[openssl-dev] HMAC ABI fix.
scott.opensshdev.2015 at scottrix.co.uk
scott.opensshdev.2015 at scottrix.co.uk
Thu Jun 18 22:55:34 UTC 2015
Hi,
We use openssl extensively in our product, today we upgraded from openssl
1.0.2b to 1.0.2c (we build everything from source so the ABI change from
1.0.2a to 1.0.2b didn't affect us), and are seeing issues. I think I have
tracked it down to the lines below from HMAC_init_ex, which were introduced
as part of the HMAC ABI fix (1030f89f5ea238820645e3d34049eb1bd30e81c4):
+ /* If we are changing MD then we must have a key */
+ if (md != NULL && md != ctx->md && (key == NULL || len < 0))
+ return 0;
previously you could call HMAC_init_ex with an evp_md and a NULL key, this
would save the evp_md in the HMAC_ctx and return, now it just returns and
on first call you need to provide both a key and an evp_md. Before I go
and modify our code, is this change intentional ?
The docs (http://www.openssl.org/docs/crypto/hmac.html) state:
HMAC_Init_ex() initialises or reuses a HMAC_CTX structure to use the
function evp_md and key key. Either can be NULL, in which case the existing
one will be reused. HMAC_CTX_init() must have been called before the first
use of an HMAC_CTX in this function.
Thanks in advance for the clarification,
Scott Harrison
More information about the openssl-dev
mailing list