summaryrefslogtreecommitdiff
path: root/crypto/hmac.c
diff options
context:
space:
mode:
authorStephan Müller <smueller@chronox.de>2022-02-01 09:41:32 +0100
committerHerbert Xu <herbert@gondor.apana.org.au>2022-02-11 20:22:01 +1100
commit37f36e5717869a69775ecb23baedf0f06ea940b4 (patch)
tree2079a33d7c0c708e353f00b0c14682a6ea729e30 /crypto/hmac.c
parentc9c28ed0ab611b6ee3bfab88eba334e272642433 (diff)
downloadlwn-37f36e5717869a69775ecb23baedf0f06ea940b4.tar.gz
lwn-37f36e5717869a69775ecb23baedf0f06ea940b4.zip
crypto: hmac - disallow keys < 112 bits in FIPS mode
FIPS 140 requires a minimum security strength of 112 bits. This implies that the HMAC key must not be smaller than 112 in FIPS mode. This restriction implies that the test vectors for HMAC that have a key that is smaller than 112 bits must be disabled when FIPS support is compiled. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto/hmac.c')
-rw-r--r--crypto/hmac.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/crypto/hmac.c b/crypto/hmac.c
index 25856aa7ccbf..3610ff0b6739 100644
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@@ -15,6 +15,7 @@
#include <crypto/internal/hash.h>
#include <crypto/scatterwalk.h>
#include <linux/err.h>
+#include <linux/fips.h>
#include <linux/init.h>
#include <linux/kernel.h>
#include <linux/module.h>
@@ -51,6 +52,9 @@ static int hmac_setkey(struct crypto_shash *parent,
SHASH_DESC_ON_STACK(shash, hash);
unsigned int i;
+ if (fips_enabled && (keylen < 112 / 8))
+ return -EINVAL;
+
shash->tfm = hash;
if (keylen > bs) {