summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorwtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-03-14 17:41:46 +0000
committerwtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-03-14 17:41:46 +0000
commit5739bd508c74200592a3e3a4e60e7061ed9d0d48 (patch)
tree22f5b6d57be558421dcaec9662c45f21e9866f2a /crypto
parente3edb86ed52552886f08358af4355b2d22c07ab8 (diff)
downloadchromium_src-5739bd508c74200592a3e3a4e60e7061ed9d0d48.zip
chromium_src-5739bd508c74200592a3e3a4e60e7061ed9d0d48.tar.gz
chromium_src-5739bd508c74200592a3e3a4e60e7061ed9d0d48.tar.bz2
Don't enforce the old HMAC key size requirement in FIPS 198 Sec. 3.
This requirement has been removed in FIPS 198-1. R=rsleevi@chromium.org BUG=none TEST=none Review URL: https://chromiumcodereview.appspot.com/9695058 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@126674 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'crypto')
-rw-r--r--crypto/hmac.h8
-rw-r--r--crypto/hmac_win.cc2
2 files changed, 8 insertions, 2 deletions
diff --git a/crypto/hmac.h b/crypto/hmac.h
index 2e22a15..dfbe1e7 100644
--- a/crypto/hmac.h
+++ b/crypto/hmac.h
@@ -40,6 +40,14 @@ class CRYPTO_EXPORT HMAC {
// Initializes this instance using |key| of the length |key_length|. Call Init
// only once. It returns false on the second or later calls.
// TODO(abarth): key_length should be a size_t.
+ //
+ // NOTE: the US Federal crypto standard FIPS 198, Section 3 says:
+ // The size of the key, K, shall be equal to or greater than L/2, where L
+ // is the size of the hash function output.
+ // In FIPS 198-1 (and SP-800-107, which describes key size recommendations),
+ // this requirement is gone. But a system crypto library may still enforce
+ // this old requirement. If the key is shorter than this recommended value,
+ // Init() may fail.
bool Init(const unsigned char* key, int key_length) WARN_UNUSED_RESULT;
// Initializes this instance using |key|. Call Init
diff --git a/crypto/hmac_win.cc b/crypto/hmac_win.cc
index 9109429..ffd08ce8 100644
--- a/crypto/hmac_win.cc
+++ b/crypto/hmac_win.cc
@@ -104,8 +104,6 @@ bool HMAC::Init(const unsigned char* key, int key_length) {
}
if (hash_alg_ == SHA256) {
- if (key_length < SHA256_LENGTH / 2)
- return false; // Key is too short.
plat_->raw_key_.assign(key, key + key_length);
return true;
}