[openssl-commits] [openssl] master update
Emilia Kasper
emilia at openssl.org
Thu Feb 4 12:42:38 UTC 2016
The branch master has been updated
via b1413d9bd9d2222823ca1ba2d6cdf4849e635231 (commit)
from bdb7a621ac0a1d10d3c915e2283feebc1e43564a (commit)
- Log -----------------------------------------------------------------
commit b1413d9bd9d2222823ca1ba2d6cdf4849e635231
Author: Emilia Kasper <emilia at openssl.org>
Date: Thu Sep 10 15:17:58 2015 +0200
RT3095: allow NULL key for single-shot HMAC
In HMAC_Init_ex, NULL key signals reuse, but in single-shot HMAC,
we can allow it to signal an empty key for convenience.
Reviewed-by: Viktor Dukhovni <viktor at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/hmac/hmac.c | 7 +++++++
test/hmactest.c | 12 +++++++++++-
2 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c
index 0a3b09f..f372955 100644
--- a/crypto/hmac/hmac.c
+++ b/crypto/hmac/hmac.c
@@ -248,11 +248,18 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
{
HMAC_CTX *c = NULL;
static unsigned char m[EVP_MAX_MD_SIZE];
+ static const unsigned char dummy_key[1] = {'\0'};
if (md == NULL)
md = m;
if ((c = HMAC_CTX_new()) == NULL)
goto err;
+
+ /* For HMAC_Init_ex, NULL key signals reuse. */
+ if (key == NULL && key_len == 0) {
+ key = dummy_key;
+ }
+
if (!HMAC_Init_ex(c, key, key_len, evp_md, NULL))
goto err;
if (!HMAC_Update(c, d, n))
diff --git a/test/hmactest.c b/test/hmactest.c
index 4779909..2ceec5f 100644
--- a/test/hmactest.c
+++ b/test/hmactest.c
@@ -62,6 +62,7 @@
#include "../e_os.h"
# include <openssl/hmac.h>
+# include <openssl/sha.h>
# ifndef OPENSSL_NO_MD5
# include <openssl/md5.h>
# endif
@@ -192,6 +193,15 @@ int main(int argc, char *argv[])
}
printf("test 4 ok\n");
test5:
+ /* Test 5 has empty key; test that single-shot accepts a NULL key. */
+ p = pt(HMAC(EVP_sha1(), NULL, 0, test[4].data, test[4].data_len,
+ NULL, NULL), SHA_DIGEST_LENGTH);
+ if (strcmp(p, (char *)test[4].digest) != 0) {
+ printf("Error calculating HMAC on %d entry'\n", i);
+ printf("got %s instead of %s\n", p, test[4].digest);
+ err++;
+ }
+
HMAC_CTX_reset(ctx);
if (HMAC_Init_ex(ctx, test[4].key, test[4].key_len, NULL, NULL)) {
printf("Should fail to initialise HMAC with empty MD (test 5)\n");
@@ -235,7 +245,7 @@ test5:
err++;
goto test6;
}
- if (!HMAC_Init_ex(ctx, test[4].key, test[4].key_len, EVP_sha256(), NULL)) {
+ if (!HMAC_Init_ex(ctx, test[5].key, test[5].key_len, EVP_sha256(), NULL)) {
printf("Failed to reinitialise HMAC (test 5)\n");
err++;
goto test6;
More information about the openssl-commits
mailing list