-
Notifications
You must be signed in to change notification settings - Fork 115
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Expand support for EVP_PKEY_HMAC #1933
base: main
Are you sure you want to change the base?
Conversation
0a7bbfc
to
7bb440d
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #1933 +/- ##
=======================================
Coverage 78.67% 78.68%
=======================================
Files 585 585
Lines 100849 100915 +66
Branches 14299 14312 +13
=======================================
+ Hits 79347 79403 +56
- Misses 20868 20875 +7
- Partials 634 637 +3 ☔ View full report in Codecov by Sentry. |
a1b36dd
to
c8d764b
Compare
c8d764b
to
9f6315e
Compare
HMAC_KEY *hmac = NULL; | ||
HMAC_PKEY_CTX *hctx = ctx->data; | ||
if(hctx == NULL) { | ||
OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_PARAMETERS); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: EVP_R_INVALID_PARAMETERS
is more applicable to invalid ASN.1 inputs, EVP_R_OPERATON_NOT_INITIALIZED
might be a bit better.
OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_PARAMETERS); | |
OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATON_NOT_INITIALIZED); |
@@ -81,6 +81,10 @@ static int hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) { | |||
sctx = src->data; | |||
dctx = dst->data; | |||
dctx->md = sctx->md; | |||
if(sctx->ktmp.key != NULL && !HMAC_KEY_copy(&sctx->ktmp, &dctx->ktmp)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need to guard sctx->ktmp
before accessing the internals?
if(sctx->ktmp.key != NULL && !HMAC_KEY_copy(&sctx->ktmp, &dctx->ktmp)) { | |
if(sctx->ktmp != NULL && sctx->ktmp.key != NULL && !HMAC_KEY_copy(&sctx->ktmp, &dctx->ktmp)) { |
static const char *hmac_hexkey = "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"; | ||
|
||
TEST_F(EvpPkeyCtxCtrlStrTest, HMACKey) { | ||
// Test Cases from RFC 5869. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
RFC 5869 seems to be referring to HKDF?
Issues:
Addresses CryptoAlg-2695
Description of changes:
EVP_PKEY_HMAC
EVP_PKEY_CTX_ctrl_str
.EVP_PKEY_CTRL_SET_MAC_KEY
operation w/EVP_PKEY_CTX_ctrl
Testing:
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.