diff options
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/hmac.h | 8 | ||||
| -rw-r--r-- | crypto/hmac_win.cc | 2 |
2 files changed, 8 insertions, 2 deletions
diff --git a/crypto/hmac.h b/crypto/hmac.h index 2e22a15..dfbe1e7 100644 --- a/crypto/hmac.h +++ b/crypto/hmac.h @@ -40,6 +40,14 @@ class CRYPTO_EXPORT HMAC { // Initializes this instance using |key| of the length |key_length|. Call Init // only once. It returns false on the second or later calls. // TODO(abarth): key_length should be a size_t. + // + // NOTE: the US Federal crypto standard FIPS 198, Section 3 says: + // The size of the key, K, shall be equal to or greater than L/2, where L + // is the size of the hash function output. + // In FIPS 198-1 (and SP-800-107, which describes key size recommendations), + // this requirement is gone. But a system crypto library may still enforce + // this old requirement. If the key is shorter than this recommended value, + // Init() may fail. bool Init(const unsigned char* key, int key_length) WARN_UNUSED_RESULT; // Initializes this instance using |key|. Call Init diff --git a/crypto/hmac_win.cc b/crypto/hmac_win.cc index 9109429..ffd08ce8 100644 --- a/crypto/hmac_win.cc +++ b/crypto/hmac_win.cc @@ -104,8 +104,6 @@ bool HMAC::Init(const unsigned char* key, int key_length) { } if (hash_alg_ == SHA256) { - if (key_length < SHA256_LENGTH / 2) - return false; // Key is too short. plat_->raw_key_.assign(key, key + key_length); return true; } |