[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Dr. Stephen Henson steve at openssl.org
Fri Jul 22 14:19:21 UTC 2016 

The branch OpenSSL_1_0_2-stable has been updated
       via  b880283683958c873ce8363892c44277ec5081f8 (commit)
      from  941d9fb6bdfacbdab6325d24d65402b75afc20c5 (commit)


- Log -----------------------------------------------------------------
commit b880283683958c873ce8363892c44277ec5081f8
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Fri Jul 22 14:11:13 2016 +0100

    Clarify digest change in HMAC_Init_ex()
    
    RT#4603
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 doc/crypto/hmac.pod | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/doc/crypto/hmac.pod b/doc/crypto/hmac.pod
index 58a57f4..2c8f20a 100644
--- a/doc/crypto/hmac.pod
+++ b/doc/crypto/hmac.pod
@@ -60,13 +60,17 @@ function B<evp_md> and the key B<key> which is B<key_len> bytes
 long. It is deprecated and only included for backward compatibility
 with OpenSSL 0.9.6b.
 
-HMAC_Init_ex() initializes or reuses a B<HMAC_CTX> structure to use
-the function B<evp_md> and key B<key>. Either can be NULL, in which
-case the existing one will be reused. HMAC_CTX_init() must have been
-called before the first use of an B<HMAC_CTX> in this
-function. B<N.B. HMAC_Init() had this undocumented behaviour in
-previous versions of OpenSSL - failure to switch to HMAC_Init_ex() in
-programs that expect it will cause them to stop working>.
+HMAC_Init_ex() initializes or reuses a B<HMAC_CTX> structure to use the hash
+function B<evp_md> and key B<key>. If both are NULL (or B<evp_md> is the same
+as the previous digest used by B<ctx> and B<key> is NULL) the existing key is
+reused. B<ctx> must have been created with HMAC_CTX_new() before the first use
+of an B<HMAC_CTX> in this function. B<N.B. HMAC_Init() had this undocumented
+behaviour in previous versions of OpenSSL - failure to switch to HMAC_Init_ex()
+in programs that expect it will cause them to stop working>.
+
+B<NB: if HMAC_Init_ex() is called with B<key> NULL and B<evp_md> is not the
+same as the previous digest used by B<ctx> then an error is returned
+because reuse of an existing key with a different digest is not supported.>
 
 HMAC_Update() can be called repeatedly with chunks of the message to
 be authenticated (B<len> bytes at B<data>).

More information about the openssl-commits mailing list