[openssl-dev] HMAC ABI fix.

[Matt Caswell]

On 18/06/15 23:55, scott.opensshdev.2015 at scottrix.co.uk wrote:
> Hi,
> 
> We use openssl extensively in our product, today we upgraded from
> openssl 1.0.2b to 1.0.2c (we build everything from source so the ABI
> change from 1.0.2a to 1.0.2b didn't affect us), and are seeing issues. 
> I think I have tracked it down to the lines below from HMAC_init_ex,
> which were introduced as part of the HMAC ABI fix
> (1030f89f5ea238820645e3d34049eb1bd30e81c4):
> 
> +    /* If we are changing MD then we must have a key */
> +    if (md != NULL && md != ctx->md && (key == NULL || len < 0))
> +        return 0;
> 
> previously you could call HMAC_init_ex with an evp_md and a NULL key,
> this would save the evp_md in the HMAC_ctx and return, now it just
> returns and on first call you need to provide both a key and an evp_md. 
> Before I go and modify our code, is this change intentional ?

Yes. The previous code was quite broken in this area - this change
seemed the least impact option without breaking the ABI and resolving
the issues.

> The docs (http://www.openssl.org/docs/crypto/hmac.html) state:
> 
> HMAC_Init_ex() initialises or reuses a HMAC_CTX structure to use the
> function evp_md and key key. Either can be NULL, in which case the
> existing one will be reused. HMAC_CTX_init() must have been called
> before the first use of an HMAC_CTX in this function.

In order to reuse an existing one there has to be something there in the
first place to reuse - so whilst what you were doing worked, I don't
think that was guaranteed by the documentation! Although actually the
docs probably need updating because I don't think it ever makes sense to
change the MD and reuse the key (the previous code wouldn't have worked
doing this anyway).

Matt