diff options
author | eroman <eroman@chromium.org> | 2015-03-04 16:46:21 -0800 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2015-03-05 00:47:02 +0000 |
commit | b8b8deaa000eb91c7ee394d8cac563b95f3c9643 (patch) | |
tree | c6e7cfc4acaaa0186826b40a5714a670a56089fd /crypto/hmac_openssl.cc | |
parent | fd2eb7523de2f1997d10ca2782745d487f8dff06 (diff) | |
download | chromium_src-b8b8deaa000eb91c7ee394d8cac563b95f3c9643.zip chromium_src-b8b8deaa000eb91c7ee394d8cac563b95f3c9643.tar.gz chromium_src-b8b8deaa000eb91c7ee394d8cac563b95f3c9643.tar.bz2 |
Update some comments and code to reflect the fact that HMAC() is no longer hostile to NULL key data.
BUG=395826
Review URL: https://codereview.chromium.org/975273002
Cr-Commit-Position: refs/heads/master@{#319178}
Diffstat (limited to 'crypto/hmac_openssl.cc')
-rw-r--r-- | crypto/hmac_openssl.cc | 32 |
1 files changed, 12 insertions, 20 deletions
diff --git a/crypto/hmac_openssl.cc b/crypto/hmac_openssl.cc index 92eea19..ef20290 100644 --- a/crypto/hmac_openssl.cc +++ b/crypto/hmac_openssl.cc @@ -20,45 +20,37 @@ struct HMACPlatformData { std::vector<unsigned char> key; }; -HMAC::HMAC(HashAlgorithm hash_alg) - : hash_alg_(hash_alg), plat_(new HMACPlatformData()) { +HMAC::HMAC(HashAlgorithm hash_alg) : hash_alg_(hash_alg) { // Only SHA-1 and SHA-256 hash algorithms are supported now. DCHECK(hash_alg_ == SHA1 || hash_alg_ == SHA256); } bool HMAC::Init(const unsigned char* key, size_t key_length) { // Init must not be called more than once on the same HMAC object. - DCHECK(plat_->key.empty()); - + DCHECK(!plat_); + plat_.reset(new HMACPlatformData()); plat_->key.assign(key, key + key_length); - if (key_length == 0) { - // Special-case: if the key is empty, use a key with one zero - // byte. OpenSSL's HMAC function breaks when passed a NULL key. (It calls - // HMAC_Init_ex which treats a NULL key as having already been initialized - // with a key previously.) HMAC pads keys with zeros, so this key is - // equivalent. - plat_->key.push_back(0); - } return true; } HMAC::~HMAC() { - // Zero out key copy. - plat_->key.assign(plat_->key.size(), 0); - STLClearObject(&plat_->key); + if (plat_) { + // Zero out key copy. + plat_->key.assign(plat_->key.size(), 0); + STLClearObject(&plat_->key); + } } bool HMAC::Sign(const base::StringPiece& data, unsigned char* digest, size_t digest_length) const { - DCHECK(!plat_->key.empty()); // Init must be called before Sign. + DCHECK(plat_); // Init must be called before Sign. ScopedOpenSSLSafeSizeBuffer<EVP_MAX_MD_SIZE> result(digest, digest_length); return !!::HMAC(hash_alg_ == SHA1 ? EVP_sha1() : EVP_sha256(), - &plat_->key[0], plat_->key.size(), - reinterpret_cast<const unsigned char*>(data.data()), - data.size(), - result.safe_buffer(), NULL); + vector_as_array(&plat_->key), plat_->key.size(), + reinterpret_cast<const unsigned char*>(data.data()), + data.size(), result.safe_buffer(), NULL); } } // namespace crypto |