[openssl-dev] [openssl.org #4603] HMAC_Init_ex incompatible change (possibly doc bug)
Stephen Henson via RT
rt at openssl.org
Fri Jul 22 13:38:02 UTC 2016
On Sat Jul 02 11:13:44 2016, kurt at roeckx.be wrote:
>
> /* If we are changing MD then we must have a key */
> if (md != NULL && md != ctx->md && (key == NULL || len < 0))
> return 0;
>
> That means contrary to the documentation, the existing salt isn't
> reused
> when the md argument is non-zero (and changes).
>
This is a bug in the documentation which has since been addressed. In general
you can't change the digest while retaining the same key because in some cases
the original key is no longer available, though in some cases it did work and
others it produced the wrong value. Now we're being stricter and preventing
digest change.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4603
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list