[openssl/openssl] 15d611: hkdf: when HMAC key is all zeros, still set a vali...
Dimitri John Ledkov
noreply at github.com
Thu Apr 25 12:02:35 UTC 2024
Branch: refs/heads/master
Home: https://github.com/openssl/openssl
Commit: 15d6114d99d93468876697b62d543b0e2efd45d5
https://github.com/openssl/openssl/commit/15d6114d99d93468876697b62d543b0e2efd45d5
Author: Dimitri John Ledkov <dimitri.ledkov at surgut.co.uk>
Date: 2024-04-25 (Thu, 25 Apr 2024)
Changed paths:
M providers/implementations/kdfs/hkdf.c
Log Message:
-----------
hkdf: when HMAC key is all zeros, still set a valid key length
By itself, this is no change in any computation. However, this will
unlock enforcing minimum key lengths for NIST and FIPS 140-3
requirements.
Also reading RFC8448 and RFC5869, this seems to be strictly correct
too.
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov at surgut.co.uk>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24204)
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
More information about the openssl-commits
mailing list