Chromium Code Reviews Chromium Code Reviews
Issue 231603002:
Allow empty keys in hmac_openssl.cc. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "crypto/hmac.h" | 5 #include "crypto/hmac.h" |
| 6 | 6 |
| 7 #include <openssl/hmac.h> | 7 #include <openssl/hmac.h> |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 #include <vector> | 10 #include <vector> |
| (...skipping 13 matching lines...) Expand all Loading... | |
| 24 : hash_alg_(hash_alg), plat_(new HMACPlatformData()) { | 24 : hash_alg_(hash_alg), plat_(new HMACPlatformData()) { |
| 25 // Only SHA-1 and SHA-256 hash algorithms are supported now. | 25 // Only SHA-1 and SHA-256 hash algorithms are supported now. |
| 26 DCHECK(hash_alg_ == SHA1 || hash_alg_ == SHA256); | 26 DCHECK(hash_alg_ == SHA1 || hash_alg_ == SHA256); |
| 27 } | 27 } |
| 28 | 28 |
| 29 bool HMAC::Init(const unsigned char* key, size_t key_length) { | 29 bool HMAC::Init(const unsigned char* key, size_t key_length) { |
| 30 // Init must not be called more than once on the same HMAC object. | 30 // Init must not be called more than once on the same HMAC object. |
| 31 DCHECK(plat_->key.empty()); | 31 DCHECK(plat_->key.empty()); |
| 32 | 32 |
| 33 plat_->key.assign(key, key + key_length); | 33 plat_->key.assign(key, key + key_length); |
| 34 if (key_length == 0) { | |
| 35 // Special-case: if the key is empty, use a key with one zero byte. OpenSSL | |
| 36 // does not like NULL keys, but keys are padded with zeros, so they're | |
| 37 // equivalent. | |
|
wtc
2014/04/09 21:30:58
It would be nice to note what a NULL key means to
davidben
2014/04/09 21:44:29
Done.
| |
| 38 plat_->key.push_back(0); | |
| 39 } | |
| 34 return true; | 40 return true; |
| 35 } | 41 } |
| 36 | 42 |
| 37 HMAC::~HMAC() { | 43 HMAC::~HMAC() { |
| 38 // Zero out key copy. | 44 // Zero out key copy. |
| 39 plat_->key.assign(plat_->key.size(), 0); | 45 plat_->key.assign(plat_->key.size(), 0); |
| 40 STLClearObject(&plat_->key); | 46 STLClearObject(&plat_->key); |
| 41 } | 47 } |
| 42 | 48 |
| 43 bool HMAC::Sign(const base::StringPiece& data, | 49 bool HMAC::Sign(const base::StringPiece& data, |
| 44 unsigned char* digest, | 50 unsigned char* digest, |
| 45 size_t digest_length) const { | 51 size_t digest_length) const { |
| 46 DCHECK(!plat_->key.empty()); // Init must be called before Sign. | 52 DCHECK(!plat_->key.empty()); // Init must be called before Sign. |
| 47 | 53 |
| 48 ScopedOpenSSLSafeSizeBuffer<EVP_MAX_MD_SIZE> result(digest, digest_length); | 54 ScopedOpenSSLSafeSizeBuffer<EVP_MAX_MD_SIZE> result(digest, digest_length); |
| 49 return ::HMAC(hash_alg_ == SHA1 ? EVP_sha1() : EVP_sha256(), | 55 return ::HMAC(hash_alg_ == SHA1 ? EVP_sha1() : EVP_sha256(), |
| 50 &plat_->key[0], plat_->key.size(), | 56 &plat_->key[0], plat_->key.size(), |
|
wtc
2014/04/09 21:30:58
Can you try passing a non-NULL key pointer and a z
davidben
2014/04/09 21:44:29
That works too; if the key size is 0, it never act
| |
| 51 reinterpret_cast<const unsigned char*>(data.data()), | 57 reinterpret_cast<const unsigned char*>(data.data()), |
| 52 data.size(), | 58 data.size(), |
| 53 result.safe_buffer(), NULL); | 59 result.safe_buffer(), NULL); |
| 54 } | 60 } |
| 55 | 61 |
| 56 } // namespace crypto | 62 } // namespace crypto |
| OLD | NEW |
