Commit Graph

2 Commits

Author SHA1 Message Date
Dmitry Belyavskiy
2c5c3fcced Rebasing to OpenSSL 3.2.1
Resolves: RHEL-26271
2024-04-15 10:41:31 +02:00
Clemens Lang
438a2c64b7 Add indicator for HMAC with short key lengths
NIST SP 800-131Ar2, table 9 "Approval Status of MAC Algorithms"
specifies key lengths < 112 bytes are disallowed for HMAC generation and
are legacy use for HMAC verification.

Add an explicit indicator that will mark shorter key lengths as
unsupported. The indicator can be queries from the EVP_MAC_CTX object
using EVP_MAC_CTX_get_params() with the
  OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR
parameter.

Signed-off-by: Clemens Lang <cllang@redhat.com>
Resolves: rhbz#2144000
2022-11-21 10:42:43 +01:00