[openssl-dev] [openssl.org #3942] Patch to fix issue with HMAC_init_ex in 1.0.1
Matthew A. Brannigan via RT
rt at openssl.org
Tue Jul 14 17:14:08 UTC 2015
During testing with strongswan 5.1.3, an issue with openssl 1.0.1o was
found. Openssl 1.0.1o has added code in HMAC_Init_ex() to detect
changing of message digest function. But that does not work when the
context has just been initialized with HMAC_CTX_init(). In this case,
ctx->md will be NULL after initialization and will not equal to the
function returned by EVP_sha256() and passed to HMAC_Init_ex().
Enclosed is a patch and test case.
-------------- next part --------------
diff -urN openssl-1.0.1p.orig/crypto/hmac/hmac.c openssl-1.0.1p/crypto/hmac/hmac.c
--- openssl-1.0.1p.orig/crypto/hmac/hmac.c 2015-07-09 08:21:24.000000000 -0400
+++ openssl-1.0.1p/crypto/hmac/hmac.c 2015-07-14 11:15:21.754743504 -0400
@@ -88,7 +88,7 @@
}
#endif
/* If we are changing MD then we must have a key */
- if (md != NULL && md != ctx->md && (key == NULL || len < 0))
+ if (md != NULL && md != ctx->md && ctx->md != NULL && (key == NULL || len < 0))
return 0;
if (md != NULL) {
-------------- next part --------------
#include <openssl/engine.h>
#include <openssl/hmac.h>
#include <openssl/evp.h>
#include <stdio.h>
int main(int argc, char ** argv)
{
HMAC_CTX ctx;
int ret;
HMAC_CTX_init(&ctx);
ret = HMAC_Init_ex(&ctx, NULL, 0, EVP_sha256(), NULL);
if (ret == 0)
{
printf("Failed\n");
return 1;
}
printf("Success\n");
return 0;
}
-------------- next part --------------
_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-mod at openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
More information about the openssl-dev
mailing list