diff options
author | Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk> | 2024-04-19 11:50:34 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-04-25 14:00:05 +0200 |
commit | 15d6114d99d93468876697b62d543b0e2efd45d5 (patch) | |
tree | 937e59fb1e2940816defee71488e57d91bd72ef8 | |
parent | 5d218b0e447da20d44d75ab8105ee1d742ca8d09 (diff) |
hkdf: when HMAC key is all zeros, still set a valid key length
By itself, this is no change in any computation. However, this will
unlock enforcing minimum key lengths for NIST and FIPS 140-3
requirements.
Also reading RFC8448 and RFC5869, this seems to be strictly correct
too.
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24204)
-rw-r--r-- | providers/implementations/kdfs/hkdf.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c index a634216419..3f65346a2b 100644 --- a/providers/implementations/kdfs/hkdf.c +++ b/providers/implementations/kdfs/hkdf.c @@ -631,7 +631,7 @@ static int prov_tls13_hkdf_generate_secret(OSSL_LIB_CTX *libctx, } if (prevsecret == NULL) { prevsecret = default_zeros; - prevsecretlen = 0; + prevsecretlen = mdlen; } else { EVP_MD_CTX *mctx = EVP_MD_CTX_new(); unsigned char hash[EVP_MAX_MD_SIZE]; |