[openssl-commits] [openssl] master update

Emilia Kasper emilia at openssl.org
Thu Feb 4 12:42:38 UTC 2016


The branch master has been updated
       via  b1413d9bd9d2222823ca1ba2d6cdf4849e635231 (commit)
      from  bdb7a621ac0a1d10d3c915e2283feebc1e43564a (commit)


- Log -----------------------------------------------------------------
commit b1413d9bd9d2222823ca1ba2d6cdf4849e635231
Author: Emilia Kasper <emilia at openssl.org>
Date:   Thu Sep 10 15:17:58 2015 +0200

    RT3095: allow NULL key for single-shot HMAC
    
    In HMAC_Init_ex, NULL key signals reuse, but in single-shot HMAC,
    we can allow it to signal an empty key for convenience.
    
    Reviewed-by: Viktor Dukhovni <viktor at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 crypto/hmac/hmac.c |  7 +++++++
 test/hmactest.c    | 12 +++++++++++-
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c
index 0a3b09f..f372955 100644
--- a/crypto/hmac/hmac.c
+++ b/crypto/hmac/hmac.c
@@ -248,11 +248,18 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
 {
     HMAC_CTX *c = NULL;
     static unsigned char m[EVP_MAX_MD_SIZE];
+    static const unsigned char dummy_key[1] = {'\0'};
 
     if (md == NULL)
         md = m;
     if ((c = HMAC_CTX_new()) == NULL)
         goto err;
+
+    /* For HMAC_Init_ex, NULL key signals reuse. */
+    if (key == NULL && key_len == 0) {
+        key = dummy_key;
+    }
+
     if (!HMAC_Init_ex(c, key, key_len, evp_md, NULL))
         goto err;
     if (!HMAC_Update(c, d, n))
diff --git a/test/hmactest.c b/test/hmactest.c
index 4779909..2ceec5f 100644
--- a/test/hmactest.c
+++ b/test/hmactest.c
@@ -62,6 +62,7 @@
 #include "../e_os.h"
 
 # include <openssl/hmac.h>
+# include <openssl/sha.h>
 # ifndef OPENSSL_NO_MD5
 #  include <openssl/md5.h>
 # endif
@@ -192,6 +193,15 @@ int main(int argc, char *argv[])
     }
     printf("test 4 ok\n");
 test5:
+    /* Test 5 has empty key; test that single-shot accepts a NULL key. */
+    p = pt(HMAC(EVP_sha1(), NULL, 0, test[4].data, test[4].data_len,
+                NULL, NULL), SHA_DIGEST_LENGTH);
+    if (strcmp(p, (char *)test[4].digest) != 0) {
+        printf("Error calculating HMAC on %d entry'\n", i);
+        printf("got %s instead of %s\n", p, test[4].digest);
+        err++;
+    }
+
     HMAC_CTX_reset(ctx);
     if (HMAC_Init_ex(ctx, test[4].key, test[4].key_len, NULL, NULL)) {
         printf("Should fail to initialise HMAC with empty MD (test 5)\n");
@@ -235,7 +245,7 @@ test5:
         err++;
         goto test6;
     }
-    if (!HMAC_Init_ex(ctx, test[4].key, test[4].key_len, EVP_sha256(), NULL)) {
+    if (!HMAC_Init_ex(ctx, test[5].key, test[5].key_len, EVP_sha256(), NULL)) {
         printf("Failed to reinitialise HMAC (test 5)\n");
         err++;
         goto test6;


More information about the openssl-commits mailing list