[openssl.org #4603] HMAC_Init_ex incompatible change (possibly doc bug)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[openssl.org #4603] HMAC_Init_ex incompatible change (possibly doc bug)

Rich Salz via RT
On Sat Jul 02 11:13:44 2016, [hidden email] wrote:
>
> /* If we are changing MD then we must have a key */
> if (md != NULL && md != ctx->md && (key == NULL || len < 0))
> return 0;
>
> That means contrary to the documentation, the existing salt isn't
> reused
> when the md argument is non-zero (and changes).
>

This is a bug in the documentation which has since been addressed. In general
you can't change the digest while retaining the same key because in some cases
the original key is no longer available, though in some cases it did work and
others it produced the wrong value. Now we're being stricter and preventing
digest change.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4603
Please log in as guest with password guest if prompted

--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev