[openssl-dev] [openssl.org #3942] Patch to fix issue with HMAC_init_ex in 1.0.1
Emilia Käsper via RT
rt at openssl.org
Tue Sep 8 19:18:28 UTC 2015
Hm.
You pass in a NULL key. The docs say that a NULL key indicates that we should
reuse the existing key. With a new CTX, there is nothing to reuse, so it seems
reasonable that the call should fail.
If you actually wanted to set up the context with an empty key, you'd have to
pass in a dummy key buffer with a 0 length. This is awkward, otoh, I'm not
really sure why you'd want to do that in practice, so perhaps it's not terribly
important?
It's not a great API but we're bound by the documented contract. So I'm closing
this as Working As Intended. If you think I got it wrong, please reopen.
Cheers,
Emilia
More information about the openssl-dev
mailing list