RT3095: allow NULL key for single-shot HMAC In HMAC_Init_ex, NULL key signals reuse, but in single-shot HMAC, we can allow it to signal an empty key for convenience. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
diff --git a/test/hmactest.c b/test/hmactest.c index 4779909..2ceec5f 100644 --- a/test/hmactest.c +++ b/test/hmactest.c
@@ -62,6 +62,7 @@ #include "../e_os.h" # include <openssl/hmac.h> +# include <openssl/sha.h> # ifndef OPENSSL_NO_MD5 # include <openssl/md5.h> # endif @@ -192,6 +193,15 @@ } printf("test 4 ok\n"); test5: + /* Test 5 has empty key; test that single-shot accepts a NULL key. */ + p = pt(HMAC(EVP_sha1(), NULL, 0, test[4].data, test[4].data_len, + NULL, NULL), SHA_DIGEST_LENGTH); + if (strcmp(p, (char *)test[4].digest) != 0) { + printf("Error calculating HMAC on %d entry'\n", i); + printf("got %s instead of %s\n", p, test[4].digest); + err++; + } + HMAC_CTX_reset(ctx); if (HMAC_Init_ex(ctx, test[4].key, test[4].key_len, NULL, NULL)) { printf("Should fail to initialise HMAC with empty MD (test 5)\n"); @@ -235,7 +245,7 @@ err++; goto test6; } - if (!HMAC_Init_ex(ctx, test[4].key, test[4].key_len, EVP_sha256(), NULL)) { + if (!HMAC_Init_ex(ctx, test[5].key, test[5].key_len, EVP_sha256(), NULL)) { printf("Failed to reinitialise HMAC (test 5)\n"); err++; goto test6;