Allow empty keys in hmac_openssl.cc.

PrefHashCalculator uses empty keys in developer builds. This fixes
Chrome startup in debug builds.

BUG=none

Review URL: https://codereview.chromium.org/231603002

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@263085 0039d316-1c4b-4281-b951-d872f2087c98

2 files changed, 26 insertions, 0 deletions

diff --git a/crypto/hmac_openssl.cc b/crypto/hmac_openssl.cc
index f7010c8..46bfbae 100644
--- a/crypto/hmac_openssl.cc
+++ b/crypto/hmac_openssl.cc
@@ -31,6 +31,14 @@ bool HMAC::Init(const unsigned char* key, size_t key_length) {
   DCHECK(plat_->key.empty());
 
   plat_->key.assign(key, key + key_length);
+  if (key_length == 0) {
+    // Special-case: if the key is empty, use a key with one zero
+    // byte. OpenSSL's HMAC function breaks when passed a NULL key. (It calls
+    // HMAC_Init_ex which treats a NULL key as having already been initialized
+    // with a key previously.) HMAC pads keys with zeros, so this key is
+    // equivalent.
+    plat_->key.push_back(0);
+  }
   return true;
 }
 
diff --git a/crypto/hmac_unittest.cc b/crypto/hmac_unittest.cc
index f0844a9..6bcd1bc 100644
--- a/crypto/hmac_unittest.cc
+++ b/crypto/hmac_unittest.cc
@@ -275,3 +275,21 @@ TEST(HMACTest, Verify) {
         base::StringPiece(empty_digest, kSHA1DigestSize)));
   }
 }
+
+TEST(HMACTest, EmptyKey) {
+  // Test vector from https://en.wikipedia.org/wiki/HMAC
+  const char* kExpectedDigest =
+      "\xFB\xDB\x1D\x1B\x18\xAA\x6C\x08\x32\x4B\x7D\x64\xB7\x1F\xB7\x63"
+      "\x70\x69\x0E\x1D";
+  base::StringPiece data("", 0u);
+
+  crypto::HMAC hmac(crypto::HMAC::SHA1);
+  ASSERT_TRUE(hmac.Init(NULL, 0));
+
+  unsigned char digest[kSHA1DigestSize];
+  EXPECT_TRUE(hmac.Sign(data, digest, kSHA1DigestSize));
+  EXPECT_EQ(0, memcmp(kExpectedDigest, digest, kSHA1DigestSize));
+
+  EXPECT_TRUE(hmac.Verify(
+      data, base::StringPiece(kExpectedDigest, kSHA1DigestSize)));
+}