diff options
author | Stephan Müller <smueller@chronox.de> | 2022-02-01 09:41:32 +0100 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2022-02-11 20:22:01 +1100 |
commit | 37f36e5717869a69775ecb23baedf0f06ea940b4 (patch) | |
tree | 2079a33d7c0c708e353f00b0c14682a6ea729e30 /crypto/hmac.c | |
parent | c9c28ed0ab611b6ee3bfab88eba334e272642433 (diff) | |
download | lwn-37f36e5717869a69775ecb23baedf0f06ea940b4.tar.gz lwn-37f36e5717869a69775ecb23baedf0f06ea940b4.zip |
crypto: hmac - disallow keys < 112 bits in FIPS mode
FIPS 140 requires a minimum security strength of 112 bits. This implies
that the HMAC key must not be smaller than 112 in FIPS mode.
This restriction implies that the test vectors for HMAC that have a key
that is smaller than 112 bits must be disabled when FIPS support is
compiled.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto/hmac.c')
-rw-r--r-- | crypto/hmac.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/crypto/hmac.c b/crypto/hmac.c index 25856aa7ccbf..3610ff0b6739 100644 --- a/crypto/hmac.c +++ b/crypto/hmac.c @@ -15,6 +15,7 @@ #include <crypto/internal/hash.h> #include <crypto/scatterwalk.h> #include <linux/err.h> +#include <linux/fips.h> #include <linux/init.h> #include <linux/kernel.h> #include <linux/module.h> @@ -51,6 +52,9 @@ static int hmac_setkey(struct crypto_shash *parent, SHASH_DESC_ON_STACK(shash, hash); unsigned int i; + if (fips_enabled && (keylen < 112 / 8)) + return -EINVAL; + shash->tfm = hash; if (keylen > bs) { |