Re: [PATCH RFC] crypto/hkdf: Skip tests with keys too short in FIPS mode

Next message: Dmitry Baryshkov: "Re: [PATCH v5 4/4] misc: fastrpc: Update dma_bits for CDSP support on Kaanapali SoC"
Previous message: pr-tracker-bot: "Re: [PULL REQUEST] i2c-for-6.19-rc1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Eric Biggers

Date: Tue Dec 09 2025 - 17:54:12 EST

On Fri, Dec 05, 2025 at 07:31:36PM +0800, Li Tian wrote:
> FIPS mode mandates the keys to _setkey should be longer than 14 bytes.
> It's up to the callers to not use keys too short.
>
> Signed-off-by: Li Tian <litian@xxxxxxxxxx>
> ---
> crypto/hkdf.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/crypto/hkdf.c b/crypto/hkdf.c
> index 82d1b32ca6ce..73d318f3f677 100644
> --- a/crypto/hkdf.c
> +++ b/crypto/hkdf.c
> @@ -10,6 +10,7 @@
> #include <crypto/internal/hash.h>
> #include <crypto/sha2.h>
> #include <crypto/hkdf.h>
> +#include <linux/fips.h>
> #include <linux/module.h>
>
> /*
> @@ -462,7 +463,12 @@ static const struct hkdf_testvec hkdf_sha512_tv[] = {
> };
>
> static int hkdf_test(const char *shash, const struct hkdf_testvec *tv)
> -{ struct crypto_shash *tfm = NULL;
> +{
> + /* Skip the tests with keys too short in FIPS mode */
> + if (fips_enabled && (tv->salt_size < 112 / 8))
> + return 0;
> +

As I've explained before, in HKDF the secret is in the input keying
material, not the salt.

What problem are you trying to solve?

- Eric