Update comments for HMAC to give a more accurate bound than EVP_MD_MAX_SIZE
BUG=59 Change-Id: If3a788ec1328226d69293996845fa1d14690bf40 Reviewed-on: https://boringssl-review.googlesource.com/9068 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
Eric Roman
CQ bot account: commit-bot@chromium.org
parent
4501bd5118
commit
875bf04237
@ -104,11 +104,13 @@ static bool TestHMAC(FileTest *t, void *arg) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Test using the one-shot API.
|
// Test using the one-shot API.
|
||||||
uint8_t mac[EVP_MAX_MD_SIZE];
|
unsigned expected_mac_len = EVP_MD_size(digest);
|
||||||
|
std::unique_ptr<uint8_t[]> mac(new uint8_t[expected_mac_len]);
|
||||||
unsigned mac_len;
|
unsigned mac_len;
|
||||||
if (nullptr == HMAC(digest, key.data(), key.size(), input.data(),
|
if (nullptr == HMAC(digest, key.data(), key.size(), input.data(),
|
||||||
input.size(), mac, &mac_len) ||
|
input.size(), mac.get(), &mac_len) ||
|
||||||
!t->ExpectBytesEqual(output.data(), output.size(), mac, mac_len)) {
|
mac_len != expected_mac_len ||
|
||||||
|
!t->ExpectBytesEqual(output.data(), output.size(), mac.get(), mac_len)) {
|
||||||
t->PrintLine("One-shot API failed.");
|
t->PrintLine("One-shot API failed.");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
@ -117,8 +119,9 @@ static bool TestHMAC(FileTest *t, void *arg) {
|
|||||||
ScopedHMAC_CTX ctx;
|
ScopedHMAC_CTX ctx;
|
||||||
if (!HMAC_Init_ex(ctx.get(), key.data(), key.size(), digest, nullptr) ||
|
if (!HMAC_Init_ex(ctx.get(), key.data(), key.size(), digest, nullptr) ||
|
||||||
!HMAC_Update(ctx.get(), input.data(), input.size()) ||
|
!HMAC_Update(ctx.get(), input.data(), input.size()) ||
|
||||||
!HMAC_Final(ctx.get(), mac, &mac_len) ||
|
!HMAC_Final(ctx.get(), mac.get(), &mac_len) ||
|
||||||
!t->ExpectBytesEqual(output.data(), output.size(), mac, mac_len)) {
|
mac_len != expected_mac_len ||
|
||||||
|
!t->ExpectBytesEqual(output.data(), output.size(), mac.get(), mac_len)) {
|
||||||
t->PrintLine("HMAC_CTX failed.");
|
t->PrintLine("HMAC_CTX failed.");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
@ -126,8 +129,9 @@ static bool TestHMAC(FileTest *t, void *arg) {
|
|||||||
// Test that an HMAC_CTX may be reset with the same key.
|
// Test that an HMAC_CTX may be reset with the same key.
|
||||||
if (!HMAC_Init_ex(ctx.get(), nullptr, 0, digest, nullptr) ||
|
if (!HMAC_Init_ex(ctx.get(), nullptr, 0, digest, nullptr) ||
|
||||||
!HMAC_Update(ctx.get(), input.data(), input.size()) ||
|
!HMAC_Update(ctx.get(), input.data(), input.size()) ||
|
||||||
!HMAC_Final(ctx.get(), mac, &mac_len) ||
|
!HMAC_Final(ctx.get(), mac.get(), &mac_len) ||
|
||||||
!t->ExpectBytesEqual(output.data(), output.size(), mac, mac_len)) {
|
mac_len != expected_mac_len ||
|
||||||
|
!t->ExpectBytesEqual(output.data(), output.size(), mac.get(), mac_len)) {
|
||||||
t->PrintLine("HMAC_CTX with reset failed.");
|
t->PrintLine("HMAC_CTX with reset failed.");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
@ -143,8 +147,9 @@ static bool TestHMAC(FileTest *t, void *arg) {
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (!HMAC_Final(ctx.get(), mac, &mac_len) ||
|
if (!HMAC_Final(ctx.get(), mac.get(), &mac_len) ||
|
||||||
!t->ExpectBytesEqual(output.data(), output.size(), mac, mac_len)) {
|
mac_len != expected_mac_len ||
|
||||||
|
!t->ExpectBytesEqual(output.data(), output.size(), mac.get(), mac_len)) {
|
||||||
t->PrintLine("HMAC_CTX streaming failed.");
|
t->PrintLine("HMAC_CTX streaming failed.");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -74,8 +74,9 @@ extern "C" {
|
|||||||
|
|
||||||
/* HMAC calculates the HMAC of |data_len| bytes of |data|, using the given key
|
/* HMAC calculates the HMAC of |data_len| bytes of |data|, using the given key
|
||||||
* and hash function, and writes the result to |out|. On entry, |out| must
|
* and hash function, and writes the result to |out|. On entry, |out| must
|
||||||
* contain |EVP_MAX_MD_SIZE| bytes of space. The actual length of the result is
|
* contain at least |EVP_MD_size| bytes of space. The actual length of the
|
||||||
* written to |*out_len|. It returns |out| or NULL on error. */
|
* result is written to |*out_len|. An output size of |EVP_MAX_MD_SIZE| will
|
||||||
|
* always be large enough. It returns |out| or NULL on error. */
|
||||||
OPENSSL_EXPORT uint8_t *HMAC(const EVP_MD *evp_md, const void *key,
|
OPENSSL_EXPORT uint8_t *HMAC(const EVP_MD *evp_md, const void *key,
|
||||||
size_t key_len, const uint8_t *data,
|
size_t key_len, const uint8_t *data,
|
||||||
size_t data_len, uint8_t *out,
|
size_t data_len, uint8_t *out,
|
||||||
@ -112,8 +113,9 @@ OPENSSL_EXPORT int HMAC_Update(HMAC_CTX *ctx, const uint8_t *data,
|
|||||||
|
|
||||||
/* HMAC_Final completes the HMAC operation in |ctx| and writes the result to
|
/* HMAC_Final completes the HMAC operation in |ctx| and writes the result to
|
||||||
* |out| and the sets |*out_len| to the length of the result. On entry, |out|
|
* |out| and the sets |*out_len| to the length of the result. On entry, |out|
|
||||||
* must contain at least |EVP_MAX_MD_SIZE| bytes of space. It returns one on
|
* must contain at least |HMAC_size| bytes of space. An output size of
|
||||||
* success or zero on error. */
|
* |EVP_MAX_MD_SIZE| will always be large enough. It returns one on success or
|
||||||
|
* zero on error. */
|
||||||
OPENSSL_EXPORT int HMAC_Final(HMAC_CTX *ctx, uint8_t *out,
|
OPENSSL_EXPORT int HMAC_Final(HMAC_CTX *ctx, uint8_t *out,
|
||||||
unsigned int *out_len);
|
unsigned int *out_len);
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user