diff options
author | Matt Caswell <matt@openssl.org> | 2019-03-26 13:32:39 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-03-27 14:32:08 +0000 |
commit | 48fdeca01dab31237a711d9fdf4452ebf8443716 (patch) | |
tree | a691873403db8825fdf700a3d69c153e45e33255 /crypto/hmac/hmac.c | |
parent | 17838470617afd50813a66adcebad2e6e17de79c (diff) |
Don't allow SHAKE128/SHAKE256 with HMAC
See discussion in github issue #8563
Fixes #8563
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8584)
Diffstat (limited to 'crypto/hmac/hmac.c')
-rw-r--r-- | crypto/hmac/hmac.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c index e78f66a732..5d934e9588 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c @@ -35,6 +35,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, return 0; } + /* + * The HMAC construction is not allowed to be used with the + * extendable-output functions (XOF) shake128 and shake256. + */ + if ((EVP_MD_meth_get_flags(md) & EVP_MD_FLAG_XOF) != 0) + return 0; + if (key != NULL) { reset = 1; j = EVP_MD_block_size(md); |