projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5d218b0) | patch
hkdf: when HMAC key is all zeros, still set a valid key length
authorDimitri John Ledkov <dimitri.ledkov@surgut.co.uk>
Fri, 19 Apr 2024 10:50:34 +0000 (11:50 +0100)
committerTomas Mraz <tomas@openssl.org>
Thu, 25 Apr 2024 12:00:05 +0000 (14:00 +0200)
commit15d6114d99d93468876697b62d543b0e2efd45d5
tree937e59fb1e2940816defee71488e57d91bd72ef8tree | snapshot
parent5d218b0e447da20d44d75ab8105ee1d742ca8d09commit | diff
hkdf: when HMAC key is all zeros, still set a valid key length

By itself, this is no change in any computation. However, this will
unlock enforcing minimum key lengths for NIST and FIPS 140-3
requirements.

Also reading RFC8448 and RFC5869, this seems to be strictly correct
too.

Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24204)
providers/implementations/kdfs/hkdf.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.