-
-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Impose limits to HMAC and KMAC key size to be at least 112 bits #223
Comments
Not sure why openssl/openssl#22256 was closed |
If these become configurable then indicators may be necessary |
We do not have indicators for the other configurable checks. |
We need indicators. The current approach to the 140-3 approval is not sustainable. |
openssl/openssl#23833 is kind of related (HKDF self test changed to use 112 bit key) |
This is currently blocked on our FIPS 140-3 indicator design |
Restrict HMAC and KMAC key sizes below 112 bits. There is no official guidance on this but it is something KeyPair has learnt from the CMVP.
This will need to be optional but enforced with the pedantic setting.
The text was updated successfully, but these errors were encountered: