Dimitri John Ledkov 15d6114d99 hkdf: when HMAC key is all zeros, still set a valid key length ...

By itself, this is no change in any computation. However, this will
unlock enforcing minimum key lengths for NIST and FIPS 140-3
requirements.

Also reading RFC8448 and RFC5869, this seems to be strictly correct
too.

Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24204)

2024-04-25 14:00:05 +02:00

..

common

Exclude X25519 and X448 from capabilities advertised by FIPS provider

2024-04-19 10:32:27 +02:00

fips

Make X25519 and X448 FIPS unapproved

2024-04-19 10:32:27 +02:00

implementations

hkdf: when HMAC key is all zeros, still set a valid key length

2024-04-25 14:00:05 +02:00

baseprov.c

fips: use seed source requested

2023-09-27 17:23:04 +01:00

build.info

Add VERSIONINFO resource to legacy provider if it is not builtin

2022-06-02 11:09:10 -04:00

decoders.inc

Copyright year updates

2023-09-07 09:59:15 +01:00

defltprov.c

Copyright year updates

2023-09-07 09:59:15 +01:00

encoders.inc

Copyright year updates

2023-09-07 09:59:15 +01:00

fips-sources.checksums

make update

2023-09-28 14:24:31 +01:00

fips.checksum

make update

2023-09-28 14:24:31 +01:00

fips.module.sources

make update

2023-09-07 10:00:21 +01:00

legacyprov.c

Copyright year updates

2023-09-07 09:59:15 +01:00

nullprov.c

Copyright year updates

2023-09-07 09:59:15 +01:00

prov_running.c

keygen: add FIPS error state management to conditional self tests

2020-09-12 16:46:51 +10:00

stores.inc

Add support for loading root CAs from Windows crypto API

2022-09-14 14:10:18 +01:00