]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d2739fc) | patch
Add HMAC FIPS keysize check.
authorslontis <shane.lontis@oracle.com>
Wed, 31 Jul 2024 04:56:44 +0000 (14:56 +1000)
committerTomas Mraz <tomas@openssl.org>
Wed, 21 Aug 2024 13:34:40 +0000 (15:34 +0200)
commit390f00a1e95f241b4a104c323020c7bc90d5e829
treec3236df10f38563b0b15df196e5c8a80a0f21013tree
parentd2739fc350227ab17636bcb4b8209ca320b53094commit | diff
Add HMAC FIPS keysize check.

HMAC has been changed to use a FIPS indicator for its key check.

HKDF and Single Step use a salt rather than a key when using HMAC,
so we need a mechanism to bypass this check in HMAC.

A seperate 'internal' query table has been added to the FIPS provider
for MACS. Giving HMAC a seprate dispatch table allows KDF's to ignore
the key check. If a KDF requires the key check then it must do the
check itself. The normal MAC dipatch table is used if the user fetches
HMAC directly.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25049)
17 files changed:
apps/fipsinstall.c diff | blob | blame | history
doc/man1/openssl-fipsinstall.pod.in diff | blob | blame | history
doc/man7/EVP_MAC-HMAC.pod diff | blob | blame | history
doc/man7/provider-mac.pod diff | blob | blame | history
include/openssl/fips_names.h diff | blob | blame | history
providers/common/include/prov/fipscommon.h diff | blob | blame | history
providers/common/include/prov/fipsindicator.h diff | blob | blame | history
providers/common/include/prov/securitycheck.h diff | blob | blame | history
providers/common/securitycheck.c diff | blob | blame | history
providers/fips/fipsprov.c diff | blob | blame | history
providers/implementations/include/prov/implementations.h diff | blob | blame | history
providers/implementations/kdfs/hkdf.c diff | blob | blame | history
providers/implementations/macs/hmac_prov.c diff | blob | blame | history
test/evp_test.c diff | blob | blame | history
test/recipes/30-test_evp_data/evpmac_common.txt diff | blob | blame | history
util/mk-fipsmodule-cnf.pl diff | blob | blame | history
util/perl/OpenSSL/paramnames.pm diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git