kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update comments for HMAC to give a more accurate bound than EVP_MD_MAX_SIZE

Browse Source 
BUG=59

Change-Id: If3a788ec1328226d69293996845fa1d14690bf40
Reviewed-on: https://boringssl-review.googlesource.com/9068
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
Eric Roman 2016-08-01 16:46:33 -07:00 committed by CQ bot account: commit-bot@chromium.org
parent 4501bd5118
commit 875bf04237
2 changed files with 20 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
crypto/hmac/hmac_test.cc
View File

@ -104,11 +104,13 @@ static bool TestHMAC(FileTest *t, void *arg) {
}
// Test using the one-shot API.
uint8_t mac[EVP_MAX_MD_SIZE];
unsigned expected_mac_len = EVP_MD_size(digest);
std::unique_ptr<uint8_t[]> mac(new uint8_t[expected_mac_len]);
unsigned mac_len;
if (nullptr == HMAC(digest, key.data(), key.size(), input.data(),
input.size(), mac, &mac_len) ||
!t->ExpectBytesEqual(output.data(), output.size(), mac, mac_len)) {
input.size(), mac.get(), &mac_len) ||
mac_len != expected_mac_len ||
!t->ExpectBytesEqual(output.data(), output.size(), mac.get(), mac_len)) {
t->PrintLine("One-shot API failed.");
return false;
}
@ -117,8 +119,9 @@ static bool TestHMAC(FileTest *t, void *arg) {
ScopedHMAC_CTX ctx;
if (!HMAC_Init_ex(ctx.get(), key.data(), key.size(), digest, nullptr) ||
!HMAC_Update(ctx.get(), input.data(), input.size()) ||
!HMAC_Final(ctx.get(), mac, &mac_len) ||
!t->ExpectBytesEqual(output.data(), output.size(), mac, mac_len)) {
!HMAC_Final(ctx.get(), mac.get(), &mac_len) ||
mac_len != expected_mac_len ||
!t->ExpectBytesEqual(output.data(), output.size(), mac.get(), mac_len)) {
t->PrintLine("HMAC_CTX failed.");
return false;
}
@ -126,8 +129,9 @@ static bool TestHMAC(FileTest *t, void *arg) {
// Test that an HMAC_CTX may be reset with the same key.
if (!HMAC_Init_ex(ctx.get(), nullptr, 0, digest, nullptr) ||
!HMAC_Update(ctx.get(), input.data(), input.size()) ||
!HMAC_Final(ctx.get(), mac, &mac_len) ||
!t->ExpectBytesEqual(output.data(), output.size(), mac, mac_len)) {
!HMAC_Final(ctx.get(), mac.get(), &mac_len) ||
mac_len != expected_mac_len ||
!t->ExpectBytesEqual(output.data(), output.size(), mac.get(), mac_len)) {
t->PrintLine("HMAC_CTX with reset failed.");
return false;
}
@ -143,8 +147,9 @@ static bool TestHMAC(FileTest *t, void *arg) {
return false;
}
}
if (!HMAC_Final(ctx.get(), mac, &mac_len) ||
!t->ExpectBytesEqual(output.data(), output.size(), mac, mac_len)) {
if (!HMAC_Final(ctx.get(), mac.get(), &mac_len) ||
mac_len != expected_mac_len ||
!t->ExpectBytesEqual(output.data(), output.size(), mac.get(), mac_len)) {
t->PrintLine("HMAC_CTX streaming failed.");
return false;
}

10
include/openssl/hmac.h
View File

@ -74,8 +74,9 @@ extern "C" {
/* HMAC calculates the HMAC of |data_len| bytes of |data|, using the given key
* and hash function, and writes the result to |out|. On entry, |out| must
* contain |EVP_MAX_MD_SIZE| bytes of space. The actual length of the result is
* written to |*out_len|. It returns |out| or NULL on error. */
* contain at least |EVP_MD_size| bytes of space. The actual length of the
* result is written to |*out_len|. An output size of |EVP_MAX_MD_SIZE| will
* always be large enough. It returns |out| or NULL on error. */
OPENSSL_EXPORT uint8_t *HMAC(const EVP_MD *evp_md, const void *key,
size_t key_len, const uint8_t *data,
size_t data_len, uint8_t *out,
@ -112,8 +113,9 @@ OPENSSL_EXPORT int HMAC_Update(HMAC_CTX *ctx, const uint8_t *data,
/* HMAC_Final completes the HMAC operation in |ctx| and writes the result to
* |out| and the sets |*out_len| to the length of the result. On entry, |out|
* must contain at least |EVP_MAX_MD_SIZE| bytes of space. It returns one on
* success or zero on error. */
* must contain at least |HMAC_size| bytes of space. An output size of
* |EVP_MAX_MD_SIZE| will always be large enough. It returns one on success or
* zero on error. */
OPENSSL_EXPORT int HMAC_Final(HMAC_CTX *ctx, uint8_t *out,
unsigned int *out_len);