RT3095: allow NULL key for single-shot HMAC
In HMAC_Init_ex, NULL key signals reuse, but in single-shot HMAC,
we can allow it to signal an empty key for convenience.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
diff --git a/test/hmactest.c b/test/hmactest.c
index 4779909..2ceec5f 100644
--- a/test/hmactest.c
+++ b/test/hmactest.c
@@ -62,6 +62,7 @@
#include "../e_os.h"
# include <openssl/hmac.h>
+# include <openssl/sha.h>
# ifndef OPENSSL_NO_MD5
# include <openssl/md5.h>
# endif
@@ -192,6 +193,15 @@
}
printf("test 4 ok\n");
test5:
+ /* Test 5 has empty key; test that single-shot accepts a NULL key. */
+ p = pt(HMAC(EVP_sha1(), NULL, 0, test[4].data, test[4].data_len,
+ NULL, NULL), SHA_DIGEST_LENGTH);
+ if (strcmp(p, (char *)test[4].digest) != 0) {
+ printf("Error calculating HMAC on %d entry'\n", i);
+ printf("got %s instead of %s\n", p, test[4].digest);
+ err++;
+ }
+
HMAC_CTX_reset(ctx);
if (HMAC_Init_ex(ctx, test[4].key, test[4].key_len, NULL, NULL)) {
printf("Should fail to initialise HMAC with empty MD (test 5)\n");
@@ -235,7 +245,7 @@
err++;
goto test6;
}
- if (!HMAC_Init_ex(ctx, test[4].key, test[4].key_len, EVP_sha256(), NULL)) {
+ if (!HMAC_Init_ex(ctx, test[5].key, test[5].key_len, EVP_sha256(), NULL)) {
printf("Failed to reinitialise HMAC (test 5)\n");
err++;
goto test6;
