diff options
| author | Emilia Kasper <emilia@openssl.org> | 2015-09-10 15:17:58 +0200 |
|---|---|---|
| committer | Emilia Kasper <emilia@openssl.org> | 2016-02-04 13:01:32 +0100 |
| commit | b1413d9bd9d2222823ca1ba2d6cdf4849e635231 (patch) | |
| tree | f2cd0c6ec261a85658a27eefe40f2def6522f0ed | |
| parent | bdb7a621ac0a1d10d3c915e2283feebc1e43564a (diff) | |
| download | openssl-b1413d9bd9d2222823ca1ba2d6cdf4849e635231.zip openssl-b1413d9bd9d2222823ca1ba2d6cdf4849e635231.tar.gz openssl-b1413d9bd9d2222823ca1ba2d6cdf4849e635231.tar.bz2 | |
RT3095: allow NULL key for single-shot HMAC
In HMAC_Init_ex, NULL key signals reuse, but in single-shot HMAC,
we can allow it to signal an empty key for convenience.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
| -rw-r--r-- | crypto/hmac/hmac.c | 7 | ||||
| -rw-r--r-- | test/hmactest.c | 12 |
2 files changed, 18 insertions, 1 deletions
diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c index 0a3b09f..f372955 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c @@ -248,11 +248,18 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, { HMAC_CTX *c = NULL; static unsigned char m[EVP_MAX_MD_SIZE]; + static const unsigned char dummy_key[1] = {'\0'}; if (md == NULL) md = m; if ((c = HMAC_CTX_new()) == NULL) goto err; + + /* For HMAC_Init_ex, NULL key signals reuse. */ + if (key == NULL && key_len == 0) { + key = dummy_key; + } + if (!HMAC_Init_ex(c, key, key_len, evp_md, NULL)) goto err; if (!HMAC_Update(c, d, n)) diff --git a/test/hmactest.c b/test/hmactest.c index 4779909..2ceec5f 100644 --- a/test/hmactest.c +++ b/test/hmactest.c @@ -62,6 +62,7 @@ #include "../e_os.h" # include <openssl/hmac.h> +# include <openssl/sha.h> # ifndef OPENSSL_NO_MD5 # include <openssl/md5.h> # endif @@ -192,6 +193,15 @@ int main(int argc, char *argv[]) } printf("test 4 ok\n"); test5: + /* Test 5 has empty key; test that single-shot accepts a NULL key. */ + p = pt(HMAC(EVP_sha1(), NULL, 0, test[4].data, test[4].data_len, + NULL, NULL), SHA_DIGEST_LENGTH); + if (strcmp(p, (char *)test[4].digest) != 0) { + printf("Error calculating HMAC on %d entry'\n", i); + printf("got %s instead of %s\n", p, test[4].digest); + err++; + } + HMAC_CTX_reset(ctx); if (HMAC_Init_ex(ctx, test[4].key, test[4].key_len, NULL, NULL)) { printf("Should fail to initialise HMAC with empty MD (test 5)\n"); @@ -235,7 +245,7 @@ test5: err++; goto test6; } - if (!HMAC_Init_ex(ctx, test[4].key, test[4].key_len, EVP_sha256(), NULL)) { + if (!HMAC_Init_ex(ctx, test[5].key, test[5].key_len, EVP_sha256(), NULL)) { printf("Failed to reinitialise HMAC (test 5)\n"); err++; goto test6; |