openssl3

Commit Graph

Author	SHA1	Message	Date
Clemens Lang	438a2c64b7	Add indicator for HMAC with short key lengths NIST SP 800-131Ar2, table 9 "Approval Status of MAC Algorithms" specifies key lengths < 112 bytes are disallowed for HMAC generation and are legacy use for HMAC verification. Add an explicit indicator that will mark shorter key lengths as unsupported. The indicator can be queries from the EVP_MAC_CTX object using EVP_MAC_CTX_get_params() with the OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR parameter. Signed-off-by: Clemens Lang <cllang@redhat.com> Resolves: rhbz#2144000	2 years ago

Author

SHA1

Message

Date

Clemens Lang

438a2c64b7

Add indicator for HMAC with short key lengths

NIST SP 800-131Ar2, table 9 "Approval Status of MAC Algorithms"
specifies key lengths < 112 bytes are disallowed for HMAC generation and
are legacy use for HMAC verification.

Add an explicit indicator that will mark shorter key lengths as
unsupported. The indicator can be queries from the EVP_MAC_CTX object
using EVP_MAC_CTX_get_params() with the
  OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR
parameter.

Signed-off-by: Clemens Lang <cllang@redhat.com>
Resolves: rhbz#2144000

1 Commits (d6248f76c48e50645ea564150dfada6f58d4a9c6)