ukm));\n*p++ = OSSLPARAMconstructutf8string(OSSLKDFPARAMCEKALG, \"AES-256-WRAP, 0);\n*p = OSSLPARAMconstructend();\nif (EVPKDFderive(kctx, out, sizeof(out), params) <= 0)\nerror(\"EVPKDFderive\");\n\nEVPKDFCTXfree(kctx);\n",
            "subsections": []
        },
        "CONFORMING TO": {
            "content": "ANS1 X9.42-2003 RFC 2631\n",
            "subsections": []
        },
        "SEE ALSO": {
            "content": "EVPKDF(3), EVPKDFCTXnew(3), EVPKDFCTXfree(3), EVPKDFCTXsetparams(3),\nEVPKDFCTXgetkdfsize(3), EVPKDFderive(3), \"PARAMETERS\" in EVPKDF(3)\n",
            "subsections": []
        },
        "HISTORY": {
            "content": "This functionality was added to OpenSSL 3.0.\n",
            "subsections": []
        },
        "COPYRIGHT": {
            "content": "Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.\n\nLicensed under the Apache License 2.0 (the \"License\").  You may not use this file except in\ncompliance with the License.  You can obtain a copy in the file LICENSE in the source\ndistribution or at <https://www.openssl.org/source/license.html>.\n\n\n\n3.0.2                                        2026-04-07                      EVPKDF-X942-ASN1(7SSL)",
            "subsections": []
        }
    },
    "summary": "EVPKDF-X942-ASN1 - The X9.42-2003 asn1 EVPKDF implementation",
    "flags": [],
    "examples": [
        "This example derives 24 bytes, with the secret key \"secret\" and random user keying material:",
        "EVPKDFCTX *kctx;",
        "EVPKDFCTX *kctx;",
        "unsigned char out[192/8];",
        "unsignred char ukm[64];",
        "OSSLPARAM params[5], *p = params;",
        "if (RANDbytes(ukm, sizeof(ukm)) <= 0)",
        "error(\"RANDbytes\");",
        "kdf = EVPKDFfetch(NULL, \"X942KDF\", NULL);",
        "if (kctx == NULL)",
        "error(\"EVPKDFfetch\");",
        "kctx = EVPKDFCTXnew(kdf);",
        "EVPKDFfree(kdf);",
        "if (kctx == NULL)",
        "error(\"EVPKDFCTXnew\");",
        "*p++ = OSSLPARAMconstructutf8string(OSSLKDFPARAMDIGEST, \"SHA256\", 0);",
        "*p++ = OSSLPARAMconstructoctetstring(OSSLKDFPARAMSECRET,",
        "\"secret\", (sizet)6);",
        "*p++ = OSSLPARAMconstructoctetstring(OSSLKDFPARAMUKM, ukm, sizeof(ukm));",
        "*p++ = OSSLPARAMconstructutf8string(OSSLKDFPARAMCEKALG, \"AES-256-WRAP, 0);",
        "*p = OSSLPARAMconstructend();",
        "if (EVPKDFderive(kctx, out, sizeof(out), params) <= 0)",
        "error(\"EVPKDFderive\");",
        "EVPKDFCTXfree(kctx);"
    ],
    "see_also": [
        {
            "name": "EVPKDF",
            "section": "3",
            "url": "https://www.chedong.com/phpMan.php/man/EVPKDF/3/json"
        },
        {
            "name": "EVPKDFCTXnew",
            "section": "3",
            "url": "https://www.chedong.com/phpMan.php/man/EVPKDFCTXnew/3/json"
        },
        {
            "name": "EVPKDFCTXfree",
            "section": "3",
            "url": "https://www.chedong.com/phpMan.php/man/EVPKDFCTXfree/3/json"
        },
        {
            "name": "EVPKDFCTXsetparams",
            "section": "3",
            "url": "https://www.chedong.com/phpMan.php/man/EVPKDFCTXsetparams/3/json"
        },
        {
            "name": "EVPKDFCTXgetkdfsize",
            "section": "3",
            "url": "https://www.chedong.com/phpMan.php/man/EVPKDFCTXgetkdfsize/3/json"
        },
        {
            "name": "EVPKDFderive",
            "section": "3",
            "url": "https://www.chedong.com/phpMan.php/man/EVPKDFderive/3/json"
        },
        {
            "name": "EVPKDF",
            "section": "3",
            "url": "https://www.chedong.com/phpMan.php/man/EVPKDF/3/json"
        }
    ]
}