Home GnuPG

fips: Reject shorter key for HMAC in FIPS mode.

Description

fips: Reject shorter key for HMAC in FIPS mode.

* cipher/md.c (prepare_macpads): Reject < 112-bit key.
* cipher/kdf.c (selftest_pbkdf2): Remove selftest cases with shorter
key.
* cipher/mac-hmac.c (selftests_sha224, selftests_sha256): Likewise.
(selftests_sha384, selftests_sha512, selftests_sha3): Likewise.
* tests/basic.c (check_one_hmac) Handle an error when shorter key
is rejected.
(check_one_mac): Likewise.
* tests/t-kdf.c (check_pbkdf2, check_scrypt): Likewise.
  • GnuPG-bug-id: T5512
  • Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

Details

Provenance
gniibeAuthored on Jan 19 2022, 3:41 AM
Parents
rC6f225308d3e5: build: Fix .m4 files in distribution.
Branches
Unknown
Tags
Unknown
Tasks
T5512: Implement service indicators