diff options
author | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-03-14 17:41:46 +0000 |
---|---|---|
committer | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-03-14 17:41:46 +0000 |
commit | 5739bd508c74200592a3e3a4e60e7061ed9d0d48 (patch) | |
tree | 22f5b6d57be558421dcaec9662c45f21e9866f2a | |
parent | e3edb86ed52552886f08358af4355b2d22c07ab8 (diff) | |
download | chromium_src-5739bd508c74200592a3e3a4e60e7061ed9d0d48.zip chromium_src-5739bd508c74200592a3e3a4e60e7061ed9d0d48.tar.gz chromium_src-5739bd508c74200592a3e3a4e60e7061ed9d0d48.tar.bz2 |
Don't enforce the old HMAC key size requirement in FIPS 198 Sec. 3.
This requirement has been removed in FIPS 198-1.
R=rsleevi@chromium.org
BUG=none
TEST=none
Review URL: https://chromiumcodereview.appspot.com/9695058
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@126674 0039d316-1c4b-4281-b951-d872f2087c98
-rw-r--r-- | crypto/hmac.h | 8 | ||||
-rw-r--r-- | crypto/hmac_win.cc | 2 |
2 files changed, 8 insertions, 2 deletions
diff --git a/crypto/hmac.h b/crypto/hmac.h index 2e22a15..dfbe1e7 100644 --- a/crypto/hmac.h +++ b/crypto/hmac.h @@ -40,6 +40,14 @@ class CRYPTO_EXPORT HMAC { // Initializes this instance using |key| of the length |key_length|. Call Init // only once. It returns false on the second or later calls. // TODO(abarth): key_length should be a size_t. + // + // NOTE: the US Federal crypto standard FIPS 198, Section 3 says: + // The size of the key, K, shall be equal to or greater than L/2, where L + // is the size of the hash function output. + // In FIPS 198-1 (and SP-800-107, which describes key size recommendations), + // this requirement is gone. But a system crypto library may still enforce + // this old requirement. If the key is shorter than this recommended value, + // Init() may fail. bool Init(const unsigned char* key, int key_length) WARN_UNUSED_RESULT; // Initializes this instance using |key|. Call Init diff --git a/crypto/hmac_win.cc b/crypto/hmac_win.cc index 9109429..ffd08ce8 100644 --- a/crypto/hmac_win.cc +++ b/crypto/hmac_win.cc @@ -104,8 +104,6 @@ bool HMAC::Init(const unsigned char* key, int key_length) { } if (hash_alg_ == SHA256) { - if (key_length < SHA256_LENGTH / 2) - return false; // Key is too short. plat_->raw_key_.assign(key, key + key_length); return true; } |