| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251209225401.GA54030@quark>
Date: Tue, 9 Dec 2025 14:54:01 -0800
From: Eric Biggers <ebiggers@...nel.org>
To: Li Tian <litian@...hat.com>
Cc: linux-kernel@...r.kernel.org, linux-crypto@...r.kernel.org,
Herbert Xu <herbert@...dor.apana.org.au>,
"David S . Miller" <davem@...emloft.net>,
Vitaly Kuznetsov <vkuznets@...hat.com>
Subject: Re: [PATCH RFC] crypto/hkdf: Skip tests with keys too short in FIPS
mode
On Fri, Dec 05, 2025 at 07:31:36PM +0800, Li Tian wrote:
> FIPS mode mandates the keys to _setkey should be longer than 14 bytes.
> It's up to the callers to not use keys too short.
>
> Signed-off-by: Li Tian <litian@...hat.com>
> ---
> crypto/hkdf.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/crypto/hkdf.c b/crypto/hkdf.c
> index 82d1b32ca6ce..73d318f3f677 100644
> --- a/crypto/hkdf.c
> +++ b/crypto/hkdf.c
> @@ -10,6 +10,7 @@
> #include <crypto/internal/hash.h>
> #include <crypto/sha2.h>
> #include <crypto/hkdf.h>
> +#include <linux/fips.h>
> #include <linux/module.h>
>
> /*
> @@ -462,7 +463,12 @@ static const struct hkdf_testvec hkdf_sha512_tv[] = {
> };
>
> static int hkdf_test(const char *shash, const struct hkdf_testvec *tv)
> -{ struct crypto_shash *tfm = NULL;
> +{
> + /* Skip the tests with keys too short in FIPS mode */
> + if (fips_enabled && (tv->salt_size < 112 / 8))
> + return 0;
> +
As I've explained before, in HKDF the secret is in the input keying
material, not the salt.
What problem are you trying to solve?
- Eric
Powered by blists - more mailing lists