Skip to content

Add support for HMAC#675

Open
ilie-halip-nxp wants to merge 2 commits intolatchset:mainfrom
ilie-halip-nxp:feature/hmac
Open

Add support for HMAC#675
ilie-halip-nxp wants to merge 2 commits intolatchset:mainfrom
ilie-halip-nxp:feature/hmac

Conversation

@ilie-halip-nxp
Copy link
Collaborator

@ilie-halip-nxp ilie-halip-nxp commented Jan 27, 2026

Description

Implement HMAC support with SKEYs.

Checklist

  • Code modified for feature
  • Test suite updated with functionality tests
  • Test suite updated with negative tests
  • Documentation updated

Reviewer's checklist:

  • Any issues marked for closing are addressed
  • There is a test suite reasonably covering new functionality or modifications
  • This feature/change has adequate documentation added
  • Code conform to coding style that today cannot yet be enforced via the check style test
  • Commits have short titles and sensible commit messages
  • Coverity Scan has run if needed (code PR) and no new defects were found

@ilie-halip-nxp
Add support for HMAC.
bd344e9 
Support HMAC with EVP_SKEY.

Signed-off-by: Ilie Halip <ilie.halip@nxp.com>
@ilie-halip-nxp
Add SKEY HMAC tests.
e0d8020 
Since openssl cli doesn't support generating an HMAC with an SKEY, add
a test program that uses HMAC test vectors (RFC 4231, 4.2).

Signed-off-by: Ilie Halip <ilie.halip@nxp.com>
@simo5
Copy link
Member

simo5 commented Jan 27, 2026

Do you know why tls tests fail ?

@ilie-halip-nxp
Copy link
Collaborator Author

ilie-halip-nxp commented Jan 28, 2026

Yes, unfortunately the TLS1.2 implementation in the default provider uses HMAC and calls dupctx() but this function is not provided so there's a segfault. It's not checked in evp_mac_from_algorithm so I thought it was optional.

openssl 3.6 (I developed and tested against this version) and earlier actually end up using the default instead of the pkcs11 HMAC when doing TLS. This is because the propquery was not propagated to the KDF, so it would call EVP_MAC_fetch with properties=NULL. With this change in t1_enc.c in openssl master the pkcs11 HMAC is now used, which leads to this issue.

@simo5
Copy link
Member

simo5 commented Jan 28, 2026

Yes, unfortunately the TLS1.2 implementation in the default provider uses HMAC and calls dupctx() but this function is not provided so there's a segfault. It's not checked in evp_mac_from_algorithm so I thought it was optional.

openssl 3.6 (I developed and tested against this version) and earlier actually end up using the default instead of the pkcs11 HMAC when doing TLS. This is because the propquery was not propagated to the KDF, so it would call EVP_MAC_fetch with properties=NULL. With this change in t1_enc.c in openssl master the pkcs11 HMAC is now used, which leads to this issue.

Yes, this is used to keep a copy of the transaction hash, so the code actually depends on being able to duplicate the context, as you need to return intermediate values, but then continue adding data for the next hash.

Kryoptic can deal with this (but currently I think I enabled context saving only for Hashes), but I am aware of only one other software token that can do this (NSS's softokn).

To make this work reliably we may have to have an allow-list of tokens for which we make HMAC available to OpenSSL, and by default not claim HMAC.

@simo5
Copy link
Member

simo5 commented Jan 28, 2026

This PR will help future testing latchset/kryoptic#410

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ilie-halip-nxp @simo5