diff --git a/0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch b/0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch
new file mode 100644
index 0000000..81a6544
--- /dev/null
+++ b/0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch
@@ -0,0 +1,112 @@
+From e1eba21921ceeffa45ffd2115868c14e4c7fb8d9 Mon Sep 17 00:00:00 2001
+From: Clemens Lang <cllang@redhat.com>
+Date: Thu, 17 Nov 2022 18:08:24 +0100
+Subject: [PATCH] hmac: Add explicit FIPS indicator for key length
+
+NIST SP 800-131Ar2, table 9 "Approval Status of MAC Algorithms"
+specifies key lengths < 112 bytes are disallowed for HMAC generation and
+are legacy use for HMAC verification.
+
+Add an explicit indicator that will mark shorter key lengths as
+unsupported. The indicator can be queries from the EVP_MAC_CTX object
+using EVP_MAC_CTX_get_params() with the
+  OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR
+parameter.
+
+Signed-off-by: Clemens Lang <cllang@redhat.com>
+---
+ include/crypto/evp.h                       |  7 +++++++
+ include/openssl/core_names.h               |  1 +
+ include/openssl/evp.h                      |  3 +++
+ providers/implementations/macs/hmac_prov.c | 17 +++++++++++++++++
+ 4 files changed, 28 insertions(+)
+
+diff --git a/include/crypto/evp.h b/include/crypto/evp.h
+index 76fb990de4..1e2240516e 100644
+--- a/include/crypto/evp.h
++++ b/include/crypto/evp.h
+@@ -196,6 +196,13 @@ const EVP_PKEY_METHOD *ossl_ed448_pkey_method(void);
+ const EVP_PKEY_METHOD *ossl_rsa_pkey_method(void);
+ const EVP_PKEY_METHOD *ossl_rsa_pss_pkey_method(void);
+ 
++#ifdef FIPS_MODULE
++/* NIST SP 800-131Ar2, Table 9: Approval Status of MAC Algorithms specifies key
++ * lengths < 112 bytes are disallowed for HMAC generation and legacy use for
++ * HMAC verification. */
++# define EVP_HMAC_GEN_FIPS_MIN_KEY_LEN (112 / 8)
++#endif
++
+ struct evp_mac_st {
+     OSSL_PROVIDER *prov;
+     int name_id;
+diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
+index c019afbbb0..94fab83193 100644
+--- a/include/openssl/core_names.h
++++ b/include/openssl/core_names.h
+@@ -173,6 +173,7 @@ extern "C" {
+ #define OSSL_MAC_PARAM_SIZE             "size"                    /* size_t */
+ #define OSSL_MAC_PARAM_BLOCK_SIZE       "block-size"              /* size_t */
+ #define OSSL_MAC_PARAM_TLS_DATA_SIZE    "tls-data-size"           /* size_t */
++#define OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR "redhat-fips-indicator"
+ 
+ /* Known MAC names */
+ #define OSSL_MAC_NAME_BLAKE2BMAC    "BLAKE2BMAC"
+diff --git a/include/openssl/evp.h b/include/openssl/evp.h
+index 49e8e1df78..a5e78efd6e 100644
+--- a/include/openssl/evp.h
++++ b/include/openssl/evp.h
+@@ -1192,6 +1192,9 @@ void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx,
+                             void *arg);
+ 
+ /* MAC stuff */
++# define EVP_MAC_REDHAT_FIPS_INDICATOR_UNDETERMINED 0
++# define EVP_MAC_REDHAT_FIPS_INDICATOR_APPROVED     1
++# define EVP_MAC_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2
+ 
+ EVP_MAC *EVP_MAC_fetch(OSSL_LIB_CTX *libctx, const char *algorithm,
+                        const char *properties);
+diff --git a/providers/implementations/macs/hmac_prov.c b/providers/implementations/macs/hmac_prov.c
+index 52ebb08b8f..cf5c3ecbe7 100644
+--- a/providers/implementations/macs/hmac_prov.c
++++ b/providers/implementations/macs/hmac_prov.c
+@@ -21,6 +21,8 @@
+ #include <openssl/evp.h>
+ #include <openssl/hmac.h>
+ 
++#include "crypto/evp.h"
++
+ #include "prov/implementations.h"
+ #include "prov/provider_ctx.h"
+ #include "prov/provider_util.h"
+@@ -244,6 +246,9 @@ static int hmac_final(void *vmacctx, unsigned char *out, size_t *outl,
+ static const OSSL_PARAM known_gettable_ctx_params[] = {
+     OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL),
+     OSSL_PARAM_size_t(OSSL_MAC_PARAM_BLOCK_SIZE, NULL),
++#ifdef FIPS_MODULE
++    OSSL_PARAM_int(OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR, NULL),
++#endif /* defined(FIPS_MODULE) */
+     OSSL_PARAM_END
+ };
+ static const OSSL_PARAM *hmac_gettable_ctx_params(ossl_unused void *ctx,
+@@ -265,6 +270,18 @@ static int hmac_get_ctx_params(void *vmacctx, OSSL_PARAM params[])
+             && !OSSL_PARAM_set_int(p, hmac_block_size(macctx)))
+         return 0;
+ 
++#ifdef FIPS_MODULE
++    if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR)) != NULL) {
++        int fips_indicator = EVP_MAC_REDHAT_FIPS_INDICATOR_APPROVED;
++        /* NIST SP 800-131Ar2, Table 9: Approval Status of MAC Algorithms
++         * specifies key lengths < 112 bytes are disallowed for HMAC generation
++         * and legacy use for HMAC verification. */
++        if (macctx->keylen < EVP_HMAC_GEN_FIPS_MIN_KEY_LEN)
++            fips_indicator = EVP_MAC_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
++        return OSSL_PARAM_set_int(p, fips_indicator);
++    }
++#endif /* defined(FIPS_MODULE) */
++
+     return 1;
+ }
+ 
+-- 
+2.38.1
+
diff --git a/openssl.spec b/openssl.spec
index 4b2763e..043d28f 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -170,6 +170,8 @@ Patch80: 0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch
 Patch81: 0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2141695
 Patch82: 0082-kbkdf-Add-explicit-FIPS-indicator-for-key-length.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=2136250
+Patch83: 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch
 #https://bugzilla.redhat.com/show_bug.cgi?id=2142121
 Patch85: 0085-FIPS-RSA-disable-shake.patch
 #https://github.com/openssl/openssl/pull/17546
@@ -519,6 +521,8 @@ install -m644 %{SOURCE9} \
   Resolves: rhbz#2144015
 - Add explicit indicator for SP 800-108 KDFs with short key lengths
   Resolves: rhbz#2144019
+- Add explicit indicator for HMAC with short key lengths
+  Resolves: rhbz#2144000
 
 * Tue Nov 01 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-43
 - CVE-2022-3602: X.509 Email Address Buffer Overflow