hkdf: when HMAC key is all zeros, still set a valid key length

By itself, this is no change in any computation. However, this will unlock enforcing minimum key lengths for NIST and FIPS 140-3 requirements. Also reading RFC8448 and RFC5869, this seems to be strictly correct too. Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24204)
author: Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk> 2024-04-19 11:50:34 +0100
committer: Tomas Mraz <tomas@openssl.org> 2024-04-25 14:00:05 +0200
commit: 15d6114d99d93468876697b62d543b0e2efd45d5 (patch)
tree: 937e59fb1e2940816defee71488e57d91bd72ef8
parent: 5d218b0e447da20d44d75ab8105ee1d742ca8d09 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c
index a634216419..3f65346a2b 100644
--- a/providers/implementations/kdfs/hkdf.c
+++ b/providers/implementations/kdfs/hkdf.c
@@ -631,7 +631,7 @@ static int prov_tls13_hkdf_generate_secret(OSSL_LIB_CTX *libctx,
     }
     if (prevsecret == NULL) {
         prevsecret = default_zeros;
-        prevsecretlen = 0;
+        prevsecretlen = mdlen;
     } else {
         EVP_MD_CTX *mctx = EVP_MD_CTX_new();
         unsigned char hash[EVP_MAX_MD_SIZE];
author	Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk>	2024-04-19 11:50:34 +0100
committer	Tomas Mraz <tomas@openssl.org>	2024-04-25 14:00:05 +0200
commit	15d6114d99d93468876697b62d543b0e2efd45d5 (patch)
tree	937e59fb1e2940816defee71488e57d91bd72ef8
parent	5d218b0e447da20d44d75ab8105ee1d742ca8d09 (diff)