public/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

hkdf: when HMAC key is all zeros, still set a valid key length

Browse source 
By itself, this is no change in any computation. However, this will
unlock enforcing minimum key lengths for NIST and FIPS 140-3
requirements.

Also reading RFC8448 and RFC5869, this seems to be strictly correct
too.

Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24204)
This commit is contained in:
Dimitri John Ledkov 2024-04-19 11:50:34 +01:00 committed by Tomas Mraz
parent 5d218b0e44
commit 15d6114d99
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
providers/implementations/kdfs/hkdf.c
View file

@ -631,7 +631,7 @@ static int prov_tls13_hkdf_generate_secret(OSSL_LIB_CTX *libctx,
}
if (prevsecret == NULL) {
prevsecret = default_zeros;
prevsecretlen = 0;
prevsecretlen = mdlen;
} else {
EVP_MD_CTX *mctx = EVP_MD_CTX_new();
unsigned char hash[EVP_MAX_MD_SIZE];