1 Commits (0f4062ead5775ac7a4dca8e65a38739182d0054f)

Author	SHA1	Message	Date
Clemens Lang	105cc32a20	Add indicator for SP 800-108 KDFs w/short keys ... NIST SP 800-131Ar2, section 8 "Deriving Additional Keys from a Cryptographic Key" says that for KDFs defined in SP 800-108, "[t]he length of the key-derivation key shall be at least 112 bits". It further specifies that HMAC-based KDFs "with a key whose length is at least 112 bits" are acceptable. Add an explicit indicator for SP 800-108 KDFs that will mark shorter key lengths as unapproved. The indicator can be queried from the EVP_KDF_CTX object using EVP_KDF_CTX_get_params() with the OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR parameter. This also modifies the previously applied HKDF indicator patch to use the same interface to query its FIPS indicator. This provides better consistency across the various KDFs with explicit indicators. Additionally, the new constants are clearly marked as being specific to Red Hat. Signed-off-by: Clemens Lang <cllang@redhat.com> Resolves: rhbz#2144019	2 years ago